client_cert_store_nss.h revision 5d1f7b1de12d16ceb2c938c56701a3e8bfa558f7 
1a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Copyright 2013 The Chromium Authors. All rights reserved.
2a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be
3a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)// found in the LICENSE file.
4a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
5a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#ifndef NET_SSL_CLIENT_CERT_STORE_NSS_H_
6a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#define NET_SSL_CLIENT_CERT_STORE_NSS_H_
7a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
8a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/basictypes.h"
9a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/callback.h"
10a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "base/gtest_prod_util.h"
11a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/base/net_export.h"
12a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/ssl/client_cert_store.h"
13a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#include "net/ssl/ssl_cert_request_info.h"
14a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
155d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)typedef struct CERTCertListStr CERTCertList;
165d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
17a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace crypto {
18a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class CryptoModuleBlockingPasswordDelegate;
19a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}
20a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
21a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)namespace net {
22a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
23a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
24a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) public:
25a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
265d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      const HostPortPair& /* server */)> PasswordDelegateFactory;
27a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
28a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  explicit ClientCertStoreNSS(
29a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)      const PasswordDelegateFactory& password_delegate_factory);
30a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  virtual ~ClientCertStoreNSS();
31a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
32a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // ClientCertStore:
33a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
34a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                              CertificateList* selected_certs,
35a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                              const base::Closure& callback) OVERRIDE;
36a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
375d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) protected:
385d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // Examines the certificates in |cert_list| to find all certificates that
395d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // match the client certificate request in |request|, storing the matching
405d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // certificates in |selected_certs|.
415d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // If |query_nssdb| is true, NSS will be queried to construct full certificate
425d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  // chains. If it is false, only the certificate will be considered.
435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  virtual void GetClientCertsImpl(CERTCertList* cert_list,
445d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                  const SSLCertRequestInfo& request,
455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                  bool query_nssdb,
465d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)                                  CertificateList* selected_certs);
475d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
48a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles) private:
49a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  friend class ClientCertStoreNSSTestDelegate;
50a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
515d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)  void GetClientCertsOnWorkerThread(
525d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      scoped_ptr<crypto::CryptoModuleBlockingPasswordDelegate>
535d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)          password_delegate,
545d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      const SSLCertRequestInfo* request,
555d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)      CertificateList* selected_certs);
565d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)
57a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // A hook for testing. Filters |input_certs| using the logic being used to
58a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // filter the system store when GetClientCerts() is called.
59a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // Implemented by creating a list of certificates that otherwise would be
60a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // extracted from the system store and filtering it using the common logic
61a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // (less adequate than the approach used on Windows).
62a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  bool SelectClientCertsForTesting(const CertificateList& input_certs,
63a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                   const SSLCertRequestInfo& cert_request_info,
64a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)                                   CertificateList* selected_certs);
65a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
66a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // The factory for creating the delegate for requesting a password to a
67a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  // PKCS #11 token. May be null.
68a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  PasswordDelegateFactory password_delegate_factory_;
69a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
70a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)  DISALLOW_COPY_AND_ASSIGN(ClientCertStoreNSS);
71a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)};
72a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
73a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)}  // namespace net
74a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)
75a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)#endif  // NET_SSL_CLIENT_CERT_STORE_NSS_H_
76