OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <secmod.h> | 8 #include <secmod.h> |
9 #include <ssl.h> | 9 #include <ssl.h> |
10 #include <secder.h> // DER_Encode() | 10 #include <secder.h> // DER_Encode() |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 DERTemplate CERTPublicKeyAndChallengeTemplate[] = { | 44 DERTemplate CERTPublicKeyAndChallengeTemplate[] = { |
45 { DER_SEQUENCE, | 45 { DER_SEQUENCE, |
46 0, NULL, sizeof(CERTPublicKeyAndChallenge) }, | 46 0, NULL, sizeof(CERTPublicKeyAndChallenge) }, |
47 { DER_ANY, | 47 { DER_ANY, |
48 offsetof(CERTPublicKeyAndChallenge, spki), }, | 48 offsetof(CERTPublicKeyAndChallenge, spki), }, |
49 { DER_IA5_STRING, | 49 { DER_IA5_STRING, |
50 offsetof(CERTPublicKeyAndChallenge, challenge), }, | 50 offsetof(CERTPublicKeyAndChallenge, challenge), }, |
51 { 0, } | 51 { 0, } |
52 }; | 52 }; |
53 | 53 |
| 54 bool KeygenHandler::KeyLocation::Equals( |
| 55 const net::KeygenHandler::KeyLocation& location) const { |
| 56 return slot_name == location.slot_name; |
| 57 } |
| 58 |
54 // This function is largely copied from the Firefox's | 59 // This function is largely copied from the Firefox's |
55 // <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp | 60 // <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp |
56 // FIXME(gauravsh): Do we need a copy of the Mozilla license here? | 61 // FIXME(gauravsh): Do we need a copy of the Mozilla license here? |
57 | 62 |
58 std::string KeygenHandler::GenKeyAndSignChallenge() { | 63 std::string KeygenHandler::GenKeyAndSignChallenge() { |
59 // Key pair generation mechanism - only RSA is supported at present. | 64 // Key pair generation mechanism - only RSA is supported at present. |
60 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h | 65 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h |
61 | 66 |
62 // Temporary structures used for generating the result | 67 // Temporary structures used for generating the result |
63 // in the right format. | 68 // in the right format. |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
191 &result_blob)) { | 196 &result_blob)) { |
192 LOG(ERROR) << "Couldn't convert signed public key into base64"; | 197 LOG(ERROR) << "Couldn't convert signed public key into base64"; |
193 isSuccess = false; | 198 isSuccess = false; |
194 goto failure; | 199 goto failure; |
195 } | 200 } |
196 | 201 |
197 failure: | 202 failure: |
198 if (!isSuccess) { | 203 if (!isSuccess) { |
199 LOG(ERROR) << "SSL Keygen failed!"; | 204 LOG(ERROR) << "SSL Keygen failed!"; |
200 } else { | 205 } else { |
201 LOG(INFO) << "SSl Keygen succeeded!"; | 206 LOG(INFO) << "SSL Keygen succeeded!"; |
| 207 |
| 208 Cache* cache = KeyCache::GetInstance(); |
| 209 Location location; |
| 210 const char* slot_name = PK11_GetSlotName(slot); |
| 211 location.slot_name.assign(slot_name); |
| 212 |
| 213 cache->Insert(std::string(reinterpret_cast<char*>(spkiItem.data), |
| 214 spkiItem.len), location); |
| 215 |
202 } | 216 } |
203 | 217 |
204 // Do cleanups | 218 // Do cleanups |
205 if (privateKey) { | 219 if (privateKey) { |
206 if (!isSuccess || !stores_key_) { | |
207 PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID); | |
208 SECKEY_DestroyPrivateKey(privateKey); | |
209 } | |
210 // On successful keygen we need to keep the private key, of course, | 220 // On successful keygen we need to keep the private key, of course, |
211 // or we won't be able to use the client certificate. | 221 // or we won't be able to use the client certificate. |
| 222 if (!isSuccess || !stores_key_) |
| 223 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); |
| 224 SECKEY_DestroyPrivateKey(privateKey); |
212 } | 225 } |
213 | 226 |
214 if (publicKey) { | 227 if (publicKey) { |
215 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); | 228 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); |
216 } | 229 } |
217 if (spkInfo) { | 230 if (spkInfo) { |
218 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); | 231 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); |
219 } | 232 } |
220 if (publicKey) { | 233 if (publicKey) { |
221 SECKEY_DestroyPublicKey(publicKey); | 234 SECKEY_DestroyPublicKey(publicKey); |
222 } | 235 } |
223 if (arena) { | 236 if (arena) { |
224 PORT_FreeArena(arena, PR_TRUE); | 237 PORT_FreeArena(arena, PR_TRUE); |
225 } | 238 } |
226 if (slot != NULL) { | 239 if (slot != NULL) { |
227 PK11_FreeSlot(slot); | 240 PK11_FreeSlot(slot); |
228 } | 241 } |
229 if (pkac.challenge.data) { | 242 if (pkac.challenge.data) { |
230 free(pkac.challenge.data); | 243 free(pkac.challenge.data); |
231 } | 244 } |
232 | 245 |
233 return (isSuccess ? result_blob : std::string()); | 246 return (isSuccess ? result_blob : std::string()); |
234 } | 247 } |
235 | 248 |
236 } // namespace net | 249 } // namespace net |
OLD | NEW |