search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Upstream changes for NetworkQualityProvider
[chromium-blink-merge.git] / net / cert / nss_cert_database.h
blob42447f95a733b1b7efed148d9cf5769f3f56be0d
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_CERT_NSS_CERT_DATABASE_H_
6 #define NET_CERT_NSS_CERT_DATABASE_H_
7
8 #include <stdint.h>
9 #include <string>
10 #include <vector>
11
12 #include "base/callback_forward.h"
13 #include "base/macros.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/weak_ptr.h"
16 #include "base/strings/string16.h"
17 #include "crypto/scoped_nss_types.h"
18 #include "net/base/net_errors.h"
19 #include "net/base/net_export.h"
20 #include "net/cert/cert_type.h"
21 #include "net/cert/x509_certificate.h"
22
23 namespace base {
24 template <class ObserverType>
25 class ObserverListThreadSafe;
26 class TaskRunner;
27 }
28
29 namespace net {
30
31 class CryptoModule;
32 typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
33
34 // Provides functions to manipulate the NSS certificate stores.
35 // Forwards notifications about certificate changes to the global CertDatabase
36 // singleton.
37 class NET_EXPORT NSSCertDatabase {
38 public:
39 class NET_EXPORT Observer {
40 public:
41 virtual ~Observer() {}
42
43 // Will be called when a new certificate is added.
44 // Called with |cert| == NULL after importing a list of certificates
45 // in ImportFromPKCS12().
46 virtual void OnCertAdded(const X509Certificate* cert) {}
47
48 // Will be called when a certificate is removed.
49 virtual void OnCertRemoved(const X509Certificate* cert) {}
50
51 // Will be called when a CA certificate is changed.
52 // Called with |cert| == NULL after importing a list of certificates
53 // in ImportCACerts().
54 virtual void OnCACertChanged(const X509Certificate* cert) {}
55
56 protected:
57 Observer() {}
58
59 private:
60 DISALLOW_COPY_AND_ASSIGN(Observer);
61 };
62
63 // Stores per-certificate error codes for import failures.
64 struct NET_EXPORT ImportCertFailure {
65 public:
66 ImportCertFailure(const scoped_refptr<X509Certificate>& cert, int err);
67 ~ImportCertFailure();
68
69 scoped_refptr<X509Certificate> certificate;
70 int net_error;
71 };
72 typedef std::vector<ImportCertFailure> ImportCertFailureList;
73
74 // Constants that define which usages a certificate is trusted for.
75 // They are used in combination with CertType to specify trust for each type
76 // of certificate.
77 // For a CA_CERT, they specify that the CA is trusted for issuing server and
78 // client certs of each type.
79 // For SERVER_CERT, only TRUSTED_SSL makes sense, and specifies the cert is
80 // trusted as a server.
81 // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
82 // trusted for email.
83 // DISTRUSTED_* specifies that the cert should not be trusted for the given
84 // usage, regardless of whether it would otherwise inherit trust from the
85 // issuer chain.
86 // Use TRUST_DEFAULT to inherit trust as normal.
87 // NOTE: The actual constants are defined using an enum instead of static
88 // consts due to compilation/linkage constraints with template functions.
89 typedef uint32_t TrustBits;
90 enum {
91 TRUST_DEFAULT = 0,
92 TRUSTED_SSL = 1 << 0,
93 TRUSTED_EMAIL = 1 << 1,
94 TRUSTED_OBJ_SIGN = 1 << 2,
95 DISTRUSTED_SSL = 1 << 3,
96 DISTRUSTED_EMAIL = 1 << 4,
97 DISTRUSTED_OBJ_SIGN = 1 << 5,
98 };
99
100 typedef base::Callback<void(scoped_ptr<CertificateList> certs)>
101 ListCertsCallback;
102
103 typedef base::Callback<void(bool)> DeleteCertCallback;
104
105 // Creates a NSSCertDatabase that will store public information (such as
106 // certificates and trust records) in |public_slot|, and private information
107 // (such as keys) in |private_slot|.
108 // In general, code should avoid creating an NSSCertDatabase directly,
109 // as doing so requires making opinionated decisions about where to store
110 // data, and instead prefer to be passed an existing NSSCertDatabase
111 // instance.
112 // |public_slot| must not be NULL, |private_slot| can be NULL. Both slots can
113 // be identical.
