1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_CERT_CERT_DATABASE_H_
6#define NET_CERT_CERT_DATABASE_H_
7
8#include <memory>
9
10#include "base/macros.h"
11#include "base/memory/ref_counted.h"
12#include "build/build_config.h"
13#include "net/base/net_export.h"
14
15namespace base {
16template <typename T> struct DefaultSingletonTraits;
17
18template <class ObserverType>
19class ObserverListThreadSafe;
20}
21
22namespace net {
23
24// This class allows callers to observe changes to the underlying certificate
25// stores.
26//
27// TODO(davidben): This class is really just a giant global ObserverList. It
28// does not do anything with the platform certificate and, in principle, //net's
29// dependency on the platform is abstracted behind the CertVerifier and
30// ClientCertStore interfaces. Ideally these signals would originate out of
31// those interfaces' platform implementations.
32
33class NET_EXPORT CertDatabase {
34 public:
35 // A CertDatabase::Observer will be notified on certificate database changes.
36 // The change could be either a user certificate is added/removed or trust on
37 // a certificate is changed. Observers can be registered via
38 // CertDatabase::AddObserver, and can un-register with
39 // CertDatabase::RemoveObserver.
40 class NET_EXPORT Observer {
41 public:
42 virtual ~Observer() {}
43
44 // Called whenever the Cert Database is known to have changed.
45 // Typically, this will be in response to a CA certificate being added,
46 // removed, or its trust changed, but may also signal on client
47 // certificate events when they can be reliably detected.
48 virtual void OnCertDBChanged() {}
49
50 protected:
51 Observer() {}
52
53 private:
54 DISALLOW_COPY_AND_ASSIGN(Observer);
55 };
56
57 // Returns the CertDatabase singleton.
58 static CertDatabase* GetInstance();
59
60 // Registers |observer| to receive notifications of certificate changes. The
61 // thread on which this is called is the thread on which |observer| will be
62 // called back with notifications.
63 void AddObserver(Observer* observer);
64
65 // Unregisters |observer| from receiving notifications. This must be called
66 // on the same thread on which AddObserver() was called.
67 void RemoveObserver(Observer* observer);
68
69#if defined(OS_MACOSX) && !defined(OS_IOS)
70 // Start observing and forwarding events from Keychain services on the
71 // current thread. Current thread must have an associated CFRunLoop,
72 // which means that this must be called from a MessageLoop of TYPE_UI.
73 void StartListeningForKeychainEvents();
74#endif
75
76 // Synthetically injects notifications to all observers. In general, this
77 // should only be called by the creator of the CertDatabase. Used to inject
78 // notifications from other DB interfaces.
79 void NotifyObserversCertDBChanged();
80
81 private:
82 friend struct base::DefaultSingletonTraits<CertDatabase>;
83
84 CertDatabase();
85 ~CertDatabase();
86
87 const scoped_refptr<base::ObserverListThreadSafe<Observer>> observer_list_;
88
89#if defined(OS_MACOSX) && !defined(OS_IOS)
90 void ReleaseNotifier();
91
92 class Notifier;
93 friend class Notifier;
94 Notifier* notifier_ = nullptr;
95#endif
96
97 DISALLOW_COPY_AND_ASSIGN(CertDatabase);
98};
99
100} // namespace net
101
102#endif // NET_CERT_CERT_DATABASE_H_
103