blob: bab45f3267d9922d4340b86ad53f6d95325b6e87 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_SSL_CLIENT_KEY_STORE_H_
#define NET_SSL_CLIENT_KEY_STORE_H_
#include <vector>
#include "base/callback.h"
#include "base/lazy_instance.h"
#include "base/macros.h"
#include "base/memory/scoped_ptr.h"
#include "base/synchronization/lock.h"
#include "net/base/net_export.h"
namespace net {
class SSLPrivateKey;
class X509Certificate;
// TODO(rsleevi, davidben): Remove this once https://crbug.com/394131 is fixed.
// A certificate and key store that allows several external certificate
// providers to expose certificates and keys through this store. All currently
// provided certificates will be accessible through |FetchClientCertPrivateKey|.
// Methods of this singleton can be called from any thread.
class NET_EXPORT ClientKeyStore {
public:
class CertKeyProvider {
public:
// This can be called from any thread.
virtual ~CertKeyProvider() {}
// Obtains a handle to the certificate private key for |cert| and stores it
// in |private_key|.
// If the CertKeyProvider does not know about the |cert|, returns false. If
// it knows about the certificate, but is unable to return the private key,
// returns true and sets |*private_key| to nullptr.
// This can be called from any thread.
virtual bool GetCertificateKey(
const X509Certificate& cert,
scoped_refptr<SSLPrivateKey>* private_key) = 0;
};
static ClientKeyStore* GetInstance();
// The |provider| will be accessed on any thread but no concurrent method
// invocations will happen. |provider| must be valid until it is removed using
// |RemoveProvider| or the store is destroyed.
void AddProvider(CertKeyProvider* provider);
void RemoveProvider(const CertKeyProvider* provider);
// Given a |certificate|'s public key, return the corresponding private
// key if any of the registered providers has a matching key.
// Returns its matching private key on success, nullptr otherwise.
scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
const X509Certificate& certificate);
private:
friend struct base::DefaultLazyInstanceTraits<ClientKeyStore>;
ClientKeyStore();
~ClientKeyStore();
base::Lock lock_;
std::vector<CertKeyProvider*> providers_;
DISALLOW_COPY_AND_ASSIGN(ClientKeyStore);
};
} // namespace net
#endif // NET_SSL_CLIENT_KEY_STORE_H_
|
