Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(834)

Side by Side Diff: net/ssl/client_key_store.h

Issue 1278763002: Add a ClientKeyStore to allow injection of non-platform keys for TLS client auth. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@client_cert_store
Patch Set: Rebased, renamed the provider interface. Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_SSL_CLIENT_KEY_STORE_H_
6 #define NET_SSL_CLIENT_KEY_STORE_H_
7
8 #include <map>
9 #include <vector>
10
11 #include "base/callback.h"
12 #include "base/macros.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/memory/scoped_vector.h"
15 #include "base/synchronization/lock.h"
16 #include "net/base/net_export.h"
17
18 template <typename T>
19 struct DefaultSingletonTraits;
20
21 namespace net {
22
23 class SSLPrivateKey;
24 class X509Certificate;
25
26 // TODO(rsleevi, davidben): Remove this once https://crbug.com/394131 is fixed.
27 // A certificate and key store that allows several external certificate
28 // providers to push certificates and keys into this store. All currently
29 // provided certificates will be exposed through |FetchClientCertPrivateKey|.
30 // Methods of this singleton can be called from any thread.
31 class NET_EXPORT ClientKeyStore {
32 public:
33 class CertKeyProvider {
34 public:
35 // This can be called from any thread.
36 virtual ~CertKeyProvider() {}
37
38 // Obtains a handle to the certificate private key for |cert| and stores it
39 // in |private_key|.
40 // If the CertKeyProvider does not know about the |cert|, returns false. If
41 // it knows about the certificate, but is unable to return the private key,
42 // returns true and sets |*private_key| to nullptr.
43 // This can be called from any thread.
44 virtual bool GetCertificateKey(const X509Certificate& cert,
45 scoped_ptr<SSLPrivateKey>* private_key) = 0;
46 };
47
48 static ClientKeyStore* GetInstance();
49
50 // The |provider| will be accessed and destroyed on any thread but no
51 // concurrent method/destructor invocations will happen.
52 // |provider| will be valid until it is removed using |RemoveProvider| or the
53 // store is destroyed.
54 void AddProvider(scoped_ptr<CertKeyProvider> provider);
davidben 2015/08/14 22:16:48 Given that stapling it to a Singleton is leaking i
pneubeck (no reviews) 2015/08/17 14:34:19 No the caller isn't written yet (didn't finish tha
55
56 // Removes |provider| from this store. Afterwards, |provider| is invalid.
57 void RemoveProvider(const CertKeyProvider* provider);
58
59 // Given a |certificate|'s public key, return the corresponding private
60 // key if any of the registered providers has a matching key.
61 // Returns its matching private key on success, nullptr otherwise.
62 scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey(
63 const X509Certificate& certificate);
64
65 private:
66 friend struct DefaultSingletonTraits<ClientKeyStore>;
davidben 2015/08/14 22:16:48 I think LazyInstance is usually preferred over Sin
pneubeck (no reviews) 2015/08/17 14:34:19 I fear the numbers don't agree with that documenta
67
68 ClientKeyStore();
69 ~ClientKeyStore();
70
71 base::Lock lock_;
72 ScopedVector<CertKeyProvider> providers_;
73
74 DISALLOW_COPY_AND_ASSIGN(ClientKeyStore);
75 };
76
77 } // namespace net
78
79 #endif // NET_SSL_CLIENT_KEY_STORE_H_
OLDNEW
« no previous file with comments | « net/net.gypi ('k') | net/ssl/client_key_store.cc » ('j') | net/ssl/client_key_store.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698