CertificateProviderService: Expose certificate lookup.

chrome/browser/chromeos/certificate_provider/certificate_provider_service.h

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVICE_H_
 
 #include <stdint.h>
 
 #include <map>
@@ skipping 109 matching lines @@
   // id) is unambiguous.
   // If the signature could be calculated by the extension, |signature| is
   // provided in the reply and should be the signature of the digest sent in the
   // sign request. Otherwise, in case of a failure, |signature| must be empty.
   // The call is ignored if |sign_request_id| is not referring to a pending
   // request.
   void ReplyToSignRequest(const std::string& extension_id,
                           int sign_request_id,
                           const std::vector<uint8_t>& signature);
 
+  // Returns whether this certificate was provided by any extension during the
+  // lifetime of this service. If this certificate is currently provided by an
+  // extension, sets |is_currently_provided| to true and |extension_id| to that
+  // extension's id. If this certificate was provided before but not anymore,
+  // |is_currently_provided| will be set to false and |extension_id| will not be
+  // modified.
+  bool LookUpCertificate(const net::X509Certificate& cert,
+                         bool* is_currently_provided,
+                         std::string* extension_id);
+
   // Returns a CertificateProvider that always returns the latest list of
   // certificates that are provided by all registered extensions. Therefore, it
   // is sufficient to create the CertificateProvider once and then repeatedly
   // call its |GetCertificates()|. The returned provider is valid even after the
   // destruction of this service.
   // The returned provider can be used on any thread.
   scoped_ptr<CertificateProvider> CreateCertificateProvider();
 
   // Must be called if extension with id |extension_id| is unloaded and cannot
   // serve certificates anymore. This should be called everytime the
@@ skipping 40 matching lines @@
   // An instance of net::ClientKeyStore::CertKeyProvider that is registered at
   // the net::ClientKeyStore singleton.
   scoped_ptr<CertKeyProviderImpl> cert_key_provider_;
 
   // State about all pending sign requests.
   certificate_provider::SignRequests sign_requests_;
 
   // Contains all pending certificate requests.
   certificate_provider::CertificateRequests certificate_requests_;
 
-  // Contains all certificates that the extensions returned in response to the
-  // most recent certificate request.
+  // Contains all certificates that the extensions returned during the lifetime
+  // of this service. Each certificate is associated with the extension that
+  // reported the certificate in response to the most recent certificate
+  // request. If a certificate was reported previously but in the most recent
+  // responses, it is still cached but not loses it's association with any
+  // extension. This ensures that a certificate can't magically appear as
+  // platform certificate (e.g. in the client certificate selection dialog)
+  // after an extension doesn't report it anymore.
   certificate_provider::ThreadSafeCertificateMap certificate_map_;
 
   base::ThreadChecker thread_checker_;
   base::WeakPtrFactory<CertificateProviderService> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(CertificateProviderService);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_CERTIFICATE_PROVIDER_CERTIFICATE_PROVIDER_SERVICE_H_