net/ssl/server_bound_cert_store.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SERVER_BOUND_CERT_STORE_H_
   6 #define NET_SSL_SERVER_BOUND_CERT_STORE_H_
   7
   8 #include <list>
   9 #include <string>
  10
  11 #include "base/callback.h"
  12 #include "base/threading/non_thread_safe.h"
  13 #include "base/time/time.h"
  14 #include "net/base/net_export.h"
  15
  16 namespace net {
  17
  18 // An interface for storing and retrieving server bound certs.
  19 // There isn't a domain bound certs spec yet, but the old origin bound
  20 // certificates are specified in
  21 // http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html.
  22
  23 // Owned only by a single ServerBoundCertService object, which is responsible
  24 // for deleting it.
  25 class NET_EXPORT ServerBoundCertStore
  26     : NON_EXPORTED_BASE(public base::NonThreadSafe) {
  27  public:
  28   // The ServerBoundCert class contains a private key in addition to the server
  29   // cert.
  30   class NET_EXPORT ServerBoundCert {
  31    public:
  32     ServerBoundCert();
  33     ServerBoundCert(const std::string& server_identifier,
  34                     base::Time creation_time,
  35                     base::Time expiration_time,
  36                     const std::string& private_key,
  37                     const std::string& cert);
  38     ~ServerBoundCert();
  39
  40     // Server identifier.  For domain bound certs, for instance "verisign.com".
  41     const std::string& server_identifier() const { return server_identifier_; }
  42     // The time the certificate was created, also the start of the certificate
  43     // validity period.
  44     base::Time creation_time() const { return creation_time_; }
  45     // The time after which this certificate is no longer valid.
  46     base::Time expiration_time() const { return expiration_time_; }
  47     // The encoding of the private key depends on the type.
  48     // rsa_sign: DER-encoded PrivateKeyInfo struct.
  49     // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct.
  50     const std::string& private_key() const { return private_key_; }
  51     // DER-encoded certificate.
  52     const std::string& cert() const { return cert_; }
  53
  54    private:
  55     std::string server_identifier_;
  56     base::Time creation_time_;
  57     base::Time expiration_time_;
  58     std::string private_key_;
  59     std::string cert_;
  60   };
  61
  62   typedef std::list<ServerBoundCert> ServerBoundCertList;
  63
  64   typedef base::Callback<void(
  65       int,
  66       const std::string&,
  67       base::Time,
  68       const std::string&,
  69       const std::string&)> GetCertCallback;
  70   typedef base::Callback<void(const ServerBoundCertList&)> GetCertListCallback;
  71
  72   virtual ~ServerBoundCertStore() {}
  73
  74   // GetServerBoundCert may return the result synchronously through the
  75   // output parameters, in which case it will return either OK if a cert is
  76   // found in the store, or ERR_FILE_NOT_FOUND if none is found.  If the
  77   // result cannot be returned synchronously, GetServerBoundCert will
  78   // return ERR_IO_PENDING and the callback will be called with the result
  79   // asynchronously.
  80   virtual int GetServerBoundCert(
  81       const std::string& server_identifier,
  82       base::Time* expiration_time,
  83       std::string* private_key_result,
  84       std::string* cert_result,
  85       const GetCertCallback& callback) = 0;
  86
  87   // Adds a server bound cert and the corresponding private key to the store.
  88   virtual void SetServerBoundCert(
  89       const std::string& server_identifier,
  90       base::Time creation_time,
  91       base::Time expiration_time,
  92       const std::string& private_key,
  93       const std::string& cert) = 0;
  94
  95   // Removes a server bound cert and the corresponding private key from the
  96   // store.
  97   virtual void DeleteServerBoundCert(
  98       const std::string& server_identifier,
  99       const base::Closure& completion_callback) = 0;
 100
 101   // Deletes all of the server bound certs that have a creation_date greater
 102   // than or equal to |delete_begin| and less than |delete_end|.  If a
 103   // base::Time value is_null, that side of the comparison is unbounded.
 104   virtual void DeleteAllCreatedBetween(
 105       base::Time delete_begin,
 106       base::Time delete_end,
 107       const base::Closure& completion_callback) = 0;
 108
 109   // Removes all server bound certs and the corresponding private keys from
 110   // the store.
 111   virtual void DeleteAll(const base::Closure& completion_callback) = 0;
 112
 113   // Returns all server bound certs and the corresponding private keys.
 114   virtual void GetAllServerBoundCerts(const GetCertListCallback& callback) = 0;
 115
 116   // Helper function that adds all certs from |list| into this instance.
 117   void InitializeFrom(const ServerBoundCertList& list);
 118
 119   // Returns the number of certs in the store.  May return 0 if the backing
 120   // store is not loaded yet.
 121   // Public only for unit testing.
 122   virtual int GetCertCount() = 0;
 123
 124   // When invoked, instructs the store to keep session related data on
 125   // destruction.
 126   virtual void SetForceKeepSessionState() = 0;
 127 };
 128
 129 }  // namespace net
 130
 131 #endif  // NET_SSL_SERVER_BOUND_CERT_STORE_H_