1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_CERT_NSS_PROFILE_FILTER_CHROMEOS_H_
6 #define NET_CERT_NSS_PROFILE_FILTER_CHROMEOS_H_
8 #include "base/memory/scoped_ptr.h"
9 #include "crypto/scoped_nss_types.h"
10 #include "net/base/crypto_module.h"
11 #include "net/base/net_export.h"
15 class X509Certificate
;
17 // On ChromeOS each user has separate NSS databases, which are loaded
18 // simultaneously when multiple users are logged in at the same time. NSS
19 // doesn't have built-in support to partition databases into separate groups, so
20 // NSSProfileFilterChromeOS can be used to check if a given slot or certificate
21 // should be used for a given user.
23 // Objects of this class are thread-safe except for the Init function, which if
24 // called must not be called while other threads could access the object.
25 class NET_EXPORT NSSProfileFilterChromeOS
{
27 // Create a filter. Until Init is called (or if Init is called with NULL
28 // slot handles), the filter will allow only certs/slots from the read-only
29 // slots and the root CA module.
30 NSSProfileFilterChromeOS();
31 NSSProfileFilterChromeOS(const NSSProfileFilterChromeOS
& other
);
32 ~NSSProfileFilterChromeOS();
34 NSSProfileFilterChromeOS
& operator=(const NSSProfileFilterChromeOS
& other
);
36 // Initialize the filter with the slot handles to allow. This method is not
38 void Init(crypto::ScopedPK11Slot public_slot
,
39 crypto::ScopedPK11Slot private_slot
,
40 crypto::ScopedPK11Slot system_slot
);
42 bool IsModuleAllowed(PK11SlotInfo
* slot
) const;
43 bool IsCertAllowed(CERTCertificate
* cert
) const;
45 class CertNotAllowedForProfilePredicate
{
47 explicit CertNotAllowedForProfilePredicate(
48 const NSSProfileFilterChromeOS
& filter
);
49 bool operator()(const scoped_refptr
<X509Certificate
>& cert
) const;
52 const NSSProfileFilterChromeOS
& filter_
;
55 class ModuleNotAllowedForProfilePredicate
{
57 explicit ModuleNotAllowedForProfilePredicate(
58 const NSSProfileFilterChromeOS
& filter
);
59 bool operator()(const scoped_refptr
<CryptoModule
>& module
) const;
62 const NSSProfileFilterChromeOS
& filter_
;
66 crypto::ScopedPK11Slot public_slot_
;
67 crypto::ScopedPK11Slot private_slot_
;
68 crypto::ScopedPK11Slot system_slot_
;
73 #endif // NET_CERT_NSS_PROFILE_FILTER_CHROMEOS_H_