| Index: crypto/nss_crypto_module_delegate.h
|
| diff --git a/crypto/crypto_module_blocking_password_delegate.h b/crypto/nss_crypto_module_delegate.h
|
| similarity index 36%
|
| rename from crypto/crypto_module_blocking_password_delegate.h
|
| rename to crypto/nss_crypto_module_delegate.h
|
| index c4acf1a8c5518de3d2a264b308df936a64f62dff..b1f5e2654d44d235ca1da6e92e98391f6b39e29b 100644
|
| --- a/crypto/crypto_module_blocking_password_delegate.h
|
| +++ b/crypto/nss_crypto_module_delegate.h
|
| @@ -2,32 +2,52 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#ifndef CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_
|
| -#define CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_
|
| +#ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
|
| +#define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
|
|
|
| #include <string>
|
|
|
| +#include "base/callback_forward.h"
|
| +#include "crypto/scoped_nss_types.h"
|
| +
|
| namespace crypto {
|
|
|
| // PK11_SetPasswordFunc is a global setting. An implementation of
|
| -// CryptoModuleBlockingPasswordDelegate should be passed as the user data
|
| -// argument (|wincx|) to relevant NSS functions, which the global password
|
| -// handler will call to do the actual work.
|
| +// CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the
|
| +// user data argument (|wincx|) to relevant NSS functions, which the global
|
| +// password handler will call to do the actual work. This delegate should only
|
| +// be used in NSS calls on worker threads due to the blocking nature.
|
| class CryptoModuleBlockingPasswordDelegate {
|
| public:
|
| virtual ~CryptoModuleBlockingPasswordDelegate() {}
|
|
|
| - // Requests a password to unlock |slot_name|. The interface is
|
| - // synchronous because NSS cannot issue an asynchronous
|
| - // request. |retry| is true if this is a request for the retry
|
| - // and we previously returned the wrong password.
|
| + // Return a value suitable for passing to the |wincx| argument of relevant NSS
|
| + // functions. This should be used instead of passing the object pointer
|
| + // directly to avoid accidentally casting a pointer to a subclass to void* and
|
| + // then casting back to a pointer of the base class
|
| + void* wincx() { return this; }
|
| +
|
| + // Requests a password to unlock |slot_name|. The interface is synchronous
|
| + // because NSS cannot issue an asynchronous request. |retry| is true if this
|
| + // is a request for the retry and we previously returned the wrong password.
|
| // The implementation should set |*cancelled| to true if the user cancelled
|
| // instead of entering a password, otherwise it should return the password the
|
| // user entered.
|
| virtual std::string RequestPassword(const std::string& slot_name, bool retry,
|
| bool* cancelled) = 0;
|
| +
|
| +};
|
| +
|
| +// Extends CryptoModuleBlockingPasswordDelegate with the ability to return a
|
| +// slot in which to act. (Eg, which slot to store a generated key in.)
|
| +class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate {
|
| + public:
|
| + virtual ~NSSCryptoModuleDelegate() {}
|
| +
|
| + // Get the slot to store the generated key.
|
| + virtual ScopedPK11Slot RequestSlot() = 0;
|
| };
|
|
|
| } // namespace crypto
|
|
|
| -#endif // CRYPTO_CRYPTO_MODULE_BLOCKING_PASSWORD_DELEGATE_H_
|
| +#endif // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_
|
|
|
Chromium Code Reviews
Issue 61643007:
Update keygen to use correct NSS slot on ChromeOS multiprofile. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src