// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module cert_verifier.mojom;
import "mojo/public/mojom/base/byte_string.mojom";
import "mojo/public/mojom/base/time.mojom";
import "services/network/public/mojom/network_param.mojom";
import "services/network/public/mojom/url_loader_factory.mojom";
// Mojo version of net::CertVerifier::RequestParams.
struct RequestParams {
network.mojom.X509Certificate certificate;
string hostname;
int32 flags;
mojo_base.mojom.ByteString ocsp_response;
mojo_base.mojom.ByteString sct_list;
};
// Temporary config struct--this should eventually be deleted as the network
// service has no reason to know about this config.
// TODO(crbug.com/40899828): remove this.
struct CertVerifierConfig {
bool enable_rev_checking;
bool require_rev_checking_local_anchors;
bool enable_sha1_local_anchors;
bool disable_symantec_enforcement;
};
// Allows the CertVerifierService to connect a new URLLoaderFactory if its
// existing URLLoaderFactory is disconnected. The CertVerifierService uses the
// URLLoaderFactory for AIA and OCSP fetching.
interface URLLoaderFactoryConnector {
// Binds a URLLoaderFactory.
CreateURLLoaderFactory(
pending_receiver<network.mojom.URLLoaderFactory> url_loader_factory);
};
// An interface that verifies a certificate based on the |params|, and calls the
// |Complete| method on the returned CertVerifierRequest when the result is
// available.
interface CertVerifierService {
// |url_loader_factory| allows the CertVerifierService to connect to the
// network for things like AIA or OCSP. |reconnector| allows the CertVerifier
// to reconnect its URLLoaderFactory in case the network service disconnects
// its URLLoaderFactories without crashing. Must be called before Verify() to
// have an effect.
EnableNetworkAccess(
pending_remote<network.mojom.URLLoaderFactory> url_loader_factory,
pending_remote<URLLoaderFactoryConnector>? reconnector);
// Mojo IPC used to verify a certificate. Sends results to the
// |cert_verifier_request| interface when verification is complete.
Verify(RequestParams params,
network.mojom.NetLogSource net_log_source,
pending_remote<CertVerifierRequest> cert_verifier_request);
// Sets the config for the underlying CertVerifier.
SetConfig(CertVerifierConfig config);
};
// Receives events from the CertVerifierService.
interface CertVerifierServiceClient {
// Called when the certificate verifier changes internal configuration.
// Observers can use this method to invalidate caches that incorporate
// previous trust decisions.
OnCertVerifierChanged();
};
// An interface for a CertVerifierService to pass results to the client of the
// service. If the client closes this request, that will imply cancellation of
// the cert verification.
interface CertVerifierRequest {
// When the verification is complete, the CertVerifierService will pass the
// verification result to this method, then immediately close its sending
// pipe to this interface.
Complete(network.mojom.CertVerifyResult result, int32 net_error);
};
Codebase Browser
chromium