Chromium Code Reviews Chromium Code Reviews
Issue 8662036:
Support EC certs in OriginBoundCertService and OriginBoundCertStore. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <certt.h> | 9 #include <certt.h> |
| 10 #include <keyt.h> | 10 #include <keyt.h> |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 159 int HandleNSSError(PRErrorCode error, bool handshake_error); | 159 int HandleNSSError(PRErrorCode error, bool handshake_error); |
| 160 | 160 |
| 161 // NSS calls this when checking certificates. We pass 'this' as the first | 161 // NSS calls this when checking certificates. We pass 'this' as the first |
| 162 // argument. | 162 // argument. |
| 163 static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket, | 163 static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket, |
| 164 PRBool checksig, PRBool is_server); | 164 PRBool checksig, PRBool is_server); |
| 165 // Returns true if connection negotiated the origin bound cert extension. | 165 // Returns true if connection negotiated the origin bound cert extension. |
| 166 static bool OriginBoundCertNegotiated(PRFileDesc* socket); | 166 static bool OriginBoundCertNegotiated(PRFileDesc* socket); |
| 167 // Origin bound cert client auth handler. | 167 // Origin bound cert client auth handler. |
| 168 // Returns the value the ClientAuthHandler function should return. | 168 // Returns the value the ClientAuthHandler function should return. |
| 169 SECStatus OriginBoundClientAuthHandler(CERTCertificate** result_certificate, | 169 SECStatus OriginBoundClientAuthHandler( |
| 170 SECKEYPrivateKey** result_private_key); | 170 const std::vector<OriginBoundCertType>& requested_types, |
|
wtc
2011/11/30 23:23:40
Nit: name this parameter cert_types or requested_c
mattm
2011/12/02 01:55:59
Done.
| |
| 171 CERTCertificate** result_certificate, | |
| 172 SECKEYPrivateKey** result_private_key); | |
| 171 #if defined(NSS_PLATFORM_CLIENT_AUTH) | 173 #if defined(NSS_PLATFORM_CLIENT_AUTH) |
| 172 // On platforms where we use the native certificate store, NSS calls this | 174 // On platforms where we use the native certificate store, NSS calls this |
| 173 // instead when client authentication is requested. At most one of | 175 // instead when client authentication is requested. At most one of |
| 174 // (result_certs, result_private_key) or | 176 // (result_certs, result_private_key) or |
| 175 // (result_nss_certificate, result_nss_private_key) should be set. | 177 // (result_nss_certificate, result_nss_private_key) should be set. |
| 176 static SECStatus PlatformClientAuthHandler( | 178 static SECStatus PlatformClientAuthHandler( |
| 177 void* arg, | 179 void* arg, |
| 178 PRFileDesc* socket, | 180 PRFileDesc* socket, |
| 179 CERTDistNames* ca_names, | 181 CERTDistNames* ca_names, |
| 180 CERTCertList** result_certs, | 182 CERTCertList** result_certs, |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 251 // GetSSLCertRequestInfo calls. | 253 // GetSSLCertRequestInfo calls. |
| 252 std::vector<scoped_refptr<X509Certificate> > client_certs_; | 254 std::vector<scoped_refptr<X509Certificate> > client_certs_; |
| 253 bool client_auth_cert_needed_; | 255 bool client_auth_cert_needed_; |
| 254 | 256 |
| 255 CertVerifier* const cert_verifier_; | 257 CertVerifier* const cert_verifier_; |
| 256 scoped_ptr<SingleRequestCertVerifier> verifier_; | 258 scoped_ptr<SingleRequestCertVerifier> verifier_; |
| 257 | 259 |
| 258 // For origin bound certificates in client auth. | 260 // For origin bound certificates in client auth. |
| 259 bool ob_cert_xtn_negotiated_; | 261 bool ob_cert_xtn_negotiated_; |
| 260 OriginBoundCertService* origin_bound_cert_service_; | 262 OriginBoundCertService* origin_bound_cert_service_; |
| 263 OriginBoundCertType ob_cert_type_; | |
| 261 std::string ob_private_key_; | 264 std::string ob_private_key_; |
| 262 std::string ob_cert_; | 265 std::string ob_cert_; |
| 263 OriginBoundCertService::RequestHandle ob_cert_request_handle_; | 266 OriginBoundCertService::RequestHandle ob_cert_request_handle_; |
| 264 | 267 |
| 265 // True if NSS has called HandshakeCallback. | 268 // True if NSS has called HandshakeCallback. |
| 266 bool handshake_callback_called_; | 269 bool handshake_callback_called_; |
| 267 | 270 |
| 268 // True if the SSL handshake has been completed. | 271 // True if the SSL handshake has been completed. |
| 269 bool completed_handshake_; | 272 bool completed_handshake_; |
| 270 | 273 |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 306 // Added the following code Debugging in release mode. | 309 // Added the following code Debugging in release mode. |
| 307 mutable base::Lock lock_; | 310 mutable base::Lock lock_; |
| 308 // This is mutable so that CalledOnValidThread can set it. | 311 // This is mutable so that CalledOnValidThread can set it. |
| 309 // It's guarded by |lock_|. | 312 // It's guarded by |lock_|. |
| 310 mutable base::PlatformThreadId valid_thread_id_; | 313 mutable base::PlatformThreadId valid_thread_id_; |
| 311 }; | 314 }; |
| 312 | 315 |
| 313 } // namespace net | 316 } // namespace net |
| 314 | 317 |
| 315 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 318 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
| OLD | NEW |
