1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_
6 #define CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_
12 #include "base/functional/callback.h"
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/raw_ptr.h"
15 #include "build/chromeos_buildflags.h"
16 #include "chrome/browser/net/nss_service.h"
17 #include "net/cert/nss_cert_database.h"
18 #include "net/cert/scoped_nss_types.h"
19 #include "net/ssl/client_cert_identity.h"
23 } // namespace content
25 #if BUILDFLAG(IS_CHROMEOS)
27 class PolicyCertificateProvider;
31 class CertificateProvider;
35 // CertificateManagerModel provides the data to be displayed in the certificate
36 // manager dialog, and processes changes from the view.
37 class CertificateManagerModel {
39 // Holds information about a certificate, along with the certificate itself.
43 // This certificate is installed in the platform certificate database.
45 // This certificate is provided by enterprise policy.
47 // This certificate is provided by an extension.
51 CertInfo(net::ScopedCERTCertificate cert,
57 bool web_trust_anchor,
61 CertInfo(const CertInfo&) = delete;
62 CertInfo& operator=(const CertInfo&) = delete;
66 CERTCertificate* cert() const { return cert_.get(); }
67 net::CertType type() const { return type_; }
68 const std::u16string& name() const { return name_; }
69 bool can_be_deleted() const { return can_be_deleted_; }
70 bool untrusted() const { return untrusted_; }
71 Source source() const { return source_; }
72 bool web_trust_anchor() const { return web_trust_anchor_; }
73 bool hardware_backed() const { return hardware_backed_; }
74 bool device_wide() const { return device_wide_; }
76 // Clones a CertInfo, duplicating the contained NSS certificate.
77 static std::unique_ptr<CertInfo> Clone(const CertInfo* cert_info);
80 // The certificate itself.
81 net::ScopedCERTCertificate cert_;
83 // The type of the certificate. Used to filter certificates to be displayed
84 // on the tabs of the certificate manager UI.
87 // A user readable certificate name.
90 // false if the certificate is stored on a read-only slot or provided by
91 // enterprise policy or an extension, otherwise true.
94 // true if the certificate is untrusted.
97 // Describes where this certificate originates from.
100 // true if the certificate is given web trust (either by its platform trust
101 // settings, or by enterprise policy).
102 bool web_trust_anchor_;
104 // true if the certificate is hardware-backed. Note that extension-provided
105 // certificates are not regarded as hardware-backed.
106 bool hardware_backed_;
108 // true if the certificate is device-wide.
109 // Note: can be true only on Chrome OS.
112 FRIEND_TEST_ALL_PREFIXES(CertificateHandlerTest,
113 CanDeleteCertificateCommonTest);
114 FRIEND_TEST_ALL_PREFIXES(CertificateHandlerTest,
115 CanDeleteUserCertificateTest);
116 FRIEND_TEST_ALL_PREFIXES(CertificateHandlerTest,
117 CanDeleteCACertificateTest);
118 FRIEND_TEST_ALL_PREFIXES(CertificateHandlerTest,
119 CanEditCertificateCommonTest);
120 FRIEND_TEST_ALL_PREFIXES(CertificateHandlerTest,
121 CanEditUserCertificateTest);
122 FRIEND_TEST_ALL_PREFIXES(CertificateHandlerTest, CanEditCACertificateTest);
127 // Holds parameters during construction.
129 #if BUILDFLAG(IS_CHROMEOS)
131 raw_ptr<ash::PolicyCertificateProvider> policy_certs_provider = nullptr;
133 std::unique_ptr<chromeos::CertificateProvider>
134 extension_certificate_provider;
139 Params(const Params&) = delete;
140 Params& operator=(const Params&) = delete;
142 Params(Params&& other);
147 // Map from the subject organization name to the list of certs from that
148 // organization. If a cert does not have an organization name, the
149 // subject's CertPrincipal::GetDisplayName() value is used instead.
150 using OrgGroupingMap =
151 std::map<std::string, std::vector<std::unique_ptr<CertInfo>>>;
153 using CreationCallback =
154 base::OnceCallback<void(std::unique_ptr<CertificateManagerModel>)>;
158 // Called to notify the view that the certificate list has been refreshed.
159 // TODO(mattm): do a more granular updating strategy? Maybe retrieve new
160 // list of certs, diff against past list, and then notify of the changes?
161 virtual void CertificatesRefreshed() = 0;
164 virtual ~Observer() = default;
167 // Creates a CertificateManagerModel. The model will be passed to the callback
168 // when it is ready. The caller must ensure the model does not outlive the
169 // |browser_context|.
