// Copyright 2024 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module cert_verifier.mojom;
import "services/network/public/mojom/ip_address.mojom";
struct CIDR {
network.mojom.IPAddress ip;
network.mojom.IPAddress mask;
};
// Certificate with constraints specified outside of the certificate.
struct CertWithConstraints {
array<uint8> certificate;
array<string> permitted_dns_names;
array<CIDR> permitted_cidrs;
};
struct AdditionalCertificates {
// List of untrusted certificates, which will be used during path building.
array<array<uint8>> all_certificates;
// List of additional trust anchors.
array<array<uint8>> trust_anchors;
// List of additional trust anchors that have enforced constraints.
array<array<uint8>> trust_anchors_with_enforced_constraints;
// List of additional trust anchors with constraints specified separate from
// the certificate.
array<CertWithConstraints> trust_anchors_with_additional_constraints;
// List of SPKIs that are explicitly distrusted.
array<array<uint8>> distrusted_spkis;
// If true, use user-added certs in the system trust store.
[EnableIfNot=is_chromeos]
bool include_system_trust_store = true;
};
// Updates a Cert Verifier with new parameters.
interface CertVerifierServiceUpdater {
// Called when trust parameters change for Cert Verification. All parameters
// will override any previously provided parameters that were provide (either
// via previous calls to UpdateCertVerifier or that were specified in
// cert_verifier.mojom.CertVerifierCreationParams.
UpdateAdditionalCertificates(AdditionalCertificates certificates);
};
Codebase Browser
chromium