File: cert_verifier.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (247 lines) | stat: -rw-r--r-- 10,398 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
 
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_CERT_VERIFIER_H_
#define NET_CERT_CERT_VERIFIER_H_

#include <memory>
#include <string>
#include <string_view>
#include <vector>

#include "base/memory/scoped_refptr.h"
#include "base/observer_list_types.h"
#include "net/base/completion_once_callback.h"
#include "net/base/hash_value.h"
#include "net/base/net_export.h"
#include "net/cert/cert_net_fetcher.h"
#include "net/cert/cert_verify_proc.h"
#include "net/cert/x509_certificate.h"

namespace net {

class CertVerifyResult;
class CertVerifierWithUpdatableProc;
class NetLogWithSource;

// CertVerifier represents a service for verifying certificates.
//
// CertVerifiers can handle multiple requests at a time.
class NET_EXPORT CertVerifier {
 public:
  class NET_EXPORT Observer : public base::CheckedObserver {
   public:
    // Called when the certificate verifier changes internal configuration.
    // Observers can use this method to invalidate caches that incorporate
    // previous trust decisions.
    //
    // This method will not be called on `CertVerifier::SetConfig`. It is
    // assumed that callers will know to clear their caches when calling the
    // function. https://crbug.com/1427326 tracks migrating `SetConfig` to this
    // mechanism.
    virtual void OnCertVerifierChanged() = 0;
  };

  struct NET_EXPORT Config {
    Config();
    Config(const Config&);
    Config(Config&&);
    ~Config();
    Config& operator=(const Config&);
    Config& operator=(Config&&);

    bool operator==(const Config& other) const = default;

    // Enable online revocation checking via CRLs and OCSP for the certificate
    // chain. Note that revocation checking is soft-fail.
    bool enable_rev_checking = false;

    // Enable online revocation checking via CRLs and OCSP for the certificate
    // chain if the constructed chain terminates in a locally-installed,
    // non-public trust anchor. A revocation error, such as a failure to
    // obtain fresh revocation information, is treated as a hard failure.
    bool require_rev_checking_local_anchors = false;

    // Enable support for SHA-1 signatures if the constructed chain terminates
    // in a locally-installed, non-public trust anchor.
    bool enable_sha1_local_anchors = false;
  };

  class Request {
   public:
    Request() = default;

    Request(const Request&) = delete;
    Request& operator=(const Request&) = delete;

    // Destruction of the Request cancels it.
    virtual ~Request() = default;
  };

  // LINT.IfChange(CertVerifier.VerifyFlags)
  enum VerifyFlags {
    // If set, actively overrides the current CertVerifier::Config to disable
    // dependent network fetches. This can be used to avoid triggering
    // re-entrancy in the network stack. For example, fetching a PAC script
    // over HTTPS may cause AIA, OCSP, or CRL fetches to block on retrieving
    // the PAC script, while the PAC script fetch is waiting for those
    // dependent fetches, creating a deadlock. When set, this flag prevents
    // those fetches from being started (best effort).
    // Note that cached information may still be used, if it can be accessed
    // without accessing the network.
    VERIFY_DISABLE_NETWORK_FETCHES = 1 << 0,

    // If set, Certificate Transparency requirements are evaluated in a
    // stricter fashion as required by Signed Exchanges. This only has effect
    // in implementations where CT is handled by chrome.
    VERIFY_SXG_CT_REQUIREMENTS = 1 << 1,

    VERIFY_FLAGS_LAST = VERIFY_SXG_CT_REQUIREMENTS
  };
  // LINT.ThenChange(/net/log/net_log_util.cc:CertVerifier.VerifyFlags)

  // Parameters to verify |certificate| against the supplied
  // |hostname| as an SSL server.
  //
  // |hostname| should be a canonicalized hostname (in A-Label form) or IP
  // address in string form, following the rules of a URL host portion. In
  // the case of |hostname| being a domain name, it may contain a trailing
  // dot (e.g. "example.com."), as used to signal to DNS not to perform
  // suffix search, and it will safely be ignored. If |hostname| is an IPv6
  // address, it MUST be in URL form - that is, surrounded in square
  // brackets, such as "[::1]".
  //
  // |flags| is a bitwise OR of VerifyFlags.
  //
  // |ocsp_response| is optional, but if non-empty, should contain an OCSP
  // response obtained via OCSP stapling. It may be ignored by the
  // CertVerifier.
  //
  // |sct_list| is optional, but if non-empty, should contain a
  // SignedCertificateTimestampList from the TLS extension as described in
  // RFC6962 section 3.3.1. It may be ignored by the CertVerifier.
  class NET_EXPORT RequestParams {
   public:
    RequestParams();
    RequestParams(scoped_refptr<X509Certificate> certificate,
                  std::string_view hostname,
                  int flags,
                  std::string_view ocsp_response,
                  std::string_view sct_list);
    RequestParams(const RequestParams& other);
    ~RequestParams();

    const scoped_refptr<X509Certificate>& certificate() const {
      return certificate_;
    }
    const std::string& hostname() const { return hostname_; }
    int flags() const { return flags_; }
    const std::string& ocsp_response() const { return ocsp_response_; }
    const std::string& sct_list() const { return sct_list_; }

    bool operator==(const RequestParams& other) const;
    bool operator<(const RequestParams& other) const;

   private:
    scoped_refptr<X509Certificate> certificate_;
    std::string hostname_;
    int flags_;
    std::string ocsp_response_;
    std::string sct_list_;

