1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#ifndef NET_BASE_KEYGEN_HANDLER_H_ 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define NET_BASE_KEYGEN_HANDLER_H_ 73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <string> 10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 11ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/scoped_ptr.h" 1272a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#include "build/build_config.h" 133345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "googleurl/src/gurl.h" 143345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 1572a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#if defined(USE_NSS) 16ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "crypto/crypto_module_blocking_password_delegate.h" 1772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#endif // defined(USE_NSS) 1872a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen 19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// This class handles keypair generation for generating client 22c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// certificates via the <keygen> tag. 23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// <http://dev.w3.org/html5/spec/Overview.html#the-keygen-element> 24c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// <https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag> 25c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass KeygenHandler { 27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public: 283345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // Creates a handler that will generate a key with the given key size and 293345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // incorporate the |challenge| into the Netscape SPKAC structure. The request 303345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // for the key originated from |url|. 3172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen KeygenHandler(int key_size_in_bits, 3272a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen const std::string& challenge, 3372a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen const GURL& url); 3472a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen ~KeygenHandler(); 35c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 36c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Actually generates the key-pair and the cert request (SPKAC), and returns 37c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // a base64-encoded string suitable for use as the form value of <keygen>. 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott std::string GenKeyAndSignChallenge(); 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 40c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // Exposed only for unit tests. 41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch void set_stores_key(bool store) { stores_key_ = store;} 42c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 4372a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#if defined(USE_NSS) 4472a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen // Register the password delegate to be used if the token is unauthenticated. 4572a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen // GenKeyAndSignChallenge runs on a worker thread, so using the blocking 4672a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen // password callback is okay here. 4772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen // Takes ownership of the delegate. 4872a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen void set_crypto_module_password_delegate( 49ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen crypto::CryptoModuleBlockingPasswordDelegate* delegate); 5072a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#endif // defined(USE_NSS) 5172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen 52c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott private: 53c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch int key_size_in_bits_; // key size in bits (usually 2048) 54c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch std::string challenge_; // challenge string sent by server 553345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick GURL url_; // the URL that requested the key 56c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch bool stores_key_; // should the generated key-pair be stored persistently? 5772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#if defined(USE_NSS) 5872a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen // The callback for requesting a password to the PKCS#11 token. 59ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> 6072a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen crypto_module_password_delegate_; 6172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#endif // defined(USE_NSS) 62c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 63c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 65c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif // NET_BASE_KEYGEN_HANDLER_H_ 67