[email protected] | e0ad089 | 2012-05-22 19:16:59 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
[email protected] | 4f24296 | 2011-05-13 22:25:22 | [diff] [blame] | 5 | #ifndef CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_ |
| 6 | #define CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_ |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 7 | |
| 8 | #include <map> |
dcheng | 4af4858 | 2016-04-19 00:29:35 | [diff] [blame] | 9 | #include <memory> |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 10 | #include <string> |
| 11 | |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 12 | #include "base/callback.h" |
avi | e4d7b6f | 2015-12-26 00:59:18 | [diff] [blame] | 13 | #include "base/macros.h" |
[email protected] | 3b63f8f4 | 2011-03-28 01:54:15 | [diff] [blame] | 14 | #include "base/memory/ref_counted.h" |
[email protected] | e746341 | 2013-06-10 22:53:46 | [diff] [blame] | 15 | #include "base/strings/string16.h" |
[email protected] | 6e7845ae | 2013-03-29 21:48:11 | [diff] [blame] | 16 | #include "net/cert/nss_cert_database.h" |
Matt Mueller | 917b4e1 | 2017-09-01 19:15:35 | [diff] [blame] | 17 | #include "net/cert/scoped_nss_types.h" |
mattm | bbf7fc0 | 2017-06-19 23:38:19 | [diff] [blame] | 18 | #include "net/ssl/client_cert_identity.h" |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 19 | |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 20 | namespace content { |
| 21 | class BrowserContext; |
| 22 | class ResourceContext; |
| 23 | } // namespace content |
| 24 | |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 25 | #if defined(OS_CHROMEOS) |
| 26 | namespace chromeos { |
| 27 | class CertificateProvider; |
| 28 | } |
| 29 | |
| 30 | namespace policy { |
| 31 | class PolicyCertificateProvider; |
| 32 | } |
| 33 | #endif |
| 34 | |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 35 | // CertificateManagerModel provides the data to be displayed in the certificate |
| 36 | // manager dialog, and processes changes from the view. |
| 37 | class CertificateManagerModel { |
| 38 | public: |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 39 | // Holds information about a certificate, along with the certificate itself. |
| 40 | class CertInfo { |
| 41 | public: |
| 42 | enum class Source { |
| 43 | // This certificate is installed in the platform certificate database. |
| 44 | kPlatform, |
| 45 | // This certificate is provided by enterprise policy. |
| 46 | kPolicy, |
| 47 | // This certificate is provided by an extension. |
| 48 | kExtension |
| 49 | }; |
| 50 | |
| 51 | CertInfo(net::ScopedCERTCertificate cert, |
| 52 | net::CertType type, |
| 53 | base::string16 name, |
| 54 | bool read_only, |
| 55 | bool untrusted, |
| 56 | Source source, |
| 57 | bool web_trust_anchor, |
| 58 | bool hardware_backed); |
| 59 | ~CertInfo(); |
| 60 | |
| 61 | CERTCertificate* cert() const { return cert_.get(); } |
| 62 | net::CertType type() const { return type_; } |
| 63 | const base::string16& name() const { return name_; } |
| 64 | bool read_only() const { return read_only_; } |
| 65 | bool untrusted() const { return untrusted_; } |
| 66 | Source source() const { return source_; } |
| 67 | bool web_trust_anchor() const { return web_trust_anchor_; } |
| 68 | bool hardware_backed() const { return hardware_backed_; } |
| 69 | |
| 70 | // Clones a CertInfo, duplicating the contained NSS certificate. |
| 71 | static std::unique_ptr<CertInfo> Clone(const CertInfo* cert_info); |
| 72 | |
| 73 | private: |
| 74 | // The certificate itself. |
| 75 | net::ScopedCERTCertificate cert_; |
| 76 | |
| 77 | // The type of the certificate. Used to filter certificates to be displayed |
| 78 | // on the tabs of the certificate manager UI. |
| 79 | net::CertType type_; |
| 80 | |
| 81 | // A user readable certificate name. |
| 82 | base::string16 name_; |
| 83 | |
| 84 | // true if the certificate is stored on a read-only slot or provided by |
| 85 | // enterprise policy or an extension. |
| 86 | bool read_only_; |
| 87 | |
| 88 | // true if the certificate is untrusted. |
| 89 | bool untrusted_; |
