• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_BASE_TEST_ROOT_CERTS_H_
6 #define NET_BASE_TEST_ROOT_CERTS_H_
7 #pragma once
8 
9 #include "base/lazy_instance.h"
10 #include "build/build_config.h"
11 
12 #if defined(OS_WIN)
13 #include <windows.h>
14 #include <wincrypt.h>
15 #elif defined(OS_MACOSX)
16 #include <CoreFoundation/CFArray.h>
17 #include <Security/SecTrust.h>
18 #include "base/mac/scoped_cftyperef.h"
19 #elif defined(USE_NSS)
20 #include <list>
21 #endif
22 
23 class FilePath;
24 
25 namespace net {
26 
27 class X509Certificate;
28 
29 // TestRootCerts is a helper class for unit tests that is used to
30 // artificially mark a certificate as trusted, independent of the local
31 // machine configuration.
32 class TestRootCerts {
33  public:
34   // Obtains the Singleton instance to the trusted certificates.
35   static TestRootCerts* GetInstance();
36 
37   // Returns true if an instance exists, without forcing an initialization.
38   static bool HasInstance();
39 
40   // Marks |certificate| as trusted for X509Certificate::Verify(). Returns
41   // false if the certificate could not be marked trusted.
42   bool Add(X509Certificate* certificate);
43 
44   // Reads a single certificate from |file| and marks it as trusted. Returns
45   // false if an error is encountered, such as being unable to read |file|
46   // or more than one certificate existing in |file|.
47   bool AddFromFile(const FilePath& file);
48 
49   // Clears the trusted status of any certificates that were previously
50   // marked trusted via Add().
51   void Clear();
52 
53   // Returns true if there are no certificates that have been marked trusted.
54   bool IsEmpty() const;
55 
56 #if defined(OS_MACOSX)
temporary_roots()57   CFArrayRef temporary_roots() const { return temporary_roots_; }
58 
59   // Modifies the root certificates of |trust_ref| to include the
60   // certificates stored in |temporary_roots_|. If IsEmpty() is true, this
61   // does not modify |trust_ref|.
62   OSStatus FixupSecTrustRef(SecTrustRef trust_ref) const;
63 #elif defined(OS_WIN)
temporary_roots()64   HCERTSTORE temporary_roots() const { return temporary_roots_; }
65 
66   // Returns an HCERTCHAINENGINE suitable to be used for certificate
67   // validation routines, or NULL to indicate that the default system chain
68   // engine is appropriate. The caller is responsible for freeing the
69   // returned HCERTCHAINENGINE.
70   HCERTCHAINENGINE GetChainEngine() const;
71 #endif
72 
73  private:
74   friend struct base::DefaultLazyInstanceTraits<TestRootCerts>;
75 
76   TestRootCerts();
77   ~TestRootCerts();
78 
79   // Performs platform-dependent initialization.
80   void Init();
81 
82 #if defined(OS_MACOSX)
83   base::mac::ScopedCFTypeRef<CFMutableArrayRef> temporary_roots_;
84 #elif defined(OS_WIN)
85   HCERTSTORE temporary_roots_;
86 #elif defined(USE_NSS)
87   // It is necessary to maintain a cache of the original certificate trust
88   // settings, in order to restore them when Clear() is called.
89   class TrustEntry;
90   std::list<TrustEntry*> trust_cache_;
91 #endif
92 
93 #if defined(OS_WIN) || defined(USE_OPENSSL)
94   // True if there are no temporarily trusted root certificates.
95   bool empty_;
96 #endif
97 
98   DISALLOW_COPY_AND_ASSIGN(TestRootCerts);
99 };
100 
101 }  // namespace net
102 
103 #endif  // NET_BASE_TEST_ROOT_CERTS_H_
104