1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_CERT_CERT_DATABASE_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_CERT_CERT_DATABASE_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include "base/memory/scoped_refptr.h" 9*6777b538SAndroid Build Coastguard Worker #include "base/no_destructor.h" 10*6777b538SAndroid Build Coastguard Worker #include "base/observer_list_threadsafe.h" 11*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h" 12*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 13*6777b538SAndroid Build Coastguard Worker 14*6777b538SAndroid Build Coastguard Worker namespace net { 15*6777b538SAndroid Build Coastguard Worker 16*6777b538SAndroid Build Coastguard Worker // This class allows callers to observe changes to the underlying certificate 17*6777b538SAndroid Build Coastguard Worker // stores. 18*6777b538SAndroid Build Coastguard Worker // 19*6777b538SAndroid Build Coastguard Worker // TODO(davidben): This class is really just a giant global ObserverList. It 20*6777b538SAndroid Build Coastguard Worker // does not do anything with the platform certificate and, in principle, //net's 21*6777b538SAndroid Build Coastguard Worker // dependency on the platform is abstracted behind the CertVerifier and 22*6777b538SAndroid Build Coastguard Worker // ClientCertStore interfaces. Ideally these signals would originate out of 23*6777b538SAndroid Build Coastguard Worker // those interfaces' platform implementations. 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker class NET_EXPORT CertDatabase { 26*6777b538SAndroid Build Coastguard Worker public: 27*6777b538SAndroid Build Coastguard Worker // A CertDatabase::Observer will be notified on certificate database changes. 28*6777b538SAndroid Build Coastguard Worker // The change could be either a user certificate is added/removed or trust on 29*6777b538SAndroid Build Coastguard Worker // a certificate is changed. Observers can be registered via 30*6777b538SAndroid Build Coastguard Worker // CertDatabase::AddObserver, and can un-register with 31*6777b538SAndroid Build Coastguard Worker // CertDatabase::RemoveObserver. 32*6777b538SAndroid Build Coastguard Worker class NET_EXPORT Observer { 33*6777b538SAndroid Build Coastguard Worker public: 34*6777b538SAndroid Build Coastguard Worker Observer(const Observer&) = delete; 35*6777b538SAndroid Build Coastguard Worker Observer& operator=(const Observer&) = delete; 36*6777b538SAndroid Build Coastguard Worker 37*6777b538SAndroid Build Coastguard Worker virtual ~Observer() = default; 38*6777b538SAndroid Build Coastguard Worker 39*6777b538SAndroid Build Coastguard Worker // Called whenever the Cert Database is known to have changed. 40*6777b538SAndroid Build Coastguard Worker // Typically, this will be in response to a CA certificate being added, 41*6777b538SAndroid Build Coastguard Worker // removed, or its trust changed. OnTrustStoreChanged()42*6777b538SAndroid Build Coastguard Worker virtual void OnTrustStoreChanged() {} 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker // Called when a potential change to client certificates is detected. (Some 45*6777b538SAndroid Build Coastguard Worker // platforms don't provide precise notifications and this may be notified 46*6777b538SAndroid Build Coastguard Worker // on unrelated changes.) OnClientCertStoreChanged()47*6777b538SAndroid Build Coastguard Worker virtual void OnClientCertStoreChanged() {} 48*6777b538SAndroid Build Coastguard Worker 49*6777b538SAndroid Build Coastguard Worker protected: 50*6777b538SAndroid Build Coastguard Worker Observer() = default; 51*6777b538SAndroid Build Coastguard Worker }; 52*6777b538SAndroid Build Coastguard Worker 53*6777b538SAndroid Build Coastguard Worker // These values are persisted to logs. Entries should not be renumbered and 54*6777b538SAndroid Build Coastguard Worker // numeric values should never be reused. 55*6777b538SAndroid Build Coastguard Worker enum class HistogramNotificationType { 56*6777b538SAndroid Build Coastguard Worker kTrust = 0, 57*6777b538SAndroid Build Coastguard Worker kClientCert = 1, 58*6777b538SAndroid Build Coastguard Worker kMaxValue = kClientCert 59*6777b538SAndroid Build Coastguard Worker }; 60*6777b538SAndroid Build Coastguard Worker 61*6777b538SAndroid Build Coastguard Worker ~CertDatabase() = delete; 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker // Returns the CertDatabase singleton. 64*6777b538SAndroid Build Coastguard Worker static CertDatabase* GetInstance(); 65*6777b538SAndroid Build Coastguard Worker 66*6777b538SAndroid Build Coastguard Worker CertDatabase(const CertDatabase&) = delete; 67*6777b538SAndroid Build Coastguard Worker CertDatabase& operator=(const CertDatabase&) = delete; 68*6777b538SAndroid Build Coastguard Worker 69*6777b538SAndroid Build Coastguard Worker // Registers |observer| to receive notifications of certificate changes. The 70*6777b538SAndroid Build Coastguard Worker // thread on which this is called is the thread on which |observer| will be 71*6777b538SAndroid Build Coastguard Worker // called back with notifications. 72*6777b538SAndroid Build Coastguard Worker void AddObserver(Observer* observer); 73*6777b538SAndroid Build Coastguard Worker 74*6777b538SAndroid Build Coastguard Worker // Unregisters |observer| from receiving notifications. This must be called 75*6777b538SAndroid Build Coastguard Worker // on the same thread on which AddObserver() was called. 76*6777b538SAndroid Build Coastguard Worker void RemoveObserver(Observer* observer); 77*6777b538SAndroid Build Coastguard Worker 78*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_MAC) 79*6777b538SAndroid Build Coastguard Worker // Start observing and forwarding events from Keychain services. May be 80*6777b538SAndroid Build Coastguard Worker // called multiple times, and may be called on any thread. 81*6777b538SAndroid Build Coastguard Worker static void StartListeningForKeychainEvents(); 82*6777b538SAndroid Build Coastguard Worker #endif 83*6777b538SAndroid Build Coastguard Worker 84*6777b538SAndroid Build Coastguard Worker // Synthetically injects notifications to all observers. In general, this 85*6777b538SAndroid Build Coastguard Worker // should only be called by the creator of the CertDatabase. Used to inject 86*6777b538SAndroid Build Coastguard Worker // notifications from other DB interfaces. 87*6777b538SAndroid Build Coastguard Worker void NotifyObserversTrustStoreChanged(); 88*6777b538SAndroid Build Coastguard Worker void NotifyObserversClientCertStoreChanged(); 89*6777b538SAndroid Build Coastguard Worker 90*6777b538SAndroid Build Coastguard Worker private: 91*6777b538SAndroid Build Coastguard Worker friend base::NoDestructor<CertDatabase>; 92*6777b538SAndroid Build Coastguard Worker 93*6777b538SAndroid Build Coastguard Worker CertDatabase(); 94*6777b538SAndroid Build Coastguard Worker 95*6777b538SAndroid Build Coastguard Worker const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_; 96*6777b538SAndroid Build Coastguard Worker }; 97*6777b538SAndroid Build Coastguard Worker 98*6777b538SAndroid Build Coastguard Worker } // namespace net 99*6777b538SAndroid Build Coastguard Worker 100*6777b538SAndroid Build Coastguard Worker #endif // NET_CERT_CERT_DATABASE_H_ 101