• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_NSS_CERT_DATABASE_H_
6 #define NET_CERT_NSS_CERT_DATABASE_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include "base/basictypes.h"
12 #include "base/callback_forward.h"
13 #include "base/memory/ref_counted.h"
14 #include "base/memory/weak_ptr.h"
15 #include "base/strings/string16.h"
16 #include "crypto/scoped_nss_types.h"
17 #include "net/base/net_errors.h"
18 #include "net/base/net_export.h"
19 #include "net/cert/cert_type.h"
20 #include "net/cert/x509_certificate.h"
21 
22 namespace base {
23 class TaskRunner;
24 }
25 template <class ObserverType> class ObserverListThreadSafe;
26 
27 namespace net {
28 
29 class CryptoModule;
30 typedef std::vector<scoped_refptr<CryptoModule> > CryptoModuleList;
31 
32 // Provides functions to manipulate the NSS certificate stores.
33 // Forwards notifications about certificate changes to the global CertDatabase
34 // singleton.
35 class NET_EXPORT NSSCertDatabase {
36  public:
37   class NET_EXPORT Observer {
38    public:
~Observer()39     virtual ~Observer() {}
40 
41     // Will be called when a new certificate is added.
42     // Called with |cert| == NULL after importing a list of certificates
43     // in ImportFromPKCS12().
OnCertAdded(const X509Certificate * cert)44     virtual void OnCertAdded(const X509Certificate* cert) {}
45 
46     // Will be called when a certificate is removed.
OnCertRemoved(const X509Certificate * cert)47     virtual void OnCertRemoved(const X509Certificate* cert) {}
48 
49     // Will be called when a CA certificate is changed.
50     // Called with |cert| == NULL after importing a list of certificates
51     // in ImportCACerts().
OnCACertChanged(const X509Certificate * cert)52     virtual void OnCACertChanged(const X509Certificate* cert) {}
53 
54    protected:
Observer()55     Observer() {}
56 
57    private:
58     DISALLOW_COPY_AND_ASSIGN(Observer);
59   };
60 
61   // Stores per-certificate error codes for import failures.
62   struct NET_EXPORT ImportCertFailure {
63    public:
64     ImportCertFailure(const scoped_refptr<X509Certificate>& cert, int err);
65     ~ImportCertFailure();
66 
67     scoped_refptr<X509Certificate> certificate;
68     int net_error;
69   };
70   typedef std::vector<ImportCertFailure> ImportCertFailureList;
71 
72   // Constants that define which usages a certificate is trusted for.
73   // They are used in combination with CertType to specify trust for each type
74   // of certificate.
75   // For a CA_CERT, they specify that the CA is trusted for issuing server and
76   // client certs of each type.
77   // For SERVER_CERT, only TRUSTED_SSL makes sense, and specifies the cert is
78   // trusted as a server.
79   // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
80   // trusted for email.
81   // DISTRUSTED_* specifies that the cert should not be trusted for the given
82   // usage, regardless of whether it would otherwise inherit trust from the
83   // issuer chain.
84   // Use TRUST_DEFAULT to inherit trust as normal.
85   // NOTE: The actual constants are defined using an enum instead of static
86   // consts due to compilation/linkage constraints with template functions.
87   typedef uint32 TrustBits;
88   enum {
89     TRUST_DEFAULT         =      0,
90     TRUSTED_SSL           = 1 << 0,
91     TRUSTED_EMAIL         = 1 << 1,
92     TRUSTED_OBJ_SIGN      = 1 << 2,
93     DISTRUSTED_SSL        = 1 << 3,
94     DISTRUSTED_EMAIL      = 1 << 4,
95     DISTRUSTED_OBJ_SIGN   = 1 << 5,
96   };
97 
98   typedef base::Callback<void(scoped_ptr<CertificateList> certs)>
99       ListCertsCallback;
100 
101   typedef base::Callback<void(bool)> DeleteCertCallback;
102 
103   // Creates a NSSCertDatabase that will store public information (such as
104   // certificates and trust records) in |public_slot|, and private information
105   // (such as keys) in |private_slot|.
106   // In general, code should avoid creating an NSSCertDatabase directly,
107   // as doing so requires making opinionated decisions about where to store
108   // data, and instead prefer to be passed an existing NSSCertDatabase
109   // instance.
110   // |public_slot| must not be NULL, |private_slot| can be NULL. Both slots can
111   // be identical.
