1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/net/client_cert_filter_chromeos.h"
8 #include "crypto/nss_util_internal.h"
9 #include "net/cert/x509_certificate.h"
13 ClientCertFilterChromeOS::ClientCertFilterChromeOS(
15 const std::string& username_hash)
16 : init_called_(false),
17 use_system_slot_(use_system_slot),
18 username_hash_(username_hash),
19 weak_ptr_factory_(this) {
22 ClientCertFilterChromeOS::~ClientCertFilterChromeOS() {
25 bool ClientCertFilterChromeOS::Init(const base::Closure& callback) {
26 DCHECK(!init_called_);
29 init_callback_ = callback;
30 if (use_system_slot_) {
31 system_slot_ = crypto::GetSystemNSSKeySlot(
32 base::Bind(&ClientCertFilterChromeOS::GotSystemSlot,
33 weak_ptr_factory_.GetWeakPtr())).Pass();
36 crypto::GetPrivateSlotForChromeOSUser(
37 username_hash_, base::Bind(&ClientCertFilterChromeOS::GotPrivateSlot,
38 weak_ptr_factory_.GetWeakPtr())).Pass();
40 // Do not call back if we initialized synchronously.
41 return InitIfSlotsAvailable();
44 bool ClientCertFilterChromeOS::IsCertAllowed(
45 const scoped_refptr<net::X509Certificate>& cert) const {
46 return nss_profile_filter_.IsCertAllowed(cert->os_cert_handle());
49 void ClientCertFilterChromeOS::GotSystemSlot(
50 crypto::ScopedPK11Slot system_slot) {
51 system_slot_ = system_slot.Pass();
52 if (InitIfSlotsAvailable() && !init_callback_.is_null()) {
54 init_callback_.Reset();
58 void ClientCertFilterChromeOS::GotPrivateSlot(
59 crypto::ScopedPK11Slot private_slot) {
60 private_slot_ = private_slot.Pass();
61 if (InitIfSlotsAvailable() && !init_callback_.is_null()) {
63 init_callback_.Reset();
67 bool ClientCertFilterChromeOS::InitIfSlotsAvailable() {
68 if ((use_system_slot_ && !system_slot_) || !private_slot_)
70 nss_profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
76 } // namespace chromeos