Roll src/third_party/skia d32087a:1052f51
[chromium-blink-merge.git] / net / ssl / client_cert_store_nss.h
blobcb560f1ca1845cd87c1013fc28b7a25232eda43e
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
6 #define NET_SSL_CLIENT_CERT_STORE_NSS_H_
8 #include "base/callback.h"
9 #include "base/macros.h"
10 #include "base/memory/scoped_ptr.h"
11 #include "net/base/net_export.h"
12 #include "net/ssl/client_cert_store.h"
14 typedef struct CERTCertListStr CERTCertList;
16 namespace crypto {
17 class CryptoModuleBlockingPasswordDelegate;
20 namespace net {
21 class HostPortPair;
22 class SSLCertRequestInfo;
24 class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
25 public:
26 typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
27 const HostPortPair& /* server */)> PasswordDelegateFactory;
29 explicit ClientCertStoreNSS(
30 const PasswordDelegateFactory& password_delegate_factory);
31 ~ClientCertStoreNSS() override;
33 // ClientCertStore:
34 void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
35 CertificateList* selected_certs,
36 const base::Closure& callback) override;
38 // Examines the certificates in |certs| to find all certificates that match
39 // the client certificate request in |request|, storing the matching
40 // certificates in |filtered_certs|. Any previous content of |filtered_certs|
41 // will be removed.
42 // If |query_nssdb| is true, NSS will be queried to construct full certificate
43 // chains. If it is false, only the certificate will be considered.
44 // Must be called from a worker thread.
45 static void FilterCertsOnWorkerThread(const CertificateList& certs,
46 const SSLCertRequestInfo& request,
47 bool query_nssdb,
48 CertificateList* filtered_certs);
50 // Retrieves all client certificates that are stored by NSS and adds them to
51 // |certs|. |password_delegate| is used to unlock slots if required.
52 // Must be called from a worker thread.
53 static void GetPlatformCertsOnWorkerThread(
54 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
55 password_delegate,
56 net::CertificateList* certs);
58 private:
59 void GetAndFilterCertsOnWorkerThread(
60 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
61 password_delegate,
62 const SSLCertRequestInfo* request,
63 CertificateList* selected_certs);
65 // The factory for creating the delegate for requesting a password to a
66 // PKCS#11 token. May be null.
67 PasswordDelegateFactory password_delegate_factory_;
69 DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
72 } // namespace net
74 #endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_