diff options
| author | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-01-13 01:48:43 +0000 |
|---|---|---|
| committer | mattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-01-13 01:48:43 +0000 |
| commit | 88b9db7d713a9e156fa66694844c4d98ee48d875 (patch) | |
| tree | a06b93ff3319bc3512051372ecadd693ebeeaf80 /net/base/keygen_handler.h | |
| parent | 6fd024b93e4a708a767c1892e5091e3585a5c72f (diff) | |
| download | chromium_src-88b9db7d713a9e156fa66694844c4d98ee48d875.zip chromium_src-88b9db7d713a9e156fa66694844c4d98ee48d875.tar.gz chromium_src-88b9db7d713a9e156fa66694844c4d98ee48d875.tar.bz2 | |
NSS: PKCS 11 password prompt.
This was based off of davidben's WIP cl http://codereview.chromium.org/3186021/show.
BUG=42073
TEST=add password to NSS DB with "certutil -d sql:.pki/nssdb -W", try client auth, <keygen>, cert manager
Review URL: http://codereview.chromium.org/5686002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@71281 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/keygen_handler.h')
| -rw-r--r-- | net/base/keygen_handler.h | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/net/base/keygen_handler.h b/net/base/keygen_handler.h index 5ca6027..d12d084 100644 --- a/net/base/keygen_handler.h +++ b/net/base/keygen_handler.h @@ -8,8 +8,16 @@ #include <string> +#include "base/scoped_ptr.h" +#include "build/build_config.h" #include "googleurl/src/gurl.h" +#if defined(USE_NSS) +namespace base { +class PK11BlockingPasswordDelegate; +}; +#endif // defined(USE_NSS) + namespace net { // This class handles keypair generation for generating client @@ -22,9 +30,10 @@ class KeygenHandler { // Creates a handler that will generate a key with the given key size and // incorporate the |challenge| into the Netscape SPKAC structure. The request // for the key originated from |url|. - inline KeygenHandler(int key_size_in_bits, - const std::string& challenge, - const GURL& url); + KeygenHandler(int key_size_in_bits, + const std::string& challenge, + const GURL& url); + ~KeygenHandler(); // Actually generates the key-pair and the cert request (SPKAC), and returns // a base64-encoded string suitable for use as the form value of <keygen>. @@ -33,22 +42,25 @@ class KeygenHandler { // Exposed only for unit tests. void set_stores_key(bool store) { stores_key_ = store;} +#if defined(USE_NSS) + // Register the password delegate to be used if the token is unauthenticated. + // GenKeyAndSignChallenge runs on a worker thread, so using the blocking + // password callback is okay here. + // Takes ownership of the delegate. + void set_pk11_password_delegate(base::PK11BlockingPasswordDelegate* delegate); +#endif // defined(USE_NSS) + private: int key_size_in_bits_; // key size in bits (usually 2048) std::string challenge_; // challenge string sent by server GURL url_; // the URL that requested the key bool stores_key_; // should the generated key-pair be stored persistently? +#if defined(USE_NSS) + // The callback for requesting a password to the PKCS#11 token. + scoped_ptr<base::PK11BlockingPasswordDelegate> pk11_password_delegate_; +#endif // defined(USE_NSS) }; -KeygenHandler::KeygenHandler(int key_size_in_bits, - const std::string& challenge, - const GURL& url) - : key_size_in_bits_(key_size_in_bits), - challenge_(challenge), - url_(url), - stores_key_(true) { -} - } // namespace net #endif // NET_BASE_KEYGEN_HANDLER_H_ |