1*6777b538SAndroid Build Coastguard Worker // Copyright 2017 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_SSL_CLIENT_CERT_IDENTITY_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_SSL_CLIENT_CERT_IDENTITY_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include "base/functional/callback.h" 9*6777b538SAndroid Build Coastguard Worker #include "base/time/time.h" 10*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 11*6777b538SAndroid Build Coastguard Worker #include "net/cert/x509_certificate.h" 12*6777b538SAndroid Build Coastguard Worker 13*6777b538SAndroid Build Coastguard Worker namespace base { 14*6777b538SAndroid Build Coastguard Worker class Time; 15*6777b538SAndroid Build Coastguard Worker } 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker namespace net { 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker class SSLPrivateKey; 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker // Represents a client certificate and a promise to retrieve the associated 22*6777b538SAndroid Build Coastguard Worker // private key. 23*6777b538SAndroid Build Coastguard Worker class NET_EXPORT ClientCertIdentity { 24*6777b538SAndroid Build Coastguard Worker public: 25*6777b538SAndroid Build Coastguard Worker explicit ClientCertIdentity(scoped_refptr<net::X509Certificate> cert); 26*6777b538SAndroid Build Coastguard Worker virtual ~ClientCertIdentity(); 27*6777b538SAndroid Build Coastguard Worker 28*6777b538SAndroid Build Coastguard Worker // Returns the certificate. certificate()29*6777b538SAndroid Build Coastguard Worker X509Certificate* certificate() const { return cert_.get(); } 30*6777b538SAndroid Build Coastguard Worker 31*6777b538SAndroid Build Coastguard Worker // Passes the private key to |private_key_callback| on the same sequence 32*6777b538SAndroid Build Coastguard Worker // AcquirePrivateKey is called on, or nullptr on error. The callback may be 33*6777b538SAndroid Build Coastguard Worker // run synchronously or asynchronously. The caller is responsible for 34*6777b538SAndroid Build Coastguard Worker // keeping the ClientCertIdentity alive until the callback is run. 35*6777b538SAndroid Build Coastguard Worker virtual void AcquirePrivateKey( 36*6777b538SAndroid Build Coastguard Worker base::OnceCallback<void(scoped_refptr<SSLPrivateKey>)> 37*6777b538SAndroid Build Coastguard Worker private_key_callback) = 0; 38*6777b538SAndroid Build Coastguard Worker 39*6777b538SAndroid Build Coastguard Worker // Acquires the private key for |identity|, taking ownership of |identity| so 40*6777b538SAndroid Build Coastguard Worker // that the caller does not need to manage its lifetime. The other semantics 41*6777b538SAndroid Build Coastguard Worker // are the same as for AcquirePrivateKey above. 42*6777b538SAndroid Build Coastguard Worker static void SelfOwningAcquirePrivateKey( 43*6777b538SAndroid Build Coastguard Worker std::unique_ptr<ClientCertIdentity> identity, 44*6777b538SAndroid Build Coastguard Worker base::OnceCallback<void(scoped_refptr<SSLPrivateKey>)> 45*6777b538SAndroid Build Coastguard Worker private_key_callback); 46*6777b538SAndroid Build Coastguard Worker 47*6777b538SAndroid Build Coastguard Worker // Sets the intermediates of |certificate()| to |intermediates|. Note that 48*6777b538SAndroid Build Coastguard Worker // this will change the value of |certificate()|, and any references that 49*6777b538SAndroid Build Coastguard Worker // were retained to the previous value will not reflect the updated 50*6777b538SAndroid Build Coastguard Worker // intermediates list. 51*6777b538SAndroid Build Coastguard Worker void SetIntermediates( 52*6777b538SAndroid Build Coastguard Worker std::vector<bssl::UniquePtr<CRYPTO_BUFFER>> intermediates); 53*6777b538SAndroid Build Coastguard Worker 54*6777b538SAndroid Build Coastguard Worker private: 55*6777b538SAndroid Build Coastguard Worker scoped_refptr<net::X509Certificate> cert_; 56*6777b538SAndroid Build Coastguard Worker }; 57*6777b538SAndroid Build Coastguard Worker 58*6777b538SAndroid Build Coastguard Worker // Comparator for use in STL algorithms that will sort client certificates by 59*6777b538SAndroid Build Coastguard Worker // order of preference. 60*6777b538SAndroid Build Coastguard Worker // Returns true if |a| is more preferable than |b|, allowing it to be used 61*6777b538SAndroid Build Coastguard Worker // with any algorithm that compares according to strict weak ordering. 62*6777b538SAndroid Build Coastguard Worker // 63*6777b538SAndroid Build Coastguard Worker // Criteria include: 64*6777b538SAndroid Build Coastguard Worker // - Prefer certificates that have a longer validity period (later 65*6777b538SAndroid Build Coastguard Worker // expiration dates) 66*6777b538SAndroid Build Coastguard Worker // - If equal, prefer certificates that were issued more recently 67*6777b538SAndroid Build Coastguard Worker // - If equal, prefer shorter chains (if available) 68*6777b538SAndroid Build Coastguard Worker class NET_EXPORT_PRIVATE ClientCertIdentitySorter { 69*6777b538SAndroid Build Coastguard Worker public: 70*6777b538SAndroid Build Coastguard Worker ClientCertIdentitySorter(); 71*6777b538SAndroid Build Coastguard Worker 72*6777b538SAndroid Build Coastguard Worker bool operator()(const std::unique_ptr<ClientCertIdentity>& a, 73*6777b538SAndroid Build Coastguard Worker const std::unique_ptr<ClientCertIdentity>& b) const; 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker private: 76*6777b538SAndroid Build Coastguard Worker base::Time now_; 77*6777b538SAndroid Build Coastguard Worker }; 78*6777b538SAndroid Build Coastguard Worker 79*6777b538SAndroid Build Coastguard Worker using ClientCertIdentityList = std::vector<std::unique_ptr<ClientCertIdentity>>; 80*6777b538SAndroid Build Coastguard Worker 81*6777b538SAndroid Build Coastguard Worker } // namespace net 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker #endif // NET_SSL_CLIENT_CERT_IDENTITY_H_ 84