• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SSL_CLIENT_CERT_STORE_MAC_H_
6 #define NET_SSL_CLIENT_CERT_STORE_MAC_H_
7 
8 #include "base/functional/callback.h"
9 #include "base/memory/scoped_refptr.h"
10 #include "base/memory/weak_ptr.h"
11 #include "net/base/net_export.h"
12 #include "net/ssl/client_cert_store.h"
13 #include "net/ssl/ssl_cert_request_info.h"
14 
15 namespace net {
16 
17 class ClientCertIdentityMac;
18 
19 class NET_EXPORT ClientCertStoreMac : public ClientCertStore {
20  public:
21   ClientCertStoreMac();
22 
23   ClientCertStoreMac(const ClientCertStoreMac&) = delete;
24   ClientCertStoreMac& operator=(const ClientCertStoreMac&) = delete;
25 
26   ~ClientCertStoreMac() override;
27 
28   // ClientCertStore:
29   void GetClientCerts(scoped_refptr<const SSLCertRequestInfo> cert_request_info,
30                       ClientCertListCallback callback) override;
31 
32  private:
33   // TODO(crbug.com/40825523): Improve test coverage and remove/reduce
34   // the friend tests and ForTesting methods.
35   friend class ClientCertStoreMacTest;
36   friend class ClientCertStoreMacTestDelegate;
37 
38   void OnClientCertsResponse(ClientCertListCallback callback,
39                              ClientCertIdentityList identities);
40 
41   // A hook for testing. Filters |input_identities| using the logic being used
42   // to filter the system store when GetClientCerts() is called. Implemented by
43   // creating a list of certificates that otherwise would be extracted from the
44   // system store and filtering it using the common logic (less adequate than
45   // the approach used on Windows).
46   bool SelectClientCertsForTesting(
47       std::vector<std::unique_ptr<ClientCertIdentityMac>> input_identities,
48       const SSLCertRequestInfo& cert_request_info,
49       ClientCertIdentityList* selected_identities);
50 
51   // Testing hook specific to Mac, where the internal logic recognizes preferred
52   // certificates for particular domains. If the preferred certificate is
53   // present in the output list (i.e. it doesn't get filtered out), it should
54   // always come first.
55   bool SelectClientCertsGivenPreferredForTesting(
56       std::unique_ptr<ClientCertIdentityMac> preferred_identity,
57       std::vector<std::unique_ptr<ClientCertIdentityMac>> regular_identities,
58       const SSLCertRequestInfo& request,
59       ClientCertIdentityList* selected_identities);
60 
61   base::WeakPtrFactory<ClientCertStoreMac> weak_factory_{this};
62 };
63 
64 }  // namespace net
65 
66 #endif  // NET_SSL_CLIENT_CERT_STORE_MAC_H_
67