| 90 | |
| 91 | // Describes where this certificate originates from. |
| 92 | Source source_; |
| 93 | |
| 94 | // true if the certificate is given web trust (either by its platform trust |
| 95 | // settings, or by enterprise policy). |
| 96 | bool web_trust_anchor_; |
| 97 | |
| 98 | // true if the certificate is hardware-backed. Note that extension-provided |
| 99 | // certificates are not regarded as hardware-backed. |
| 100 | bool hardware_backed_; |
| 101 | |
| 102 | DISALLOW_COPY_AND_ASSIGN(CertInfo); |
| 103 | }; |
| 104 | |
| 105 | class CertsSource; |
| 106 | |
| 107 | // Holds parameters during construction. |
| 108 | struct Params { |
| 109 | #if defined(OS_CHROMEOS) |
| 110 | // May be nullptr. |
| 111 | policy::PolicyCertificateProvider* policy_certs_provider = nullptr; |
| 112 | // May be nullptr. |
| 113 | std::unique_ptr<chromeos::CertificateProvider> |
| 114 | extension_certificate_provider; |
| 115 | #endif |
| 116 | |
| 117 | Params(); |
| 118 | Params(Params&& other); |
| 119 | ~Params(); |
| 120 | |
| 121 | private: |
| 122 | DISALLOW_COPY_AND_ASSIGN(Params); |
| 123 | }; |
| 124 | |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 125 | // Map from the subject organization name to the list of certs from that |
| 126 | // organization. If a cert does not have an organization name, the |
| 127 | // subject's CertPrincipal::GetDisplayName() value is used instead. |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 128 | typedef std::map<std::string, std::vector<std::unique_ptr<CertInfo>>> |
| 129 | OrgGroupingMap; |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 130 | |
dcheng | 4af4858 | 2016-04-19 00:29:35 | [diff] [blame] | 131 | typedef base::Callback<void(std::unique_ptr<CertificateManagerModel>)> |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 132 | CreationCallback; |
| 133 | |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 134 | class Observer { |
| 135 | public: |
| 136 | // Called to notify the view that the certificate list has been refreshed. |
| 137 | // TODO(mattm): do a more granular updating strategy? Maybe retrieve new |
| 138 | // list of certs, diff against past list, and then notify of the changes? |
| 139 | virtual void CertificatesRefreshed() = 0; |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 140 | |
| 141 | protected: |
| 142 | virtual ~Observer() = default; |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 143 | }; |
| 144 | |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 145 | // Creates a CertificateManagerModel. The model will be passed to the callback |
| 146 | // when it is ready. The caller must ensure the model does not outlive the |
| 147 | // |browser_context|. |
| 148 | static void Create(content::BrowserContext* browser_context, |
| 149 | Observer* observer, |
| 150 | const CreationCallback& callback); |
| 151 | |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 152 | // Use |Create| instead to create a |CertificateManagerModel| for a |
| 153 | // |BrowserContext|. |
| 154 | CertificateManagerModel(std::unique_ptr<Params> params, |
| 155 | Observer* observer, |
| 156 | net::NSSCertDatabase* nss_cert_database, |
| 157 | bool is_user_db_available, |
| 158 | bool is_tpm_available); |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 159 | ~CertificateManagerModel(); |
| 160 | |
[email protected] | 16dad096 | 2014-03-18 01:29:11 | [diff] [blame] | 161 | bool is_user_db_available() const { return is_user_db_available_; } |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 162 | bool is_tpm_available() const { return is_tpm_available_; } |
| 163 | |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 164 | // Accessor for read-only access to the underlying NSSCertDatabase. |
| 165 | const net::NSSCertDatabase* cert_db() const { return cert_db_; } |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 166 | |
[email protected] | 4c4f7cd | 2011-03-05 02:20:44 | [diff] [blame] | 167 | // Trigger a refresh of the list of certs, unlock any slots if necessary. |
| 168 | // Following this call, the observer CertificatesRefreshed method will be |
