Wire up SSL client authentication for OpenSSL/Android through the net/ stack

net/base/openssl_private_key_store_android.cc

Index: net/base/openssl_private_key_store_android.cc
diff --git a/net/base/openssl_private_key_store_android.cc b/net/base/openssl_private_key_store_android.cc
index 4bf1f3fedcb555fd316acfa0a183f0972079146b..59c5e4d593adf29313d5f88f8e647d77aab685e4 100644
--- a/net/base/openssl_private_key_store_android.cc
+++ b/net/base/openssl_private_key_store_android.cc
@@ -9,18 +9,31 @@
 
 #include "base/logging.h"
 #include "base/memory/singleton.h"
-#include "crypto/openssl_util.h"
 #include "net/android/network_library.h"
 
 namespace net {
 
 namespace {
 
+// Android-specific implementation of OpenSSLPrivateKeyStore.
+// This uses platform APIs to store the private/public keygened
+// pair to the system's keychain.
 class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {

[ppi, 2013/02/15 19:54:46]

Suggestion: We might want to name this class OpenSSL>Private<KeyStoreAndroid to
match the file name and emphasize the inheritance from the base class.

[Ryan Sleevi, 2013/02/15 23:53:26]

Yes, the class name needs to match the filename.

[digit1, 2013/02/25 14:26:22]

I've renamed the class.

  public:
-  ~OpenSSLKeyStoreAndroid() {}
+  OpenSSLKeyStoreAndroid() {}
+
+  virtual ~OpenSSLKeyStoreAndroid() {}
 
-  virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) {
+  static OpenSSLKeyStoreAndroid* GetInstance() {
+    // A leaky singleton is needed because the keystore is called from
+    // a non-joinable thread that may be running after shutdown.
+    typedef LeakySingletonTraits<OpenSSLKeyStoreAndroid>

[digit1, 2013/02/25 14:26:22]

With the move to single-threaded store implementation, a leaky singleton doesn't
seem necessary anymore, so I've changed this to a simple Singleton.

+        OpenSSLKeyStoreAndroidLeakyTraits;
+    return Singleton
+        <OpenSSLKeyStoreAndroid, OpenSSLKeyStoreAndroidLeakyTraits>::get();
+  }
+
+  virtual bool StoreKeyPair(const GURL& url, EVP_PKEY* pkey) OVERRIDE {
     // Always clear openssl errors on exit.
     crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
 
@@ -45,34 +58,14 @@ class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {
             static_cast<const uint8*>(public_key), public_len,
             static_cast<const uint8*>(private_key), private_len);
     }
-    LOG_IF(ERROR, !ret) << "StorePrivateKey failed. pub len = " << public_len
+    LOG_IF(ERROR, !ret) << "StoreKeyPair failed. pub len = " << public_len
                         << " priv len = " << private_len;
     OPENSSL_free(public_key);
     OPENSSL_free(private_key);
     return ret;
   }
 
-  virtual EVP_PKEY* FetchPrivateKey(EVP_PKEY* pkey) {
-    // TODO(joth): Implement when client authentication is required.
-    NOTIMPLEMENTED();
-    return NULL;
-  }
-
-  static OpenSSLKeyStoreAndroid* GetInstance() {
-    // Leak the OpenSSL key store as it is used from a non-joinable worker
-    // thread that may still be running at shutdown.
-    return Singleton<
-        OpenSSLKeyStoreAndroid,
-        OpenSSLKeyStoreAndroidLeakyTraits>::get();
-  }
-
  private:
-  friend struct DefaultSingletonTraits<OpenSSLKeyStoreAndroid>;
-  typedef LeakySingletonTraits<OpenSSLKeyStoreAndroid>
-      OpenSSLKeyStoreAndroidLeakyTraits;
-
-  OpenSSLKeyStoreAndroid() {}
-
   DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyStoreAndroid);
 };