chrome/browser/chromeos/net/client_cert_store_chromeos.h - chromium/src - Git at Google

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_

 #include <memory>
 #include <string>
 #include <vector>

 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "net/ssl/client_cert_store_nss.h"

 namespace chromeos {

 class CertificateProvider;

 class ClientCertStoreChromeOS : public net::ClientCertStore {
  public:
   using PasswordDelegateFactory =
       net::ClientCertStoreNSS::PasswordDelegateFactory;

   class CertFilter {
    public:
     virtual ~CertFilter() {}

     // Initializes this filter. Returns true if it finished initialization,
     // otherwise returns false and calls |callback| once the initialization is
     // completed.
     // Must be called at most once.
     virtual bool Init(const base::Closure& callback) = 0;

     // Returns true if |cert| is allowed to be used as a client certificate
     // (e.g. for a certain browser context or user).
     // This is only called once initialization is finished, see Init().
     virtual bool IsCertAllowed(CERTCertificate* cert) const = 0;
   };

   // This ClientCertStore will return client certs from NSS certificate
   // databases that pass the filter |cert_filter| and additionally return
   // certificates provided by |cert_provider|.
   ClientCertStoreChromeOS(
       std::unique_ptr<CertificateProvider> cert_provider,
       std::unique_ptr<CertFilter> cert_filter,
       const PasswordDelegateFactory& password_delegate_factory);
   ~ClientCertStoreChromeOS() override;

   // net::ClientCertStore:
   void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info,
                       const ClientCertListCallback& callback) override;

  private:
   void GotAdditionalCerts(const net::SSLCertRequestInfo* request,
                           const ClientCertListCallback& callback,
                           net::ClientCertIdentityList additional_certs);

   net::ClientCertIdentityList GetAndFilterCertsOnWorkerThread(
       scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate>
           password_delegate,
       const net::SSLCertRequestInfo* request,
       net::ClientCertIdentityList additional_certs);

   std::unique_ptr<CertificateProvider> cert_provider_;
   std::unique_ptr<CertFilter> cert_filter_;

   // The factory for creating the delegate for requesting a password to a
   // PKCS#11 token. May be null.
   PasswordDelegateFactory password_delegate_factory_;

   DISALLOW_COPY_AND_ASSIGN(ClientCertStoreChromeOS);
 };

 }  // namespace chromeos

 #endif  // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
	// Copyright 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_
	#define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_

	#include <memory>
	#include <string>
	#include <vector>

	#include "base/macros.h"
	#include "base/memory/ref_counted.h"
	#include "net/ssl/client_cert_store_nss.h"

	namespace chromeos {

	class CertificateProvider;

	class ClientCertStoreChromeOS : public net::ClientCertStore {
	public:
	using PasswordDelegateFactory =
	net::ClientCertStoreNSS::PasswordDelegateFactory;

	class CertFilter {
	public:
	virtual ~CertFilter() {}

	// Initializes this filter. Returns true if it finished initialization,
	// otherwise returns false and calls \|callback\| once the initialization is
	// completed.
	// Must be called at most once.
	virtual bool Init(const base::Closure& callback) = 0;

	// Returns true if \|cert\| is allowed to be used as a client certificate
	// (e.g. for a certain browser context or user).
	// This is only called once initialization is finished, see Init().
	virtual bool IsCertAllowed(CERTCertificate* cert) const = 0;
	};

	// This ClientCertStore will return client certs from NSS certificate
	// databases that pass the filter \|cert_filter\| and additionally return
	// certificates provided by \|cert_provider\|.
	ClientCertStoreChromeOS(
	std::unique_ptr<CertificateProvider> cert_provider,
	std::unique_ptr<CertFilter> cert_filter,
	const PasswordDelegateFactory& password_delegate_factory);
	~ClientCertStoreChromeOS() override;

	// net::ClientCertStore:
	void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info,
	const ClientCertListCallback& callback) override;

	private:
	void GotAdditionalCerts(const net::SSLCertRequestInfo* request,
	const ClientCertListCallback& callback,
	net::ClientCertIdentityList additional_certs);

	net::ClientCertIdentityList GetAndFilterCertsOnWorkerThread(
	scoped_refptr<crypto::CryptoModuleBlockingPasswordDelegate>
	password_delegate,
	const net::SSLCertRequestInfo* request,
	net::ClientCertIdentityList additional_certs);

	std::unique_ptr<CertificateProvider> cert_provider_;
	std::unique_ptr<CertFilter> cert_filter_;

	// The factory for creating the delegate for requesting a password to a
	// PKCS#11 token. May be null.
	PasswordDelegateFactory password_delegate_factory_;

	DISALLOW_COPY_AND_ASSIGN(ClientCertStoreChromeOS);
	};

	} // namespace chromeos

	#endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_STORE_CHROMEOS_H_