| 169 | // called so the view can call FilterAndBuildOrgGroupingMap as necessary to |
| 170 | // refresh its tree views. |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 171 | void Refresh(); |
| 172 | |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 173 | // Fill |*out_org_grouping_map| with the certificates matching |filter_type|. |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 174 | void FilterAndBuildOrgGroupingMap(net::CertType filter_type, |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 175 | OrgGroupingMap* out_org_grouping_map) const; |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 176 | |
[email protected] | 6a18d07 | 2011-06-29 00:25:40 | [diff] [blame] | 177 | // Import private keys and certificates from PKCS #12 encoded |
| 178 | // |data|, using the given |password|. If |is_extractable| is false, |
tfarina | f58077a | 2017-01-13 11:40:05 | [diff] [blame] | 179 | // mark the private key as unextractable from the slot. |
[email protected] | 6a18d07 | 2011-06-29 00:25:40 | [diff] [blame] | 180 | // Returns a net error code on failure. |
tfarina | f58077a | 2017-01-13 11:40:05 | [diff] [blame] | 181 | int ImportFromPKCS12(PK11SlotInfo* slot_info, const std::string& data, |
[email protected] | 9692015 | 2013-12-04 21:00:16 | [diff] [blame] | 182 | const base::string16& password, bool is_extractable); |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 183 | |
svaldez | 3e98a71 | 2015-11-23 16:21:57 | [diff] [blame] | 184 | // Import user certificate from DER encoded |data|. |
| 185 | // Returns a net error code on failure. |
| 186 | int ImportUserCert(const std::string& data); |
| 187 | |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 188 | // Import CA certificates. |
| 189 | // Tries to import all the certificates given. The root will be trusted |
| 190 | // according to |trust_bits|. Any certificates that could not be imported |
| 191 | // will be listed in |not_imported|. |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 192 | // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase. |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 193 | // Returns false if there is an internal error, otherwise true is returned and |
| 194 | // |not_imported| should be checked for any certificates that were not |
| 195 | // imported. |
Matt Mueller | 917b4e1 | 2017-09-01 19:15:35 | [diff] [blame] | 196 | bool ImportCACerts(const net::ScopedCERTCertificateList& certificates, |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 197 | net::NSSCertDatabase::TrustBits trust_bits, |
| 198 | net::NSSCertDatabase::ImportCertFailureList* not_imported); |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 199 | |
| 200 | // Import server certificate. The first cert should be the server cert. Any |
| 201 | // additional certs should be intermediate/CA certs and will be imported but |
| 202 | // not given any trust. |
| 203 | // Any certificates that could not be imported will be listed in |
| 204 | // |not_imported|. |
[email protected] | ad40b21 | 2012-06-01 05:59:56 | [diff] [blame] | 205 | // |trust_bits| can be set to explicitly trust or distrust the certificate, or |
| 206 | // use TRUST_DEFAULT to inherit trust as normal. |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 207 | // Returns false if there is an internal error, otherwise true is returned and |
| 208 | // |not_imported| should be checked for any certificates that were not |
| 209 | // imported. |
| 210 | bool ImportServerCert( |
Matt Mueller | 917b4e1 | 2017-09-01 19:15:35 | [diff] [blame] | 211 | const net::ScopedCERTCertificateList& certificates, |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 212 | net::NSSCertDatabase::TrustBits trust_bits, |
| 213 | net::NSSCertDatabase::ImportCertFailureList* not_imported); |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 214 | |
| 215 | // Set trust values for certificate. |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 216 | // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase. |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 217 | // Returns true on success or false on failure. |
