net/ssl/client_key_store.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_CLIENT_KEY_STORE_H_
   6 #define NET_SSL_CLIENT_KEY_STORE_H_
   7
   8 #include <vector>
   9
  10 #include "base/callback.h"
  11 #include "base/lazy_instance.h"
  12 #include "base/macros.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/synchronization/lock.h"
  15 #include "net/base/net_export.h"
  16
  17 namespace net {
  18
  19 class SSLPrivateKey;
  20 class X509Certificate;
  21
  22 // TODO(rsleevi, davidben): Remove this once https://crbug.com/394131 is fixed.
  23 // A certificate and key store that allows several external certificate
  24 // providers to expose certificates and keys through this store. All currently
  25 // provided certificates will be accessible through |FetchClientCertPrivateKey|.
  26 // Methods of this singleton can be called from any thread.
  27 class NET_EXPORT ClientKeyStore {
  28  public:
  29   class CertKeyProvider {
  30    public:
  31     // This can be called from any thread.
  32     virtual ~CertKeyProvider() {}
  33
  34     // Obtains a handle to the certificate private key for |cert| and stores it
  35     // in |private_key|.
  36     // If the CertKeyProvider does not know about the |cert|, returns false. If
  37     // it knows about the certificate, but is unable to return the private key,
  38     // returns true and sets |*private_key| to nullptr.
  39     // This can be called from any thread.
  40     virtual bool GetCertificateKey(const X509Certificate& cert,
  41                                    scoped_ptr<SSLPrivateKey>* private_key) = 0;
  42   };
  43
  44   static ClientKeyStore* GetInstance();
  45
  46   // The |provider| will be accessed on any thread but no concurrent method
  47   // invocations will happen. |provider| must be valid until it is removed using
  48   // |RemoveProvider| or the store is destroyed.
  49   void AddProvider(CertKeyProvider* provider);
  50
  51   void RemoveProvider(const CertKeyProvider* provider);
  52
  53   // Given a |certificate|'s public key, return the corresponding private
  54   // key if any of the registered providers has a matching key.
  55   // Returns its matching private key on success, nullptr otherwise.
  56   scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey(
  57       const X509Certificate& certificate);
  58
  59  private:
  60   friend struct base::DefaultLazyInstanceTraits<ClientKeyStore>;
  61
  62   ClientKeyStore();
  63   ~ClientKeyStore();
  64
  65   base::Lock lock_;
  66   std::vector<CertKeyProvider*> providers_;
  67
  68   DISALLOW_COPY_AND_ASSIGN(ClientKeyStore);
  69 };
  70
  71 }  // namespace net
  72
  73 #endif  // NET_SSL_CLIENT_KEY_STORE_H_