Implements keygen handler for openssl, but without private key persistence

net/base/keygen_handler_openssl.cc

Index: net/base/keygen_handler_openssl.cc
diff --git a/net/base/keygen_handler_openssl.cc b/net/base/keygen_handler_openssl.cc
index ecbd6837560b14d1ab01936c9c4ca1addbc1ccba..0ce87cc90ecedf626eca8e5bf8a64b02cb91f193 100644
--- a/net/base/keygen_handler_openssl.cc
+++ b/net/base/keygen_handler_openssl.cc
@@ -4,14 +4,41 @@
 
 #include "net/base/keygen_handler.h"
 
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+
+#include "base/crypto/rsa_private_key.h"
 #include "base/logging.h"
+#include "base/openssl_util.h"
+#include "base/scoped_ptr.h"
 
 namespace net {
 
 std::string KeygenHandler::GenKeyAndSignChallenge() {
-  // TODO(bulach): implement me.
-  NOTIMPLEMENTED();
-  return "";
+  scoped_ptr<base::RSAPrivateKey> key(
+      base::RSAPrivateKey::Create(key_size_in_bits_));
+  DCHECK(key != NULL);

[bulach, 2010/12/07 10:59:53]

I think we don't normally DCHECK if we're de-referencing right afterwards..

[joth, 2010/12/07 12:11:42]

Done.

+  EVP_PKEY* pkey = key->key();
+
+  if (stores_key_) {
+    // TODO(joth): Add an abstraction for persisting OpenSSL private keys.

[bulach, 2010/12/07 10:59:53]

you may want to update http://crbug.com/64917 and link here

[joth, 2010/12/07 12:11:42]

Done.

+    NOTIMPLEMENTED();
+  }
+
+  base::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki(
+       NETSCAPE_SPKI_new());
+  ASN1_STRING_set(spki.get()->spkac->challenge,
+                  challenge_.data(), challenge_.size());
+  NETSCAPE_SPKI_set_pubkey(spki.get(), pkey);
+  // Using MD5 as this is what is required in HTML5, even though the SPKI
+  // structure does allow the use of a SHA-1 signature.
+  NETSCAPE_SPKI_sign(spki.get(), pkey, EVP_md5());
+  char* spkistr = NETSCAPE_SPKI_b64_encode(spki.get());
+
+  std::string result(spkistr);
+  OPENSSL_free(spkistr);
+
+  return result;
 }
 
 }  // namespace net