blob: 4e2e1c459da8547576950e7702ac20fc0bb84da4 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "base/basictypes.h"
#include "base/callback.h"
#include "base/gtest_prod_util.h"
#include "net/base/net_export.h"
#include "net/ssl/client_cert_store.h"
#include "net/ssl/ssl_cert_request_info.h"
typedef struct CERTCertListStr CERTCertList;
namespace crypto {
class CryptoModuleBlockingPasswordDelegate;
namespace net {
class NET_EXPORT ClientCertStoreNSS : public ClientCertStore {
typedef base::Callback<crypto::CryptoModuleBlockingPasswordDelegate*(
const HostPortPair& /* server */)> PasswordDelegateFactory;
explicit ClientCertStoreNSS(
const PasswordDelegateFactory& password_delegate_factory);
virtual ~ClientCertStoreNSS();
// ClientCertStore:
virtual void GetClientCerts(const SSLCertRequestInfo& cert_request_info,
CertificateList* selected_certs,
const base::Closure& callback) OVERRIDE;
// Examines the certificates in |cert_list| to find all certificates that
// match the client certificate request in |request|, storing the matching
// certificates in |selected_certs|.
// If |query_nssdb| is true, NSS will be queried to construct full certificate
// chains. If it is false, only the certificate will be considered.
virtual void GetClientCertsImpl(CERTCertList* cert_list,
const SSLCertRequestInfo& request,
bool query_nssdb,
CertificateList* selected_certs);
friend class ClientCertStoreNSSTestDelegate;
void GetClientCertsOnWorkerThread(
const SSLCertRequestInfo* request,
CertificateList* selected_certs);
// A hook for testing. Filters |input_certs| using the logic being used to
// filter the system store when GetClientCerts() is called.
// Implemented by creating a list of certificates that otherwise would be
// extracted from the system store and filtering it using the common logic
// (less adequate than the approach used on Windows).
bool SelectClientCertsForTesting(const CertificateList& input_certs,
const SSLCertRequestInfo& cert_request_info,
CertificateList* selected_certs);
// The factory for creating the delegate for requesting a password to a
// PKCS #11 token. May be null.
PasswordDelegateFactory password_delegate_factory_;
} // namespace net