chrome/browser/chromeos/net/client_cert_filter_chromeos.h - chromium/src - Git at Google

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_
 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_

 #include <memory>
 #include <string>

 #include "base/memory/weak_ptr.h"
 #include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
 #include "crypto/scoped_nss_types.h"
 #include "net/cert/nss_profile_filter_chromeos.h"

 namespace chromeos {

 // A client certificate filter that filters by applying a
 // NSSProfileFilterChromeOS.
 class ClientCertFilterChromeOS : public ClientCertStoreChromeOS::CertFilter {
  public:
   // The internal NSSProfileFilterChromeOS will be initialized with the public
   // and private slot of the user with |username_hash| and with the system slot
   // if |use_system_slot| is true.
   // If |username_hash| is empty, no public and no private slot will be used.
   ClientCertFilterChromeOS(bool use_system_slot,
                            const std::string& username_hash);
   ~ClientCertFilterChromeOS() override;

   // ClientCertStoreChromeOS::CertFilter:
   bool Init(const base::Closure& callback) override;
   bool IsCertAllowed(CERTCertificate* cert) const override;

  private:
   // Called back if the system slot was retrieved asynchronously. Continues the
   // initialization.
   void GotSystemSlot(crypto::ScopedPK11Slot system_slot);

   // Called back if the private slot was retrieved asynchronously. Continues the
   // initialization.
   void GotPrivateSlot(crypto::ScopedPK11Slot private_slot);

   // If the required slots (|private_slot_| and conditionally |system_slot_|)
   // are available, initializes |nss_profile_filter_| and returns true.
   // Otherwise returns false.
   bool InitIfSlotsAvailable();

   // True once Init() was called.
   bool init_called_;

   // The callback provided to Init(), which may be null. Reset after the filter
   // is initialized.
   base::Closure init_callback_;

   bool use_system_slot_;
   std::string username_hash_;

   // Used to store the system slot, if required, for initialization. Will be
   // null after the filter is initialized.
   crypto::ScopedPK11Slot system_slot_;

   // Used to store the private slot for initialization. Will be null after the
   // filter is initialized.
   crypto::ScopedPK11Slot private_slot_;

   // If a private slot is requested but the slot, maybe null, is not obtained
   // yet, this is equal true. As long as this is true, the NSSProfileFilter will
   // not be initialized.
   bool waiting_for_private_slot_;

   net::NSSProfileFilterChromeOS nss_profile_filter_;
   base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_;
 };

 }  // namespace chromeos

 #endif  // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_
	// Copyright 2014 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_
	#define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_

	#include <memory>
	#include <string>

	#include "base/memory/weak_ptr.h"
	#include "chrome/browser/chromeos/net/client_cert_store_chromeos.h"
	#include "crypto/scoped_nss_types.h"
	#include "net/cert/nss_profile_filter_chromeos.h"

	namespace chromeos {

	// A client certificate filter that filters by applying a
	// NSSProfileFilterChromeOS.
	class ClientCertFilterChromeOS : public ClientCertStoreChromeOS::CertFilter {
	public:
	// The internal NSSProfileFilterChromeOS will be initialized with the public
	// and private slot of the user with \|username_hash\| and with the system slot
	// if \|use_system_slot\| is true.
	// If \|username_hash\| is empty, no public and no private slot will be used.
	ClientCertFilterChromeOS(bool use_system_slot,
	const std::string& username_hash);
	~ClientCertFilterChromeOS() override;

	// ClientCertStoreChromeOS::CertFilter:
	bool Init(const base::Closure& callback) override;
	bool IsCertAllowed(CERTCertificate* cert) const override;

	private:
	// Called back if the system slot was retrieved asynchronously. Continues the
	// initialization.
	void GotSystemSlot(crypto::ScopedPK11Slot system_slot);

	// Called back if the private slot was retrieved asynchronously. Continues the
	// initialization.
	void GotPrivateSlot(crypto::ScopedPK11Slot private_slot);

	// If the required slots (\|private_slot_\| and conditionally \|system_slot_\|)
	// are available, initializes \|nss_profile_filter_\| and returns true.
	// Otherwise returns false.
	bool InitIfSlotsAvailable();

	// True once Init() was called.
	bool init_called_;

	// The callback provided to Init(), which may be null. Reset after the filter
	// is initialized.
	base::Closure init_callback_;

	bool use_system_slot_;
	std::string username_hash_;

	// Used to store the system slot, if required, for initialization. Will be
	// null after the filter is initialized.
	crypto::ScopedPK11Slot system_slot_;

	// Used to store the private slot for initialization. Will be null after the
	// filter is initialized.
	crypto::ScopedPK11Slot private_slot_;

	// If a private slot is requested but the slot, maybe null, is not obtained
	// yet, this is equal true. As long as this is true, the NSSProfileFilter will
	// not be initialized.
	bool waiting_for_private_slot_;

	net::NSSProfileFilterChromeOS nss_profile_filter_;
	base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_;
	};

	} // namespace chromeos

	#endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_