keygen_handler.h revision 7dbb3d5cf0c15f500944d211057644d6a2f37371 
1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_BASE_KEYGEN_HANDLER_H_
6#define NET_BASE_KEYGEN_HANDLER_H_
7
8#include <string>
9
10#include "base/memory/scoped_ptr.h"
11#include "build/build_config.h"
12#include "net/base/net_export.h"
13#include "url/gurl.h"
14
15#if defined(USE_NSS)
16#include "crypto/crypto_module_blocking_password_delegate.h"
17#endif  // defined(USE_NSS)
18
19namespace net {
20
21// This class handles keypair generation for generating client
22// certificates via the <keygen> tag.
23// <http://dev.w3.org/html5/spec/Overview.html#the-keygen-element>
24// <https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag>
25
26class NET_EXPORT KeygenHandler {
27 public:
28  // Creates a handler that will generate a key with the given key size and
29  // incorporate the |challenge| into the Netscape SPKAC structure. The request
30  // for the key originated from |url|.
31  KeygenHandler(int key_size_in_bits,
32                const std::string& challenge,
33                const GURL& url);
34  ~KeygenHandler();
35
36  // Actually generates the key-pair and the cert request (SPKAC), and returns
37  // a base64-encoded string suitable for use as the form value of <keygen>.
38  std::string GenKeyAndSignChallenge();
39
40  // Exposed only for unit tests.
41  void set_stores_key(bool store) { stores_key_ = store;}
42
43#if defined(USE_NSS)
44  // Register the password delegate to be used if the token is unauthenticated.
45  // GenKeyAndSignChallenge runs on a worker thread, so using the blocking
46  // password callback is okay here.
47  // Takes ownership of the delegate.
48  void set_crypto_module_password_delegate(
49      crypto::CryptoModuleBlockingPasswordDelegate* delegate);
50#endif  // defined(USE_NSS)
51
52 private:
53  int key_size_in_bits_;  // key size in bits (usually 2048)
54  std::string challenge_;  // challenge string sent by server
55  GURL url_;  // the URL that requested the key
56  bool stores_key_;  // should the generated key-pair be stored persistently?
57#if defined(USE_NSS)
58  // The callback for requesting a password to the PKCS#11 token.
59  scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
60      crypto_module_password_delegate_;
61#endif  // defined(USE_NSS)
62};
63
64}  // namespace net
65
66#endif  // NET_BASE_KEYGEN_HANDLER_H_
67