xref: /aosp_15_r20/external/cronet/net/cert/nss_cert_database_chromeos.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
6 #define NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
7 
8 #include "base/functional/callback.h"
9 #include "base/memory/weak_ptr.h"
10 #include "crypto/scoped_nss_types.h"
11 #include "net/base/net_export.h"
12 #include "net/cert/nss_cert_database.h"
13 #include "net/cert/nss_profile_filter_chromeos.h"
14 
15 namespace net {
16 
17 class NET_EXPORT NSSCertDatabaseChromeOS : public NSSCertDatabase {
18  public:
19   NSSCertDatabaseChromeOS(crypto::ScopedPK11Slot public_slot,
20                           crypto::ScopedPK11Slot private_slot);
21 
22   NSSCertDatabaseChromeOS(const NSSCertDatabaseChromeOS&) = delete;
23   NSSCertDatabaseChromeOS& operator=(const NSSCertDatabaseChromeOS&) = delete;
24 
25   ~NSSCertDatabaseChromeOS() override;
26 
27   // |system_slot| is the system TPM slot, which is only enabled for certain
28   // users.
29   void SetSystemSlot(crypto::ScopedPK11Slot system_slot);
30 
31   // NSSCertDatabase implementation.
32   void ListCerts(NSSCertDatabase::ListCertsCallback callback) override;
33 
34   // Uses NSSCertDatabase implementation and adds additional Chrome OS specific
35   // certificate information.
36   void ListCertsInfo(ListCertsInfoCallback callback,
37                      NSSRootsHandling nss_roots_handling) override;
38 
39   crypto::ScopedPK11Slot GetSystemSlot() const override;
40 
41   void ListModules(std::vector<crypto::ScopedPK11Slot>* modules,
42                    bool need_rw) const override;
43   bool SetCertTrust(CERTCertificate* cert,
44                     CertType type,
45                     TrustBits trust_bits) override;
46 
47   // TODO(mattm): handle trust setting, deletion, etc correctly when certs exist
48   // in multiple slots.
49   // TODO(mattm): handle trust setting correctly for certs in read-only slots.
50 
51  private:
52   // Certificate listing implementation used by |ListCerts|.
53   // The certificate list normally returned by NSSCertDatabase::ListCertsImpl
54   // is additionally filtered by |profile_filter|.
55   // Static so it may safely be used on the worker thread.
56   static ScopedCERTCertificateList ListCertsImpl(
57       const NSSProfileFilterChromeOS& profile_filter);
58 
59   // Certificate information listing implementation used by |ListCertsInfo|.
60   // The certificate list normally returned by
61   // NSSCertDatabase::ListCertsInfoImpl is additionally filtered by
62   // |profile_filter|. Also additional Chrome OS specific information is added.
63   // Static so it may safely be used on the worker thread.
64   static CertInfoList ListCertsInfoImpl(
65       const NSSProfileFilterChromeOS& profile_filter,
66       crypto::ScopedPK11Slot system_slot,
67       bool add_certs_info,
68       NSSRootsHandling nss_roots_handling);
69 
70   NSSProfileFilterChromeOS profile_filter_;
71   crypto::ScopedPK11Slot system_slot_;
72 };
73 
74 }  // namespace net
75 
76 #endif  // NET_CERT_NSS_CERT_DATABASE_CHROMEOS_H_
77