• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SSL_CLIENT_CERT_STORE_WIN_H_
6 #define NET_SSL_CLIENT_CERT_STORE_WIN_H_
7 
8 #include "base/functional/callback.h"
9 #include "base/memory/scoped_refptr.h"
10 #include "base/memory/weak_ptr.h"
11 #include "base/win/wincrypt_shim.h"
12 #include "crypto/scoped_capi_types.h"
13 #include "net/base/net_export.h"
14 #include "net/ssl/client_cert_store.h"
15 #include "net/ssl/ssl_cert_request_info.h"
16 
17 namespace net {
18 
19 class NET_EXPORT ClientCertStoreWin : public ClientCertStore {
20  public:
21   // Uses the "MY" current user system certificate store.
22   ClientCertStoreWin();
23 
24   // Calls |cert_store_callback| on the platform key thread to determine the
25   // certificate store.
26   explicit ClientCertStoreWin(
27       base::RepeatingCallback<crypto::ScopedHCERTSTORE()> cert_store_callback);
28 
29   ClientCertStoreWin(const ClientCertStoreWin&) = delete;
30   ClientCertStoreWin& operator=(const ClientCertStoreWin&) = delete;
31 
32   ~ClientCertStoreWin() override;
33 
34   // If a cert store has been provided at construction time GetClientCerts
35   // will use that. Otherwise it will use the current user's "MY" cert store
36   // instead.
37   void GetClientCerts(scoped_refptr<const SSLCertRequestInfo> cert_request_info,
38                       ClientCertListCallback callback) override;
39 
40  private:
41   friend class ClientCertStoreWinTestDelegate;
42 
43   // Opens the cert store and uses it to lookup the client certs.
44   static ClientCertIdentityList GetClientCertsWithCertStore(
45       scoped_refptr<const SSLCertRequestInfo> request,
46       const base::RepeatingCallback<crypto::ScopedHCERTSTORE()>&
47           cert_store_callback);
48 
49   // A hook for testing. Filters |input_certs| using the logic being used to
50   // filter the system store when GetClientCerts() is called.
51   // Implemented by creating a temporary in-memory store and filtering it
52   // using the common logic.
53   bool SelectClientCertsForTesting(const CertificateList& input_certs,
54                                    const SSLCertRequestInfo& cert_request_info,
55                                    ClientCertIdentityList* selected_identities);
56 
57   void OnClientCertsResponse(ClientCertListCallback callback,
58                              ClientCertIdentityList identities);
59 
60   base::RepeatingCallback<crypto::ScopedHCERTSTORE()> cert_store_callback_;
61 
62   base::WeakPtrFactory<ClientCertStoreWin> weak_factory_{this};
63 };
64 
65 }  // namespace net
66 
67 #endif  // NET_SSL_CLIENT_CERT_STORE_WIN_H_
68