OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_SSL_CLIENT_KEY_STORE_H_ | |
6 #define NET_SSL_CLIENT_KEY_STORE_H_ | |
7 | |
8 #include <map> | |
9 #include <vector> | |
10 | |
11 #include "base/callback.h" | |
12 #include "base/macros.h" | |
13 #include "base/memory/scoped_ptr.h" | |
14 #include "base/memory/scoped_vector.h" | |
15 #include "base/synchronization/lock.h" | |
16 #include "net/base/net_export.h" | |
17 | |
18 template <typename T> | |
19 struct DefaultSingletonTraits; | |
20 | |
21 namespace net { | |
22 | |
23 class SSLPrivateKey; | |
24 class X509Certificate; | |
25 | |
26 // TODO(rsleevi, davidben): Remove this once https://crbug.com/394131 is fixed. | |
27 // A certificate and key store that allows several external certificate | |
28 // providers to push certificates and keys into this store. All currently | |
29 // provided certificates will be exposed through |FetchClientCertPrivateKey|. | |
30 // Methods of this singleton can be called from any thread. | |
31 class NET_EXPORT ClientKeyStore { | |
32 public: | |
33 class CertKeyProvider { | |
34 public: | |
35 // This can be called from any thread. | |
36 virtual ~CertKeyProvider() {} | |
37 | |
38 // Obtains a handle to the certificate private key for |cert| and stores it | |
39 // in |private_key|. | |
40 // If the CertKeyProvider does not know about the |cert|, returns false. If | |
41 // it knows about the certificate, but is unable to return the private key, | |
42 // returns true and sets |*private_key| to nullptr. | |
43 // This can be called from any thread. | |
44 virtual bool GetCertificateKey(const X509Certificate& cert, | |
45 scoped_ptr<SSLPrivateKey>* private_key) = 0; | |
46 }; | |
47 | |
48 static ClientKeyStore* GetInstance(); | |
49 | |
50 // The |provider| will be accessed and destroyed on any thread but no | |
51 // concurrent method/destructor invocations will happen. | |
52 // |provider| will be valid until it is removed using |RemoveProvider| or the | |
53 // store is destroyed. | |
54 void AddProvider(scoped_ptr<CertKeyProvider> provider); | |
davidben
2015/08/14 22:16:48
Given that stapling it to a Singleton is leaking i
pneubeck (no reviews)
2015/08/17 14:34:19
No the caller isn't written yet (didn't finish tha
| |
55 | |
56 // Removes |provider| from this store. Afterwards, |provider| is invalid. | |
57 void RemoveProvider(const CertKeyProvider* provider); | |
58 | |
59 // Given a |certificate|'s public key, return the corresponding private | |
60 // key if any of the registered providers has a matching key. | |
61 // Returns its matching private key on success, nullptr otherwise. | |
62 scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey( | |
63 const X509Certificate& certificate); | |
64 | |
65 private: | |
66 friend struct DefaultSingletonTraits<ClientKeyStore>; | |
davidben
2015/08/14 22:16:48
I think LazyInstance is usually preferred over Sin
pneubeck (no reviews)
2015/08/17 14:34:19
I fear the numbers don't agree with that documenta
| |
67 | |
68 ClientKeyStore(); | |
69 ~ClientKeyStore(); | |
70 | |
71 base::Lock lock_; | |
72 ScopedVector<CertKeyProvider> providers_; | |
73 | |
74 DISALLOW_COPY_AND_ASSIGN(ClientKeyStore); | |
75 }; | |
76 | |
77 } // namespace net | |
78 | |
79 #endif // NET_SSL_CLIENT_KEY_STORE_H_ | |
OLD | NEW |