keygen_handler.h revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7
1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_BASE_KEYGEN_HANDLER_H_ 6#define NET_BASE_KEYGEN_HANDLER_H_ 7 8#include <string> 9 10#include "base/callback_forward.h" 11#include "base/memory/scoped_ptr.h" 12#include "build/build_config.h" 13#include "net/base/net_export.h" 14#include "url/gurl.h" 15 16namespace crypto { 17class NSSCryptoModuleDelegate; 18} 19 20namespace net { 21 22// This class handles keypair generation for generating client 23// certificates via the <keygen> tag. 24// <http://dev.w3.org/html5/spec/Overview.html#the-keygen-element> 25// <https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag> 26 27class NET_EXPORT KeygenHandler { 28 public: 29 // Creates a handler that will generate a key with the given key size and 30 // incorporate the |challenge| into the Netscape SPKAC structure. The request 31 // for the key originated from |url|. 32 KeygenHandler(int key_size_in_bits, 33 const std::string& challenge, 34 const GURL& url); 35 ~KeygenHandler(); 36 37 // Actually generates the key-pair and the cert request (SPKAC), and returns 38 // a base64-encoded string suitable for use as the form value of <keygen>. 39 std::string GenKeyAndSignChallenge(); 40 41 // Exposed only for unit tests. 42 void set_stores_key(bool store) { stores_key_ = store;} 43 44#if defined(USE_NSS) 45 // Register the delegate to be used to get the token to store the key in, and 46 // to get the password if the token is unauthenticated. 47 // GenKeyAndSignChallenge runs on a worker thread, so using a blocking 48 // password callback is okay here. 49 void set_crypto_module_delegate( 50 scoped_ptr<crypto::NSSCryptoModuleDelegate> delegate); 51#endif // defined(USE_NSS) 52 53 private: 54 int key_size_in_bits_; // key size in bits (usually 2048) 55 std::string challenge_; // challenge string sent by server 56 GURL url_; // the URL that requested the key 57 bool stores_key_; // should the generated key-pair be stored persistently? 58#if defined(USE_NSS) 59 // The callback for requesting a password to the PKCS#11 token. 60 scoped_ptr<crypto::NSSCryptoModuleDelegate> crypto_module_delegate_; 61#endif // defined(USE_NSS) 62}; 63 64} // namespace net 65 66#endif // NET_BASE_KEYGEN_HANDLER_H_ 67