1 // Copyright 2021 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_WIN_H_ 6 #define NET_CERT_INTERNAL_TRUST_STORE_WIN_H_ 7 8 #include "base/memory/ptr_util.h" 9 #include "base/synchronization/lock.h" 10 #include "base/win/wincrypt_shim.h" 11 #include "crypto/scoped_capi_types.h" 12 #include "net/base/net_export.h" 13 #include "net/cert/pki/trust_store.h" 14 15 namespace net { 16 17 // TrustStoreWin is an implementation of TrustStore which uses the Windows cert 18 // systems to find user-added trust anchors for path building. It ignores the 19 // Windows builtin trust anchors. This TrustStore is thread-safe (we think). 20 // TODO(https://crbug.com/1239270): confirm this is thread safe. 21 class NET_EXPORT TrustStoreWin : public TrustStore { 22 public: 23 struct NET_EXPORT_PRIVATE CertStores { 24 ~CertStores(); 25 CertStores(CertStores&& other); 26 CertStores& operator=(CertStores&& other); 27 28 // Create a CertStores object with the stores initialized with (empty) 29 // CERT_STORE_PROV_COLLECTION stores. 30 static CertStores CreateWithCollections(); 31 32 // Create a CertStores object with the stores pre-initialized with 33 // in-memory cert stores for testing purposes. 34 static CertStores CreateInMemoryStoresForTesting(); 35 36 // Create a CertStores object with null cert store pointers for testing 37 // purposes. 38 static CertStores CreateNullStoresForTesting(); 39 40 // Returns true if any of the cert stores are not initialized. is_nullCertStores41 bool is_null() const { 42 return !roots.get() || !intermediates.get() || !trusted_people.get() || 43 !disallowed.get() || !all.get(); 44 } 45 46 crypto::ScopedHCERTSTORE roots; 47 crypto::ScopedHCERTSTORE intermediates; 48 crypto::ScopedHCERTSTORE trusted_people; 49 crypto::ScopedHCERTSTORE disallowed; 50 crypto::ScopedHCERTSTORE all; 51 52 private: 53 CertStores(); 54 55 void InitializeAllCertsStore(); 56 }; 57 58 // Creates a TrustStoreWin. 59 TrustStoreWin(); 60 61 ~TrustStoreWin() override; 62 TrustStoreWin(const TrustStoreWin& other) = delete; 63 TrustStoreWin& operator=(const TrustStoreWin& other) = delete; 64 65 // Creates a TrustStoreWin for testing, which will treat `root_cert_store` 66 // as if it's the source of truth for roots for `GetTrust, 67 // and `intermediate_cert_store` as an extra store (in addition to 68 // root_cert_store) for locating certificates during `SyncGetIssuersOf`. 69 static std::unique_ptr<TrustStoreWin> CreateForTesting(CertStores stores); 70 71 // Loads user settings from Windows CertStores. If there are errors, 72 // the underlyingTrustStoreWin object may not read all Windows 73 // CertStores when making trust decisions. 74 void InitializeStores(); 75 76 void SyncGetIssuersOf(const ParsedCertificate* cert, 77 ParsedCertificateList* issuers) override; 78 79 CertificateTrust GetTrust(const ParsedCertificate* cert, 80 base::SupportsUserData* debug_data) override; 81 82 private: 83 // Inner Impl class for use in initializing stores. 84 class Impl; 85 86 explicit TrustStoreWin(std::unique_ptr<Impl> impl); 87 88 // Loads user settings from Windows CertStores if not already done and 89 // returns pointer to the Impl. 90 Impl* MaybeInitializeAndGetImpl(); 91 92 base::Lock init_lock_; 93 std::unique_ptr<Impl> impl_ GUARDED_BY(init_lock_); 94 }; 95 96 } // namespace net 97 98 #endif // NET_CERT_INTERNAL_TRUST_STORE_WIN_H_ 99