OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_SSL_SSL_CLIENT_CERT_IDENTITY_H_ |
| 6 #define NET_SSL_SSL_CLIENT_CERT_IDENTITY_H_ |
| 7 |
| 8 #include "base/callback.h" |
| 9 #include "net/base/net_export.h" |
| 10 #include "net/cert/x509_certificate.h" |
| 11 |
| 12 #if defined(OS_MACOSX) |
| 13 #include <Security/SecBase.h> |
| 14 #endif |
| 15 |
| 16 namespace base { |
| 17 class Time; |
| 18 } |
| 19 |
| 20 namespace net { |
| 21 |
| 22 class SSLPrivateKey; |
| 23 |
| 24 // Represents a client certificate and a promise to retrieve the associated |
| 25 // private key. |
| 26 class NET_EXPORT ClientCertIdentity { |
| 27 public: |
| 28 explicit ClientCertIdentity(scoped_refptr<net::X509Certificate> cert); |
| 29 virtual ~ClientCertIdentity(); |
| 30 |
| 31 // Returns the certificate. |
| 32 X509Certificate* certificate() const { return cert_.get(); } |
| 33 |
| 34 // Passes the private key to |private_key_callback| on the same sequence |
| 35 // AcquirePrivateKey is called on, or nullptr on error. The callback may be |
| 36 // run synchronously or asynchronously. The caller is responsible for |
| 37 // keeping the ClientCertIdentity alive until the callback is run. |
| 38 virtual void AcquirePrivateKey( |
| 39 const base::Callback<void(scoped_refptr<SSLPrivateKey>)>& |
| 40 private_key_callback) = 0; |
| 41 |
| 42 #if defined(OS_MACOSX) |
| 43 // Returns the SecIdentityRef for this identity. |
| 44 virtual SecIdentityRef sec_identity_ref() const = 0; |
| 45 #endif |
| 46 |
| 47 // Acquires the private key for |identity|, taking ownership of |identity| so |
| 48 // that the caller does not need to manage its lifetime. The other semantics |
| 49 // are the same as for AcquirePrivateKey above. |
| 50 static void SelfOwningAcquirePrivateKey( |
| 51 std::unique_ptr<ClientCertIdentity> identity, |
| 52 const base::Callback<void(scoped_refptr<SSLPrivateKey>)>& |
| 53 private_key_callback); |
| 54 |
| 55 // Sets the intermediates of |certificate()| to |intermediates|. Note that |
| 56 // this will change the value of |certificate()|, and any references that |
| 57 // were retained to the previous value will not reflect the updated |
| 58 // intermediates list. |
| 59 void SetIntermediates(X509Certificate::OSCertHandles intermediates); |
| 60 |
| 61 private: |
| 62 scoped_refptr<net::X509Certificate> cert_; |
| 63 }; |
| 64 |
| 65 // Comparator for use in STL algorithms that will sort client certificates by |
| 66 // order of preference. |
| 67 // Returns true if |a| is more preferable than |b|, allowing it to be used |
| 68 // with any algorithm that compares according to strict weak ordering. |
| 69 // |
| 70 // Criteria include: |
| 71 // - Prefer certificates that have a longer validity period (later |
| 72 // expiration dates) |
| 73 // - If equal, prefer certificates that were issued more recently |
| 74 // - If equal, prefer shorter chains (if available) |
| 75 class NET_EXPORT_PRIVATE ClientCertIdentitySorter { |
| 76 public: |
| 77 ClientCertIdentitySorter(); |
| 78 |
| 79 bool operator()(const std::unique_ptr<ClientCertIdentity>& a, |
| 80 const std::unique_ptr<ClientCertIdentity>& b) const; |
| 81 |
| 82 private: |
| 83 base::Time now_; |
| 84 }; |
| 85 |
| 86 using ClientCertIdentityList = std::vector<std::unique_ptr<ClientCertIdentity>>; |
| 87 |
| 88 } // namespace net |
| 89 |
| 90 #endif // NET_SSL_SSL_CLIENT_CERT_IDENTITY_H_ |
OLD | NEW |