1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SSL_CHANNEL_ID_STORE_H_
6#define NET_SSL_CHANNEL_ID_STORE_H_
7
8#include <list>
9#include <string>
10
11#include "base/callback.h"
12#include "base/threading/non_thread_safe.h"
13#include "base/time/time.h"
14#include "net/base/net_export.h"
15
16namespace net {
17
18// An interface for storing and retrieving server bound certs.
19// There isn't a domain bound certs spec yet, but the old origin bound
20// certificates are specified in
21// http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html.
22// TODO(wtc): Update this comment.
23
24// Owned only by a single ChannelIDService object, which is responsible
25// for deleting it.
26class NET_EXPORT ChannelIDStore
27    : NON_EXPORTED_BASE(public base::NonThreadSafe) {
28 public:
29  // The ChannelID class contains a private key in addition to the cert.
30  class NET_EXPORT ChannelID {
31   public:
32    ChannelID();
33    ChannelID(const std::string& server_identifier,
34              base::Time creation_time,
35              base::Time expiration_time,
36              const std::string& private_key,
37              const std::string& cert);
38    ~ChannelID();
39
40    // Server identifier.  For domain bound certs, for instance "verisign.com".
41    const std::string& server_identifier() const { return server_identifier_; }
42    // The time the certificate was created, also the start of the certificate
43    // validity period.
44    base::Time creation_time() const { return creation_time_; }
45    // The time after which this certificate is no longer valid.
46    base::Time expiration_time() const { return expiration_time_; }
47    // The encoding of the private key depends on the type.
48    // rsa_sign: DER-encoded PrivateKeyInfo struct.
49    // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct.
50    const std::string& private_key() const { return private_key_; }
51    // DER-encoded certificate.
52    const std::string& cert() const { return cert_; }
53
54   private:
55    std::string server_identifier_;
56    base::Time creation_time_;
57    base::Time expiration_time_;
58    std::string private_key_;
59    std::string cert_;
60  };
61
62  typedef std::list<ChannelID> ChannelIDList;
63
64  typedef base::Callback<void(
65      int,
66      const std::string&,
67      base::Time,
68      const std::string&,
69      const std::string&)> GetChannelIDCallback;
70  typedef base::Callback<void(const ChannelIDList&)> GetChannelIDListCallback;
71
72  virtual ~ChannelIDStore() {}
73
74  // GetChannelID may return the result synchronously through the
75  // output parameters, in which case it will return either OK if a cert is
76  // found in the store, or ERR_FILE_NOT_FOUND if none is found.  If the
77  // result cannot be returned synchronously, GetChannelID will
78  // return ERR_IO_PENDING and the callback will be called with the result
79  // asynchronously.
80  virtual int GetChannelID(
81      const std::string& server_identifier,
82      base::Time* expiration_time,
83      std::string* private_key_result,
84      std::string* cert_result,
85      const GetChannelIDCallback& callback) = 0;
86
87  // Adds a server bound cert and the corresponding private key to the store.
88  virtual void SetChannelID(
89      const std::string& server_identifier,
90      base::Time creation_time,
91      base::Time expiration_time,
92      const std::string& private_key,
93      const std::string& cert) = 0;
94
95  // Removes a server bound cert and the corresponding private key from the
96  // store.
97  virtual void DeleteChannelID(
98      const std::string& server_identifier,
99      const base::Closure& completion_callback) = 0;
100
101  // Deletes all of the server bound certs that have a creation_date greater
102  // than or equal to |delete_begin| and less than |delete_end|.  If a
103  // base::Time value is_null, that side of the comparison is unbounded.
104  virtual void DeleteAllCreatedBetween(
105      base::Time delete_begin,
106      base::Time delete_end,
107      const base::Closure& completion_callback) = 0;
108
109  // Removes all server bound certs and the corresponding private keys from
110  // the store.
111  virtual void DeleteAll(const base::Closure& completion_callback) = 0;
112
113  // Returns all server bound certs and the corresponding private keys.
114  virtual void GetAllChannelIDs(const GetChannelIDListCallback& callback) = 0;
115
116  // Helper function that adds all certs from |list| into this instance.
117  void InitializeFrom(const ChannelIDList& list);
118
119  // Returns the number of certs in the store.  May return 0 if the backing
120  // store is not loaded yet.
121  // Public only for unit testing.
122  virtual int GetChannelIDCount() = 0;
123
124  // When invoked, instructs the store to keep session related data on
125  // destruction.
126  virtual void SetForceKeepSessionState() = 0;
127};
128
129}  // namespace net
130
131#endif  // NET_SSL_CHANNEL_ID_STORE_H_
132