net/base/openssl_private_key_store.cc - Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack

Side by Side Diff: net/base/openssl_private_key_store.cc

Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: address recent nits Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/base/openssl_private_key_store.h ('K') | « net/base/openssl_private_key_store.h ('k') | net/base/openssl_private_key_store_android.cc » ('j') | net/base/openssl_private_key_store_android.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/base/openssl_private_key_store.h"

	6

	7 #include <openssl/evp.h>

	8 #include <openssl/x509.h>

	9

	10 #include "base/memory/scoped_ptr.h"

	11 #include "net/base/x509_certificate.h"

	12

	13 namespace net {

	14

	15 namespace {

	16

	17 typedef OpenSSLPrivateKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
	Ryan Sleevi 2013/02/15 23:53:26 Is this typedef really necessary? You don't use it Is this typedef really necessary? You don't use it consistently between lines 31 and 39. digit1 2013/02/25 14:26:22 Yes, I prefer to use it, and I've fixed line 31 ac Yes, I prefer to use it, and I've fixed line 31 accordinfly.
	18

	19 // Increment the reference count of a given EVP_PKEY. This function

	20 // is not available from the OpenSSL version used by Chromium at the

	21 // moment.

	22 EVP_PKEY* EVP_PKEY_dup(EVP_PKEY* key) {

	23 if (key != NULL)

	24 CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);

	25 return key;

	26 }

	27

	28 // Return the EVP_PKEY holding the public key of a given certificate.

	29 // \|cert\| is a certificate.

	30 // Returns a scoped EVP_PKEY for it.

	31 OpenSSLPrivateKeyStore::ScopedEVP_PKEY GetOpenSSLPublicKey(

	32 const X509Certificate* cert) {

	33 // X509_PUBKEY_get() increments the reference count of its result.

	34 // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.

	35 EVP_PKEY* pkey =

	36 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));

	37 if (!pkey)

	38 LOG(ERROR) << "Can't extract private key from certificate!";

	39 return ScopedEVP_PKEY(pkey);

	40 }

	41

	42 } // namespace

	43

	44 // The constructor and destructor are _not_ inlined intentionally to

	45 // avoid the following Clang build error on the bots:

	46 // error: [chromium-style] Complex constructor has an inlined body.
	Ryan Sleevi 2013/02/15 23:53:26 This comment is unnecessary. This comment is unnecessary. digit1 2013/02/25 14:26:22 I've removed it. I've removed it.
	47 OpenSSLPrivateKeyStore::OpenSSLPrivateKeyStore() {

	48 }

	49

	50 OpenSSLPrivateKeyStore::~OpenSSLPrivateKeyStore() {

	51 }

	52

	53 OpenSSLPrivateKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,

	54 EVP_PKEY* priv_key) {

	55 public_key_ = EVP_PKEY_dup(pub_key);

	56 private_key_ = EVP_PKEY_dup(priv_key);

	57 }

	58

	59 OpenSSLPrivateKeyStore::KeyPair::~KeyPair() {

	60 EVP_PKEY_free(public_key_);

	61 EVP_PKEY_free(private_key_);

	62 }

	63

	64 OpenSSLPrivateKeyStore::KeyPair::KeyPair(const KeyPair& other) {

	65 public_key_ = EVP_PKEY_dup(other.public_key_);

	66 private_key_ = EVP_PKEY_dup(other.private_key_);

	67 }

	68

	69 int OpenSSLPrivateKeyStore::FindKeyPairIndexLocked(EVP_PKEY* public_key) {

	70 if (!public_key)

	71 return -1;

	72 for (size_t n = 0; n < pairs_.size(); ++n) {

	73 if (EVP_PKEY_cmp(pairs_[n].public_key_, public_key) == 1)

	74 return static_cast<int>(n);

	75 }

	76 return -1;

	77 }

	78

	79 void OpenSSLPrivateKeyStore::AddKeyPair(EVP_PKEY* pub_key,

	80 EVP_PKEY* private_key) {

	81 base::AutoLock lock(lock_);

	82 int index = FindKeyPairIndexLocked(pub_key);

	83 if (index < 0)

	84 pairs_.push_back(KeyPair(pub_key, private_key));

	85 }

	86

	87 // Common code for OpenSSLPrivateKeyStore. Shared by all OpenSSL-based

	88 // builds.

	89 bool OpenSSLPrivateKeyStore::RecordClientCertPrivateKey(

	90 const X509Certificate* client_cert, EVP_PKEY* private_key) {

	91 // Sanity check.

	92 if (client_cert == NULL \|\| private_key == NULL)

	93 return false;

	94

	95 // Get public key from certificate.

	96 ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));

	97 if (!pub_key.get())

	98 return false;

	99

	100 AddKeyPair(pub_key.get(), private_key);

	101 return true;

	102 }

	103

	104 bool OpenSSLPrivateKeyStore::FetchClientCertPrivateKey(

	105 const X509Certificate* client_cert,

	106 ScopedEVP_PKEY* private_key) {

	107 if (!client_cert)

	108 return false;

	109

	110 ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));

	111 if (!pub_key.get())

	112 return false;

	113

	114 base::AutoLock lock(lock_);

	115 int index = FindKeyPairIndexLocked(pub_key.get());

	116 if (index < 0)

	117 return false;

	118

	119 ScopedEVP_PKEY result(EVP_PKEY_dup(pairs_[index].private_key_));

	120 private_key->swap(result);

	121 return true;

	122 }

	123

	124 void OpenSSLPrivateKeyStore::Flush() {

	125 base::AutoLock lock(lock_);

	126 pairs_.clear();

	127 }

	128

	129 } // namespace net

	130

	131

OLD	NEW