1 // Copyright 2024 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_CLIENT_CERT_MATCHER_H_ 6 #define NET_SSL_CLIENT_CERT_MATCHER_H_ 7 8 #include <memory> 9 #include <vector> 10 11 #include "base/containers/span.h" 12 #include "net/base/net_export.h" 13 #include "net/ssl/client_cert_identity.h" 14 #include "net/ssl/ssl_cert_request_info.h" 15 16 namespace net { 17 18 class NET_EXPORT ClientCertIssuerSource { 19 public: 20 virtual ~ClientCertIssuerSource() = default; 21 22 // Returns certs from this source whose subject TLV is `name`. 23 virtual std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> GetCertsByName( 24 base::span<const uint8_t> name) = 0; 25 }; 26 27 using ClientCertIssuerSourceCollection = 28 std::vector<std::unique_ptr<ClientCertIssuerSource>>; 29 30 // Matches client certs against cert requests and builds path using an 31 // abstraction to get issuers from arbitrary sources. 32 // Filters the list of client certs in `identities` to only include those 33 // that match `request. 34 // This method might need to be run on a worker thread, for example if any 35 // of the ClientCertIssuerSource implementations can block. 36 NET_EXPORT void FilterMatchingClientCertIdentities( 37 ClientCertIdentityList* identities, 38 const SSLCertRequestInfo& request, 39 const ClientCertIssuerSourceCollection& sources); 40 41 } // namespace net 42 43 #endif // NET_SSL_CLIENT_CERT_MATCHER_H_ 44