xref: /aosp_15_r20/external/cronet/net/cert/internal/trust_store_android.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2022 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_INTERNAL_TRUST_STORE_ANDROID_H_
6 #define NET_CERT_INTERNAL_TRUST_STORE_ANDROID_H_
7 
8 #include <atomic>
9 
10 #include "base/memory/ptr_util.h"
11 #include "base/memory/scoped_refptr.h"
12 #include "base/synchronization/lock.h"
13 #include "net/base/net_export.h"
14 #include "net/cert/cert_database.h"
15 #include "third_party/boringssl/src/pki/trust_store.h"
16 #include "third_party/boringssl/src/pki/trust_store_in_memory.h"
17 
18 namespace net {
19 
20 // TrustStoreAndroid is an implementation of bssl::TrustStore which uses the
21 // Android cert systems to find user-added trust anchors for path building. It
22 // ignores the Android builtin trust anchors.
23 class NET_EXPORT TrustStoreAndroid : public bssl::TrustStore,
24                                      public CertDatabase::Observer {
25  public:
26   TrustStoreAndroid();
27   ~TrustStoreAndroid() override;
28   TrustStoreAndroid(const TrustStoreAndroid& other) = delete;
29   TrustStoreAndroid& operator=(const TrustStoreAndroid& other) = delete;
30 
31   // Load user settings from Android.
32   void Initialize();
33 
34   // bssl::TrustStore:
35   void SyncGetIssuersOf(const bssl::ParsedCertificate* cert,
36                         bssl::ParsedCertificateList* issuers) override;
37   bssl::CertificateTrust GetTrust(const bssl::ParsedCertificate* cert) override;
38 
39   // CertDatabase::Observer:
40   void OnTrustStoreChanged() override;
41 
42   // Have this object start listening for CertDatabase changes.
43   // This function is not thread safe, and must be called from a sequence.
44   void ObserveCertDBChanges();
45 
46  private:
47   // Inner Impl class for use in initializing stores.
48   class Impl;
49 
50   // Loads user settings from Windows CertStores if not already done and
51   // returns scoped_refptr<Impl>.
52   scoped_refptr<Impl> MaybeInitializeAndGetImpl();
53 
54   bool is_observing_certdb_changes_ = false;
55 
56   base::Lock init_lock_;
57   scoped_refptr<Impl> impl_ GUARDED_BY(init_lock_);
58   // Generation number that is incremented whenever the backing Android trust
59   // store changes.
60   std::atomic_int generation_ = 0;
61 };
62 
63 }  // namespace net
64 
65 #endif  // NET_CERT_INTERNAL_TRUST_STORE_ANDROID_H_
66