112   NSSCertDatabase(crypto::ScopedPK11Slot public_slot,
113                   crypto::ScopedPK11Slot private_slot);
114   virtual ~NSSCertDatabase();
115 
116   // Get a list of unique certificates in the certificate database (one
117   // instance of all certificates).
118   // DEPRECATED by |ListCerts|. See http://crbug.com/340460.
119   virtual void ListCertsSync(CertificateList* certs);
120 
121   // Asynchronously get a list of unique certificates in the certificate
122   // database (one instance of all certificates). Note that the callback may be
123   // run even after the database is deleted.
124   virtual void ListCerts(const ListCertsCallback& callback);
125 
126   // Get a list of certificates in the certificate database of the given slot.
127   // Note that the callback may be run even after the database is deleted.
128   // Must be called on the IO thread and it calls |callback| on the IO thread.
129   // This does not block by retrieving the certs asynchronously on a worker
130   // thread. Never calls |callback| synchronously.
131   virtual void ListCertsInSlot(const ListCertsCallback& callback,
132                                PK11SlotInfo* slot);
133 
134 #if defined(OS_CHROMEOS)
135   // Get the slot for system-wide key data. May be NULL if the system token was
136   // not explicitly set.
137   // Note: The System slot is set after the NSSCertDatabase is constructed and
138   // this call returns synchronously. Thus, it is possible to call this function
139   // before SetSystemSlot is called and get a NULL result.
140   // See https://crbug.com/399554 .
141   virtual crypto::ScopedPK11Slot GetSystemSlot() const;
142 #endif
143 
144   // Get the default slot for public key data.
145   crypto::ScopedPK11Slot GetPublicSlot() const;
146 
147   // Get the default slot for private key or mixed private/public key data.
148   // Can return NULL.
149   crypto::ScopedPK11Slot GetPrivateSlot() const;
150 
151   // Get the default module for public key data.
152   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
153   // DEPRECATED: use GetPublicSlot instead.
154   // TODO(mattm): remove usage of this method and remove it.
155   CryptoModule* GetPublicModule() const;
156 
157   // Get the default module for private key or mixed private/public key data.
158   // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
159   // DEPRECATED: use GetPrivateSlot instead.
160   // TODO(mattm): remove usage of this method and remove it.
161   CryptoModule* GetPrivateModule() const;
162 
163   // Get all modules.
164   // If |need_rw| is true, only writable modules will be returned.
165   // TODO(mattm): come up with better alternative to CryptoModuleList.
166   virtual void ListModules(CryptoModuleList* modules, bool need_rw) const;
167 
168   // Import certificates and private keys from PKCS #12 blob into the module.
169   // If |is_extractable| is false, mark the private key as being unextractable
170   // from the module.
171   // Returns OK or a network error code such as ERR_PKCS12_IMPORT_BAD_PASSWORD
172   // or ERR_PKCS12_IMPORT_ERROR. |imported_certs|, if non-NULL, returns a list
173   // of certs that were imported.
174   int ImportFromPKCS12(CryptoModule* module,
175                        const std::string& data,
176                        const base::string16& password,
177                        bool is_extractable,
178                        CertificateList* imported_certs);
179 
180   // Export the given certificates and private keys into a PKCS #12 blob,
181   // storing into |output|.
182   // Returns the number of certificates successfully exported.
183   int ExportToPKCS12(const CertificateList& certs,
184                      const base::string16& password,
185                      std::string* output) const;
186 
187   // Uses similar logic to nsNSSCertificateDB::handleCACertDownload to find the
188   // root.  Assumes the list is an ordered hierarchy with the root being either
189   // the first or last element.
190   // TODO(mattm): improve this to handle any order.
191   X509Certificate* FindRootInList(const CertificateList& certificates) const;
192 
193   // Import CA certificates.
194   // Tries to import all the certificates given.  The root will be trusted
195   // according to |trust_bits|.  Any certificates that could not be imported
196   // will be listed in |not_imported|.
197   // Returns false if there is an internal error, otherwise true is returned and
198   // |not_imported| should be checked for any certificates that were not
199   // imported.
200   bool ImportCACerts(const CertificateList& certificates,
201                      TrustBits trust_bits,
202                      ImportCertFailureList* not_imported);
203 
204   // Import server certificate.  The first cert should be the server cert.  Any
205   // additional certs should be intermediate/CA certs and will be imported but
206   // not given any trust.
207   // Any certificates that could not be imported will be listed in
208   // |not_imported|.
209   // |trust_bits| can be set to explicitly trust or distrust the certificate, or
210   // use TRUST_DEFAULT to inherit trust as normal.
