15f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#ifndef NET_SSL_CHANNEL_ID_STORE_H_ 65f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#define NET_SSL_CHANNEL_ID_STORE_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <list> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/callback.h" 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "base/threading/non_thread_safe.h" 13eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/time/time.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_export.h" 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// An interface for storing and retrieving server bound certs. 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// There isn't a domain bound certs spec yet, but the old origin bound 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// certificates are specified in 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html. 225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// TODO(wtc): Update this comment. 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Owned only by a single ChannelIDService object, which is responsible 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// for deleting it. 265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class NET_EXPORT ChannelIDStore 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) : NON_EXPORTED_BASE(public base::NonThreadSafe) { 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // The ChannelID class contains a private key in addition to the cert. 305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) class NET_EXPORT ChannelID { 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ChannelID(); 335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ChannelID(const std::string& server_identifier, 345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::Time creation_time, 355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::Time expiration_time, 365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const std::string& private_key, 375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const std::string& cert); 385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ~ChannelID(); 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Server identifier. For domain bound certs, for instance "verisign.com". 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& server_identifier() const { return server_identifier_; } 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The time the certificate was created, also the start of the certificate 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // validity period. 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time creation_time() const { return creation_time_; } 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The time after which this certificate is no longer valid. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time expiration_time() const { return expiration_time_; } 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The encoding of the private key depends on the type. 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // rsa_sign: DER-encoded PrivateKeyInfo struct. 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // ecdsa_sign: DER-encoded EncryptedPrivateKeyInfo struct. 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& private_key() const { return private_key_; } 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // DER-encoded certificate. 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& cert() const { return cert_; } 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string server_identifier_; 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time creation_time_; 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time expiration_time_; 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string private_key_; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string cert_; 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) typedef std::list<ChannelID> ChannelIDList; 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 642a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) typedef base::Callback<void( 65bb1529ce867d8845a77ec7cdf3e3003ef1771a40Ben Murdoch int, 662a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string&, 672a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Time, 682a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string&, 695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const std::string&)> GetChannelIDCallback; 705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) typedef base::Callback<void(const ChannelIDList&)> GetChannelIDListCallback; 712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual ~ChannelIDStore() {} 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // GetChannelID may return the result synchronously through the 75bb1529ce867d8845a77ec7cdf3e3003ef1771a40Ben Murdoch // output parameters, in which case it will return either OK if a cert is 76bb1529ce867d8845a77ec7cdf3e3003ef1771a40Ben Murdoch // found in the store, or ERR_FILE_NOT_FOUND if none is found. If the 775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // result cannot be returned synchronously, GetChannelID will 78bb1529ce867d8845a77ec7cdf3e3003ef1771a40Ben Murdoch // return ERR_IO_PENDING and the callback will be called with the result 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // asynchronously. 805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual int GetChannelID( 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& server_identifier, 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time* expiration_time, 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string* private_key_result, 842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::string* cert_result, 855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const GetChannelIDCallback& callback) = 0; 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Adds a server bound cert and the corresponding private key to the store. 885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetChannelID( 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& server_identifier, 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time creation_time, 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Time expiration_time, 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& private_key, 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& cert) = 0; 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Removes a server bound cert and the corresponding private key from the 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // store. 975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void DeleteChannelID( 982a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const std::string& server_identifier, 992a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const base::Closure& completion_callback) = 0; 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Deletes all of the server bound certs that have a creation_date greater 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // than or equal to |delete_begin| and less than |delete_end|. If a 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // base::Time value is_null, that side of the comparison is unbounded. 1042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void DeleteAllCreatedBetween( 1052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Time delete_begin, 1062a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) base::Time delete_end, 1072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const base::Closure& completion_callback) = 0; 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Removes all server bound certs and the corresponding private keys from 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the store. 1112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) virtual void DeleteAll(const base::Closure& completion_callback) = 0; 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Returns all server bound certs and the corresponding private keys. 1145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void GetAllChannelIDs(const GetChannelIDListCallback& callback) = 0; 1152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Helper function that adds all certs from |list| into this instance. 1175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void InitializeFrom(const ChannelIDList& list); 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Returns the number of certs in the store. May return 0 if the backing 1202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // store is not loaded yet. 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Public only for unit testing. 1225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual int GetChannelIDCount() = 0; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // When invoked, instructs the store to keep session related data on 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // destruction. 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void SetForceKeepSessionState() = 0; 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif // NET_SSL_CHANNEL_ID_STORE_H_ 132