Google Git
Sign in
chromium / chromium / src.git / 778dfcb0198efe6b5d97e2ac687514f87ac21cc0 / . / chrome / browser / net / server_certificate_database.h
blob: cfa0fc2c81943d81f9a90f32922e180a2769567a [file] [log] [blame]
Hubert Chao52a323602024-09-11 14:40:15[diff] [blame]1// Copyright 2024 The Chromium Authors
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_NET_SERVER_CERTIFICATE_DATABASE_H_
6#define CHROME_BROWSER_NET_SERVER_CERTIFICATE_DATABASE_H_
7
Hubert Chao7299aa6b2024-10-03 18:20:22[diff] [blame]8#include <optional>
9
Hubert Chao52a323602024-09-11 14:40:15[diff] [blame]10#include "base/files/file_path.h"
11#include "base/sequence_checker.h"
12#include "base/thread_annotations.h"
Hubert Chaoe28ab1c2024-09-18 19:32:25[diff] [blame]13#include "chrome/browser/net/server_certificate_database.pb.h"
Hubert Chao52a323602024-09-11 14:40:15[diff] [blame]14#include "sql/database.h"
15#include "sql/init_status.h"
Hubert Chao7299aa6b2024-10-03 18:20:22[diff] [blame]16#include "third_party/boringssl/src/pki/trust_store.h"
Hubert Chao52a323602024-09-11 14:40:15[diff] [blame]17
18namespace net {
19
20// Wraps the SQLite database that provides on-disk storage for user-configured
21// TLS certificates. This class is expected to be created and accessed on a
22// backend sequence.
23class ServerCertificateDatabase {
24 public:
Hubert Chaoe28ab1c2024-09-18 19:32:25[diff] [blame]25 struct CertInformation {
Matt Mueller778dfcb2024-12-10 19:02:14[diff] [blame^]26 // Initializes a CertInformation object with the `der_cert` and calculates
27 // the `sha256hash_hex` from the supplied cert.
28 explicit CertInformation(base::span<const uint8_t> cert);
Hubert Chaoe28ab1c2024-09-18 19:32:25[diff] [blame]29 CertInformation();
30 ~CertInformation();
31 CertInformation(CertInformation&&);
32 CertInformation& operator=(CertInformation&& other);
33
34 std::string sha256hash_hex;
35 std::vector<uint8_t> der_cert;
36 chrome_browser_server_certificate_database::CertificateMetadata
37 cert_metadata;
38 };
39
40 // Opens the database in `storage_dir`, creating it if one does not exist.
41 // `storage_dir` will generally be in the Profile directory.
Hubert Chao52a323602024-09-11 14:40:15[diff] [blame]42 explicit ServerCertificateDatabase(const base::FilePath& storage_dir);
43
44 ServerCertificateDatabase(const ServerCertificateDatabase&) = delete;
45 ServerCertificateDatabase& operator=(const ServerCertificateDatabase&) =
46 delete;
47 ~ServerCertificateDatabase();
48
Hubert Chao7299aa6b2024-10-03 18:20:22[diff] [blame]49 static std::optional<bssl::CertificateTrustType> GetUserCertificateTrust(
50 const net::ServerCertificateDatabase::CertInformation& cert_info);
51
Hubert Chaod4b21142024-11-22 17:00:37[diff] [blame]52 // Insert new certificates into the database, or if some of the certificates
53 // are already present (as indicated by cert_info.sha256hash_hex), update the
Hubert Chaoe28ab1c2024-09-18 19:32:25[diff] [blame]54 // entry in the database.
Hubert Chaod4b21142024-11-22 17:00:37[diff] [blame]55 bool InsertOrUpdateCerts(const std::vector<CertInformation>& cert_infos);
Hubert Chaoe28ab1c2024-09-18 19:32:25[diff] [blame]56
57 // Retrieve all of the certificates from the database.
58 std::vector<CertInformation> RetrieveAllCertificates();
59
Carlos IL0722522c72024-10-22 18:50:03[diff] [blame]60 uint32_t RetrieveCertificatesCount();
61
Carlos IL1de43532024-10-24 18:27:00[diff] [blame]62 // Delete the certificate with a matching hash from the database.
63 bool DeleteCertificate(const std::string& sha256hash_hex);
64
Hubert Chao52a323602024-09-11 14:40:15[diff] [blame]65 private:
66 sql::InitStatus InitInternal(const base::FilePath& storage_dir);
67
68 // The underlying SQL database.
69 sql::Database db_ GUARDED_BY_CONTEXT(sequence_checker_);
70 SEQUENCE_CHECKER(sequence_checker_);
71};
72
73} // namespace net
74
75#endif // CHROME_BROWSER_NET_SERVER_CERTIFICATE_DATABASE_H_