File: nss_cert_database_chromeos.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (76 lines) | stat: -rw-r--r-- 2,922 bytes parent folder | download | duplicates (11) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
#define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_

#include "base/functional/callback.h"
#include "base/memory/weak_ptr.h"
#include "crypto/scoped_nss_types.h"
#include "net/base/net_export.h"
#include "net/cert/nss_cert_database.h"
#include "net/cert/nss_profile_filter_chromeos.h"

namespace net {

class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
 public:
  NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
                          crypto::ScopedPK11Slot private_slot);

  NSSCertDatabaseChromeOS(const NSSCertDatabaseChromeOS&) = delete;
  NSSCertDatabaseChromeOS& operator=(const NSSCertDatabaseChromeOS&) = delete;

  ~NSSCertDatabaseChromeOS() override;

  // |system_slot| is the system TPM slot, which is only enabled for certain
  // users.
  void SetSystemSlot(crypto::ScopedPK11Slot system_slot);

  // NSSCertDatabase implementation.
  void ListCerts(NSSCertDatabase::ListCertsCallback callback) override;

  // Uses NSSCertDatabase implementation and adds additional Chrome OS specific
  // certificate information.
  void ListCertsInfo(ListCertsInfoCallback callback,
                     NSSRootsHandling nss_roots_handling) override;

  crypto::ScopedPK11Slot GetSystemSlot() const override;

  void ListModules(std::vector<crypto::ScopedPK11Slot>* modules,
                   bool need_rw) const override;
  bool SetCertTrust(CERTCertificate* cert,
                    CertType type,
                    TrustBits trust_bits) override;

  // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
  // in multiple slots.
  // TODO(mattm): handle trust setting correctly for certs in read-only slots.

 private:
  // Certificate listing implementation used by |ListCerts|.
  // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
  // is additionally filtered by |profile_filter|.
  // Static so it may safely be used on the worker thread.
  static ScopedCERTCertificateList ListCertsImpl(
      const NSSProfileFilterChromeOS& profile_filter);

  // Certificate information listing implementation used by |ListCertsInfo|.
  // The certificate list normally returned by
  // NSSCertDatabase::ListCertsInfoImpl is additionally filtered by
  // |profile_filter|. Also additional Chrome OS specific information is added.
  // Static so it may safely be used on the worker thread.
  static CertInfoList ListCertsInfoImpl(
      const NSSProfileFilterChromeOS& profile_filter,
      crypto::ScopedPK11Slot system_slot,
      bool add_certs_info,
      NSSRootsHandling nss_roots_handling);

  NSSProfileFilterChromeOS profile_filter_;
  crypto::ScopedPK11Slot system_slot_;
};

}  // namespace net

#endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_