net/ssl/client_cert_store_nss.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
   6 #define NET_SSL_CLIENT_CERT_STORE_NSS_H_
   7
   8 #include "base/basictypes.h"
   9 #include "base/callback.h"
  10 #include "base/gtest_prod_util.h"
  11 #include "net/base/net_export.h"
  12 #include "net/ssl/client_cert_store.h"
  13 #include "net/ssl/ssl_cert_request_info.h"
  14
  15 typedef struct CERTCertListStr CERTCertList;
  16
  17 namespace crypto {
  18 class CryptoModuleBlockingPasswordDelegate;
  19 }
  20
  21 namespace net {
  22
  23 class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
  24  public:
  25   typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
  26       const HostPortPair& /* server */)> PasswordDelegateFactory;
  27
  28   explicit ClientCertStoreNSS(
  29       const PasswordDelegateFactory& password_delegate_factory);
  30   virtual ~ClientCertStoreNSS();
  31
  32   // ClientCertStore:
  33   virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
  34                               CertificateList* selected_certs,
  35                               const base::Closure& callback) OVERRIDE;
  36
  37  protected:
  38   // Examines the certificates in |cert_list| to find all certificates that
  39   // match the client certificate request in |request|, storing the matching
  40   // certificates in |selected_certs|.
  41   // If |query_nssdb| is true, NSS will be queried to construct full certificate
  42   // chains. If it is false, only the certificate will be considered.
  43   virtual void GetClientCertsImpl(CERTCertList* cert_list,
  44                                   const SSLCertRequestInfo& request,
  45                                   bool query_nssdb,
  46                                   CertificateList* selected_certs);
  47
  48  private:
  49   friend class ClientCertStoreNSSTestDelegate;
  50
  51   void GetClientCertsOnWorkerThread(
  52       scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
  53           password_delegate,
  54       const SSLCertRequestInfo* request,
  55       CertificateList* selected_certs);
  56
  57   // A hook for testing. Filters |input_certs| using the logic being used to
  58   // filter the system store when GetClientCerts() is called.
  59   // Implemented by creating a list of certificates that otherwise would be
  60   // extracted from the system store and filtering it using the common logic
  61   // (less adequate than the approach used on Windows).
  62   bool SelectClientCertsForTesting(const CertificateList& input_certs,
  63                                    const SSLCertRequestInfo& cert_request_info,
  64                                    CertificateList* selected_certs);
  65
  66   // The factory for creating the delegate for requesting a password to a
  67   // PKCS #11 token. May be null.
  68   PasswordDelegateFactory password_delegate_factory_;
  69
  70   DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
  71 };
  72
  73 }  // namespace net
  74
  75 #endif  // NET_SSL_CLIENT_CERT_STORE_NSS_H_