1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_BASE_KEYGEN_HANDLER_H_ 6#define NET_BASE_KEYGEN_HANDLER_H_ 7#pragma once 8 9#include <string> 10 11#include "base/memory/scoped_ptr.h" 12#include "build/build_config.h" 13#include "googleurl/src/gurl.h" 14 15#if defined(USE_NSS) 16#include "crypto/crypto_module_blocking_password_delegate.h" 17#endif // defined(USE_NSS) 18 19namespace net { 20 21// This class handles keypair generation for generating client 22// certificates via the <keygen> tag. 23// <http://dev.w3.org/html5/spec/Overview.html#the-keygen-element> 24// <https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag> 25 26class KeygenHandler { 27 public: 28 // Creates a handler that will generate a key with the given key size and 29 // incorporate the |challenge| into the Netscape SPKAC structure. The request 30 // for the key originated from |url|. 31 KeygenHandler(int key_size_in_bits, 32 const std::string& challenge, 33 const GURL& url); 34 ~KeygenHandler(); 35 36 // Actually generates the key-pair and the cert request (SPKAC), and returns 37 // a base64-encoded string suitable for use as the form value of <keygen>. 38 std::string GenKeyAndSignChallenge(); 39 40 // Exposed only for unit tests. 41 void set_stores_key(bool store) { stores_key_ = store;} 42 43#if defined(USE_NSS) 44 // Register the password delegate to be used if the token is unauthenticated. 45 // GenKeyAndSignChallenge runs on a worker thread, so using the blocking 46 // password callback is okay here. 47 // Takes ownership of the delegate. 48 void set_crypto_module_password_delegate( 49 crypto::CryptoModuleBlockingPasswordDelegate* delegate); 50#endif // defined(USE_NSS) 51 52 private: 53 int key_size_in_bits_; // key size in bits (usually 2048) 54 std::string challenge_; // challenge string sent by server 55 GURL url_; // the URL that requested the key 56 bool stores_key_; // should the generated key-pair be stored persistently? 57#if defined(USE_NSS) 58 // The callback for requesting a password to the PKCS#11 token. 59 scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> 60 crypto_module_password_delegate_; 61#endif // defined(USE_NSS) 62}; 63 64} // namespace net 65 66#endif // NET_BASE_KEYGEN_HANDLER_H_ 67