1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
6#define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
7
8#include <string>
9
10#include "base/callback_forward.h"
11#include "crypto/scoped_nss_types.h"
12
13namespace crypto {
14
15// PK11_SetPasswordFunc is a global setting.  An implementation of
16// CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the
17// user data argument (|wincx|) to relevant NSS functions, which the global
18// password handler will call to do the actual work. This delegate should only
19// be used in NSS calls on worker threads due to the blocking nature.
20class CryptoModuleBlockingPasswordDelegate {
21 public:
22  virtual ~CryptoModuleBlockingPasswordDelegate() {}
23
24  // Return a value suitable for passing to the |wincx| argument of relevant NSS
25  // functions. This should be used instead of passing the object pointer
26  // directly to avoid accidentally casting a pointer to a subclass to void* and
27  // then casting back to a pointer of the base class
28  void* wincx() { return this; }
29
30  // Requests a password to unlock |slot_name|. The interface is synchronous
31  // because NSS cannot issue an asynchronous request. |retry| is true if this
32  // is a request for the retry and we previously returned the wrong password.
33  // The implementation should set |*cancelled| to true if the user cancelled
34  // instead of entering a password, otherwise it should return the password the
35  // user entered.
36  virtual std::string RequestPassword(const std::string& slot_name, bool retry,
37                                      bool* cancelled) = 0;
38
39};
40
41// Extends CryptoModuleBlockingPasswordDelegate with the ability to return a
42// slot in which to act. (Eg, which slot to store a generated key in.)
43class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate {
44 public:
45  virtual ~NSSCryptoModuleDelegate() {}
46
47  // Get the slot to store the generated key.
48  virtual ScopedPK11Slot RequestSlot() = 0;
49};
50
51}  // namespace crypto
52
53#endif  // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
54