xref: /aosp_15_r20/external/cronet/net/cert/internal/trust_store_features.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2023 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_
6 #define NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_
7 
8 #include "base/feature_list.h"
9 #include "net/base/net_export.h"
10 
11 namespace net {
12 
13 // Returns true when platform bssl::TrustStore implementations should enforce
14 // constraints encoded into X.509 certificate trust anchors.
15 // When disabled, platform bssl::TrustStore implementations will not enforce
16 // anchor constraints (other than expiry). Has no effect if using a platform
17 // CertVerifyProc implementation.
18 // TODO(https://crbug.com/1406103): remove this a few milestones after the
19 // trust anchor constraints enforcement has been launched on all relevant
20 // platforms.
21 // Should only be called after base::Features have been resolved. Note that
22 // using ScopedFeatureList to override this won't work properly in unittests,
23 // use ScopedLocalAnchorConstraintsEnforcementForTesting instead. Using
24 // ScopedFeatureList in browser_tests is fine.
25 // It is safe to call this function on any thread.
26 NET_EXPORT bool IsLocalAnchorConstraintsEnforcementEnabled();
27 
28 // Override the feature flag. Don't call this without consulting
29 // net/cert/OWNERS.
30 // It is safe to call this function on any thread.
31 NET_EXPORT void SetLocalAnchorConstraintsEnforcementEnabled(bool enabled);
32 
33 // Temporarily change the SetLocalAnchorConstraintsEnforcementEnabled value,
34 // resetting to the original value when destructed.
35 class NET_EXPORT ScopedLocalAnchorConstraintsEnforcementForTesting {
36  public:
ScopedLocalAnchorConstraintsEnforcementForTesting(bool enabled)37   explicit ScopedLocalAnchorConstraintsEnforcementForTesting(bool enabled)
38       : previous_value_(IsLocalAnchorConstraintsEnforcementEnabled()) {
39     SetLocalAnchorConstraintsEnforcementEnabled(enabled);
40   }
41 
~ScopedLocalAnchorConstraintsEnforcementForTesting()42   ~ScopedLocalAnchorConstraintsEnforcementForTesting() {
43     SetLocalAnchorConstraintsEnforcementEnabled(previous_value_);
44   }
45 
46  private:
47   const bool previous_value_;
48 };
49 
50 namespace features {
51 
52 // Most code should not check this feature flag directly, instead use
53 // IsLocalAnchorConstraintsEnforcementEnabled().
54 NET_EXPORT BASE_DECLARE_FEATURE(kEnforceLocalAnchorConstraints);
55 
56 }  // namespace features
57 
58 }  // namespace net
59 
60 #endif  // NET_CERT_INTERNAL_TRUST_STORE_FEATURES_H_
61