net/base/openssl_client_key_store.cc - Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack

Side by Side Diff: net/base/openssl_client_key_store.cc

Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Fix linux_redux build. Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "net/base/openssl_client_key_store.h"

	6

	7 #include <openssl/evp.h>

	8 #include <openssl/x509.h>

	9

	10 #include "base/memory/scoped_ptr.h"

	11 #include "base/memory/singleton.h"

	12 #include "net/base/x509_certificate.h"

	13

	14 namespace net {

	15

	16 namespace {

	17

	18 typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;

	19

	20 // Increment the reference count of a given EVP_PKEY. This function

	21 // is similar to EVP_PKEY_dup which is not available from the OpenSSL

	22 // version used by Chromium at the moment. Its name is distinct to

	23 // avoid compiler warnings about ambiguous function calls at caller

	24 // sites.

	25 EVP_PKEY* CopyEVP_PKEY(EVP_PKEY* key) {

	26 if (key != NULL)
	Ryan Sleevi 2013/02/27 01:08:20 nit: if (key) nit: if (key) digit1 2013/02/27 10:24:27 Done. Show quoted text On 2013/02/27 01:08:20, Ryan Sleevi wrote: > nit: if (key) Done.
	27 CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);

	28 return key;

	29 }

	30

	31 // Return the EVP_PKEY holding the public key of a given certificate.

	32 // \|cert\| is a certificate.

	33 // Returns a scoped EVP_PKEY for it.

	34 ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {

	35 // X509_PUBKEY_get() increments the reference count of its result.

	36 // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.

	37 EVP_PKEY* pkey =

	38 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));

	39 if (!pkey)

	40 LOG(ERROR) << "Can't extract private key from certificate!";

	41 return ScopedEVP_PKEY(pkey);

	42 }

	43

	44 } // namespace

	45

	46 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {

	47 }

	48

	49 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {

	50 }

	51

	52 OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,

	53 EVP_PKEY* priv_key) {

	54 public_key_ = CopyEVP_PKEY(pub_key);

	55 private_key_ = CopyEVP_PKEY(priv_key);

	56 }

	57

	58 OpenSSLClientKeyStore::KeyPair::~KeyPair() {

	59 EVP_PKEY_free(public_key_);

	60 EVP_PKEY_free(private_key_);

	61 }

	62

	63 OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other) {

	64 public_key_ = CopyEVP_PKEY(other.public_key_);

	65 private_key_ = CopyEVP_PKEY(other.private_key_);

	66 }

	67

	68 int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {

	69 if (!public_key)

	70 return -1;

	71 for (size_t n = 0; n < pairs_.size(); ++n) {

	72 if (EVP_PKEY_cmp(pairs_[n].public_key_, public_key) == 1)

	73 return static_cast<int>(n);

	74 }

	75 return -1;

	76 }

	77

	78 void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,

	79 EVP_PKEY* private_key) {

	80 int index = FindKeyPairIndex(pub_key);

	81 if (index < 0)

	82 pairs_.push_back(KeyPair(pub_key, private_key));

	83 }

	84

	85 // Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based

	86 // builds.

	87 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(

	88 const X509Certificate* client_cert, EVP_PKEY* private_key) {
	Ryan Sleevi 2013/02/27 01:08:20 nit: Chromium style is to add a line break after c nit: Chromium style is to add a line break after client_cert, per http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Functi... also consistent with the rest of this file digit1 2013/02/27 10:24:27 Done. Show quoted text On 2013/02/27 01:08:20, Ryan Sleevi wrote: > nit: Chromium style is to add a line break after client_cert, per > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Functi... > > also consistent with the rest of this file Done.
	89 // Sanity check.

	90 if (client_cert == NULL \|\| private_key == NULL)
	Ryan Sleevi 2013/02/27 01:08:20 nit: if (!client_cert \|\| !private_key) [consistent nit: if (!client_cert \|\| !private_key) [consistent with the rest of this file] digit1 2013/02/27 10:24:27 Done. Show quoted text On 2013/02/27 01:08:20, Ryan Sleevi wrote: > nit: if (!client_cert \|\| !private_key) [consistent with the rest of this file] Done.
	91 return false;

	92

	93 // Get public key from certificate.

	94 ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));

	95 if (!pub_key.get())

	96 return false;

	97

	98 AddKeyPair(pub_key.get(), private_key);

	99 return true;

	100 }

	101

	102 bool OpenSSLClientKeyStore::FetchClientCertPrivateKey(

	103 const X509Certificate* client_cert,

	104 ScopedEVP_PKEY* private_key) {

	105 if (!client_cert)

	106 return false;

	107

	108 ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));

	109 if (!pub_key.get())

	110 return false;

	111

	112 int index = FindKeyPairIndex(pub_key.get());

	113 if (index < 0)

	114 return false;

	115

	116 ScopedEVP_PKEY result(CopyEVP_PKEY(pairs_[index].private_key_));

	117 private_key->swap(result);
	Ryan Sleevi 2013/02/27 01:08:20 Why create a temp and swap? Why not just directly Why create a temp and swap? Why not just directly .reset() ? digit1 2013/02/27 10:24:27 I've changed it to use reset() instead. I've changed it to use reset() instead.
	118 return true;

	119 }

	120

	121 void OpenSSLClientKeyStore::Flush() {

	122 pairs_.clear();

	123 }

	124

	125 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {

	126 return Singleton<OpenSSLClientKeyStore>::get();

	127 }

	128

	129 } // namespace net

	130

	131

OLD	NEW