1 // Copyright 2021 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_CHROME_H_ 6 #define NET_CERT_INTERNAL_TRUST_STORE_CHROME_H_ 7 8 #include "base/containers/span.h" 9 #include "net/base/net_export.h" 10 #include "net/cert/pki/trust_store.h" 11 #include "net/cert/pki/trust_store_in_memory.h" 12 #include "net/cert/root_store_proto_lite/root_store.pb.h" 13 #include "third_party/abseil-cpp/absl/types/optional.h" 14 15 namespace net { 16 17 struct ChromeRootCertInfo { 18 base::span<const uint8_t> root_cert_der; 19 }; 20 21 // ChromeRootStoreData is a container class that stores all of the Chrome Root 22 // Store data in a single class. 23 class NET_EXPORT ChromeRootStoreData { 24 public: 25 // CreateChromeRootStoreData converts |proto| into a usable 26 // ChromeRootStoreData object. Returns absl::nullopt if the passed in 27 // proto has errors in it (e.g. an unparsable DER-encoded certificate). 28 static absl::optional<ChromeRootStoreData> CreateChromeRootStoreData( 29 const chrome_root_store::RootStore& proto); 30 ~ChromeRootStoreData(); 31 32 ChromeRootStoreData(const ChromeRootStoreData& other); 33 ChromeRootStoreData(ChromeRootStoreData&& other); 34 ChromeRootStoreData& operator=(const ChromeRootStoreData& other); 35 ChromeRootStoreData& operator=(ChromeRootStoreData&& other); 36 anchors()37 const ParsedCertificateList anchors() const { return anchors_; } version()38 int64_t version() const { return version_; } 39 40 private: 41 ChromeRootStoreData(); 42 43 ParsedCertificateList anchors_; 44 int64_t version_; 45 }; 46 47 // TrustStoreChrome contains the Chrome Root Store, as described at 48 // https://g.co/chrome/root-policy 49 class NET_EXPORT TrustStoreChrome : public TrustStore { 50 public: 51 // Creates a TrustStoreChrome that uses a copy of `certs`, instead of the 52 // default Chrome Root Store. 53 static std::unique_ptr<TrustStoreChrome> CreateTrustStoreForTesting( 54 base::span<const ChromeRootCertInfo> certs, 55 int64_t version); 56 57 // Creates a TrustStoreChrome that uses the compiled in Chrome Root Store. 58 TrustStoreChrome(); 59 60 // Creates a TrustStoreChrome that uses the passed in anchors as 61 // the contents of the Chrome Root Store. 62 TrustStoreChrome(const ChromeRootStoreData& anchors); 63 ~TrustStoreChrome() override; 64 65 TrustStoreChrome(const TrustStoreChrome& other) = delete; 66 TrustStoreChrome& operator=(const TrustStoreChrome& other) = delete; 67 68 // TrustStore implementation: 69 void SyncGetIssuersOf(const ParsedCertificate* cert, 70 ParsedCertificateList* issuers) override; 71 CertificateTrust GetTrust(const ParsedCertificate* cert, 72 base::SupportsUserData* debug_data) override; 73 74 // Returns true if the trust store contains the given ParsedCertificate 75 // (matches by DER). 76 bool Contains(const ParsedCertificate* cert) const; 77 version()78 int64_t version() const { return version_; } 79 80 private: 81 TrustStoreChrome(base::span<const ChromeRootCertInfo> certs, 82 bool certs_are_static, 83 int64_t version); 84 TrustStoreInMemory trust_store_; 85 int64_t version_; 86 }; 87 88 // Returns the version # of the Chrome Root Store that was compiled into the 89 // binary. 90 NET_EXPORT int64_t CompiledChromeRootStoreVersion(); 91 92 // Returns the anchors of the Chrome Root Store that were compiled into the 93 // binary. 94 NET_EXPORT ParsedCertificateList CompiledChromeRootStoreAnchors(); 95 96 } // namespace net 97 98 #endif // NET_CERT_INTERNAL_TRUST_STORE_CHROME_H_ 99