15d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved.
25d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
35d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// found in the LICENSE file.
45d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
55d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#ifndef CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_
65d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#define CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_
75d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
85d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "crypto/scoped_nss_types.h"
95d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/cert/cert_verify_proc_nss.h"
105d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#include "net/cert/nss_profile_filter_chromeos.h"
115d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
125d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)namespace chromeos {
135d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
145d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Wrapper around CertVerifyProcNSS which allows filtering trust decisions on a
155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// per-slot basis.
165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)//
175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// Note that only the simple case is currently handled (if a slot contains a new
185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// trust root, that root should not be trusted by CertVerifyProcChromeOS
195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// instances using other slots). More complicated cases are not handled (like
205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)// two slots adding the same root cert but with different trust values).
215d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)class CertVerifyProcChromeOS : public net::CertVerifyProcNSS {
225d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) public:
235d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Creates a CertVerifyProc that doesn't allow any user-provided trust roots.
245d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  CertVerifyProcChromeOS();
255d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Creates a CertVerifyProc that doesn't allow trust roots provided by
275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // users other than the specified slot.
285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  explicit CertVerifyProcChromeOS(crypto::ScopedPK11Slot public_slot);
295d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
305d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) protected:
315d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  virtual ~CertVerifyProcChromeOS();
325d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
335d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) private:
345d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // net::CertVerifyProcNSS implementation:
355d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  virtual int VerifyInternal(
365d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      net::X509Certificate* cert,
375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      const std::string& hostname,
385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      int flags,
395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      net::CRLSet* crl_set,
405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      const net::CertificateList& additional_trust_anchors,
415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      net::CertVerifyResult* verify_result) OVERRIDE;
425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Check if the trust root of |current_chain| is allowed.
445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // |is_chain_valid_arg| is actually a ChainVerifyArgs*, which is used to pass
455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // state through the NSS CERTChainVerifyCallback.isChainValidArg parameter.
465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // If the chain is allowed, |*chain_ok| will be set to PR_TRUE.
475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // If the chain is not allowed, |*chain_ok| is set to PR_FALSE, and this
485d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // function may be called again during a single certificate verification if
495d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // there are multiple possible valid chains.
505d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  static SECStatus IsChainValidFunc(void* is_chain_valid_arg,
515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                    const CERTCertList* current_chain,
525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                    PRBool* chain_ok);
535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  net::NSSProfileFilterChromeOS profile_filter_;
555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)};
565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
575d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)}  // namespace chromeos
585d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
595d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)#endif  // CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_
60