diff options
Diffstat (limited to '')
-rw-r--r-- | security/manager/ssl/TLSClientAuthCertSelection.h | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/security/manager/ssl/TLSClientAuthCertSelection.h b/security/manager/ssl/TLSClientAuthCertSelection.h new file mode 100644 index 0000000000..bd15a65957 --- /dev/null +++ b/security/manager/ssl/TLSClientAuthCertSelection.h @@ -0,0 +1,54 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef SECURITY_MANAGER_SSL_TLSCLIENTAUTHCERTSELECTION_H_ +#define SECURITY_MANAGER_SSL_TLSCLIENTAUTHCERTSELECTION_H_ + +#include "NSSSocketControl.h" +#include "nsIX509Cert.h" +#include "nsNSSIOLayer.h" +#include "ssl.h" + +// NSS callback to select a client authentication certificate. See documentation +// at the top of TLSClientAuthCertSelection.cpp. +SECStatus SSLGetClientAuthDataHook(void* arg, PRFileDesc* socket, + CERTDistNames* caNames, + CERTCertificate** pRetCert, + SECKEYPrivateKey** pRetKey); + +// Base class for continuing the operation of selecting a client authentication +// certificate. Should not be used directly. +class ClientAuthCertificateSelectedBase : public mozilla::Runnable { + public: + ClientAuthCertificateSelectedBase() + : Runnable("ClientAuthCertificateSelectedBase") {} + + // Call to indicate that a client authentication certificate has been + // selected. + void SetSelectedClientAuthData( + nsTArray<uint8_t>&& selectedCertBytes, + nsTArray<nsTArray<uint8_t>>&& selectedCertChainBytes); + + protected: + nsTArray<uint8_t> mSelectedCertBytes; + // The bytes of the certificates that form a chain from the selected + // certificate to a root. Necessary so NSS can include them in the TLS + // handshake (see note about mClientCertChain in NSSSocketControl). + nsTArray<nsTArray<uint8_t>> mSelectedCertChainBytes; +}; + +class ClientAuthCertificateSelected : public ClientAuthCertificateSelectedBase { + public: + explicit ClientAuthCertificateSelected(NSSSocketControl* socketInfo) + : mSocketInfo(socketInfo) {} + + NS_IMETHOD Run() override; + + private: + RefPtr<NSSSocketControl> mSocketInfo; +}; + +#endif // SECURITY_MANAGER_SSL_TLSCLIENTAUTHCERTSELECTION_H_ |