1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_CERT_CERT_DATABASE_H_
6#define NET_CERT_CERT_DATABASE_H_
7
8#include "base/basictypes.h"
9#include "base/memory/ref_counted.h"
10#include "base/memory/scoped_ptr.h"
11#include "net/base/net_export.h"
12#include "net/cert/x509_certificate.h"
13
14template <typename T> struct DefaultSingletonTraits;
15template <class ObserverType> class ObserverListThreadSafe;
16
17namespace net {
18
19// This class provides cross-platform functions to verify and add user
20// certificates, and to observe changes to the underlying certificate stores.
21
22// TODO(gauravsh): This class could be augmented with methods
23// for all operations that manipulate the underlying system
24// certificate store.
25
26class NET_EXPORT CertDatabase {
27 public:
28  // A CertDatabase::Observer will be notified on certificate database changes.
29  // The change could be either a user certificate is added/removed or trust on
30  // a certificate is changed. Observers can be registered via
31  // CertDatabase::AddObserver, and can un-register with
32  // CertDatabase::RemoveObserver.
33  class NET_EXPORT Observer {
34   public:
35    virtual ~Observer() {}
36
37    // Will be called when a new certificate is added. If the imported cert can
38    // be determined, |cert| will be non-NULL, but if not, or if multiple
39    // certificates were imported, |cert| may be NULL.
40    virtual void OnCertAdded(const X509Certificate* cert) {}
41
42    // Will be called when a certificate is removed.
43    virtual void OnCertRemoved(const X509Certificate* cert) {}
44
45    // Will be called when a CA certificate was added, removed, or its trust
46    // changed. This can also mean that a client certificate's trust changed.
47    virtual void OnCACertChanged(const X509Certificate* cert) {}
48
49   protected:
50    Observer() {}
51
52   private:
53    DISALLOW_COPY_AND_ASSIGN(Observer);
54  };
55
56  // Returns the CertDatabase singleton.
57  static CertDatabase* GetInstance();
58
59  // Check whether this is a valid user cert that we have the private key for.
60  // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS.
61  int CheckUserCert(X509Certificate* cert);
62
63  // Store user (client) certificate. Assumes CheckUserCert has already passed.
64  // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to
65  // the platform cert database, or possibly other network error codes.
66  int AddUserCert(X509Certificate* cert);
67
68  // Registers |observer| to receive notifications of certificate changes.  The
69  // thread on which this is called is the thread on which |observer| will be
70  // called back with notifications.
71  void AddObserver(Observer* observer);
72
73  // Unregisters |observer| from receiving notifications.  This must be called
74  // on the same thread on which AddObserver() was called.
75  void RemoveObserver(Observer* observer);
76
77#if defined(OS_MACOSX) && !defined(OS_IOS)
78  // Configures the current message loop to observe and forward events from
79  // Keychain services. The MessageLoop must have an associated CFRunLoop,
80  // which means that this must be called from a MessageLoop of TYPE_UI.
81  void SetMessageLoopForKeychainEvents();
82#endif
83
84#if defined(OS_ANDROID)
85  // On Android, the system key store may be replaced with a device-specific
86  // KeyStore used for storing client certificates. When the Java side replaces
87  // the KeyStore used for client certificates, notifies the observers as if a
88  // new client certificate was added.
89  void OnAndroidKeyStoreChanged();
90
91  // On Android, the system database is used. When the system notifies the
92  // application that the certificates changed, the observers must be notified.
93  void OnAndroidKeyChainChanged();
94#endif
95
96  // Synthetically injects notifications to all observers. In general, this
97  // should only be called by the creator of the CertDatabase. Used to inject
98  // notifcations from other DB interfaces.
99  void NotifyObserversOfCertAdded(const X509Certificate* cert);
100  void NotifyObserversOfCertRemoved(const X509Certificate* cert);
101  void NotifyObserversOfCACertChanged(const X509Certificate* cert);
102
103 private:
104  friend struct DefaultSingletonTraits<CertDatabase>;
105
106  CertDatabase();
107  ~CertDatabase();
108
109  const scoped_refptr<ObserverListThreadSafe<Observer> > observer_list_;
110
111#if defined(OS_MACOSX) && !defined(OS_IOS)
112  class Notifier;
113  friend class Notifier;
114  scoped_ptr<Notifier> notifier_;
115#endif
116
117  DISALLOW_COPY_AND_ASSIGN(CertDatabase);
118};
119
120}  // namespace net
121
122#endif  // NET_CERT_CERT_DATABASE_H_
123