net/cert/internal/system_trust_store.h - platform/external/cronet - Git at Google

 // Copyright 2017 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_H_
 #define NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_H_

 #include <vector>

 #include "build/build_config.h"
 #include "net/base/net_export.h"
 #include "net/net_buildflags.h"
 #include "third_party/boringssl/src/pki/parsed_certificate.h"
 #include "third_party/boringssl/src/pki/trust_store.h"

 namespace net {

 // The SystemTrustStore interface is used to encapsulate a bssl::TrustStore for
 // the current platform, with some extra bells and whistles. Implementations
 // must be thread-safe.
 //
 // This is primarily used to abstract out the platform-specific bits that
 // relate to configuring the bssl::TrustStore needed for path building.
 class SystemTrustStore {
  public:
   virtual ~SystemTrustStore() = default;

   // Returns an aggregate bssl::TrustStore that can be used by the path builder.
   // The store composes the system trust store (if implemented) with manually
   // added trust anchors added via AddTrustAnchor(). This pointer is non-owned,
   // and valid only for the lifetime of |this|. Any bssl::TrustStore objects
   // returned from this method must be thread-safe.
   virtual bssl::TrustStore* GetTrustStore() = 0;

   // IsKnownRoot() returns true if the given certificate originated from the
   // system trust store and is a "standard" one. The meaning of "standard" is
   // that it is one of default trust anchors for the system, as opposed to a
   // user-installed one.
   virtual bool IsKnownRoot(const bssl::ParsedCertificate* cert) const = 0;

 #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
   // Returns the current version of the Chrome Root Store being used. If
   // Chrome Root Store is not in use, returns 0.
   virtual int64_t chrome_root_store_version() const = 0;
 #endif
 };

 #if BUILDFLAG(IS_FUCHSIA)
 // Creates an instance of SystemTrustStore that wraps the current platform's SSL
 // trust store. This cannot return nullptr.
 NET_EXPORT std::unique_ptr<SystemTrustStore> CreateSslSystemTrustStore();
 #endif

 #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
 class TrustStoreChrome;

 // Creates an instance of SystemTrustStore that wraps the current platform's SSL
 // trust store for user added roots, but uses the Chrome Root Store trust
 // anchors. This cannot return nullptr.
 NET_EXPORT std::unique_ptr<SystemTrustStore>
 CreateSslSystemTrustStoreChromeRoot(
     std::unique_ptr<TrustStoreChrome> chrome_root);

 NET_EXPORT_PRIVATE std::unique_ptr<SystemTrustStore>
 CreateSystemTrustStoreChromeForTesting(
     std::unique_ptr<TrustStoreChrome> trust_store_chrome,
     std::unique_ptr<bssl::TrustStore> trust_store_system);
 #endif  // BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)

 #if BUILDFLAG(IS_MAC)
 // Initializes trust cache on a worker thread, if the builtin verifier is
 // enabled.
 NET_EXPORT void InitializeTrustStoreMacCache();
 #endif

 #if BUILDFLAG(IS_WIN)
 // Initializes windows system trust store on a worker thread, if the builtin
 // verifier is enabled.
 NET_EXPORT void InitializeTrustStoreWinSystem();
 #endif

 #if BUILDFLAG(IS_ANDROID)
 // Initializes Android system trust store on a worker thread, if the builtin
 // verifier is enabled.
 NET_EXPORT void InitializeTrustStoreAndroid();
 #endif

 }  // namespace net

 #endif  // NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_H_
	// Copyright 2017 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_H_
	#define NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_H_

	#include <vector>

	#include "build/build_config.h"
	#include "net/base/net_export.h"
	#include "net/net_buildflags.h"
	#include "third_party/boringssl/src/pki/parsed_certificate.h"
	#include "third_party/boringssl/src/pki/trust_store.h"

	namespace net {

	// The SystemTrustStore interface is used to encapsulate a bssl::TrustStore for
	// the current platform, with some extra bells and whistles. Implementations
	// must be thread-safe.
	//
	// This is primarily used to abstract out the platform-specific bits that
	// relate to configuring the bssl::TrustStore needed for path building.
	class SystemTrustStore {
	public:
	virtual ~SystemTrustStore() = default;

	// Returns an aggregate bssl::TrustStore that can be used by the path builder.
	// The store composes the system trust store (if implemented) with manually
	// added trust anchors added via AddTrustAnchor(). This pointer is non-owned,
	// and valid only for the lifetime of \|this\|. Any bssl::TrustStore objects
	// returned from this method must be thread-safe.
	virtual bssl::TrustStore* GetTrustStore() = 0;

	// IsKnownRoot() returns true if the given certificate originated from the
	// system trust store and is a "standard" one. The meaning of "standard" is
	// that it is one of default trust anchors for the system, as opposed to a
	// user-installed one.
	virtual bool IsKnownRoot(const bssl::ParsedCertificate* cert) const = 0;

	#if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
	// Returns the current version of the Chrome Root Store being used. If
	// Chrome Root Store is not in use, returns 0.
	virtual int64_t chrome_root_store_version() const = 0;
	#endif
	};

	#if BUILDFLAG(IS_FUCHSIA)
	// Creates an instance of SystemTrustStore that wraps the current platform's SSL
	// trust store. This cannot return nullptr.
	NET_EXPORT std::unique_ptr<SystemTrustStore> CreateSslSystemTrustStore();
	#endif

	#if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
	class TrustStoreChrome;

	// Creates an instance of SystemTrustStore that wraps the current platform's SSL
	// trust store for user added roots, but uses the Chrome Root Store trust
	// anchors. This cannot return nullptr.
	NET_EXPORT std::unique_ptr<SystemTrustStore>
	CreateSslSystemTrustStoreChromeRoot(
	std::unique_ptr<TrustStoreChrome> chrome_root);

	NET_EXPORT_PRIVATE std::unique_ptr<SystemTrustStore>
	CreateSystemTrustStoreChromeForTesting(
	std::unique_ptr<TrustStoreChrome> trust_store_chrome,
	std::unique_ptr<bssl::TrustStore> trust_store_system);
	#endif // BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)

	#if BUILDFLAG(IS_MAC)
	// Initializes trust cache on a worker thread, if the builtin verifier is
	// enabled.
	NET_EXPORT void InitializeTrustStoreMacCache();
	#endif

	#if BUILDFLAG(IS_WIN)
	// Initializes windows system trust store on a worker thread, if the builtin
	// verifier is enabled.
	NET_EXPORT void InitializeTrustStoreWinSystem();
	#endif

	#if BUILDFLAG(IS_ANDROID)
	// Initializes Android system trust store on a worker thread, if the builtin
	// verifier is enabled.
	NET_EXPORT void InitializeTrustStoreAndroid();
	#endif

	} // namespace net

	#endif // NET_CERT_INTERNAL_SYSTEM_TRUST_STORE_H_