OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H_ | 5 #ifndef CONTENT_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H_ |
6 #define CONTENT_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H_ | 6 #define CONTENT_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/macros.h" | 11 #include "base/macros.h" |
12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
13 #include "base/memory/weak_ptr.h" | 13 #include "base/memory/weak_ptr.h" |
14 #include "content/common/content_export.h" | 14 #include "content/common/content_export.h" |
15 #include "content/public/browser/browser_thread.h" | 15 #include "content/public/browser/browser_thread.h" |
16 #include "net/cert/x509_certificate.h" | 16 #include "net/ssl/client_cert_identity.h" |
17 #include "net/ssl/ssl_cert_request_info.h" | 17 #include "net/ssl/ssl_cert_request_info.h" |
18 | 18 |
19 namespace net { | 19 namespace net { |
20 class ClientCertStore; | 20 class ClientCertStore; |
| 21 class SSLPrivateKey; |
21 class URLRequest; | 22 class URLRequest; |
22 class X509Certificate; | 23 class X509Certificate; |
23 } // namespace net | 24 } // namespace net |
24 | 25 |
25 namespace content { | 26 namespace content { |
26 | 27 |
27 // This class handles the approval and selection of a certificate for SSL client | 28 // This class handles the approval and selection of a certificate for SSL client |
28 // authentication by the user. Should only be used on the IO thread. If the | 29 // authentication by the user. Should only be used on the IO thread. If the |
29 // SSLClientAuthHandler is destroyed before the certificate is selected, the | 30 // SSLClientAuthHandler is destroyed before the certificate is selected, the |
30 // selection is canceled and the delegate never called. | 31 // selection is canceled and the delegate never called. |
31 class SSLClientAuthHandler { | 32 class SSLClientAuthHandler { |
32 public: | 33 public: |
33 // Delegate interface for SSLClientAuthHandler. Method implementations may | 34 // Delegate interface for SSLClientAuthHandler. Method implementations may |
34 // delete the handler when called. | 35 // delete the handler when called. |
35 class CONTENT_EXPORT Delegate { | 36 class CONTENT_EXPORT Delegate { |
36 public: | 37 public: |
37 Delegate() {} | 38 Delegate() {} |
38 | 39 |
39 // Called to continue the request with |cert|. |cert| may be nullptr. | 40 // Called to continue the request with |cert|. |cert| may be nullptr. |
40 virtual void ContinueWithCertificate(net::X509Certificate* cert) = 0; | 41 virtual void ContinueWithCertificate( |
| 42 scoped_refptr<net::X509Certificate> cert, |
| 43 scoped_refptr<net::SSLPrivateKey> private_key) = 0; |
41 | 44 |
42 // Called to cancel the certificate selection and abort the request. | 45 // Called to cancel the certificate selection and abort the request. |
43 virtual void CancelCertificateSelection() = 0; | 46 virtual void CancelCertificateSelection() = 0; |
44 | 47 |
45 protected: | 48 protected: |
46 virtual ~Delegate() {} | 49 virtual ~Delegate() {} |
47 | 50 |
48 private: | 51 private: |
49 DISALLOW_COPY_AND_ASSIGN(Delegate); | 52 DISALLOW_COPY_AND_ASSIGN(Delegate); |
50 }; | 53 }; |
51 | 54 |
52 // Creates a new SSLClientAuthHandler. The caller ensures that the handler | 55 // Creates a new SSLClientAuthHandler. The caller ensures that the handler |
53 // does not outlive |request| or |delegate|. | 56 // does not outlive |request| or |delegate|. |
54 SSLClientAuthHandler(std::unique_ptr<net::ClientCertStore> client_cert_store, | 57 SSLClientAuthHandler(std::unique_ptr<net::ClientCertStore> client_cert_store, |
55 net::URLRequest* request, | 58 net::URLRequest* request, |
56 net::SSLCertRequestInfo* cert_request_info, | 59 net::SSLCertRequestInfo* cert_request_info, |
57 Delegate* delegate); | 60 Delegate* delegate); |
58 ~SSLClientAuthHandler(); | 61 ~SSLClientAuthHandler(); |
59 | 62 |
60 // Selects a certificate and resumes the URL request with that certificate. | 63 // Selects a certificate and resumes the URL request with that certificate. |
61 void SelectCertificate(); | 64 void SelectCertificate(); |
62 | 65 |
63 // Called to continue the request associated with |handler| using |cert|. This | 66 // Called to continue the request associated with |handler| using |cert|. This |
64 // is static to avoid deleting |handler| while it is on the stack. | 67 // is static to avoid deleting |handler| while it is on the stack. |
65 static void ContinueWithCertificate( | 68 static void ContinueWithCertificate( |
66 const base::WeakPtr<SSLClientAuthHandler>& handler, | 69 const base::WeakPtr<SSLClientAuthHandler>& handler, |
67 net::X509Certificate* cert); | 70 scoped_refptr<net::X509Certificate> cert, |
| 71 scoped_refptr<net::SSLPrivateKey> key); |
68 | 72 |
69 // Called to abort the request associated with |handler|. This is static to | 73 // Called to abort the request associated with |handler|. This is static to |
70 // avoid deleting |handler| while it is on the stack. | 74 // avoid deleting |handler| while it is on the stack. |
71 static void CancelCertificateSelection( | 75 static void CancelCertificateSelection( |
72 const base::WeakPtr<SSLClientAuthHandler>& handler); | 76 const base::WeakPtr<SSLClientAuthHandler>& handler); |
73 | 77 |
74 private: | 78 private: |
75 class Core; | 79 class Core; |
76 | 80 |
77 // Called when |core_| is done retrieving the cert list. | 81 // Called when |core_| is done retrieving the cert list. |
78 void DidGetClientCerts(net::CertificateList client_certs); | 82 void DidGetClientCerts(net::ClientCertIdentityList client_certs); |
79 | 83 |
80 // A reference-counted core so the ClientCertStore may outlive | 84 // A reference-counted core so the ClientCertStore may outlive |
81 // SSLClientAuthHandler if the handler is destroyed while an operation on the | 85 // SSLClientAuthHandler if the handler is destroyed while an operation on the |
82 // ClientCertStore is in progress. | 86 // ClientCertStore is in progress. |
83 scoped_refptr<Core> core_; | 87 scoped_refptr<Core> core_; |
84 | 88 |
85 // The net::URLRequest that triggered this client auth. | 89 // The net::URLRequest that triggered this client auth. |
86 net::URLRequest* request_; | 90 net::URLRequest* request_; |
87 | 91 |
88 // The certs to choose from. | 92 // The certs to choose from. |
89 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; | 93 scoped_refptr<net::SSLCertRequestInfo> cert_request_info_; |
90 | 94 |
91 // The delegate to call back with the result. | 95 // The delegate to call back with the result. |
92 Delegate* delegate_; | 96 Delegate* delegate_; |
93 | 97 |
94 base::WeakPtrFactory<SSLClientAuthHandler> weak_factory_; | 98 base::WeakPtrFactory<SSLClientAuthHandler> weak_factory_; |
95 | 99 |
96 DISALLOW_COPY_AND_ASSIGN(SSLClientAuthHandler); | 100 DISALLOW_COPY_AND_ASSIGN(SSLClientAuthHandler); |
97 }; | 101 }; |
98 | 102 |
99 } // namespace content | 103 } // namespace content |
100 | 104 |
101 #endif // CONTENT_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H_ | 105 #endif // CONTENT_BROWSER_SSL_SSL_CLIENT_AUTH_HANDLER_H_ |
OLD | NEW |