diff options
Diffstat (limited to 'chromium/net/cert/test_root_certs.h')
-rw-r--r-- | chromium/net/cert/test_root_certs.h | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/chromium/net/cert/test_root_certs.h b/chromium/net/cert/test_root_certs.h index f2251dd1e78..c299b3c6d3b 100644 --- a/chromium/net/cert/test_root_certs.h +++ b/chromium/net/cert/test_root_certs.h @@ -6,10 +6,9 @@ #define NET_CERT_TEST_ROOT_CERTS_H_ #include "base/lazy_instance.h" -#include "base/memory/ref_counted.h" #include "build/build_config.h" #include "net/base/net_export.h" -#include "net/cert/internal/trust_store_in_memory.h" +#include "net/cert/pki/trust_store_in_memory.h" #if BUILDFLAG(IS_WIN) #include <windows.h> @@ -21,10 +20,6 @@ #include "base/mac/scoped_cftyperef.h" #endif -namespace base { -class FilePath; -} - namespace net { class X509Certificate; @@ -33,6 +28,9 @@ typedef std::vector<scoped_refptr<X509Certificate>> CertificateList; // TestRootCerts is a helper class for unit tests that is used to // artificially mark a certificate as trusted, independent of the local // machine configuration. +// +// Test roots can be added using the ScopedTestRoot class below. See the +// class documentation for usage and limitations. class NET_EXPORT TestRootCerts { public: // Obtains the Singleton instance to the trusted certificates. @@ -44,16 +42,6 @@ class NET_EXPORT TestRootCerts { // Returns true if an instance exists, without forcing an initialization. static bool HasInstance(); - // Marks |certificate| as trusted in the effective trust store - // used by CertVerifier::Verify(). Returns false if the - // certificate could not be marked trusted. - bool Add(X509Certificate* certificate); - - // Reads a single certificate from |file| and marks it as trusted. Returns - // false if an error is encountered, such as being unable to read |file| - // or more than one certificate existing in |file|. - bool AddFromFile(const base::FilePath& file); - // Clears the trusted status of any certificates that were previously // marked trusted via Add(). void Clear(); @@ -81,10 +69,16 @@ class NET_EXPORT TestRootCerts { private: friend struct base::LazyInstanceTraitsBase<TestRootCerts>; + friend class ScopedTestRoot; TestRootCerts(); ~TestRootCerts(); + // Marks |certificate| as trusted in the effective trust store + // used by CertVerifier::Verify(). Returns false if the + // certificate could not be marked trusted. + bool Add(X509Certificate* certificate); + // Performs platform-dependent operations. void Init(); bool AddImpl(X509Certificate* certificate); @@ -100,21 +94,27 @@ class NET_EXPORT TestRootCerts { }; // Scoped helper for unittests to handle safely managing trusted roots. -class NET_EXPORT_PRIVATE ScopedTestRoot { +// +// Limitations: +// Multiple instances of ScopedTestRoot may be created at once, which will +// trust the union of the certs provided. However, when one of the +// ScopedTestRoot instances removes its trust, either by going out of scope, or +// by Reset() being called, *all* test root certs will be untrusted. (This +// limitation could be removed if a reason arises.) +class NET_EXPORT ScopedTestRoot { public: ScopedTestRoot(); - // Creates a ScopedTestRoot that sets |cert| as the single root in the - // TestRootCerts store (if there were existing roots they are - // cleared). + // Creates a ScopedTestRoot that adds |cert| to the TestRootCerts store. explicit ScopedTestRoot(X509Certificate* cert); - // Creates a ScopedTestRoot that sets |certs| as the only roots in the - // TestRootCerts store (if there were existing roots they are - // cleared). + // Creates a ScopedTestRoot that adds |certs| to the TestRootCerts store. explicit ScopedTestRoot(CertificateList certs); ScopedTestRoot(const ScopedTestRoot&) = delete; ScopedTestRoot& operator=(const ScopedTestRoot&) = delete; + ScopedTestRoot(ScopedTestRoot&& other); + ScopedTestRoot& operator=(ScopedTestRoot&& other); + ~ScopedTestRoot(); // Assigns |certs| to be the new test root certs. If |certs| is empty, undoes @@ -124,6 +124,9 @@ class NET_EXPORT_PRIVATE ScopedTestRoot { // cleared. void Reset(CertificateList certs); + // Returns true if this ScopedTestRoot has no certs assigned. + bool IsEmpty() const { return certs_.empty(); } + private: CertificateList certs_; }; |