114 NSSCertDatabase(crypto::ScopedPK11Slot public_slot,
115 crypto::ScopedPK11Slot private_slot);
116 virtual ~NSSCertDatabase();
117
118 // Get a list of unique certificates in the certificate database (one
119 // instance of all certificates).
120 // DEPRECATED by |ListCerts|. See http://crbug.com/340460.
121 virtual void ListCertsSync(CertificateList* certs);
122
123 // Asynchronously get a list of unique certificates in the certificate
124 // database (one instance of all certificates). Note that the callback may be
125 // run even after the database is deleted.
126 virtual void ListCerts(const ListCertsCallback& callback);
127
128 // Get a list of certificates in the certificate database of the given slot.
129 // Note that the callback may be run even after the database is deleted.
130 // Must be called on the IO thread and it calls |callback| on the IO thread.
131 // This does not block by retrieving the certs asynchronously on a worker
132 // thread. Never calls |callback| synchronously.
133 virtual void ListCertsInSlot(const ListCertsCallback& callback,
134 PK11SlotInfo* slot);
135
136 #if defined(OS_CHROMEOS)
137 // Get the slot for system-wide key data. May be NULL if the system token was
138 // not explicitly set.
139 // Note: The System slot is set after the NSSCertDatabase is constructed and
140 // this call returns synchronously. Thus, it is possible to call this function
141 // before SetSystemSlot is called and get a NULL result.
142 // See https://crbug.com/399554 .
143 virtual crypto::ScopedPK11Slot GetSystemSlot() const;
144 #endif
145
146 // Get the default slot for public key data.
147 crypto::ScopedPK11Slot GetPublicSlot() const;
148
149 // Get the default slot for private key or mixed private/public key data.
150 // Can return NULL.
151 crypto::ScopedPK11Slot GetPrivateSlot() const;
152
153 // Get the default module for public key data.
154 // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
155 // DEPRECATED: use GetPublicSlot instead.
156 // TODO(mattm): remove usage of this method and remove it.
157 CryptoModule* GetPublicModule() const;
158
159 // Get the default module for private key or mixed private/public key data.
160 // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
161 // DEPRECATED: use GetPrivateSlot instead.
162 // TODO(mattm): remove usage of this method and remove it.
163 CryptoModule* GetPrivateModule() const;
164
165 // Get all modules.
166 // If |need_rw| is true, only writable modules will be returned.
167 // TODO(mattm): come up with better alternative to CryptoModuleList.
168 virtual void ListModules(CryptoModuleList* modules, bool need_rw) const;
169
170 // Import certificates and private keys from PKCS #12 blob into the module.
171 // If |is_extractable| is false, mark the private key as being unextractable
172 // from the module.
173 // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD
174 // or ERR_PKCS12_IMPORT_ERROR. |imported_certs|, if non-NULL, returns a list
175 // of certs that were imported.
176 int ImportFromPKCS12(CryptoModule* module,
177 const std::string& data,
178 const base::string16& password,
179 bool is_extractable,
180 CertificateList* imported_certs);
181
182 // Export the given certificates and private keys into a PKCS #12 blob,
183 // storing into |output|.
184 // Returns the number of certificates successfully exported.
185 int ExportToPKCS12(const CertificateList& certs,
186 const base::string16& password,
187 std::string* output) const;
188
189 // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the
190 // root. Assumes the list is an ordered hierarchy with the root being either
191 // the first or last element.
192 // TODO(mattm): improve this to handle any order.
193 X509Certificate* FindRootInList(const CertificateList& certificates) const;
194
195 // Import CA certificates.
196 // Tries to import all the certificates given. The root will be trusted
197 // according to |trust_bits|. Any certificates that could not be imported
198 // will be listed in |not_imported|.
199 // Returns false if there is an internal error, otherwise true is returned and
200 // |not_imported| should be checked for any certificates that were not
201 // imported.
202 bool ImportCACerts(const CertificateList& certificates,
203 TrustBits trust_bits,
204 ImportCertFailureList* not_imported);
205
206 // Import server certificate. The first cert should be the server cert. Any
207 // additional certs should be intermediate/CA certs and will be imported but
208 // not given any trust.
209 // Any certificates that could not be imported will be listed in
210 // |not_imported|.
