chrome/browser/chromeos/net/client_cert_store_chromeos.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
   6 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/macros.h"
  12 #include "base/memory/ref_counted.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "net/cert/x509_certificate.h"
  15 #include "net/ssl/client_cert_store_nss.h"
  16
  17 namespace chromeos {
  18
  19 class CertificateProvider;
  20
  21 class ClientCertStoreChromeOS : public net::ClientCertStore {
  22  public:
  23   using PasswordDelegateFactory =
  24       net::ClientCertStoreNSS::PasswordDelegateFactory;
  25
  26   class CertFilter {
  27    public:
  28     virtual ~CertFilter() {}
  29
  30     // Initializes this filter. Returns true if it finished initialization,
  31     // otherwise returns false and calls |callback| once the initialization is
  32     // completed.
  33     // Must be called at most once.
  34     virtual bool Init(const base::Closure& callback) = 0;
  35
  36     // Returns true if |cert| is allowed to be used as a client certificate
  37     // (e.g. for a certain browser context or user).
  38     // This is only called once initialization is finished, see Init().
  39     virtual bool IsCertAllowed(
  40         const scoped_refptr<net::X509Certificate>& cert) const = 0;
  41   };
  42
  43   // This ClientCertStore will return client certs from NSS certificate
  44   // databases that pass the filter |cert_filter| and additionally return
  45   // certificates provided by |cert_provider|.
  46   ClientCertStoreChromeOS(
  47       scoped_ptr<CertificateProvider> cert_provider,
  48       scoped_ptr<CertFilter> cert_filter,
  49       const PasswordDelegateFactory& password_delegate_factory);
  50   ~ClientCertStoreChromeOS() override;
  51
  52   // net::ClientCertStore:
  53   void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info,
  54                       net::CertificateList* selected_certs,
  55                       const base::Closure& callback) override;
  56
  57  private:
  58   void GotAdditionalCerts(const net::SSLCertRequestInfo* request,
  59                           net::CertificateList* selected_certs,
  60                           const base::Closure& callback,
  61                           const net::CertificateList& additional_certs);
  62
  63   void GetAndFilterCertsOnWorkerThread(
  64       scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
  65           password_delegate,
  66       const net::SSLCertRequestInfo* request,
  67       const net::CertificateList& additional_certs,
  68       net::CertificateList* selected_certs);
  69
  70   scoped_ptr<CertificateProvider> cert_provider_;
  71   scoped_ptr<CertFilter> cert_filter_;
  72
  73   // The factory for creating the delegate for requesting a password to a
  74   // PKCS#11 token. May be null.
  75   PasswordDelegateFactory password_delegate_factory_;
  76
  77   DISALLOW_COPY_AND_ASSIGN(ClientCertStoreChromeOS);
  78 };
  79
  80 }  // namespace chromeos
  81
  82 #endif  // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_