blob: d49d50f6a43298eaac20d85756a637fdf0647654 [file] [log] [blame]
[email protected]5482ef9e2013-12-11 04:27:431// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
6#define NET_SSL_CLIENT_CERT_STORE_NSS_H_
7
danakja9850e12016-04-18 22:28:088#include <memory>
9
[email protected]5482ef9e2013-12-11 04:27:4310#include "base/callback.h"
pneubeck385704ec2015-08-25 08:56:3711#include "base/macros.h"
[email protected]5482ef9e2013-12-11 04:27:4312#include "net/base/net_export.h"
13#include "net/ssl/client_cert_store.h"
[email protected]5482ef9e2013-12-11 04:27:4314
[email protected]e53c02322013-12-17 00:09:0015typedef struct CERTCertListStr CERTCertList;
16
[email protected]5482ef9e2013-12-11 04:27:4317namespace crypto {
18class CryptoModuleBlockingPasswordDelegate;
19}
20
21namespace net {
pneubeck385704ec2015-08-25 08:56:3722class HostPortPair;
23class SSLCertRequestInfo;
[email protected]5482ef9e2013-12-11 04:27:4324
25class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
26 public:
27 typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
[email protected]791879c2013-12-17 07:22:4128 const HostPortPair& /* server */)> PasswordDelegateFactory;
[email protected]5482ef9e2013-12-11 04:27:4329
30 explicit ClientCertStoreNSS(
31 const PasswordDelegateFactory& password_delegate_factory);
dcheng67be2b1f2014-10-27 21:47:2932 ~ClientCertStoreNSS() override;
[email protected]5482ef9e2013-12-11 04:27:4333
34 // ClientCertStore:
dcheng67be2b1f2014-10-27 21:47:2935 void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
mattm7ed243f2017-04-28 05:28:5836 const ClientCertListCallback& callback) override;
[email protected]5482ef9e2013-12-11 04:27:4337
pneubeck385704ec2015-08-25 08:56:3738 // Examines the certificates in |certs| to find all certificates that match
39 // the client certificate request in |request|, storing the matching
40 // certificates in |filtered_certs|. Any previous content of |filtered_certs|
41 // will be removed.
pneubeck385704ec2015-08-25 08:56:3742 // Must be called from a worker thread.
43 static void FilterCertsOnWorkerThread(const CertificateList& certs,
44 const SSLCertRequestInfo& request,
pneubeck385704ec2015-08-25 08:56:3745 CertificateList* filtered_certs);
46
47 // Retrieves all client certificates that are stored by NSS and adds them to
48 // |certs|. |password_delegate| is used to unlock slots if required.
49 // Must be called from a worker thread.
50 static void GetPlatformCertsOnWorkerThread(
danakja9850e12016-04-18 22:28:0851 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
pneubeck385704ec2015-08-25 08:56:3752 password_delegate,
53 net::CertificateList* certs);
[email protected]e53c02322013-12-17 00:09:0054
[email protected]5482ef9e2013-12-11 04:27:4355 private:
mattm7ed243f2017-04-28 05:28:5856 CertificateList GetAndFilterCertsOnWorkerThread(
danakja9850e12016-04-18 22:28:0857 std::unique_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
[email protected]e53c02322013-12-17 00:09:0058 password_delegate,
mattm7ed243f2017-04-28 05:28:5859 const SSLCertRequestInfo* request);
[email protected]e53c02322013-12-17 00:09:0060
[email protected]5482ef9e2013-12-11 04:27:4361 // The factory for creating the delegate for requesting a password to a
pneubeck385704ec2015-08-25 08:56:3762 // PKCS#11 token. May be null.
[email protected]5482ef9e2013-12-11 04:27:4363 PasswordDelegateFactory password_delegate_factory_;
64
65 DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
66};
67
68} // namespace net
69
70#endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_