OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ |
6 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/memory/weak_ptr.h" | 11 #include "base/memory/weak_ptr.h" |
12 #include "crypto/scoped_nss_types.h" | 12 #include "crypto/scoped_nss_types.h" |
13 #include "net/cert/nss_profile_filter_chromeos.h" | 13 #include "net/cert/nss_profile_filter_chromeos.h" |
14 #include "net/ssl/client_cert_store_chromeos.h" | 14 #include "net/ssl/client_cert_store_chromeos.h" |
15 | 15 |
16 namespace cert_database { | |
17 class CertDatabaseServiceIOPart; | |
18 } | |
19 | |
20 namespace net { | |
21 class NSSCertDatabase; | |
22 } | |
23 | |
16 namespace chromeos { | 24 namespace chromeos { |
17 | 25 |
18 // A client certificate filter that filters by applying a | 26 // A client certificate filter that filters by applying a |
19 // NSSProfileFilterChromeOS. | 27 // NSSProfileFilterChromeOS. |
28 // The filter will accept any certificate from slots which are available to the | |
29 // given CertDatabase and accordingly to the user of the owning BrowserContext. | |
30 // That means, that the public, private and system slot are used if available. | |
31 // If an error occurs during the initialization then an empty filter will be | |
32 // used, see the default constructor of NSSProfileFilterChromeOS. | |
20 class ClientCertFilterChromeOS | 33 class ClientCertFilterChromeOS |
21 : public net::ClientCertStoreChromeOS::CertFilter { | 34 : public net::ClientCertStoreChromeOS::CertFilter { |
22 public: | 35 public: |
23 // The internal NSSProfileFilterChromeOS will be initialized with the public | 36 // The internal NSSProfileFilterChromeOS will be initialized with the public, |
24 // and private slot of the user with |username_hash| and with the system slot | 37 // private and system slot if they're provided by |cert_db_io|. |
25 // if |use_system_slot| is true. | 38 ClientCertFilterChromeOS(const base::WeakPtr< |
Joao da Silva
2014/10/30 09:48:00
explicit
pneubeck (no reviews)
2014/11/05 14:53:36
Done.
| |
26 ClientCertFilterChromeOS(bool use_system_slot, | 39 cert_database::CertDatabaseServiceIOPart>& cert_db_io); |
27 const std::string& username_hash); | |
28 ~ClientCertFilterChromeOS() override; | 40 ~ClientCertFilterChromeOS() override; |
29 | 41 |
30 // ClientCertStoreChromeOS::CertFilter: | 42 // ClientCertStoreChromeOS::CertFilter: |
31 bool Init(const base::Closure& callback) override; | 43 bool Init(const base::Closure& callback) override; |
32 bool IsCertAllowed( | 44 bool IsCertAllowed( |
33 const scoped_refptr<net::X509Certificate>& cert) const override; | 45 const scoped_refptr<net::X509Certificate>& cert) const override; |
34 | 46 |
35 private: | 47 private: |
36 // Called back if the system slot was retrieved asynchronously. Continues the | 48 // Called back if the NSSCertDatabase was retrieved asynchronously. Continues |
37 // initialization. | 49 // the initialization. |
38 void GotSystemSlot(crypto::ScopedPK11Slot system_slot); | 50 void GotNSSCertDatabase(net::NSSCertDatabase* nss_cert_db); |
39 | 51 |
40 // Called back if the private slot was retrieved asynchronously. Continues the | 52 // Initializes |nss_profile_filter_| with the slots available from |
41 // initialization. | 53 // |nss_cert_db|, if not null. |
42 void GotPrivateSlot(crypto::ScopedPK11Slot private_slot); | 54 void InitNSSProfileFilter(net::NSSCertDatabase* nss_cert_db); |
43 | |
44 // If the required slots (|private_slot_| and conditionally |system_slot_|) | |
45 // are available, initializes |nss_profile_filter_| and returns true. | |
46 // Otherwise returns false. | |
47 bool InitIfSlotsAvailable(); | |
48 | 55 |
49 bool init_called_; | 56 bool init_called_; |
50 base::Closure init_callback_; | 57 base::Closure init_callback_; |
51 bool use_system_slot_; | 58 base::WeakPtr<cert_database::CertDatabaseServiceIOPart> cert_db_io_; |
52 crypto::ScopedPK11Slot system_slot_; | |
53 crypto::ScopedPK11Slot private_slot_; | |
54 std::string username_hash_; | |
55 net::NSSProfileFilterChromeOS nss_profile_filter_; | 59 net::NSSProfileFilterChromeOS nss_profile_filter_; |
56 base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_; | 60 base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_; |
57 }; | 61 }; |
58 | 62 |
59 } // namespace chromeos | 63 } // namespace chromeos |
60 | 64 |
61 #endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ | 65 #endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ |
OLD | NEW |