net/ssl/client_cert_store_nss.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
   6 #define NET_SSL_CLIENT_CERT_STORE_NSS_H_
   7
   8 #include "base/callback.h"
   9 #include "base/macros.h"
  10 #include "base/memory/scoped_ptr.h"
  11 #include "net/base/net_export.h"
  12 #include "net/ssl/client_cert_store.h"
  13
  14 typedef struct CERTCertListStr CERTCertList;
  15
  16 namespace crypto {
  17 class CryptoModuleBlockingPasswordDelegate;
  18 }
  19
  20 namespace net {
  21 class HostPortPair;
  22 class SSLCertRequestInfo;
  23
  24 class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
  25  public:
  26   typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
  27       const HostPortPair& /* server */)> PasswordDelegateFactory;
  28
  29   explicit ClientCertStoreNSS(
  30       const PasswordDelegateFactory& password_delegate_factory);
  31   ~ClientCertStoreNSS() override;
  32
  33   // ClientCertStore:
  34   void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
  35                       CertificateList* selected_certs,
  36                       const base::Closure& callback) override;
  37
  38   // Examines the certificates in |certs| to find all certificates that match
  39   // the client certificate request in |request|, storing the matching
  40   // certificates in |filtered_certs|. Any previous content of |filtered_certs|
  41   // will be removed.
  42   // If |query_nssdb| is true, NSS will be queried to construct full certificate
  43   // chains. If it is false, only the certificate will be considered.
  44   // Must be called from a worker thread.
  45   static void FilterCertsOnWorkerThread(const CertificateList& certs,
  46                                         const SSLCertRequestInfo& request,
  47                                         bool query_nssdb,
  48                                         CertificateList* filtered_certs);
  49
  50   // Retrieves all client certificates that are stored by NSS and adds them to
  51   // |certs|. |password_delegate| is used to unlock slots if required.
  52   // Must be called from a worker thread.
  53   static void GetPlatformCertsOnWorkerThread(
  54       scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
  55           password_delegate,
  56       net::CertificateList* certs);
  57
  58  private:
  59   void GetAndFilterCertsOnWorkerThread(
  60       scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
  61           password_delegate,
  62       const SSLCertRequestInfo* request,
  63       CertificateList* selected_certs);
  64
  65   // The factory for creating the delegate for requesting a password to a
  66   // PKCS#11 token. May be null.
  67   PasswordDelegateFactory password_delegate_factory_;
  68
  69   DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
  70 };
  71
  72 }  // namespace net
  73
  74 #endif  // NET_SSL_CLIENT_CERT_STORE_NSS_H_