1 // Copyright 2012 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_CERT_DATABASE_H_ 6 #define NET_CERT_CERT_DATABASE_H_ 7 8 #include "base/memory/scoped_refptr.h" 9 #include "base/no_destructor.h" 10 #include "base/observer_list_threadsafe.h" 11 #include "build/build_config.h" 12 #include "net/base/net_export.h" 13 14 namespace net { 15 16 // This class allows callers to observe changes to the underlying certificate 17 // stores. 18 // 19 // TODO(davidben): This class is really just a giant global ObserverList. It 20 // does not do anything with the platform certificate and, in principle, //net's 21 // dependency on the platform is abstracted behind the CertVerifier and 22 // ClientCertStore interfaces. Ideally these signals would originate out of 23 // those interfaces' platform implementations. 24 25 class NET_EXPORT CertDatabase { 26 public: 27 // A CertDatabase::Observer will be notified on certificate database changes. 28 // The change could be either a user certificate is added/removed or trust on 29 // a certificate is changed. Observers can be registered via 30 // CertDatabase::AddObserver, and can un-register with 31 // CertDatabase::RemoveObserver. 32 class NET_EXPORT Observer { 33 public: 34 Observer(const Observer&) = delete; 35 Observer& operator=(const Observer&) = delete; 36 37 virtual ~Observer() = default; 38 39 // Called whenever the Cert Database is known to have changed. 40 // Typically, this will be in response to a CA certificate being added, 41 // removed, or its trust changed. OnTrustStoreChanged()42 virtual void OnTrustStoreChanged() {} 43 44 // Called when a potential change to client certificates is detected. (Some 45 // platforms don't provide precise notifications and this may be notified 46 // on unrelated changes.) OnClientCertStoreChanged()47 virtual void OnClientCertStoreChanged() {} 48 49 protected: 50 Observer() = default; 51 }; 52 53 // These values are persisted to logs. Entries should not be renumbered and 54 // numeric values should never be reused. 55 enum class HistogramNotificationType { 56 kTrust = 0, 57 kClientCert = 1, 58 kMaxValue = kClientCert 59 }; 60 61 ~CertDatabase() = delete; 62 63 // Returns the CertDatabase singleton. 64 static CertDatabase* GetInstance(); 65 66 CertDatabase(const CertDatabase&) = delete; 67 CertDatabase& operator=(const CertDatabase&) = delete; 68 69 // Registers |observer| to receive notifications of certificate changes. The 70 // thread on which this is called is the thread on which |observer| will be 71 // called back with notifications. 72 void AddObserver(Observer* observer); 73 74 // Unregisters |observer| from receiving notifications. This must be called 75 // on the same thread on which AddObserver() was called. 76 void RemoveObserver(Observer* observer); 77 78 #if BUILDFLAG(IS_MAC) 79 // Start observing and forwarding events from Keychain services. May be 80 // called multiple times, and may be called on any thread. 81 static void StartListeningForKeychainEvents(); 82 #endif 83 84 // Synthetically injects notifications to all observers. In general, this 85 // should only be called by the creator of the CertDatabase. Used to inject 86 // notifications from other DB interfaces. 87 void NotifyObserversTrustStoreChanged(); 88 void NotifyObserversClientCertStoreChanged(); 89 90 private: 91 friend base::NoDestructor<CertDatabase>; 92 93 CertDatabase(); 94 95 const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_; 96 }; 97 98 } // namespace net 99 100 #endif // NET_CERT_CERT_DATABASE_H_ 101