xref: /aosp_15_r20/external/cronet/net/ssl/ssl_client_auth_cache.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SSL_SSL_CLIENT_AUTH_CACHE_H_
6 #define NET_SSL_SSL_CLIENT_AUTH_CACHE_H_
7 
8 #include <map>
9 #include <utility>
10 
11 #include "base/compiler_specific.h"
12 #include "base/containers/flat_set.h"
13 #include "base/memory/scoped_refptr.h"
14 #include "net/base/host_port_pair.h"
15 #include "net/base/net_export.h"
16 #include "net/ssl/ssl_private_key.h"
17 
18 namespace net {
19 
20 class X509Certificate;
21 
22 // The SSLClientAuthCache class is a simple cache structure to store SSL
23 // client certificate decisions. Provides lookup, insertion, and deletion of
24 // entries based on a server's host and port.
25 class NET_EXPORT_PRIVATE SSLClientAuthCache {
26  public:
27   SSLClientAuthCache();
28   ~SSLClientAuthCache();
29 
30   // Checks for a client certificate preference for SSL server at |server|.
31   // Returns true if a preference is found, and sets |*certificate| to the
32   // desired client certificate. The desired certificate may be NULL, which
33   // indicates a preference to not send any certificate to |server|.
34   // If a certificate preference is not found, returns false.
35   bool Lookup(const HostPortPair& server,
36               scoped_refptr<X509Certificate>* certificate,
37               scoped_refptr<SSLPrivateKey>* private_key);
38 
39   // Add a client certificate and private key for |server| to the cache. If
40   // there is already a client certificate for |server|, it will be
41   // overwritten. A NULL |client_cert| indicates a preference that no client
42   // certificate should be sent to |server|.
43   void Add(const HostPortPair& server,
44            scoped_refptr<X509Certificate> client_cert,
45            scoped_refptr<SSLPrivateKey> private_key);
46 
47   // Remove cached client certificate decisions for |server| from the cache.
48   // Returns true if one was removed and false otherwise.
49   bool Remove(const HostPortPair& server);
50 
51   // Removes all cached client certificate decisions.
52   void Clear();
53 
54   // Returns a list of all the HostPortPairs that have cached client
55   // certificate decisions.
56   base::flat_set<HostPortPair> GetCachedServers() const;
57 
58  private:
59   typedef HostPortPair AuthCacheKey;
60   typedef std::pair<scoped_refptr<X509Certificate>,
61                     scoped_refptr<SSLPrivateKey>> AuthCacheValue;
62   typedef std::map<AuthCacheKey, AuthCacheValue> AuthCacheMap;
63 
64   // internal representation of cache, an STL map.
65   AuthCacheMap cache_;
66 };
67 
68 }  // namespace net
69 
70 #endif  // NET_SSL_SSL_CLIENT_AUTH_CACHE_H_
71