Popular sites on the NTP: check that experiment group StartsWith (rather than IS...
[chromium-blink-merge.git] / chrome / browser / chromeos / net / client_cert_store_chromeos.h
bloba5e99ac313296563ef655baab1120a8b46651e24
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
8 #include <string>
9 #include <vector>
11 #include "base/macros.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "net/cert/x509_certificate.h"
15 #include "net/ssl/client_cert_store_nss.h"
17 namespace chromeos {
19 class CertificateProvider;
21 class ClientCertStoreChromeOS : public net::ClientCertStore {
22 public:
23 using PasswordDelegateFactory =
24 net::ClientCertStoreNSS::PasswordDelegateFactory;
26 class CertFilter {
27 public:
28 virtual ~CertFilter() {}
30 // Initializes this filter. Returns true if it finished initialization,
31 // otherwise returns false and calls |callback| once the initialization is
32 // completed.
33 // Must be called at most once.
34 virtual bool Init(const base::Closure& callback) = 0;
36 // Returns true if |cert| is allowed to be used as a client certificate
37 // (e.g. for a certain browser context or user).
38 // This is only called once initialization is finished, see Init().
39 virtual bool IsCertAllowed(
40 const scoped_refptr<net::X509Certificate>& cert) const = 0;
43 // This ClientCertStore will return client certs from NSS certificate
44 // databases that pass the filter |cert_filter| and additionally return
45 // certificates provided by |cert_provider|.
46 ClientCertStoreChromeOS(
47 scoped_ptr<CertificateProvider> cert_provider,
48 scoped_ptr<CertFilter> cert_filter,
49 const PasswordDelegateFactory& password_delegate_factory);
50 ~ClientCertStoreChromeOS() override;
52 // net::ClientCertStore:
53 void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info,
54 net::CertificateList* selected_certs,
55 const base::Closure& callback) override;
57 private:
58 void GotAdditionalCerts(const net::SSLCertRequestInfo* request,
59 net::CertificateList* selected_certs,
60 const base::Closure& callback,
61 const net::CertificateList& additional_certs);
63 void GetAndFilterCertsOnWorkerThread(
64 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
65 password_delegate,
66 const net::SSLCertRequestInfo* request,
67 const net::CertificateList& additional_certs,
68 net::CertificateList* selected_certs);
70 scoped_ptr<CertificateProvider> cert_provider_;
71 scoped_ptr<CertFilter> cert_filter_;
73 // The factory for creating the delegate for requesting a password to a
74 // PKCS#11 token. May be null.
75 PasswordDelegateFactory password_delegate_factory_;
77 DISALLOW_COPY_AND_ASSIGN(ClientCertStoreChromeOS);
80 } // namespace chromeos
82 #endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_