| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_SSL_SERVER_BOUND_CERT_STORE_H_ |
| #define NET_SSL_SERVER_BOUND_CERT_STORE_H_ |
| |
| #include <list> |
| #include <string> |
| |
| #include "base/callback.h" |
| #include "base/threading/non_thread_safe.h" |
| #include "base/time/time.h" |
| #include "net/base/net_export.h" |
| #include "net/ssl/ssl_client_cert_type.h" |
| |
| namespace net { |
| |
| // An interface for storing and retrieving server bound certs. |
| // There isn't a domain bound certs spec yet, but the old origin bound |
| // certificates are specified in |
| // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html. |
| |
| // Owned only by a single ServerBoundCertService object, which is responsible |
| // for deleting it. |
| class NET_EXPORT ServerBoundCertStore |
| : NON_EXPORTED_BASE(public base::NonThreadSafe) { |
| public: |
| // The ServerBoundCert class contains a private key in addition to the server |
| // cert, and cert type. |
| class NET_EXPORT ServerBoundCert { |
| public: |
| ServerBoundCert(); |
| ServerBoundCert(const std::string& server_identifier, |
| SSLClientCertType type, |
| base::Time creation_time, |
| base::Time expiration_time, |
| const std::string& private_key, |
| const std::string& cert); |
| ~ServerBoundCert(); |
| |
| // Server identifier. For domain bound certs, for instance "verisign.com". |
| const std::string& server_identifier() const { return server_identifier_; } |
| // TLS ClientCertificateType. |
| SSLClientCertType type() const { return type_; } |
| // The time the certificate was created, also the start of the certificate |
| // validity period. |
| base::Time creation_time() const { return creation_time_; } |
| // The time after which this certificate is no longer valid. |
| base::Time expiration_time() const { return expiration_time_; } |
| // The encoding of the private key depends on the type. |
| // rsa_sign: DER-encoded PrivateKeyInfo struct. |
| // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. |
| const std::string& private_key() const { return private_key_; } |
| // DER-encoded certificate. |
| const std::string& cert() const { return cert_; } |
| |
| private: |
| std::string server_identifier_; |
| SSLClientCertType type_; |
| base::Time creation_time_; |
| base::Time expiration_time_; |
| std::string private_key_; |
| std::string cert_; |
| }; |
| |
| typedef std::list<ServerBoundCert> ServerBoundCertList; |
| |
| typedef base::Callback<void( |
| const std::string&, |
| SSLClientCertType, |
| base::Time, |
| const std::string&, |
| const std::string&)> GetCertCallback; |
| typedef base::Callback<void(const ServerBoundCertList&)> GetCertListCallback; |
| |
| virtual ~ServerBoundCertStore() {} |
| |
| // GetServerBoundCert may return the result synchronously through the |
| // output parameters, in which case it will return true. Otherwise it will |
| // return false and the callback will be called with the result |
| // asynchronously. |
| // In either case, the type will be CLIENT_CERT_INVALID_TYPE if no cert |
| // existed for the given |server_identifier|. |
| virtual bool GetServerBoundCert( |
| const std::string& server_identifier, |
| SSLClientCertType* type, |
| base::Time* expiration_time, |
| std::string* private_key_result, |
| std::string* cert_result, |
| const GetCertCallback& callback) = 0; |
| |
| // Adds a server bound cert and the corresponding private key to the store. |
| virtual void SetServerBoundCert( |
| const std::string& server_identifier, |
| SSLClientCertType type, |
| base::Time creation_time, |
| base::Time expiration_time, |
| const std::string& private_key, |
| const std::string& cert) = 0; |
| |
| // Removes a server bound cert and the corresponding private key from the |
| // store. |
| virtual void DeleteServerBoundCert( |
| const std::string& server_identifier, |
| const base::Closure& completion_callback) = 0; |
| |
| // Deletes all of the server bound certs that have a creation_date greater |
| // than or equal to |delete_begin| and less than |delete_end|. If a |
| // base::Time value is_null, that side of the comparison is unbounded. |
| virtual void DeleteAllCreatedBetween( |
| base::Time delete_begin, |
| base::Time delete_end, |
| const base::Closure& completion_callback) = 0; |
| |
| // Removes all server bound certs and the corresponding private keys from |
| // the store. |
| virtual void DeleteAll(const base::Closure& completion_callback) = 0; |
| |
| // Returns all server bound certs and the corresponding private keys. |
| virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) = 0; |
| |
| // Helper function that adds all certs from |list| into this instance. |
| void InitializeFrom(const ServerBoundCertList& list); |
| |
| // Returns the number of certs in the store. May return 0 if the backing |
| // store is not loaded yet. |
| // Public only for unit testing. |
| virtual int GetCertCount() = 0; |
| |
| // When invoked, instructs the store to keep session related data on |
| // destruction. |
| virtual void SetForceKeepSessionState() = 0; |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_SSL_SERVER_BOUND_CERT_STORE_H_ |