[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 1 | // Copyright 2013 The Chromium Authors. All rights reserved. |
2 | // Use of this source code is governed by a BSD-style license that can be | ||||
3 | // found in the LICENSE file. | ||||
4 | |||||
5 | #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_ | ||||
6 | #define NET_SSL_CLIENT_CERT_STORE_NSS_H_ | ||||
7 | |||||
danakj | a9850e1 | 2016-04-18 22:28:08 | [diff] [blame] | 8 | #include <memory> |
9 | |||||
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 10 | #include "base/callback.h" |
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 11 | #include "base/macros.h" |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 12 | #include "net/base/net_export.h" |
13 | #include "net/ssl/client_cert_store.h" | ||||
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 14 | |
[email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 15 | typedef struct CERTCertListStr CERTCertList; |
16 | |||||
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 17 | namespace crypto { |
18 | class CryptoModuleBlockingPasswordDelegate; | ||||
19 | } | ||||
20 | |||||
21 | namespace net { | ||||
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 22 | class HostPortPair; |
23 | class SSLCertRequestInfo; | ||||
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 24 | |
25 | class NET_EXPORT ClientCertStoreNSS : public ClientCertStore { | ||||
26 | public: | ||||
27 | typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*( | ||||
[email protected] | 791879c | 2013-12-17 07:22:41 | [diff] [blame] | 28 | const HostPortPair& /* server */)> PasswordDelegateFactory; |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 29 | |
30 | explicit ClientCertStoreNSS( | ||||
31 | const PasswordDelegateFactory& password_delegate_factory); | ||||
dcheng | 67be2b1f | 2014-10-27 21:47:29 | [diff] [blame] | 32 | ~ClientCertStoreNSS() override; |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 33 | |
34 | // ClientCertStore: | ||||
dcheng | 67be2b1f | 2014-10-27 21:47:29 | [diff] [blame] | 35 | void GetClientCerts(const SSLCertRequestInfo& cert_request_info, |
mattm | 7ed243f | 2017-04-28 05:28:58 | [diff] [blame^] | 36 | const ClientCertListCallback& callback) override; |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 37 | |
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 38 | // Examines the certificates in |certs| to find all certificates that match |
39 | // the client certificate request in |request|, storing the matching | ||||
40 | // certificates in |filtered_certs|. Any previous content of |filtered_certs| | ||||
41 | // will be removed. | ||||
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 42 | // Must be called from a worker thread. |
43 | static void FilterCertsOnWorkerThread(const CertificateList& certs, | ||||
44 | const SSLCertRequestInfo& request, | ||||
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 45 | CertificateList* filtered_certs); |
46 | |||||
47 | // Retrieves all client certificates that are stored by NSS and adds them to | ||||
48 | // |certs|. |password_delegate| is used to unlock slots if required. | ||||
49 | // Must be called from a worker thread. | ||||
50 | static void GetPlatformCertsOnWorkerThread( | ||||
danakj | a9850e1 | 2016-04-18 22:28:08 | [diff] [blame] | 51 | std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 52 | password_delegate, |
53 | net::CertificateList* certs); | ||||
[email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 54 | |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 55 | private: |
mattm | 7ed243f | 2017-04-28 05:28:58 | [diff] [blame^] | 56 | CertificateList GetAndFilterCertsOnWorkerThread( |
danakj | a9850e1 | 2016-04-18 22:28:08 | [diff] [blame] | 57 | std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
[email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 58 | password_delegate, |
mattm | 7ed243f | 2017-04-28 05:28:58 | [diff] [blame^] | 59 | const SSLCertRequestInfo* request); |
[email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame] | 60 | |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 61 | // The factory for creating the delegate for requesting a password to a |
pneubeck | 385704ec | 2015-08-25 08:56:37 | [diff] [blame] | 62 | // PKCS#11 token. May be null. |
[email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 63 | PasswordDelegateFactory password_delegate_factory_; |
64 | |||||
65 | DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS); | ||||
66 | }; | ||||
67 | |||||
68 | } // namespace net | ||||
69 | |||||
70 | #endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_ |