Home | History | Annotate | Download | only in ssl 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SSL_SERVER_BOUND_CERT_STORE_H_
      6 #define NET_SSL_SERVER_BOUND_CERT_STORE_H_
      7 
      8 #include <list>
      9 #include <string>
     10 
     11 #include "base/callback.h"
     12 #include "base/threading/non_thread_safe.h"
     13 #include "base/time/time.h"
     14 #include "net/base/net_export.h"
     15 
     16 namespace net {
     17 
     18 // An interface for storing and retrieving server bound certs.
     19 // There isn't a domain bound certs spec yet, but the old origin bound
     20 // certificates are specified in
     21 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html.
     22 
     23 // Owned only by a single ServerBoundCertService object, which is responsible
     24 // for deleting it.
     25 class NET_EXPORT ServerBoundCertStore
     26     : NON_EXPORTED_BASE(public base::NonThreadSafe) {
     27  public:
     28   // The ServerBoundCert class contains a private key in addition to the server
     29   // cert.
     30   class NET_EXPORT ServerBoundCert {
     31    public:
     32     ServerBoundCert();
     33     ServerBoundCert(const std::string& server_identifier,
     34                     base::Time creation_time,
     35                     base::Time expiration_time,
     36                     const std::string& private_key,
     37                     const std::string& cert);
     38     ~ServerBoundCert();
     39 
     40     // Server identifier.  For domain bound certs, for instance "verisign.com".
     41     const std::string& server_identifier() const { return server_identifier_; }
     42     // The time the certificate was created, also the start of the certificate
     43     // validity period.
     44     base::Time creation_time() const { return creation_time_; }
     45     // The time after which this certificate is no longer valid.
     46     base::Time expiration_time() const { return expiration_time_; }
     47     // The encoding of the private key depends on the type.
     48     // rsa_sign: DER-encoded PrivateKeyInfo struct.
     49     // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct.
     50     const std::string& private_key() const { return private_key_; }
     51     // DER-encoded certificate.
     52     const std::string& cert() const { return cert_; }
     53 
     54    private:
     55     std::string server_identifier_;
     56     base::Time creation_time_;
     57     base::Time expiration_time_;
     58     std::string private_key_;
     59     std::string cert_;
     60   };
     61 
     62   typedef std::list<ServerBoundCert> ServerBoundCertList;
     63 
     64   typedef base::Callback<void(
     65       int,
     66       const std::string&,
     67       base::Time,
     68       const std::string&,
     69       const std::string&)> GetCertCallback;
     70   typedef base::Callback<void(const ServerBoundCertList&)> GetCertListCallback;
     71 
     72   virtual ~ServerBoundCertStore() {}
     73 
     74   // GetServerBoundCert may return the result synchronously through the
     75   // output parameters, in which case it will return either OK if a cert is
     76   // found in the store, or ERR_FILE_NOT_FOUND if none is found.  If the
     77   // result cannot be returned synchronously, GetServerBoundCert will
     78   // return ERR_IO_PENDING and the callback will be called with the result
     79   // asynchronously.
     80   virtual int GetServerBoundCert(
     81       const std::string& server_identifier,
     82       base::Time* expiration_time,
     83       std::string* private_key_result,
     84       std::string* cert_result,
     85       const GetCertCallback& callback) = 0;
     86 
     87   // Adds a server bound cert and the corresponding private key to the store.
     88   virtual void SetServerBoundCert(
     89       const std::string& server_identifier,
     90       base::Time creation_time,
     91       base::Time expiration_time,
     92       const std::string& private_key,
     93       const std::string& cert) = 0;
     94 
     95   // Removes a server bound cert and the corresponding private key from the
     96   // store.
     97   virtual void DeleteServerBoundCert(
     98       const std::string& server_identifier,
     99       const base::Closure& completion_callback) = 0;
    100 
    101   // Deletes all of the server bound certs that have a creation_date greater
    102   // than or equal to |delete_begin| and less than |delete_end|.  If a
    103   // base::Time value is_null, that side of the comparison is unbounded.
    104   virtual void DeleteAllCreatedBetween(
    105       base::Time delete_begin,
    106       base::Time delete_end,
    107       const base::Closure& completion_callback) = 0;
    108 
    109   // Removes all server bound certs and the corresponding private keys from
    110   // the store.
    111   virtual void DeleteAll(const base::Closure& completion_callback) = 0;
    112 
    113   // Returns all server bound certs and the corresponding private keys.
    114   virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) = 0;
    115 
    116   // Helper function that adds all certs from |list| into this instance.
    117   void InitializeFrom(const ServerBoundCertList& list);
    118 
    119   // Returns the number of certs in the store.  May return 0 if the backing
    120   // store is not loaded yet.
    121   // Public only for unit testing.
    122   virtual int GetCertCount() = 0;
    123 
    124   // When invoked, instructs the store to keep session related data on
    125   // destruction.
    126   virtual void SetForceKeepSessionState() = 0;
    127 };
    128 
    129 }  // namespace net
    130 
    131 #endif  // NET_SSL_SERVER_BOUND_CERT_STORE_H_
    132