15d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// found in the LICENSE file. 45d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 55d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ 65d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ 75d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "crypto/scoped_nss_types.h" 95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/cert/cert_verify_proc_nss.h" 105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/cert/nss_profile_filter_chromeos.h" 115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace chromeos { 135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Wrapper around CertVerifyProcNSS which allows filtering trust decisions on a 155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// per-slot basis. 165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// 175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Note that only the simple case is currently handled (if a slot contains a new 185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// trust root, that root should not be trusted by CertVerifyProcChromeOS 195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// instances using other slots). More complicated cases are not handled (like 205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// two slots adding the same root cert but with different trust values). 215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class CertVerifyProcChromeOS : public net::CertVerifyProcNSS { 225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public: 235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Creates a CertVerifyProc that doesn't allow any user-provided trust roots. 245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CertVerifyProcChromeOS(); 255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Creates a CertVerifyProc that doesn't allow trust roots provided by 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // users other than the specified slot. 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) explicit CertVerifyProcChromeOS(crypto::ScopedPK11Slot public_slot); 295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) protected: 315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual ~CertVerifyProcChromeOS(); 325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) private: 345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // net::CertVerifyProcNSS implementation: 355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual int VerifyInternal( 365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::X509Certificate* cert, 375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const std::string& hostname, 385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) int flags, 395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::CRLSet* crl_set, 405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const net::CertificateList& additional_trust_anchors, 415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::CertVerifyResult* verify_result) OVERRIDE; 425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Check if the trust root of |current_chain| is allowed. 445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // |is_chain_valid_arg| is actually a ChainVerifyArgs*, which is used to pass 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // state through the NSS CERTChainVerifyCallback.isChainValidArg parameter. 465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If the chain is allowed, |*chain_ok| will be set to PR_TRUE. 475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If the chain is not allowed, |*chain_ok| is set to PR_FALSE, and this 485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // function may be called again during a single certificate verification if 495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // there are multiple possible valid chains. 505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) static SECStatus IsChainValidFunc(void* is_chain_valid_arg, 515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const CERTCertList* current_chain, 525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) PRBool* chain_ok); 535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) net::NSSProfileFilterChromeOS profile_filter_; 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}; 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)} // namespace chromeos 585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif // CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ 60