Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(148)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_database.h

Issue 10458069: Reland: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: fix the test failures Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('k') | net/base/cert_database_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_CERT_DATABASE_H_ 5 #ifndef NET_BASE_CERT_DATABASE_H_
6 #define NET_BASE_CERT_DATABASE_H_ 6 #define NET_BASE_CERT_DATABASE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 73
74 // Constants that define which usages a certificate is trusted for. 74 // Constants that define which usages a certificate is trusted for.
75 // They are used in combination with CertType to specify trust for each type 75 // They are used in combination with CertType to specify trust for each type
76 // of certificate. 76 // of certificate.
77 // For a CA_CERT, they specify that the CA is trusted for issuing server and 77 // For a CA_CERT, they specify that the CA is trusted for issuing server and
78 // client certs of each type. 78 // client certs of each type.
79 // For SERVER_CERT, only TRUSTED_SSL makes sense, and specifies the cert is 79 // For SERVER_CERT, only TRUSTED_SSL makes sense, and specifies the cert is
80 // trusted as a server. 80 // trusted as a server.
81 // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is 81 // For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
82 // trusted for email. 82 // trusted for email.
83 // DISTRUSTED_* specifies that the cert should not be trusted for the given
84 // usage, regardless of whether it would otherwise inherit trust from the
85 // issuer chain.
86 // Use TRUST_DEFAULT to inherit trust as normal.
83 // NOTE: The actual constants are defined using an enum instead of static 87 // NOTE: The actual constants are defined using an enum instead of static
84 // consts due to compilation/linkage constraints with template functions. 88 // consts due to compilation/linkage constraints with template functions.
85 typedef uint32 TrustBits; 89 typedef uint32 TrustBits;
86 enum { 90 enum {
87 UNTRUSTED = 0, 91 TRUST_DEFAULT = 0,
88 TRUSTED_SSL = 1 << 0, 92 TRUSTED_SSL = 1 << 0,
89 TRUSTED_EMAIL = 1 << 1, 93 TRUSTED_EMAIL = 1 << 1,
90 TRUSTED_OBJ_SIGN = 1 << 2, 94 TRUSTED_OBJ_SIGN = 1 << 2,
95 DISTRUSTED_SSL = 1 << 3,
96 DISTRUSTED_EMAIL = 1 << 4,
97 DISTRUSTED_OBJ_SIGN = 1 << 5,
91 }; 98 };
92 99
93 CertDatabase(); 100 CertDatabase();
94 101
95 // Check whether this is a valid user cert that we have the private key for. 102 // Check whether this is a valid user cert that we have the private key for.
96 // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS. 103 // Returns OK or a network error code such as ERR_CERT_CONTAINS_ERRORS.
97 int CheckUserCert(X509Certificate* cert); 104 int CheckUserCert(X509Certificate* cert);
98 105
99 // Store user (client) certificate. Assumes CheckUserCert has already passed. 106 // Store user (client) certificate. Assumes CheckUserCert has already passed.
100 // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to 107 // Returns OK, or ERR_ADD_USER_CERT_FAILED if there was a problem saving to
101 // the platform cert database, or possibly other network error codes. 108 // the platform cert database, or possibly other network error codes.
102 int AddUserCert(X509Certificate* cert); 109 int AddUserCert(X509Certificate* cert);
103 110
104 #if defined(USE_NSS) || defined(USE_OPENSSL) 111 #if defined(USE_NSS)
105 // Get a list of unique certificates in the certificate database (one 112 // Get a list of unique certificates in the certificate database (one
106 // instance of all certificates). 113 // instance of all certificates).
107 void ListCerts(CertificateList* certs); 114 void ListCerts(CertificateList* certs);
108 115
109 // Get the default module for public key data. 116 // Get the default module for public key data.
110 // The returned pointer must be stored in a scoped_refptr<CryptoModule>. 117 // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
111 CryptoModule* GetPublicModule() const; 118 CryptoModule* GetPublicModule() const;
112 119
113 // Get the default module for private key or mixed private/public key data. 120 // Get the default module for private key or mixed private/public key data.
114 // The returned pointer must be stored in a scoped_refptr<CryptoModule>. 121 // The returned pointer must be stored in a scoped_refptr<CryptoModule>.
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
151 // imported. 158 // imported.
152 bool ImportCACerts(const CertificateList& certificates, 159 bool ImportCACerts(const CertificateList& certificates,
153 TrustBits trust_bits, 160 TrustBits trust_bits,
154 ImportCertFailureList* not_imported); 161 ImportCertFailureList* not_imported);
155 162
156 // Import server certificate. The first cert should be the server cert. Any 163 // Import server certificate. The first cert should be the server cert. Any
157 // additional certs should be intermediate/CA certs and will be imported but 164 // additional certs should be intermediate/CA certs and will be imported but
158 // not given any trust. 165 // not given any trust.
159 // Any certificates that could not be imported will be listed in 166 // Any certificates that could not be imported will be listed in
160 // |not_imported|. 167 // |not_imported|.
168 // |trust_bits| can be set to explicitly trust or distrust the certificate, or
169 // use TRUST_DEFAULT to inherit trust as normal.
161 // Returns false if there is an internal error, otherwise true is returned and 170 // Returns false if there is an internal error, otherwise true is returned and
162 // |not_imported| should be checked for any certificates that were not 171 // |not_imported| should be checked for any certificates that were not
163 // imported. 172 // imported.
164 bool ImportServerCert(const CertificateList& certificates, 173 bool ImportServerCert(const CertificateList& certificates,
174 TrustBits trust_bits,
165 ImportCertFailureList* not_imported); 175 ImportCertFailureList* not_imported);
166 176
167 // Get trust bits for certificate. 177 // Get trust bits for certificate.
168 TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const; 178 TrustBits GetCertTrust(const X509Certificate* cert, CertType type) const;
169 179
170 // IsUntrusted returns true if |cert| is specifically untrusted. These 180 // IsUntrusted returns true if |cert| is specifically untrusted. These
171 // certificates are stored in the database for the specific purpose of 181 // certificates are stored in the database for the specific purpose of
172 // rejecting them. 182 // rejecting them.
173 bool IsUntrusted(const X509Certificate* cert) const; 183 bool IsUntrusted(const X509Certificate* cert) const;
174 184
(...skipping 26 matching lines...) Expand all
201 static void NotifyObserversOfUserCertAdded(const X509Certificate* cert); 211 static void NotifyObserversOfUserCertAdded(const X509Certificate* cert);
202 static void NotifyObserversOfUserCertRemoved(const X509Certificate* cert); 212 static void NotifyObserversOfUserCertRemoved(const X509Certificate* cert);
203 static void NotifyObserversOfCertTrustChanged(const X509Certificate* cert); 213 static void NotifyObserversOfCertTrustChanged(const X509Certificate* cert);
204 214
205 DISALLOW_COPY_AND_ASSIGN(CertDatabase); 215 DISALLOW_COPY_AND_ASSIGN(CertDatabase);
206 }; 216 };
207 217
208 } // namespace net 218 } // namespace net
209 219
210 #endif // NET_BASE_CERT_DATABASE_H_ 220 #endif // NET_BASE_CERT_DATABASE_H_
OLDNEW
« no previous file with comments | « chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('k') | net/base/cert_database_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698