Matt Mueller | 917b4e1 | 2017-09-01 19:15:35 | [diff] [blame] | 218 | bool SetCertTrust(CERTCertificate* cert, |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 219 | net::CertType type, |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 220 | net::NSSCertDatabase::TrustBits trust_bits); |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 221 | |
| 222 | // Delete the cert. Returns true on success. |cert| is still valid when this |
| 223 | // function returns. |
Matt Mueller | 917b4e1 | 2017-09-01 19:15:35 | [diff] [blame] | 224 | bool Delete(CERTCertificate* cert); |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 225 | |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 226 | private: |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 227 | // Called when one of the |certs_sources_| has been updated. Will notify the |
| 228 | // |observer_| that the certificate list has been refreshed. |
| 229 | void OnCertsSourceUpdated(); |
| 230 | |
| 231 | // Finds the |CertsSource| which provided |cert|. Can return nullptr (e.g. if |
| 232 | // the cert has been deleted in the meantime). |
| 233 | CertsSource* FindCertsSourceForCert(CERTCertificate* cert); |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 234 | |
| 235 | // Methods used during initialization, see the comment at the top of the .cc |
| 236 | // file for details. |
| 237 | static void DidGetCertDBOnUIThread( |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 238 | std::unique_ptr<Params> params, |
| 239 | CertificateManagerModel::Observer* observer, |
| 240 | const CreationCallback& callback, |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 241 | net::NSSCertDatabase* cert_db, |
[email protected] | 16dad096 | 2014-03-18 01:29:11 | [diff] [blame] | 242 | bool is_user_db_available, |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 243 | bool is_tpm_available); |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 244 | static void DidGetCertDBOnIOThread( |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 245 | std::unique_ptr<Params> params, |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 246 | CertificateManagerModel::Observer* observer, |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 247 | const CreationCallback& callback, |
| 248 | net::NSSCertDatabase* cert_db); |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 249 | static void GetCertDBOnIOThread(std::unique_ptr<Params> params, |
| 250 | content::ResourceContext* resource_context, |
| 251 | CertificateManagerModel::Observer* observer, |
| 252 | const CreationCallback& callback); |
isandrk | 20c70a2 | 2016-09-22 21:41:10 | [diff] [blame] | 253 | |
[email protected] | 7fda9a40 | 2012-09-10 14:11:07 | [diff] [blame] | 254 | net::NSSCertDatabase* cert_db_; |
Pavol Marko | b429f54 | 2018-08-23 06:08:19 | [diff] [blame^] | 255 | |
| 256 | // CertsSource instances providing certificates. The order matters - if a |
| 257 | // certificate is provided by more than one CertsSource, only the first one is |
| 258 | // accepted. |
| 259 | std::vector<std::unique_ptr<CertsSource>> certs_sources_; |
| 260 | |
| 261 | bool hold_back_updates_ = false; |
| 262 | |
[email protected] | 16dad096 | 2014-03-18 01:29:11 | [diff] [blame] | 263 | // Whether the certificate database has a public slot associated with the |
| 264 | // profile. If not set, importing certificates is not allowed with this model. |
| 265 | bool is_user_db_available_; |
[email protected] | 3065a1f | 2014-01-22 08:56:35 | [diff] [blame] | 266 | bool is_tpm_available_; |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 267 | |
| 268 | // The observer to notify when certificate list is refreshed. |
| 269 | Observer* observer_; |
| 270 | |
[email protected] | df8e899b | 2011-02-22 22:58:22 | [diff] [blame] | 271 | DISALLOW_COPY_AND_ASSIGN(CertificateManagerModel); |
| 272 | }; |
| 273 | |
[email protected] | 4f24296 | 2011-05-13 22:25:22 | [diff] [blame] | 274 | #endif // CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_ |