OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ |
6 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
11 #include "base/memory/weak_ptr.h" | 11 #include "base/memory/weak_ptr.h" |
12 #include "crypto/scoped_nss_types.h" | 12 #include "crypto/scoped_nss_types.h" |
13 #include "net/cert/nss_profile_filter_chromeos.h" | 13 #include "net/cert/nss_profile_filter_chromeos.h" |
14 #include "net/ssl/client_cert_store_chromeos.h" | 14 #include "net/ssl/client_cert_store_chromeos.h" |
15 | 15 |
| 16 namespace cert_database { |
| 17 class CertDatabaseServiceIOPart; |
| 18 } |
| 19 |
| 20 namespace net { |
| 21 class NSSCertDatabase; |
| 22 } |
| 23 |
16 namespace chromeos { | 24 namespace chromeos { |
17 | 25 |
18 // A client certificate filter that filters by applying a | 26 // A client certificate filter that filters by applying a |
19 // NSSProfileFilterChromeOS. | 27 // NSSProfileFilterChromeOS. |
| 28 // The filter will accept any certificate from slots which are available to the |
| 29 // given CertDatabase and accordingly to the user of the owning BrowserContext. |
| 30 // That means, that the public, private and system slot are used if available. |
| 31 // If an error occurs during the initialization then an empty filter will be |
| 32 // used, see the default constructor of NSSProfileFilterChromeOS. |
20 class ClientCertFilterChromeOS | 33 class ClientCertFilterChromeOS |
21 : public net::ClientCertStoreChromeOS::CertFilter { | 34 : public net::ClientCertStoreChromeOS::CertFilter { |
22 public: | 35 public: |
23 // The internal NSSProfileFilterChromeOS will be initialized with the public | 36 // The internal NSSProfileFilterChromeOS will be initialized with the public, |
24 // and private slot of the user with |username_hash| and with the system slot | 37 // private and system slot if they're provided by |cert_db_io|. |
25 // if |use_system_slot| is true. | 38 explicit ClientCertFilterChromeOS(const base::WeakPtr< |
26 ClientCertFilterChromeOS(bool use_system_slot, | 39 cert_database::CertDatabaseServiceIOPart>& cert_db_io); |
27 const std::string& username_hash); | |
28 ~ClientCertFilterChromeOS() override; | 40 ~ClientCertFilterChromeOS() override; |
29 | 41 |
30 // ClientCertStoreChromeOS::CertFilter: | 42 // ClientCertStoreChromeOS::CertFilter: |
31 bool Init(const base::Closure& callback) override; | 43 bool Init(const base::Closure& callback) override; |
32 bool IsCertAllowed( | 44 bool IsCertAllowed( |
33 const scoped_refptr<net::X509Certificate>& cert) const override; | 45 const scoped_refptr<net::X509Certificate>& cert) const override; |
34 | 46 |
35 private: | 47 private: |
36 // Called back if the system slot was retrieved asynchronously. Continues the | 48 // Called back if the NSSCertDatabase was retrieved asynchronously. Continues |
37 // initialization. | 49 // the initialization. |
38 void GotSystemSlot(crypto::ScopedPK11Slot system_slot); | 50 void GotNSSCertDatabase(net::NSSCertDatabase* nss_cert_db); |
39 | 51 |
40 // Called back if the private slot was retrieved asynchronously. Continues the | 52 // Initializes |nss_profile_filter_| with the slots available from |
41 // initialization. | 53 // |nss_cert_db|, if not null. |
42 void GotPrivateSlot(crypto::ScopedPK11Slot private_slot); | 54 void InitNSSProfileFilter(net::NSSCertDatabase* nss_cert_db); |
43 | 55 |
44 // If the required slots (|private_slot_| and conditionally |system_slot_|) | |
45 // are available, initializes |nss_profile_filter_| and returns true. | |
46 // Otherwise returns false. | |
47 bool InitIfSlotsAvailable(); | |
48 | |
49 // True once Init() was called. | |
50 bool init_called_; | 56 bool init_called_; |
51 | |
52 // The callback provided to Init(), which may be null. Reset after the filter | |
53 // is initialized. | |
54 base::Closure init_callback_; | 57 base::Closure init_callback_; |
55 | 58 base::WeakPtr<cert_database::CertDatabaseServiceIOPart> cert_db_io_; |
56 bool use_system_slot_; | |
57 std::string username_hash_; | |
58 | |
59 // Used to store the system slot, if required, for initialization. Will be | |
60 // null after the filter is initialized. | |
61 crypto::ScopedPK11Slot system_slot_; | |
62 | |
63 // Used to store the private slot for initialization. Will be null after the | |
64 // filter is initialized. | |
65 crypto::ScopedPK11Slot private_slot_; | |
66 | |
67 net::NSSProfileFilterChromeOS nss_profile_filter_; | 59 net::NSSProfileFilterChromeOS nss_profile_filter_; |
68 base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_; | 60 base::WeakPtrFactory<ClientCertFilterChromeOS> weak_ptr_factory_; |
69 }; | 61 }; |
70 | 62 |
71 } // namespace chromeos | 63 } // namespace chromeos |
72 | 64 |
73 #endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ | 65 #endif // CHROME_BROWSER_CHROMEOS_NET_CLIENT_CERT_FILTER_CHROMEOS_H_ |
OLD | NEW |