| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 1 | // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_ |
| 6 | #define NET_SSL_CLIENT_CERT_STORE_NSS_H_ |
| 7 | |
| 8 | #include "base/basictypes.h" |
| 9 | #include "base/callback.h" |
| 10 | #include "base/gtest_prod_util.h" |
| 11 | #include "net/base/net_export.h" |
| 12 | #include "net/ssl/client_cert_store.h" |
| 13 | #include "net/ssl/ssl_cert_request_info.h" |
| 14 | |
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame^] | 15 | typedef struct CERTCertListStr CERTCertList; |
| 16 | |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 17 | namespace crypto { |
| 18 | class CryptoModuleBlockingPasswordDelegate; |
| 19 | } |
| 20 | |
| 21 | namespace net { |
| 22 | |
| 23 | class NET_EXPORT ClientCertStoreNSS : public ClientCertStore { |
| 24 | public: |
| 25 | typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*( |
| 26 | const std::string& /* server */)> PasswordDelegateFactory; |
| 27 | |
| 28 | explicit ClientCertStoreNSS( |
| 29 | const PasswordDelegateFactory& password_delegate_factory); |
| 30 | virtual ~ClientCertStoreNSS(); |
| 31 | |
| 32 | // ClientCertStore: |
| 33 | virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info, |
| 34 | CertificateList* selected_certs, |
| 35 | const base::Closure& callback) OVERRIDE; |
| 36 | |
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame^] | 37 | protected: |
| 38 | // Examines the certificates in |cert_list| to find all certificates that |
| 39 | // match the client certificate request in |request|, storing the matching |
| 40 | // certificates in |selected_certs|. |
| 41 | // If |query_nssdb| is true, NSS will be queried to construct full certificate |
| 42 | // chains. If it is false, only the certificate will be considered. |
| 43 | virtual void GetClientCertsImpl(CERTCertList* cert_list, |
| 44 | const SSLCertRequestInfo& request, |
| 45 | bool query_nssdb, |
| 46 | CertificateList* selected_certs); |
| 47 | |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 48 | private: |
| 49 | friend class ClientCertStoreNSSTestDelegate; |
| 50 | |
| [email protected] | e53c0232 | 2013-12-17 00:09:00 | [diff] [blame^] | 51 | void GetClientCertsOnWorkerThread( |
| 52 | scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> |
| 53 | password_delegate, |
| 54 | const SSLCertRequestInfo* request, |
| 55 | CertificateList* selected_certs); |
| 56 | |
| [email protected] | 5482ef9e | 2013-12-11 04:27:43 | [diff] [blame] | 57 | // A hook for testing. Filters |input_certs| using the logic being used to |
| 58 | // filter the system store when GetClientCerts() is called. |
| 59 | // Implemented by creating a list of certificates that otherwise would be |
| 60 | // extracted from the system store and filtering it using the common logic |
| 61 | // (less adequate than the approach used on Windows). |
| 62 | bool SelectClientCertsForTesting(const CertificateList& input_certs, |
| 63 | const SSLCertRequestInfo& cert_request_info, |
| 64 | CertificateList* selected_certs); |
| 65 | |
| 66 | // The factory for creating the delegate for requesting a password to a |
| 67 | // PKCS #11 token. May be null. |
| 68 | PasswordDelegateFactory password_delegate_factory_; |
| 69 | |
| 70 | DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS); |
| 71 | }; |
| 72 | |
| 73 | } // namespace net |
| 74 | |
| 75 | #endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_ |
