1 // Copyright 2022 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_ANDROID_H_ 6 #define NET_CERT_INTERNAL_TRUST_STORE_ANDROID_H_ 7 8 #include <atomic> 9 10 #include "base/memory/ptr_util.h" 11 #include "base/memory/scoped_refptr.h" 12 #include "base/synchronization/lock.h" 13 #include "net/base/net_export.h" 14 #include "net/cert/cert_database.h" 15 #include "net/cert/internal/platform_trust_store.h" 16 #include "third_party/boringssl/src/pki/trust_store.h" 17 #include "third_party/boringssl/src/pki/trust_store_in_memory.h" 18 19 namespace net { 20 21 // TrustStoreAndroid is an implementation of bssl::TrustStore which uses the 22 // Android cert systems to find user-added trust anchors for path building. It 23 // ignores the Android builtin trust anchors. 24 class NET_EXPORT TrustStoreAndroid : public PlatformTrustStore, 25 public CertDatabase::Observer { 26 public: 27 TrustStoreAndroid(); 28 ~TrustStoreAndroid() override; 29 TrustStoreAndroid(const TrustStoreAndroid& other) = delete; 30 TrustStoreAndroid& operator=(const TrustStoreAndroid& other) = delete; 31 32 // Load user settings from Android. 33 void Initialize(); 34 35 // bssl::TrustStore: 36 void SyncGetIssuersOf(const bssl::ParsedCertificate* cert, 37 bssl::ParsedCertificateList* issuers) override; 38 bssl::CertificateTrust GetTrust(const bssl::ParsedCertificate* cert) override; 39 40 // net::PlatformTrustStore implementation: 41 std::vector<net::PlatformTrustStore::CertWithTrust> GetAllUserAddedCerts() 42 override; 43 44 // CertDatabase::Observer: 45 void OnTrustStoreChanged() override; 46 47 // Have this object start listening for CertDatabase changes. 48 // This function is not thread safe, and must be called from a sequence. 49 void ObserveCertDBChanges(); 50 51 private: 52 // Inner Impl class for use in initializing stores. 53 class Impl; 54 55 // Loads user settings from Windows CertStores if not already done and 56 // returns scoped_refptr<Impl>. 57 scoped_refptr<Impl> MaybeInitializeAndGetImpl(); 58 59 bool is_observing_certdb_changes_ 60 GUARDED_BY_CONTEXT(certdb_observer_sequence_checker_) = false; 61 SEQUENCE_CHECKER(certdb_observer_sequence_checker_); 62 63 base::Lock init_lock_; 64 scoped_refptr<Impl> impl_ GUARDED_BY(init_lock_); 65 // Generation number that is incremented whenever the backing Android trust 66 // store changes. 67 std::atomic_int generation_ = 0; 68 }; 69 70 } // namespace net 71 72 #endif // NET_CERT_INTERNAL_TRUST_STORE_ANDROID_H_ 73