diff options
author | rkn@chromium.org <rkn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-19 07:23:13 +0000 |
---|---|---|
committer | rkn@chromium.org <rkn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-08-19 07:23:13 +0000 |
commit | 36568926d6b8f29d7b3092969850fe40c2e2661f (patch) | |
tree | 10b0e0c0521c5a2b1a65ad5477605bfacd468ada /net/socket/ssl_client_socket_nss.h | |
parent | ec5c1c281179719f81619b63b3172d72c22603b8 (diff) | |
download | chromium_src-36568926d6b8f29d7b3092969850fe40c2e2661f.zip chromium_src-36568926d6b8f29d7b3092969850fe40c2e2661f.tar.gz chromium_src-36568926d6b8f29d7b3092969850fe40c2e2661f.tar.bz2 |
Changes SSLClientSocketNSS::ClientAuthHandler to handle the origin-bound certificate case.
This is done asynchronously.
BUG=88782
TEST=None
Review URL: http://codereview.chromium.org/7647024
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97439 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.h')
-rw-r--r-- | net/socket/ssl_client_socket_nss.h | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 6a27d4c..88e8fde 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -24,6 +24,7 @@ #include "net/base/host_port_pair.h" #include "net/base/net_log.h" #include "net/base/nss_memio.h" +#include "net/base/origin_bound_cert_service.h" #include "net/base/ssl_config_service.h" #include "net/base/x509_certificate.h" #include "net/socket/ssl_client_socket.h" @@ -93,6 +94,7 @@ class SSLClientSocketNSS : public SSLClientSocket { STATE_NONE, STATE_LOAD_SSL_HOST_INFO, STATE_HANDSHAKE, + STATE_GET_OB_CERT_COMPLETE, STATE_VERIFY_DNSSEC, STATE_VERIFY_CERT, STATE_VERIFY_CERT_COMPLETE, @@ -121,8 +123,17 @@ class SSLClientSocketNSS : public SSLClientSocket { bool LoadSSLHostInfo(); int DoLoadSSLHostInfo(); + int DoHandshake(); + // ImportOBCertAndKey is a helper function for turning a DER-encoded cert and + // key into a CERTCertificate and SECKEYPrivateKey. Returns OK upon success + // and an error code otherwise. + // Requires |ob_private_key_| and |ob_cert_| to have been set by a call to + // OriginBoundCertService->GetOriginBoundCert. The caller takes ownership of + // the |*cert| and |*key|. + int ImportOBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key); + int DoGetOBCertComplete(int result); int DoVerifyDNSSEC(int result); int DoVerifyCert(int result); int DoVerifyCertComplete(int result); @@ -218,8 +229,12 @@ class SSLClientSocketNSS : public SSLClientSocket { CertVerifier* const cert_verifier_; scoped_ptr<SingleRequestCertVerifier> verifier_; - // For the use of origin bound certificates for client auth. + // For origin bound certificates in client auth. + bool ob_cert_xtn_negotiated_; OriginBoundCertService* origin_bound_cert_service_; + std::string ob_private_key_; + std::string ob_cert_; + OriginBoundCertService::RequestHandle ob_cert_request_handle_; // True if NSS has called HandshakeCallback. bool handshake_callback_called_; |