blob: 465569ecdce52a160b42c7041e5efedfae8f642d [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
#define NET_SSL_CLIENT_CERT_STORE_NSS_H_
#include "base/callback.h"
#include "base/macros.h"
#include "net/base/net_export.h"
#include "net/ssl/client_cert_store.h"
typedef struct CERTCertListStr CERTCertList;
typedef struct CERTCertificateStr CERTCertificate;
namespace crypto {
class CryptoModuleBlockingPasswordDelegate;
}
namespace net {
class HostPortPair;
class SSLCertRequestInfo;
class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
public:
typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
const HostPortPair& /* server */)> PasswordDelegateFactory;
using CertFilter = base::RepeatingCallback<bool(CERTCertificate*)>;
explicit ClientCertStoreNSS(
const PasswordDelegateFactory& password_delegate_factory);
~ClientCertStoreNSS() override;
// ClientCertStore:
void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
const ClientCertListCallback& callback) override;
// Examines the certificates in |identities| to find all certificates that
// match the client certificate request in |request|, removing any that don't.
// The remaining certs will be updated to include intermediates.
// Must be called from a worker thread.
static void FilterCertsOnWorkerThread(ClientCertIdentityList* identities,
const SSLCertRequestInfo& request);
// Retrieves all client certificates that are stored by NSS and adds them to
// |identities|. |password_delegate| is used to unlock slots if required. If
// |cert_filter| is not null, only certificates that it returns true on will
// be added.
// Must be called from a worker thread.
static void GetPlatformCertsOnWorkerThread(
scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate>
password_delegate,
const CertFilter& cert_filter,
ClientCertIdentityList* identities);
private:
ClientCertIdentityList GetAndFilterCertsOnWorkerThread(
scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate>
password_delegate,
const SSLCertRequestInfo* request);
// The factory for creating the delegate for requesting a password to a
// PKCS#11 token. May be null.
PasswordDelegateFactory password_delegate_factory_;
DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
};
} // namespace net
#endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_