170 static void Create(content::BrowserContext* browser_context,
172 CreationCallback callback);
174 // Use |Create| instead to create a |CertificateManagerModel| for a
176 CertificateManagerModel(std::unique_ptr<Params> params,
178 net::NSSCertDatabase* nss_cert_database);
180 CertificateManagerModel(const CertificateManagerModel&) = delete;
181 CertificateManagerModel& operator=(const CertificateManagerModel&) = delete;
183 ~CertificateManagerModel();
185 // Accessor for read-only access to the underlying NSSCertDatabase.
186 const net::NSSCertDatabase* cert_db() const { return cert_db_; }
188 // Trigger a refresh of the list of certs, unlock any slots if necessary.
189 // Following this call, the observer CertificatesRefreshed method will be
190 // called so the view can call FilterAndBuildOrgGroupingMap as necessary to
191 // refresh its tree views.
194 // Fill |*out_org_grouping_map| with the certificates matching |filter_type|.
195 void FilterAndBuildOrgGroupingMap(net::CertType filter_type,
196 OrgGroupingMap* out_org_grouping_map) const;
198 // Import private keys and certificates from PKCS #12 encoded
199 // |data|, using the given |password|. If |is_extractable| is false,
200 // mark the private key as unextractable from the slot.
201 // Returns a net error code on failure.
202 int ImportFromPKCS12(PK11SlotInfo* slot_info,
203 const std::string& data,
204 const std::u16string& password,
205 bool is_extractable);
207 // Import user certificate from DER encoded |data|.
208 // Returns a net error code on failure.
209 int ImportUserCert(const std::string& data);
211 // Import CA certificates.
212 // Tries to import all the certificates given. The root will be trusted
213 // according to |trust_bits|. Any certificates that could not be imported
214 // will be listed in |not_imported|.
215 // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase.
216 // Returns false if there is an internal error, otherwise true is returned and
217 // |not_imported| should be checked for any certificates that were not
219 bool ImportCACerts(const net::ScopedCERTCertificateList& certificates,
220 net::NSSCertDatabase::TrustBits trust_bits,
221 net::NSSCertDatabase::ImportCertFailureList* not_imported);
223 // Import server certificate. The first cert should be the server cert. Any
224 // additional certs should be intermediate/CA certs and will be imported but
225 // not given any trust.
226 // Any certificates that could not be imported will be listed in
228 // |trust_bits| can be set to explicitly trust or distrust the certificate, or
229 // use TRUST_DEFAULT to inherit trust as normal.
230 // Returns false if there is an internal error, otherwise true is returned and
231 // |not_imported| should be checked for any certificates that were not
233 bool ImportServerCert(
234 const net::ScopedCERTCertificateList& certificates,
235 net::NSSCertDatabase::TrustBits trust_bits,
236 net::NSSCertDatabase::ImportCertFailureList* not_imported);
238 // Set trust values for certificate.
239 // |trust_bits| should be a bit field of TRUST* values from NSSCertDatabase.
240 // Returns true on success or false on failure.
241 bool SetCertTrust(CERTCertificate* cert,
243 net::NSSCertDatabase::TrustBits trust_bits);
245 // Remove the cert from the cert database.
246 void RemoveFromDatabase(net::ScopedCERTCertificate cert,
247 base::OnceCallback<void(bool /*success*/)> callback);
250 // Called when one of the |certs_sources_| has been updated. Will notify the
251 // |observer_| that the certificate list has been refreshed.
252 void OnCertsSourceUpdated();
254 // Finds the |CertsSource| which provided |cert|. Can return nullptr (e.g. if
255 // the cert has been deleted in the meantime).
256 CertsSource* FindCertsSourceForCert(CERTCertificate* cert);
258 // Methods used during initialization, see the comment at the top of the .cc
260 static void DidGetCertDBOnUIThread(
261 std::unique_ptr<Params> params,
262 CertificateManagerModel::Observer* observer,
263 CreationCallback callback,
264 net::NSSCertDatabase* cert_db);
265 static void DidGetCertDBOnIOThread(
266 std::unique_ptr<Params> params,
267 CertificateManagerModel::Observer* observer,
268 CreationCallback callback,
269 net::NSSCertDatabase* cert_db);
270 static void GetCertDBOnIOThread(std::unique_ptr<Params> params,
271 NssCertDatabaseGetter database_getter,
272 CertificateManagerModel::Observer* observer,
273 CreationCallback callback);
275 raw_ptr<net::NSSCertDatabase> cert_db_;
277 // CertsSource instances providing certificates. The order matters - if a
278 // certificate is provided by more than one CertsSource, only the first one is
280 std::vector<std::unique_ptr<CertsSource>> certs_sources_;
282 bool hold_back_updates_ = false;
284 // The observer to notify when certificate list is refreshed.
285 raw_ptr<Observer> observer_;
288 #endif // CHROME_BROWSER_CERTIFICATE_MANAGER_MODEL_H_