    // Used to optimize sorting/indexing comparisons.
    std::string key_;
  };

  // When the verifier is destroyed, all certificate verification requests are
  // canceled, and their completion callbacks will not be called.
  virtual ~CertVerifier() = default;

  // Verifies the given certificate against the given hostname as an SSL server.
  // Returns OK if successful or an error code upon failure.
  //
  // The |*verify_result| structure, including the |verify_result->cert_status|
  // bitmask and |verify_result->verified_cert|, is always filled out regardless
  // of the return value. If the certificate has multiple errors, the
  // corresponding status flags are set in |verify_result->cert_status|, and the
  // error code for the most serious error is returned.
  //
  // |callback| must not be null. ERR_IO_PENDING is returned if the operation
  // could not be completed synchronously, in which case the result code will
  // be passed to the callback when available.
  //
  // |*out_req| is used to store a request handle in the event of asynchronous
  // completion (when Verify returns ERR_IO_PENDING). Provided that neither
  // the CertVerifier nor the Request have been deleted, |callback| will be
  // invoked once the underlying verification finishes. If either the
  // CertVerifier or the Request are deleted, then |callback| will be Reset()
  // and will not be invoked. It is fine for |out_req| to outlive the
  // CertVerifier, and it is fine to reset |out_req| or delete the
  // CertVerifier during the processing of |callback|.
  //
  // If Verify() completes synchronously then |out_req| *may* be reset to
  // nullptr. However it is not guaranteed that all implementations will reset
  // it in this case.
  virtual int Verify(const RequestParams& params,
                     CertVerifyResult* verify_result,
                     CompletionOnceCallback callback,
                     std::unique_ptr<Request>* out_req,
                     const NetLogWithSource& net_log) = 0;

  // Verifies that `binding` is a valid 2-QWAC binding for `hostname` and
  // `tls_cert`. On success, callback will be called asynchronously with the
  // verified 2-QWAC certificate chain. Otherwise the callback will be called
  // with nullptr. The callback might be run even after the CertVerifier is
  // destroyed.
  virtual void Verify2QwacBinding(
      const std::string& binding,
      const std::string& hostname,
      const scoped_refptr<X509Certificate>& tls_cert,
      base::OnceCallback<void(const scoped_refptr<X509Certificate>&)> callback,
      const NetLogWithSource& net_log) = 0;

  // Sets the configuration for new certificate verifications to be |config|.
  // Any in-progress verifications (i.e. those with outstanding Request
  // handles) will continue using the old configuration. This may be called
  // throughout the CertVerifier's lifetime in response to configuration
  // changes from embedders.
  // Note: As configuration changes will replace any existing configuration,
  // this should only be called by the logical 'owner' of this CertVerifier.
  // Callers should NOT attempt to change configuration for single calls, and
  // should NOT attempt to change configuration for CertVerifiers they do not
  // explicitly manage.
  virtual void SetConfig(const Config& config) = 0;

  // Add an observer to be notified when the CertVerifier has changed.
  // RemoveObserver() must be called before |observer| is destroyed.
  virtual void AddObserver(Observer* observer) = 0;

  // Remove an observer added with AddObserver().
  virtual void RemoveObserver(Observer* observer) = 0;

  // Creates a CertVerifier implementation that verifies certificates using
  // the preferred underlying cryptographic libraries.  |cert_net_fetcher| may
  // not be used, depending on the platform.
  static std::unique_ptr<CertVerifierWithUpdatableProc>
  CreateDefaultWithoutCaching(scoped_refptr<CertNetFetcher> cert_net_fetcher);

  // Wraps the result of |CreateDefaultWithoutCaching| in a CachingCertVerifier
  // and a CoalescingCertVerifier.
  static std::unique_ptr<CertVerifier> CreateDefault(
      scoped_refptr<CertNetFetcher> cert_net_fetcher);
};

// A CertVerifier that can update its CertVerifyProc while it is running.
class NET_EXPORT CertVerifierWithUpdatableProc : public CertVerifier {
 public:
  // Update the CertVerifyProc with a new set of parameters.
  virtual void UpdateVerifyProcData(
      scoped_refptr<CertNetFetcher> cert_net_fetcher,
      const net::CertVerifyProc::ImplParams& impl_params,
      const net::CertVerifyProc::InstanceParams& instance_params) = 0;
};

}  // namespace net

#endif  // NET_CERT_CERT_VERIFIER_H_