1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be
3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file.
4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#ifndef NET_BASE_KEYGEN_HANDLER_H_
6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define NET_BASE_KEYGEN_HANDLER_H_
73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once
8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
9c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include <string>
10c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
11ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/scoped_ptr.h"
1272a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#include "build/build_config.h"
133345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "googleurl/src/gurl.h"
143345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick
1572a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#if defined(USE_NSS)
16ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "crypto/crypto_module_blocking_password_delegate.h"
1772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#endif  // defined(USE_NSS)
1872a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen
19c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net {
20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
21c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// This class handles keypair generation for generating client
22c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// certificates via the <keygen> tag.
23c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// <http://dev.w3.org/html5/spec/Overview.html#the-keygen-element>
24c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch// <https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag>
25c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
26c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass KeygenHandler {
27c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public:
283345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // Creates a handler that will generate a key with the given key size and
293345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // incorporate the |challenge| into the Netscape SPKAC structure. The request
303345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // for the key originated from |url|.
3172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  KeygenHandler(int key_size_in_bits,
3272a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen                const std::string& challenge,
3372a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen                const GURL& url);
3472a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  ~KeygenHandler();
35c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
36c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Actually generates the key-pair and the cert request (SPKAC), and returns
37c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // a base64-encoded string suitable for use as the form value of <keygen>.
38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  std::string GenKeyAndSignChallenge();
39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
40c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // Exposed only for unit tests.
41c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  void set_stores_key(bool store) { stores_key_ = store;}
42c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
4372a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#if defined(USE_NSS)
4472a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  // Register the password delegate to be used if the token is unauthenticated.
4572a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  // GenKeyAndSignChallenge runs on a worker thread, so using the blocking
4672a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  // password callback is okay here.
4772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  // Takes ownership of the delegate.
4872a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  void set_crypto_module_password_delegate(
49ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen      crypto::CryptoModuleBlockingPasswordDelegate* delegate);
5072a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#endif  // defined(USE_NSS)
5172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen
52c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott private:
53c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  int key_size_in_bits_;  // key size in bits (usually 2048)
54c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  std::string challenge_;  // challenge string sent by server
553345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  GURL url_;  // the URL that requested the key
56c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  bool stores_key_;  // should the generated key-pair be stored persistently?
5772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#if defined(USE_NSS)
5872a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen  // The callback for requesting a password to the PKCS#11 token.
59ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen  scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
6072a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen      crypto_module_password_delegate_;
6172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen#endif  // defined(USE_NSS)
62c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott};
63c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}  // namespace net
65c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif  // NET_BASE_KEYGEN_HANDLER_H_
67