211 // |trust_bits| can be set to explicitly trust or distrust the certificate, or
212 // use TRUST_DEFAULT to inherit trust as normal.
213 // Returns false if there is an internal error, otherwise true is returned and
214 // |not_imported| should be checked for any certificates that were not
215 // imported.
216 bool ImportServerCert(const CertificateList& certificates,
217 TrustBits trust_bits,
218 ImportCertFailureList* not_imported);
219
220 // Get trust bits for certificate.
221 TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
222
223 // IsUntrusted returns true if |cert| is specifically untrusted. These
224 // certificates are stored in the database for the specific purpose of
225 // rejecting them.
226 bool IsUntrusted(const X509Certificate* cert) const;
227
228 // Set trust values for certificate.
229 // Returns true on success or false on failure.
230 bool SetCertTrust(const X509Certificate* cert,
231 CertType type,
232 TrustBits trust_bits);
233
234 // Delete certificate and associated private key (if one exists).
235 // |cert| is still valid when this function returns. Returns true on
236 // success.
237 bool DeleteCertAndKey(X509Certificate* cert);
238
239 // Like DeleteCertAndKey but does not block by running the removal on a worker
240 // thread. This must be called on IO thread and it will run |callback| on IO
241 // thread. Never calls |callback| synchronously.
242 void DeleteCertAndKeyAsync(const scoped_refptr<X509Certificate>& cert,
243 const DeleteCertCallback& callback);
244
245 // Check whether cert is stored in a readonly slot.
246 bool IsReadOnly(const X509Certificate* cert) const;
247
248 // Check whether cert is stored in a hardware slot.
249 bool IsHardwareBacked(const X509Certificate* cert) const;
250
251 // Overrides task runner that's used for running slow tasks.
252 void SetSlowTaskRunnerForTest(
253 const scoped_refptr<base::TaskRunner>& task_runner);
254
255 protected:
256 // Certificate listing implementation used by |ListCerts*| and
257 // |ListCertsSync|. Static so it may safely be used on the worker thread.
258 // If |slot| is NULL, obtains the certs of all slots, otherwise only of
259 // |slot|.
260 static void ListCertsImpl(crypto::ScopedPK11Slot slot,
261 CertificateList* certs);
262
263 // Gets task runner that should be used for slow tasks like certificate
264 // listing. Defaults to a base::WorkerPool runner, but may be overriden
265 // in tests (see SetSlowTaskRunnerForTest).
266 scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const;
267
268 protected:
269 // Broadcasts notifications to all registered observers.
270 void NotifyObserversOfCertAdded(const X509Certificate* cert);
271 void NotifyObserversOfCertRemoved(const X509Certificate* cert);
272 void NotifyObserversOfCACertChanged(const X509Certificate* cert);
273
274 private:
275 // Registers |observer| to receive notifications of certificate changes. The
276 // thread on which this is called is the thread on which |observer| will be
277 // called back with notifications.
278 // NOTE: Observers registered here will only receive notifications generated
279 // directly through the NSSCertDatabase, but not those from the CertDatabase.
280 // CertDatabase observers will receive all certificate notifications.
281 void AddObserver(Observer* observer);
282
283 // Unregisters |observer| from receiving notifications. This must be called
284 // on the same thread on which AddObserver() was called.
285 void RemoveObserver(Observer* observer);
286
287 // Notifies observers of the removal of |cert| and calls |callback| with
288 // |success| as argument.
289 void NotifyCertRemovalAndCallBack(scoped_refptr<X509Certificate> cert,
290 const DeleteCertCallback& callback,
291 bool success);
292
293 // Certificate removal implementation used by |DeleteCertAndKey*|. Static so
294 // it may safely be used on the worker thread.
295 static bool DeleteCertAndKeyImpl(scoped_refptr<X509Certificate> cert);
296
297 crypto::ScopedPK11Slot public_slot_;
298 crypto::ScopedPK11Slot private_slot_;
299
300 // A helper observer that forwards events from this database to CertDatabase.
301 scoped_ptr<Observer> cert_notification_forwarder_;
302
303 // Task runner that should be used in tests if set.
304 scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
305
306 const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_;
307
308 base::WeakPtrFactory<NSSCertDatabase> weak_factory_;
309
310 DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
311 };
312
313 } // namespace net
314
315 #endif // NET_CERT_NSS_CERT_DATABASE_H_