Home | History | Annotate | Download | only in base 
      1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_BASE_TEST_ROOT_CERTS_H_
      6 #define NET_BASE_TEST_ROOT_CERTS_H_
      7 #pragma once
      8 
      9 #include "base/lazy_instance.h"
     10 #include "build/build_config.h"
     11 
     12 #if defined(OS_WIN)
     13 #include <windows.h>
     14 #include <wincrypt.h>
     15 #elif defined(OS_MACOSX)
     16 #include <CoreFoundation/CFArray.h>
     17 #include <Security/SecTrust.h>
     18 #include "base/mac/scoped_cftyperef.h"
     19 #elif defined(USE_NSS)
     20 #include <list>
     21 #endif
     22 
     23 class FilePath;
     24 
     25 namespace net {
     26 
     27 class X509Certificate;
     28 
     29 // TestRootCerts is a helper class for unit tests that is used to
     30 // artificially mark a certificate as trusted, independent of the local
     31 // machine configuration.
     32 class TestRootCerts {
     33  public:
     34   // Obtains the Singleton instance to the trusted certificates.
     35   static TestRootCerts* GetInstance();
     36 
     37   // Returns true if an instance exists, without forcing an initialization.
     38   static bool HasInstance();
     39 
     40   // Marks |certificate| as trusted for X509Certificate::Verify(). Returns
     41   // false if the certificate could not be marked trusted.
     42   bool Add(X509Certificate* certificate);
     43 
     44   // Reads a single certificate from |file| and marks it as trusted. Returns
     45   // false if an error is encountered, such as being unable to read |file|
     46   // or more than one certificate existing in |file|.
     47   bool AddFromFile(const FilePath& file);
     48 
     49   // Clears the trusted status of any certificates that were previously
     50   // marked trusted via Add().
     51   void Clear();
     52 
     53   // Returns true if there are no certificates that have been marked trusted.
     54   bool IsEmpty() const;
     55 
     56 #if defined(OS_MACOSX)
     57   CFArrayRef temporary_roots() const { return temporary_roots_; }
     58 
     59   // Modifies the root certificates of |trust_ref| to include the
     60   // certificates stored in |temporary_roots_|. If IsEmpty() is true, this
     61   // does not modify |trust_ref|.
     62   OSStatus FixupSecTrustRef(SecTrustRef trust_ref) const;
     63 #elif defined(OS_WIN)
     64   HCERTSTORE temporary_roots() const { return temporary_roots_; }
     65 
     66   // Returns an HCERTCHAINENGINE suitable to be used for certificate
     67   // validation routines, or NULL to indicate that the default system chain
     68   // engine is appropriate. The caller is responsible for freeing the
     69   // returned HCERTCHAINENGINE.
     70   HCERTCHAINENGINE GetChainEngine() const;
     71 #endif
     72 
     73  private:
     74   friend struct base::DefaultLazyInstanceTraits<TestRootCerts>;
     75 
     76   TestRootCerts();
     77   ~TestRootCerts();
     78 
     79   // Performs platform-dependent initialization.
     80   void Init();
     81 
     82 #if defined(OS_MACOSX)
     83   base::mac::ScopedCFTypeRef<CFMutableArrayRef> temporary_roots_;
     84 #elif defined(OS_WIN)
     85   HCERTSTORE temporary_roots_;
     86 #elif defined(USE_NSS)
     87   // It is necessary to maintain a cache of the original certificate trust
     88   // settings, in order to restore them when Clear() is called.
     89   class TrustEntry;
     90   std::list<TrustEntry*> trust_cache_;
     91 #endif
     92 
     93 #if defined(OS_WIN) || defined(USE_OPENSSL)
     94   // True if there are no temporarily trusted root certificates.
     95   bool empty_;
     96 #endif
     97 
     98   DISALLOW_COPY_AND_ASSIGN(TestRootCerts);
     99 };
    100 
    101 }  // namespace net
    102 
    103 #endif  // NET_BASE_TEST_ROOT_CERTS_H_
    104