Roll src/third_party/skia 7b05ff1:dab1f60
[chromium-blink-merge.git] / net / ssl / client_cert_store_nss.h
blobf6d80993a4e2e9f77e17482c7d0f64f87b080302
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
6 #define NET_SSL_CLIENT_CERT_STORE_NSS_H_
8 #include "base/basictypes.h"
9 #include "base/callback.h"
10 #include "base/gtest_prod_util.h"
11 #include "net/base/net_export.h"
12 #include "net/ssl/client_cert_store.h"
13 #include "net/ssl/ssl_cert_request_info.h"
15 typedef struct CERTCertListStr CERTCertList;
17 namespace crypto {
18 class CryptoModuleBlockingPasswordDelegate;
21 namespace net {
23 class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
24 public:
25 typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
26 const HostPortPair& /* server */)> PasswordDelegateFactory;
28 explicit ClientCertStoreNSS(
29 const PasswordDelegateFactory& password_delegate_factory);
30 ~ClientCertStoreNSS() override;
32 // ClientCertStore:
33 void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
34 CertificateList* selected_certs,
35 const base::Closure& callback) override;
37 protected:
38 // Examines the certificates in |cert_list| to find all certificates that
39 // match the client certificate request in |request|, storing the matching
40 // certificates in |selected_certs|.
41 // If |query_nssdb| is true, NSS will be queried to construct full certificate
42 // chains. If it is false, only the certificate will be considered.
43 virtual void GetClientCertsImpl(CERTCertList* cert_list,
44 const SSLCertRequestInfo& request,
45 bool query_nssdb,
46 CertificateList* selected_certs);
48 private:
49 friend class ClientCertStoreNSSTestDelegate;
51 void GetClientCertsOnWorkerThread(
52 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
53 password_delegate,
54 const SSLCertRequestInfo* request,
55 CertificateList* selected_certs);
57 // A hook for testing. Filters |input_certs| using the logic being used to
58 // filter the system store when GetClientCerts() is called.
59 // Implemented by creating a list of certificates that otherwise would be
60 // extracted from the system store and filtering it using the common logic
61 // (less adequate than the approach used on Windows).
62 bool SelectClientCertsForTesting(const CertificateList& input_certs,
63 const SSLCertRequestInfo& cert_request_info,
64 CertificateList* selected_certs);
66 // The factory for creating the delegate for requesting a password to a
67 // PKCS #11 token. May be null.
68 PasswordDelegateFactory password_delegate_factory_;
70 DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
73 } // namespace net
75 #endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_