Chromium Code Reviews Chromium Code Reviews
Issue 1278763002:
Add a ClientKeyStore to allow injection of non-platform keys for TLS client auth. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@client_cert_store| Index: net/ssl/client_key_store.h |
| diff --git a/net/ssl/client_key_store.h b/net/ssl/client_key_store.h |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..060e1f2d0fd93ebfa4fb2cf0b1b41f344f4dbd72 |
| --- /dev/null |
| +++ b/net/ssl/client_key_store.h |
| @@ -0,0 +1,75 @@ |
| +// Copyright 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#ifndef NET_SSL_CLIENT_KEY_STORE_H_ |
| +#define NET_SSL_CLIENT_KEY_STORE_H_ |
| + |
| +#include <map> |
| +#include <vector> |
| + |
| +#include "base/callback.h" |
| +#include "base/lazy_instance.h" |
| +#include "base/macros.h" |
| +#include "base/memory/scoped_ptr.h" |
| +#include "base/synchronization/lock.h" |
| +#include "net/base/net_export.h" |
| + |
| +namespace net { |
| + |
| +class SSLPrivateKey; |
| +class X509Certificate; |
| + |
| +// TODO(rsleevi, davidben): Remove this once https://crbug.com/394131 is fixed. |
| +// A certificate and key store that allows several external certificate |
| +// providers to push certificates and keys into this store. All currently |
| +// provided certificates will be exposed through |FetchClientCertPrivateKey|. |
| +// Methods of this singleton can be called from any thread. |
| +class NET_EXPORT ClientKeyStore { |
| + public: |
| + class CertKeyProvider { |
| + public: |
| + // This can be called from any thread. |
| + virtual ~CertKeyProvider() {} |
| + |
| + // Obtains a handle to the certificate private key for |cert| and stores it |
| + // in |private_key|. |
| + // If the CertKeyProvider does not know about the |cert|, returns false. If |
| + // it knows about the certificate, but is unable to return the private key, |
| + // returns true and sets |*private_key| to nullptr. |
| + // This can be called from any thread. |
| + virtual bool GetCertificateKey(const X509Certificate& cert, |
| + scoped_ptr<SSLPrivateKey>* private_key) = 0; |
| + }; |
| + |
| + static ClientKeyStore* GetInstance(); |
| + |
| + // The |provider| will be accessed and destroyed on any thread but no |
|
mattm
2015/08/21 23:18:17
Comment about what thread |provider| will be destr
pneubeck (no reviews)
2015/08/24 10:08:06
Done.
|
| + // concurrent method invocations will happen. |
| + // |provider| must be valid until it is removed using |RemoveProvider| or the |
| + // store is destroyed. |
| + void AddProvider(CertKeyProvider* provider); |
| + |
| + void RemoveProvider(const CertKeyProvider* provider); |
| + |
| + // Given a |certificate|'s public key, return the corresponding private |
| + // key if any of the registered providers has a matching key. |
| + // Returns its matching private key on success, nullptr otherwise. |
| + scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey( |
| + const X509Certificate& certificate); |
| + |
| + private: |
| + friend struct base::DefaultLazyInstanceTraits<ClientKeyStore>; |
| + |
| + ClientKeyStore(); |
| + ~ClientKeyStore(); |
| + |
| + base::Lock lock_; |
| + std::vector<CertKeyProvider*> providers_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(ClientKeyStore); |
| +}; |
| + |
| +} // namespace net |
| + |
| +#endif // NET_SSL_CLIENT_KEY_STORE_H_ |
