net/ssl/client_key_store.h - Issue 1278763002: Add a ClientKeyStore to allow injection of non-platform keys for TLS client auth.

Side by Side Diff: net/ssl/client_key_store.h

Issue 1278763002: Add a ClientKeyStore to allow injection of non-platform keys for TLS client auth. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@client_cert_store

Patch Set: Rebased, renamed the provider interface. Created 5 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef NET_SSL_CLIENT_KEY_STORE_H_

	6 #define NET_SSL_CLIENT_KEY_STORE_H_

	7

	8 #include <map>

	9 #include <vector>

	10

	11 #include "base/callback.h"

	12 #include "base/macros.h"

	13 #include "base/memory/scoped_ptr.h"

	14 #include "base/memory/scoped_vector.h"

	15 #include "base/synchronization/lock.h"

	16 #include "net/base/net_export.h"

	17

	18 template <typename T>

	19 struct DefaultSingletonTraits;

	20

	21 namespace net {

	22

	23 class SSLPrivateKey;

	24 class X509Certificate;

	25

	26 // TODO(rsleevi, davidben): Remove this once https://crbug.com/394131 is fixed.

	27 // A certificate and key store that allows several external certificate

	28 // providers to push certificates and keys into this store. All currently

	29 // provided certificates will be exposed through \|FetchClientCertPrivateKey\|.

	30 // Methods of this singleton can be called from any thread.

	31 class NET_EXPORT ClientKeyStore {

	32 public:

	33 class CertKeyProvider {

	34 public:

	35 // This can be called from any thread.

	36 virtual ~CertKeyProvider() {}

	37

	38 // Obtains a handle to the certificate private key for \|cert\| and stores it

	39 // in \|private_key\|.

	40 // If the CertKeyProvider does not know about the \|cert\|, returns false. If

	41 // it knows about the certificate, but is unable to return the private key,

	42 // returns true and sets \|*private_key\| to nullptr.

	43 // This can be called from any thread.

	44 virtual bool GetCertificateKey(const X509Certificate& cert,

	45 scoped_ptr<SSLPrivateKey>* private_key) = 0;

	46 };

	47

	48 static ClientKeyStore* GetInstance();

	49

	50 // The \|provider\| will be accessed and destroyed on any thread but no

	51 // concurrent method/destructor invocations will happen.

	52 // \|provider\| will be valid until it is removed using \|RemoveProvider\| or the

	53 // store is destroyed.

	54 void AddProvider(scoped_ptr<CertKeyProvider> provider);
	davidben 2015/08/14 22:16:48 Given that stapling it to a Singleton is leaking i Given that stapling it to a Singleton is leaking it anyway, would it make more sense to make this a raw pointer and then say that the pointer must remain valid until RemoveProvider is called? I'm trying to understand what passing ownership to a global means, whereas it seems the entity that calls RemoveProvider really owns this thing. (Is the caller uploaded yet? I don't know how you intend to call this function, so it's possible with that context this API is better.) pneubeck (no reviews) 2015/08/17 14:34:19 No the caller isn't written yet (didn't finish tha No the caller isn't written yet (didn't finish that part of the refactoring(s) yet). I actually considered only adding a provider for the new API once and never removing it. But, I agree that the ownership here is a bit weird and to even allow a reasonable removal, I had to comment on the minimal lifetime of the provider. I changed the signature to drop the scoped_ptr, as it avoids this problem.
	55

	56 // Removes \|provider\| from this store. Afterwards, \|provider\| is invalid.

	57 void RemoveProvider(const CertKeyProvider* provider);

	58

	59 // Given a \|certificate\|'s public key, return the corresponding private

	60 // key if any of the registered providers has a matching key.

	61 // Returns its matching private key on success, nullptr otherwise.

	62 scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey(

	63 const X509Certificate& certificate);

	64

	65 private:

	66 friend struct DefaultSingletonTraits<ClientKeyStore>;
	davidben 2015/08/14 22:16:48 I think LazyInstance is usually preferred over Sin I think LazyInstance is usually preferred over Singleton. https://www.chromium.org/developers/coding-style/important-abstractions-and-d... pneubeck (no reviews) 2015/08/17 14:34:19 I fear the numbers don't agree with that documenta Show quoted text On 2015/08/14 22:16:48, David Benjamin wrote: > I think LazyInstance is usually preferred over Singleton. > > https://www.chromium.org/developers/coding-style/important-abstractions-and-d... I fear the numbers don't agree with that documentation: https://code.google.com/p/chromium/codesearch#search/&q=Singleton%5C%3C%20fil... https://code.google.com/p/chromium/codesearch#search/&q=lazyinstance%5C%3C%20... Another difference that is documented in lazy_instance.h : // LazyInstance is similar to Singleton, except it does not have the singleton // property. which would again speak for a singleton... anyways, I don't think that it makes a significant difference.
	67

	68 ClientKeyStore();

	69 ~ClientKeyStore();

	70

	71 base::Lock lock_;

	72 ScopedVector<CertKeyProvider> providers_;

	73

	74 DISALLOW_COPY_AND_ASSIGN(ClientKeyStore);

	75 };

	76

	77 } // namespace net

	78

	79 #endif // NET_SSL_CLIENT_KEY_STORE_H_

OLD	NEW

« no previous file with comments | « net/net.gypi ('k') | net/ssl/client_key_store.cc » ('j') | net/ssl/client_key_store.cc » ('J')