1a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved. 2a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// found in the LICENSE file. 4a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 5a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_ 6a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#define NET_SSL_CLIENT_CERT_STORE_NSS_H_ 7a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 8a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/basictypes.h" 9a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/callback.h" 10a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/gtest_prod_util.h" 11a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/base/net_export.h" 12a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/ssl/client_cert_store.h" 13a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/ssl/ssl_cert_request_info.h" 14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)typedef struct CERTCertListStr CERTCertList; 165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace crypto { 18a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class CryptoModuleBlockingPasswordDelegate; 19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)} 20a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace net { 22a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 23a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class NET_EXPORT ClientCertStoreNSS : public ClientCertStore { 24a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) public: 25a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*( 265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const HostPortPair& /* server */)> PasswordDelegateFactory; 27a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 28a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) explicit ClientCertStoreNSS( 29a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const PasswordDelegateFactory& password_delegate_factory); 30a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) virtual ~ClientCertStoreNSS(); 31a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 32a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // ClientCertStore: 33a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info, 34a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) CertificateList* selected_certs, 35a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const base::Closure& callback) OVERRIDE; 36a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) protected: 385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Examines the certificates in |cert_list| to find all certificates that 395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // match the client certificate request in |request|, storing the matching 405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // certificates in |selected_certs|. 415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // If |query_nssdb| is true, NSS will be queried to construct full certificate 425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // chains. If it is false, only the certificate will be considered. 435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) virtual void GetClientCertsImpl(CERTCertList* cert_list, 445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const SSLCertRequestInfo& request, 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) bool query_nssdb, 465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CertificateList* selected_certs); 475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 48a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) private: 49a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) friend class ClientCertStoreNSSTestDelegate; 50a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) void GetClientCertsOnWorkerThread( 525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate> 535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) password_delegate, 545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) const SSLCertRequestInfo* request, 555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) CertificateList* selected_certs); 565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 57a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // A hook for testing. Filters |input_certs| using the logic being used to 58a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // filter the system store when GetClientCerts() is called. 59a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // Implemented by creating a list of certificates that otherwise would be 60a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // extracted from the system store and filtering it using the common logic 61a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // (less adequate than the approach used on Windows). 62a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) bool SelectClientCertsForTesting(const CertificateList& input_certs, 63a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) const SSLCertRequestInfo& cert_request_info, 64a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) CertificateList* selected_certs); 65a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 66a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // The factory for creating the delegate for requesting a password to a 67a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) // PKCS #11 token. May be null. 68a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) PasswordDelegateFactory password_delegate_factory_; 69a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 70a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS); 71a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}; 72a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 73a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)} // namespace net 74a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) 75a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#endif // NET_SSL_CLIENT_CERT_STORE_NSS_H_ 76