| // Copyright 2021 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_CERT_INTERNAL_TRUST_STORE_WIN_H_ |
| #define NET_CERT_INTERNAL_TRUST_STORE_WIN_H_ |
| |
| #include "base/memory/ptr_util.h" |
| #include "base/synchronization/lock.h" |
| #include "base/win/wincrypt_shim.h" |
| #include "crypto/scoped_capi_types.h" |
| #include "net/base/net_export.h" |
| #include "third_party/boringssl/src/pki/trust_store.h" |
| |
| namespace net { |
| |
| // TrustStoreWin is an implementation of bssl::TrustStore which uses the Windows |
| // cert systems to find user-added trust anchors for path building. It ignores |
| // the Windows builtin trust anchors. This bssl::TrustStore is thread-safe (we |
| // think). |
| // TODO(https://crbug.com/1239270): confirm this is thread safe. |
| class NET_EXPORT TrustStoreWin : public bssl::TrustStore { |
| public: |
| struct NET_EXPORT_PRIVATE CertStores { |
| ~CertStores(); |
| CertStores(CertStores&& other); |
| CertStores& operator=(CertStores&& other); |
| |
| // Create a CertStores object with the stores initialized with (empty) |
| // CERT_STORE_PROV_COLLECTION stores. |
| static CertStores CreateWithCollections(); |
| |
| // Create a CertStores object with the stores pre-initialized with |
| // in-memory cert stores for testing purposes. |
| static CertStores CreateInMemoryStoresForTesting(); |
| |
| // Create a CertStores object with null cert store pointers for testing |
| // purposes. |
| static CertStores CreateNullStoresForTesting(); |
| |
| // Returns true if any of the cert stores are not initialized. |
| bool is_null() const { |
| return !roots.get() || !intermediates.get() || !trusted_people.get() || |
| !disallowed.get() || !all.get(); |
| } |
| |
| crypto::ScopedHCERTSTORE roots; |
| crypto::ScopedHCERTSTORE intermediates; |
| crypto::ScopedHCERTSTORE trusted_people; |
| crypto::ScopedHCERTSTORE disallowed; |
| crypto::ScopedHCERTSTORE all; |
| |
| private: |
| CertStores(); |
| |
| void InitializeAllCertsStore(); |
| }; |
| |
| // Creates a TrustStoreWin. |
| TrustStoreWin(); |
| |
| ~TrustStoreWin() override; |
| TrustStoreWin(const TrustStoreWin& other) = delete; |
| TrustStoreWin& operator=(const TrustStoreWin& other) = delete; |
| |
| // Creates a TrustStoreWin for testing, which will treat `root_cert_store` |
| // as if it's the source of truth for roots for `GetTrust, |
| // and `intermediate_cert_store` as an extra store (in addition to |
| // root_cert_store) for locating certificates during `SyncGetIssuersOf`. |
| static std::unique_ptr<TrustStoreWin> CreateForTesting(CertStores stores); |
| |
| // Loads user settings from Windows CertStores. If there are errors, |
| // the underlyingTrustStoreWin object may not read all Windows |
| // CertStores when making trust decisions. |
| void InitializeStores(); |
| |
| void SyncGetIssuersOf(const bssl::ParsedCertificate* cert, |
| bssl::ParsedCertificateList* issuers) override; |
| |
| bssl::CertificateTrust GetTrust(const bssl::ParsedCertificate* cert) override; |
| |
| private: |
| // Inner Impl class for use in initializing stores. |
| class Impl; |
| |
| explicit TrustStoreWin(std::unique_ptr<Impl> impl); |
| |
| // Loads user settings from Windows CertStores if not already done and |
| // returns pointer to the Impl. |
| Impl* MaybeInitializeAndGetImpl(); |
| |
| base::Lock init_lock_; |
| std::unique_ptr<Impl> impl_ GUARDED_BY(init_lock_); |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_CERT_INTERNAL_TRUST_STORE_WIN_H_ |