Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/openssl_private_key_store_android.cc

Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: git cl try Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/openssl_private_key_store.h ('k') | net/base/openssl_private_key_store_memory.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/openssl_private_key_store.h" 5 #include "net/base/openssl_private_key_store.h"
6 6
7 #include <openssl/evp.h> 7 #include <openssl/evp.h>
8 #include <openssl/x509.h> 8 #include <openssl/x509.h>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/memory/singleton.h" 11 #include "base/memory/singleton.h"
12 #include "crypto/openssl_util.h" 12 #include "crypto/openssl_util.h"
13 #include "net/android/network_library.h" 13 #include "net/android/network_library.h"
14 14
15 namespace net { 15 namespace net {
16 16
17 namespace { 17 bool OpenSSLPrivateKeyStore::StoreKeyPair(const GURL& url,
18 EVP_PKEY* pkey) {
19 // Always clear openssl errors on exit.
20 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
18 21
19 class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore { 22 // Important: Do not use i2d_PublicKey() here, which returns data in
20 public: 23 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded
21 ~OpenSSLKeyStoreAndroid() {} 24 // SubjectPublicKeyInfo (X.509), as expected by the platform.
25 unsigned char* public_key = NULL;
26 int public_len = i2d_PUBKEY(pkey, &public_key);
22 27
23 virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) { 28 // Important: Do not use i2d_PrivateKey() here, it returns data
24 // Always clear openssl errors on exit. 29 // in a format that is incompatible with what the platform expects.
25 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); 30 unsigned char* private_key = NULL;
26 31 int private_len = 0;
27 // Important: Do not use i2d_PublicKey() here, which returns data in 32 crypto::ScopedOpenSSL<
28 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded 33 PKCS8_PRIV_KEY_INFO,
29 // SubjectPublicKeyInfo (X.509), as expected by the platform. 34 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));
30 unsigned char* public_key = NULL; 35 if (pkcs8.get() != NULL) {
31 int public_len = i2d_PUBKEY(pkey, &public_key); 36 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);
32
33 // Important: Do not use i2d_PrivateKey() here, it returns data
34 // in a format that is incompatible with what the platform expects.
35 unsigned char* private_key = NULL;
36 int private_len = 0;
37 crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,
38 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));
39 if (pkcs8.get() != NULL) {
40 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);
41 }
42 bool ret = false;
43 if (public_len > 0 && private_len > 0) {
44 ret = net::android::StoreKeyPair(
45 static_cast<const uint8*>(public_key), public_len,
46 static_cast<const uint8*>(private_key), private_len);
47 }
48 LOG_IF(ERROR, !ret) << "StorePrivateKey failed. pub len = " << public_len
49 << " priv len = " << private_len;
50 OPENSSL_free(public_key);
51 OPENSSL_free(private_key);
52 return ret;
53 } 37 }
54 38 bool ret = false;
55 virtual EVP_PKEY* FetchPrivateKey(EVP_PKEY* pkey) { 39 if (public_len > 0 && private_len > 0) {
56 // TODO(joth): Implement when client authentication is required. 40 ret = net::android::StoreKeyPair(
57 NOTIMPLEMENTED(); 41 static_cast<const uint8*>(public_key), public_len,
58 return NULL; 42 static_cast<const uint8*>(private_key), private_len);
59 } 43 }
60 44 LOG_IF(ERROR, !ret) << "StoreKeyPair failed. pub len = " << public_len
61 static OpenSSLKeyStoreAndroid* GetInstance() { 45 << " priv len = " << private_len;
62 // Leak the OpenSSL key store as it is used from a non-joinable worker 46 OPENSSL_free(public_key);
63 // thread that may still be running at shutdown. 47 OPENSSL_free(private_key);
64 return Singleton< 48 return ret;
65 OpenSSLKeyStoreAndroid,
66 OpenSSLKeyStoreAndroidLeakyTraits>::get();
67 }
68
69 private:
70 friend struct DefaultSingletonTraits<OpenSSLKeyStoreAndroid>;
71 typedef LeakySingletonTraits<OpenSSLKeyStoreAndroid>
72 OpenSSLKeyStoreAndroidLeakyTraits;
73
74 OpenSSLKeyStoreAndroid() {}
75
76 DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyStoreAndroid);
77 };
78
79 } // namespace
80
81 OpenSSLPrivateKeyStore* OpenSSLPrivateKeyStore::GetInstance() {
82 return OpenSSLKeyStoreAndroid::GetInstance();
83 } 49 }
84 50
85 } // namespace net 51 } // namespace net
OLDNEW
« no previous file with comments | « net/base/openssl_private_key_store.h ('k') | net/base/openssl_private_key_store_memory.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698