| Index: net/base/openssl_client_key_store.cc
|
| diff --git a/net/base/openssl_client_key_store.cc b/net/base/openssl_client_key_store.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..5cae6c59439b2a0f2aea02bf79d37db0bec4953f
|
| --- /dev/null
|
| +++ b/net/base/openssl_client_key_store.cc
|
| @@ -0,0 +1,140 @@
|
| +// Copyright (c) 2013 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "net/base/openssl_client_key_store.h"
|
| +
|
| +#include <openssl/evp.h>
|
| +#include <openssl/x509.h>
|
| +
|
| +#include "base/memory/scoped_ptr.h"
|
| +#include "base/memory/singleton.h"
|
| +#include "net/base/x509_certificate.h"
|
| +
|
| +namespace net {
|
| +
|
| +namespace {
|
| +
|
| +typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
|
| +
|
| +// Increment the reference count of a given EVP_PKEY. This function
|
| +// is similar to EVP_PKEY_dup which is not available from the OpenSSL
|
| +// version used by Chromium at the moment. Its name is distinct to
|
| +// avoid compiler warnings about ambiguous function calls at caller
|
| +// sites.
|
| +EVP_PKEY* CopyEVP_PKEY(EVP_PKEY* key) {
|
| + if (key)
|
| + CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
| + return key;
|
| +}
|
| +
|
| +// Return the EVP_PKEY holding the public key of a given certificate.
|
| +// |cert| is a certificate.
|
| +// Returns a scoped EVP_PKEY for it.
|
| +ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
|
| + // X509_PUBKEY_get() increments the reference count of its result.
|
| + // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
|
| + EVP_PKEY* pkey =
|
| + X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
|
| + if (!pkey)
|
| + LOG(ERROR) << "Can't extract private key from certificate!";
|
| + return ScopedEVP_PKEY(pkey);
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +OpenSSLClientKeyStore::OpenSSLClientKeyStore() {
|
| +}
|
| +
|
| +OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
|
| +}
|
| +
|
| +OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,
|
| + EVP_PKEY* priv_key) {
|
| + public_key = CopyEVP_PKEY(pub_key);
|
| + private_key = CopyEVP_PKEY(priv_key);
|
| +}
|
| +
|
| +OpenSSLClientKeyStore::KeyPair::~KeyPair() {
|
| + EVP_PKEY_free(public_key);
|
| + EVP_PKEY_free(private_key);
|
| +}
|
| +
|
| +OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other) {
|
| + public_key = CopyEVP_PKEY(other.public_key);
|
| + private_key = CopyEVP_PKEY(other.private_key);
|
| +}
|
| +
|
| +void OpenSSLClientKeyStore::KeyPair::operator=(const KeyPair& other) {
|
| + EVP_PKEY* old_public_key = public_key;
|
| + EVP_PKEY* old_private_key = private_key;
|
| + public_key = CopyEVP_PKEY(other.public_key);
|
| + private_key = CopyEVP_PKEY(other.private_key);
|
| + EVP_PKEY_free(old_private_key);
|
| + EVP_PKEY_free(old_public_key);
|
| +}
|
| +
|
| +int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
|
| + if (!public_key)
|
| + return -1;
|
| + for (size_t n = 0; n < pairs_.size(); ++n) {
|
| + if (EVP_PKEY_cmp(pairs_[n].public_key, public_key) == 1)
|
| + return static_cast<int>(n);
|
| + }
|
| + return -1;
|
| +}
|
| +
|
| +void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,
|
| + EVP_PKEY* private_key) {
|
| + int index = FindKeyPairIndex(pub_key);
|
| + if (index < 0)
|
| + pairs_.push_back(KeyPair(pub_key, private_key));
|
| +}
|
| +
|
| +// Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based
|
| +// builds.
|
| +bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
|
| + const X509Certificate* client_cert,
|
| + EVP_PKEY* private_key) {
|
| + // Sanity check.
|
| + if (!client_cert || !private_key)
|
| + return false;
|
| +
|
| + // Get public key from certificate.
|
| + ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
|
| + if (!pub_key.get())
|
| + return false;
|
| +
|
| + AddKeyPair(pub_key.get(), private_key);
|
| + return true;
|
| +}
|
| +
|
| +bool OpenSSLClientKeyStore::FetchClientCertPrivateKey(
|
| + const X509Certificate* client_cert,
|
| + ScopedEVP_PKEY* private_key) {
|
| + if (!client_cert)
|
| + return false;
|
| +
|
| + ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
|
| + if (!pub_key.get())
|
| + return false;
|
| +
|
| + int index = FindKeyPairIndex(pub_key.get());
|
| + if (index < 0)
|
| + return false;
|
| +
|
| + private_key->reset(CopyEVP_PKEY(pairs_[index].private_key));
|
| + return true;
|
| +}
|
| +
|
| +void OpenSSLClientKeyStore::Flush() {
|
| + pairs_.clear();
|
| +}
|
| +
|
| +OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
|
| + return Singleton<OpenSSLClientKeyStore>::get();
|
| +}
|
| +
|
| +} // namespace net
|
| +
|
| +
|
|
|
Chromium Code Reviews
Issue 12220104:
Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master