| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 1 | // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be | ||||
| 3 | // found in the LICENSE file. | ||||
| 4 | |||||
| 5 | #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_ | ||||
| 6 | #define NET_SSL_CLIENT_CERT_STORE_NSS_H_ | ||||
| 7 | |||||
| danakj | a9850e1 | 2016-04-18 22:28:08 | [diff] [blame] | 8 | #include <memory> |
| 9 | |||||
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 10 | #include "base/callback.h" |
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 11 | #include "base/macros.h" |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 12 | #include "net/base/net_export.h" |
| 13 | #include "net/ssl/client_cert_store.h" | ||||
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 14 | |
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 15 | typedef struct CERTCertListStr CERTCertList; |
| 16 | |||||
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 17 | namespace crypto { |
| 18 | class CryptoModuleBlockingPasswordDelegate; | ||||
| 19 | } | ||||
| 20 | |||||
| 21 | namespace net { | ||||
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 22 | class HostPortPair; |
| 23 | class SSLCertRequestInfo; | ||||
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 24 | |
| 25 | class NET_EXPORT ClientCertStoreNSS : public ClientCertStore { | ||||
| 26 | public: | ||||
| 27 | typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*( | ||||
| [email protected] | 791879c | 2013-12-17 07:22:41 | [diff] [blame] | 28 | const HostPortPair& /* server */)> PasswordDelegateFactory; |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 29 | |
| 30 | explicit ClientCertStoreNSS( | ||||
| 31 | const PasswordDelegateFactory& password_delegate_factory); | ||||
| dcheng | 67be2b1f | 2014-10-27 21:47:29 | [diff] [blame] | 32 | ~ClientCertStoreNSS() override; |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 33 | |
| 34 | // ClientCertStore: | ||||
| dcheng | 67be2b1f | 2014-10-27 21:47:29 | [diff] [blame] | 35 | void GetClientCerts(const SSLCertRequestInfo& cert_request_info, |
| mattm | 7ed243f | 2017-04-28 05:28:58 | [diff] [blame^] | 36 | const ClientCertListCallback& callback) override; |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 37 | |
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 38 | // Examines the certificates in |certs| to find all certificates that match |
| 39 | // the client certificate request in |request|, storing the matching | ||||
| 40 | // certificates in |filtered_certs|. Any previous content of |filtered_certs| | ||||
| 41 | // will be removed. | ||||
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 42 | // Must be called from a worker thread. |
| 43 | static void FilterCertsOnWorkerThread(const CertificateList& certs, | ||||
| 44 | const SSLCertRequestInfo& request, | ||||
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 45 | CertificateList* filtered_certs); |
| 46 | |||||
| 47 | // Retrieves all client certificates that are stored by NSS and adds them to | ||||
| 48 | // |certs|. |password_delegate| is used to unlock slots if required. | ||||
| 49 | // Must be called from a worker thread. | ||||
| 50 | static void GetPlatformCertsOnWorkerThread( | ||||
| danakj | a9850e1 | 2016-04-18 22:28:08 | [diff] [blame] | 51 | std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 52 | password_delegate, |
| 53 | net::CertificateList* certs); | ||||
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 54 | |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 55 | private: |
| mattm | 7ed243f | 2017-04-28 05:28:58 | [diff] [blame^] | 56 | CertificateList GetAndFilterCertsOnWorkerThread( |
| danakj | a9850e1 | 2016-04-18 22:28:08 | [diff] [blame] | 57 | std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 58 | password_delegate, |
| mattm | 7ed243f | 2017-04-28 05:28:58 | [diff] [blame^] | 59 | const SSLCertRequestInfo* request); |
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 60 | |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 61 | // The factory for creating the delegate for requesting a password to a |
| pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 62 | // PKCS#11 token. May be null. |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 63 | PasswordDelegateFactory password_delegate_factory_; |
| 64 | |||||
| 65 | DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS); | ||||
| 66 | }; | ||||
| 67 | |||||
| 68 | } // namespace net | ||||
| 69 | |||||
| 70 | #endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_ | ||||