Codebase Browser
chromium
Go to App

chromium/services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom 

// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

module cert_verifier.mojom;

import "mojo/public/mojom/base/big_buffer.mojom";
import "mojo/public/mojom/base/file_path.mojom";
import "mojo/public/mojom/base/proto_wrapper.mojom";
import "mojo/public/mojom/base/read_only_buffer.mojom";
import "mojo/public/mojom/base/time.mojom";
import "services/network/public/mojom/cert_verifier_service.mojom";
import "services/network/public/mojom/cert_verifier_service_updater.mojom";
import "services/network/public/mojom/network_param.mojom";

[EnableIf=is_ct_supported]
import "services/network/public/mojom/ct_log_info.mojom";

// Parameters to specify how the net::CertVerifier and net::CertVerifyProc
// objects should be instantiated.
struct CertVerifierCreationParams {
  // Specifies the path to the directory where NSS will store its database.
  // Example: /home/chronos/u-<hash>
  [EnableIf=is_chromeos_ash]
  mojo_base.mojom.FilePath? nss_path;

  // Specifies the path to the software NSS database.
  // Example: /home/chronos/u-<hash>/.pki/nssdb
  [EnableIf=is_chromeos_lacros]
  mojo_base.mojom.FilePath? nss_full_path;

  // This is used in combination with nss_path, to ensure that the NSS database
  // isn't opened multiple times for NetworkContexts in the same profie.
  [EnableIf=is_chromeos_ash]
  string username_hash;

  // Initial additional certificates that will be used for certificate
  // validation.
  AdditionalCertificates? initial_additional_certificates;
};

// Information about a certificate in the Chrome Root Store
struct ChromeRootCertInfo {
  string sha256hash_hex;

  array<uint8> cert;
};

// Information about the Chrome Root Store
struct ChromeRootStoreInfo {
  int64 version;
  array<ChromeRootCertInfo> root_cert_info;
};

enum CertificateTrust {
  kUnspecified,
  kDistrusted,
  kTrusted,
};

struct PlatformCertInfo {
  array<uint8> cert;
  CertificateTrust trust_setting;
};

struct PlatformRootStoreInfo {
  array<PlatformCertInfo> user_added_certs;
};

// Parent interface for the CertVerifierProcess. Hands out new
// CertVerifierService's, which have their own underlying CertVerifier's
// underneath.
interface CertVerifierServiceFactory {
  // Gets a new CertVerifierService, which //net code can interface with using
  // cert_verifier::MojoCertVerifier.
  GetNewCertVerifier(pending_receiver<CertVerifierService> receiver,
                     pending_receiver<CertVerifierServiceUpdater>? updater,
                     pending_remote<CertVerifierServiceClient> client,
                     CertVerifierCreationParams? creation_params);

  // Updates the CRLSet used in the verification of certificates. CRLSets that
  // cannot be parsed using net::CRLSet::Parse will be ignored, as will older
  // CRLSets (where older is determined by the sequence number). All
  // CertVerifierServices created by the CertVerifierServiceFactory, including
  // those created after this call, will use the same CRLSet.
  // TODO(crbug.com/40902260): consider using ReadOnlySharedMemoryRegion
  // or ReadOnlyFile instead of BigBuffer for this and ChromeRootStore.
  UpdateCRLSet(mojo_base.mojom.BigBuffer crl_set) => ();

  // Updates the log list used for CT verification. `update_time` should
  // contain the log list timestamp.
  [EnableIf=is_ct_supported]
  UpdateCtLogList(array<network.mojom.CTLogInfo> log_list,
                  mojo_base.mojom.Time update_time) => ();

  // Updates the ChromeRootStore used by the CertVerifierServiceFactory with a
  // new version. The callback will be run once the update has been processed
  // (regardless if it was updated successfully or the update was ignored.)
  [EnableIf=is_chrome_root_store_supported]
  UpdateChromeRootStore(mojo_base.mojom.ProtoWrapper new_root_store) => ();

  // Sets whether verification should use the Chrome Root Store or not. All
  // CertVerifierServices created by the CertVerifierServiceFactory, including
  // those created after this call, will use the same setting.
  [EnableIf=is_chrome_root_store_optional]
  SetUseChromeRootStore(bool use_crs) => ();

  // Returns information about the current Chrome Root Store.
  [EnableIf=is_chrome_root_store_supported]
  GetChromeRootStoreInfo() => (ChromeRootStoreInfo root_store_info);

  // Returns information about the current Platform Root Store.
  [EnableIf=is_chrome_root_store_supported]
  GetPlatformRootStoreInfo() => (PlatformRootStoreInfo root_store_info);

  // Updates the time used for certificate verification. After this is called,
  // the system time will be recorded along with a known time passed in as
  // `current_time`. Future verification attempts will estimate the real time
  // based on how much the system clock has advanced since the last update.
  // This only has an effect when the built-in verifier is being used.
  UpdateNetworkTime(mojo_base.mojom.Time system_time,
                    mojo_base.mojom.TimeTicks system_ticks,
                    mojo_base.mojom.Time current_time);
};