1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
6 #define NET_SSL_CLIENT_CERT_STORE_NSS_H_
8 #include "base/basictypes.h"
9 #include "base/callback.h"
10 #include "base/gtest_prod_util.h"
11 #include "net/base/net_export.h"
12 #include "net/ssl/client_cert_store.h"
13 #include "net/ssl/ssl_cert_request_info.h"
15 typedef struct CERTCertListStr CERTCertList
;
18 class CryptoModuleBlockingPasswordDelegate
;
23 class NET_EXPORT ClientCertStoreNSS
: public ClientCertStore
{
25 typedef base::Callback
<crypto::CryptoModuleBlockingPasswordDelegate
*(
26 const HostPortPair
& /* server */)> PasswordDelegateFactory
;
28 explicit ClientCertStoreNSS(
29 const PasswordDelegateFactory
& password_delegate_factory
);
30 ~ClientCertStoreNSS() override
;
33 void GetClientCerts(const SSLCertRequestInfo
& cert_request_info
,
34 CertificateList
* selected_certs
,
35 const base::Closure
& callback
) override
;
38 // Examines the certificates in |cert_list| to find all certificates that
39 // match the client certificate request in |request|, storing the matching
40 // certificates in |selected_certs|.
41 // If |query_nssdb| is true, NSS will be queried to construct full certificate
42 // chains. If it is false, only the certificate will be considered.
43 virtual void GetClientCertsImpl(CERTCertList
* cert_list
,
44 const SSLCertRequestInfo
& request
,
46 CertificateList
* selected_certs
);
49 friend class ClientCertStoreNSSTestDelegate
;
51 void GetClientCertsOnWorkerThread(
52 scoped_ptr
<crypto::CryptoModuleBlockingPasswordDelegate
>
54 const SSLCertRequestInfo
* request
,
55 CertificateList
* selected_certs
);
57 // A hook for testing. Filters |input_certs| using the logic being used to
58 // filter the system store when GetClientCerts() is called.
59 // Implemented by creating a list of certificates that otherwise would be
60 // extracted from the system store and filtering it using the common logic
61 // (less adequate than the approach used on Windows).
62 bool SelectClientCertsForTesting(const CertificateList
& input_certs
,
63 const SSLCertRequestInfo
& cert_request_info
,
64 CertificateList
* selected_certs
);
66 // The factory for creating the delegate for requesting a password to a
67 // PKCS #11 token. May be null.
68 PasswordDelegateFactory password_delegate_factory_
;
70 DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS
);
75 #endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_