Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 1 | // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ |
| 6 | #define CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ |
| 7 | |
| 8 | #include <string> |
| 9 | |
| 10 | #include "base/callback_forward.h" |
| 11 | #include "crypto/scoped_nss_types.h" |
| 12 | |
| 13 | namespace crypto { |
| 14 | |
| 15 | // PK11_SetPasswordFunc is a global setting. An implementation of |
| 16 | // CryptoModuleBlockingPasswordDelegate should be passed using wincx() as the |
| 17 | // user data argument (|wincx|) to relevant NSS functions, which the global |
| 18 | // password handler will call to do the actual work. This delegate should only |
| 19 | // be used in NSS calls on worker threads due to the blocking nature. |
| 20 | class CryptoModuleBlockingPasswordDelegate { |
| 21 | public: |
| 22 | virtual ~CryptoModuleBlockingPasswordDelegate() {} |
| 23 | |
| 24 | // Return a value suitable for passing to the |wincx| argument of relevant NSS |
| 25 | // functions. This should be used instead of passing the object pointer |
| 26 | // directly to avoid accidentally casting a pointer to a subclass to void* and |
| 27 | // then casting back to a pointer of the base class |
| 28 | void* wincx() { return this; } |
| 29 | |
| 30 | // Requests a password to unlock |slot_name|. The interface is synchronous |
| 31 | // because NSS cannot issue an asynchronous request. |retry| is true if this |
| 32 | // is a request for the retry and we previously returned the wrong password. |
| 33 | // The implementation should set |*cancelled| to true if the user cancelled |
| 34 | // instead of entering a password, otherwise it should return the password the |
| 35 | // user entered. |
| 36 | virtual std::string RequestPassword(const std::string& slot_name, bool retry, |
| 37 | bool* cancelled) = 0; |
| 38 | |
| 39 | }; |
| 40 | |
| 41 | // Extends CryptoModuleBlockingPasswordDelegate with the ability to return a |
| 42 | // slot in which to act. (Eg, which slot to store a generated key in.) |
| 43 | class NSSCryptoModuleDelegate : public CryptoModuleBlockingPasswordDelegate { |
| 44 | public: |
| 45 | ~NSSCryptoModuleDelegate() override {} |
| 46 | |
| 47 | // Get the slot to store the generated key. |
| 48 | virtual ScopedPK11Slot RequestSlot() = 0; |
| 49 | }; |
| 50 | |
| 51 | } // namespace crypto |
| 52 | |
| 53 | #endif // CRYPTO_NSS_CRYPTO_MODULE_DELEGATE_H_ |