211   // Returns false if there is an internal error, otherwise true is returned and
212   // |not_imported| should be checked for any certificates that were not
213   // imported.
214   bool ImportServerCert(const CertificateList& certificates,
215                         TrustBits trust_bits,
216                         ImportCertFailureList* not_imported);
217 
218   // Get trust bits for certificate.
219   TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
220 
221   // IsUntrusted returns true if |cert| is specifically untrusted. These
222   // certificates are stored in the database for the specific purpose of
223   // rejecting them.
224   bool IsUntrusted(const X509Certificate* cert) const;
225 
226   // Set trust values for certificate.
227   // Returns true on success or false on failure.
228   bool SetCertTrust(const X509Certificate* cert,
229                     CertType type,
230                     TrustBits trust_bits);
231 
232   // Delete certificate and associated private key (if one exists).
233   // |cert| is still valid when this function returns. Returns true on
234   // success.
235   bool DeleteCertAndKey(X509Certificate* cert);
236 
237   // Like DeleteCertAndKey but does not block by running the removal on a worker
238   // thread. This must be called on IO thread and it will run |callback| on IO
239   // thread. Never calls |callback| synchronously.
240   void DeleteCertAndKeyAsync(const scoped_refptr<X509Certificate>& cert,
241                              const DeleteCertCallback& callback);
242 
243   // Check whether cert is stored in a readonly slot.
244   bool IsReadOnly(const X509Certificate* cert) const;
245 
246   // Check whether cert is stored in a hardware slot.
247   bool IsHardwareBacked(const X509Certificate* cert) const;
248 
249   // Overrides task runner that's used for running slow tasks.
250   void SetSlowTaskRunnerForTest(
251       const scoped_refptr<base::TaskRunner>& task_runner);
252 
253  protected:
254   // Certificate listing implementation used by |ListCerts*| and
255   // |ListCertsSync|. Static so it may safely be used on the worker thread.
256   // If |slot| is NULL, obtains the certs of all slots, otherwise only of
257   // |slot|.
258   static void ListCertsImpl(crypto::ScopedPK11Slot slot,
259                             CertificateList* certs);
260 
261   // Gets task runner that should be used for slow tasks like certificate
262   // listing. Defaults to a base::WorkerPool runner, but may be overriden
263   // in tests (see SetSlowTaskRunnerForTest).
264   scoped_refptr<base::TaskRunner> GetSlowTaskRunner() const;
265 
266  private:
267   // Registers |observer| to receive notifications of certificate changes.  The
268   // thread on which this is called is the thread on which |observer| will be
269   // called back with notifications.
270   // NOTE: Observers registered here will only receive notifications generated
271   // directly through the NSSCertDatabase, but not those from the CertDatabase.
272   // CertDatabase observers will receive all certificate notifications.
273   void AddObserver(Observer* observer);
274 
275   // Unregisters |observer| from receiving notifications.  This must be called
276   // on the same thread on which AddObserver() was called.
277   void RemoveObserver(Observer* observer);
278 
279   // Notifies observers of the removal of |cert| and calls |callback| with
280   // |success| as argument.
281   void NotifyCertRemovalAndCallBack(scoped_refptr<X509Certificate> cert,
282                                     const DeleteCertCallback& callback,
283                                     bool success);
284 
285   // Broadcasts notifications to all registered observers.
286   void NotifyObserversOfCertAdded(const X509Certificate* cert);
287   void NotifyObserversOfCertRemoved(const X509Certificate* cert);
288   void NotifyObserversOfCACertChanged(const X509Certificate* cert);
289 
290   // Certificate removal implementation used by |DeleteCertAndKey*|. Static so
291   // it may safely be used on the worker thread.
292   static bool DeleteCertAndKeyImpl(scoped_refptr<X509Certificate> cert);
293 
294   crypto::ScopedPK11Slot public_slot_;
295   crypto::ScopedPK11Slot private_slot_;
296 
297   // A helper observer that forwards events from this database to CertDatabase.
298   scoped_ptr<Observer> cert_notification_forwarder_;
299 
300   // Task runner that should be used in tests if set.
301   scoped_refptr<base::TaskRunner> slow_task_runner_for_test_;
302 
303   const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
304 
305   base::WeakPtrFactory<NSSCertDatabase> weak_factory_;
306 
307   DISALLOW_COPY_AND_ASSIGN(NSSCertDatabase);
308 };
309 
310 }  // namespace net
311 
312 #endif  // NET_CERT_NSS_CERT_DATABASE_H_
313