// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "net/ssl/client_cert_store_chromeos.h"

#include <cert.h>

#include "base/bind.h"
#include "crypto/nss_crypto_module_delegate.h"
#include "crypto/nss_util_internal.h"

namespace net {

ClientCertStoreChromeOS::ClientCertStoreChromeOS(
    const std::string& username_hash,
    const PasswordDelegateFactory& password_delegate_factory)
    : ClientCertStoreNSS(password_delegate_factory),
      username_hash_(username_hash) {}

ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}

void ClientCertStoreChromeOS::GetClientCerts(
    const SSLCertRequestInfo& cert_request_info,
    CertificateList* selected_certs,
    const base::Closure& callback) {
  crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser(
      username_hash_,
      base::Bind(&ClientCertStoreChromeOS::DidGetPrivateSlot,
                 // Caller is responsible for keeping the ClientCertStore alive
                 // until the callback is run.
                 base::Unretained(this),
                 &cert_request_info,
                 selected_certs,
                 callback)));
  if (private_slot)
    DidGetPrivateSlot(
        &cert_request_info, selected_certs, callback, private_slot.Pass());
}

void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list,
                                            const SSLCertRequestInfo& request,
                                            bool query_nssdb,
                                            CertificateList* selected_certs) {
  ClientCertStoreNSS::GetClientCertsImpl(
      cert_list, request, query_nssdb, selected_certs);

  size_t pre_size = selected_certs->size();
  selected_certs->erase(
      std::remove_if(
          selected_certs->begin(),
          selected_certs->end(),
          NSSProfileFilterChromeOS::CertNotAllowedForProfilePredicate(
              profile_filter_)),
      selected_certs->end());
  DVLOG(1) << "filtered " << pre_size - selected_certs->size() << " of "
           << pre_size << " certs";
}

void ClientCertStoreChromeOS::DidGetPrivateSlot(
    const SSLCertRequestInfo* request,
    CertificateList* selected_certs,
    const base::Closure& callback,
    crypto::ScopedPK11Slot private_slot) {
  profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
                       private_slot.Pass());
  ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);
}

void ClientCertStoreChromeOS::InitForTesting(
    crypto::ScopedPK11Slot public_slot,
    crypto::ScopedPK11Slot private_slot) {
  profile_filter_.Init(public_slot.Pass(), private_slot.Pass());
}

bool ClientCertStoreChromeOS::SelectClientCertsForTesting(
    const CertificateList& input_certs,
    const SSLCertRequestInfo& request,
    CertificateList* selected_certs) {
  CERTCertList* cert_list = CERT_NewCertList();
  if (!cert_list)
    return false;
  for (size_t i = 0; i < input_certs.size(); ++i) {
    CERT_AddCertToListTail(
        cert_list, CERT_DupCertificate(input_certs[i]->os_cert_handle()));
  }

  GetClientCertsImpl(cert_list, request, false, selected_certs);
  CERT_DestroyCertList(cert_list);
  return true;
}


}  // namespace net