// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef NET_BASE_OPENSSL_PRIVATE_KEY_STORE_H_
#define NET_BASE_OPENSSL_PRIVATE_KEY_STORE_H_
#pragma once

#include "base/basictypes.h"
#include "net/base/net_export.h"

typedef struct evp_pkey_st EVP_PKEY;

class GURL;

namespace net {

// Defines an abstract store for private keys; the OpenSSL library does not
// provide this service so it is left to individual platforms to provide it.
//
// The contract is that the private key will be stored in an appropriate secure
// system location, and be available to the SSLClientSocketOpenSSL when using a
// client certificate created against the associated public key for client
// authentication.
class
#ifdef ANDROID
NET_EXPORT
#endif
OpenSSLPrivateKeyStore {
 public:
  // Platforms must define this factory function as appropriate.
  static OpenSSLPrivateKeyStore* GetInstance();

  virtual ~OpenSSLPrivateKeyStore() {}

  // Called to store a private key generated via <keygen> while visiting |url|.
  // Does not takes ownership of |pkey|, the caller reamins responsible to
  // EVP_PKEY_free it. (Internally, a copy maybe made or the reference count
  // incremented).
  // Returns false if an error occurred whilst attempting to store the key.
  virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) = 0;

  // Given a |public_key| part returns the corresponding private key, or NULL
  // if no key found. Does NOT return ownership.
  virtual EVP_PKEY* FetchPrivateKey(EVP_PKEY* public_key) = 0;

 protected:
  OpenSSLPrivateKeyStore() {}

 private:
  DISALLOW_COPY_AND_ASSIGN(OpenSSLPrivateKeyStore);
};

} // namespace net

#endif  // NET_BASE_OPENSSL_PRIVATE_KEY_STORE_H_