From 99e5e952f0eb1dc803687c61a16ee381412acc95 Mon Sep 17 00:00:00 2001 From: "mattm@chromium.org" Date: Mon, 16 Dec 2013 13:05:27 +0000 Subject: Update keygen to use correct NSS slot on ChromeOS multiprofile. BUG=302126 Review URL: https://codereview.chromium.org/61643007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@240868 0039d316-1c4b-4281-b951-d872f2087c98 --- crypto/nss_crypto_module_delegate.h | 53 +++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 crypto/nss_crypto_module_delegate.h (limited to 'crypto/nss_crypto_module_delegate.h') diff --git a/crypto/nss_crypto_module_delegate.h b/crypto/nss_crypto_module_delegate.h new file mode 100644 index 0000000..00b2b75 --- /dev/null +++ b/crypto/nss_crypto_module_delegate.h @@ -0,0 +1,53 @@ +// Copyright 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ +#define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ + +#include + +#include "base/callback_forward.h" +#include "crypto/scoped_nss_types.h" + +namespace crypto { + +// PK11_SetPasswordFunc is a global setting. An implementation of +// CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the +// user data argument (|wincx|) to relevant NSS functions, which the global +// password handler will call to do the actual work. This delegate should only +// be used in NSS calls on worker threads due to the blocking nature. +class CryptoModuleBlockingPasswordDelegate { + public: + virtual ~CryptoModuleBlockingPasswordDelegate() {} + + // Return a value suitable for passing to the |wincx| argument of relevant NSS + // functions. This should be used instead of passing the object pointer + // directly to avoid accidentally casting a pointer to a subclass to void* and + // then casting back to a pointer of the base class + void* wincx() { return this; } + + // Requests a password to unlock |slot_name|. The interface is synchronous + // because NSS cannot issue an asynchronous request. |retry| is true if this + // is a request for the retry and we previously returned the wrong password. + // The implementation should set |*cancelled| to true if the user cancelled + // instead of entering a password, otherwise it should return the password the + // user entered. + virtual std::string RequestPassword(const std::string& slot_name, bool retry, + bool* cancelled) = 0; + +}; + +// Extends CryptoModuleBlockingPasswordDelegate with the ability to return a +// slot in which to act. (Eg, which slot to store a generated key in.) +class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate { + public: + virtual ~NSSCryptoModuleDelegate() {} + + // Get the slot to store the generated key. + virtual ScopedPK11Slot RequestSlot() = 0; +}; + +} // namespace crypto + +#endif // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ -- cgit v1.1