net/base/openssl_private_key_store_android.cc - Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack

Side by Side Diff: net/base/openssl_private_key_store_android.cc

Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: address recent nits Created 7 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/base/openssl_private_key_store.cc ('K') | « net/base/openssl_private_key_store.cc ('k') | net/base/openssl_private_key_store_unittest.cc » ('j') | net/base/openssl_private_key_store_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/openssl_private_key_store.h"	5 #include "net/base/openssl_private_key_store.h"

6	6

7 #include <openssl/evp.h>	7 #include <openssl/evp.h>

8 #include <openssl/x509.h>	8 #include <openssl/x509.h>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

11 #include "base/memory/singleton.h"	11 #include "base/memory/singleton.h"

12 #include "crypto/openssl_util.h"

13 #include "net/android/network_library.h"	12 #include "net/android/network_library.h"

14	13

15 namespace net {	14 namespace net {

16	15

17 namespace {	16 namespace {

18	17

	18 // Android-specific implementation of OpenSSLPrivateKeyStore.

	19 // This uses platform APIs to store the private/public keygened

	20 // pair to the system's keychain.

19 class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {	21 class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {
	ppi 2013/02/15 19:54:46 Suggestion: We might want to name this class OpenS Suggestion: We might want to name this class OpenSSL>Private<KeyStoreAndroid to match the file name and emphasize the inheritance from the base class. Ryan Sleevi 2013/02/15 23:53:26 Yes, the class name needs to match the filename. Show quoted text On 2013/02/15 19:54:46, ppi wrote: > Suggestion: We might want to name this class OpenSSL>Private<KeyStoreAndroid to > match the file name and emphasize the inheritance from the base class. Yes, the class name needs to match the filename. digit1 2013/02/25 14:26:22 I've renamed the class. I've renamed the class.
20 public:	22 public:

21 ~OpenSSLKeyStoreAndroid() {}	23 OpenSSLKeyStoreAndroid() {}

22	24

23 virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) {	25 virtual ~OpenSSLKeyStoreAndroid() {}

	26

	27 static OpenSSLKeyStoreAndroid* GetInstance() {

	28 // A leaky singleton is needed because the keystore is called from

	29 // a non-joinable thread that may be running after shutdown.

	30 typedef LeakySingletonTraits<OpenSSLKeyStoreAndroid>
	digit1 2013/02/25 14:26:22 With the move to single-threaded store implementat With the move to single-threaded store implementation, a leaky singleton doesn't seem necessary anymore, so I've changed this to a simple Singleton.
	31 OpenSSLKeyStoreAndroidLeakyTraits;

	32 return Singleton

	33 <OpenSSLKeyStoreAndroid, OpenSSLKeyStoreAndroidLeakyTraits>::get();

	34 }

	35

	36 virtual bool StoreKeyPair(const GURL& url, EVP_PKEY* pkey) OVERRIDE {

24 // Always clear openssl errors on exit.	37 // Always clear openssl errors on exit.

25 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);	38 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);

26	39

27 // Important: Do not use i2d_PublicKey() here, which returns data in	40 // Important: Do not use i2d_PublicKey() here, which returns data in

28 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded	41 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded

29 // SubjectPublicKeyInfo (X.509), as expected by the platform.	42 // SubjectPublicKeyInfo (X.509), as expected by the platform.

30 unsigned char* public_key = NULL;	43 unsigned char* public_key = NULL;

31 int public_len = i2d_PUBKEY(pkey, &public_key);	44 int public_len = i2d_PUBKEY(pkey, &public_key);

32	45

33 // Important: Do not use i2d_PrivateKey() here, it returns data	46 // Important: Do not use i2d_PrivateKey() here, it returns data

34 // in a format that is incompatible with what the platform expects.	47 // in a format that is incompatible with what the platform expects.

35 unsigned char* private_key = NULL;	48 unsigned char* private_key = NULL;

36 int private_len = 0;	49 int private_len = 0;

37 crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,	50 crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,

38 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));	51 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));

39 if (pkcs8.get() != NULL) {	52 if (pkcs8.get() != NULL) {

40 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);	53 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);

41 }	54 }

42 bool ret = false;	55 bool ret = false;

43 if (public_len > 0 && private_len > 0) {	56 if (public_len > 0 && private_len > 0) {

44 ret = net::android::StoreKeyPair(	57 ret = net::android::StoreKeyPair(

45 static_cast<const uint8*>(public_key), public_len,	58 static_cast<const uint8*>(public_key), public_len,

46 static_cast<const uint8*>(private_key), private_len);	59 static_cast<const uint8*>(private_key), private_len);

47 }	60 }

48 LOG_IF(ERROR, !ret) << "StorePrivateKey failed. pub len = " << public_len	61 LOG_IF(ERROR, !ret) << "StoreKeyPair failed. pub len = " << public_len

49 << " priv len = " << private_len;	62 << " priv len = " << private_len;

50 OPENSSL_free(public_key);	63 OPENSSL_free(public_key);

51 OPENSSL_free(private_key);	64 OPENSSL_free(private_key);

52 return ret;	65 return ret;

53 }	66 }

54	67

55 virtual EVP_PKEY* FetchPrivateKey(EVP_PKEY* pkey) {

56 // TODO(joth): Implement when client authentication is required.

57 NOTIMPLEMENTED();

58 return NULL;

59 }

60

61 static OpenSSLKeyStoreAndroid* GetInstance() {

62 // Leak the OpenSSL key store as it is used from a non-joinable worker

63 // thread that may still be running at shutdown.

64 return Singleton<

65 OpenSSLKeyStoreAndroid,

66 OpenSSLKeyStoreAndroidLeakyTraits>::get();

67 }

68

69 private:	68 private:

70 friend struct DefaultSingletonTraits<OpenSSLKeyStoreAndroid>;

71 typedef LeakySingletonTraits<OpenSSLKeyStoreAndroid>

72 OpenSSLKeyStoreAndroidLeakyTraits;

73

74 OpenSSLKeyStoreAndroid() {}

75

76 DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyStoreAndroid);	69 DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyStoreAndroid);

77 };	70 };

78	71

79 } // namespace	72 } // namespace

80	73

81 OpenSSLPrivateKeyStore* OpenSSLPrivateKeyStore::GetInstance() {	74 OpenSSLPrivateKeyStore* OpenSSLPrivateKeyStore::GetInstance() {

82 return OpenSSLKeyStoreAndroid::GetInstance();	75 return OpenSSLKeyStoreAndroid::GetInstance();

83 }	76 }

84	77

85 } // namespace net	78 } // namespace net

OLD	NEW