Plumbing SSLPrivateKey

chrome/browser/ui/android/ssl_client_certificate_request.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/android/ssl_client_certificate_request.h"
 
 #include <stddef.h>
 #include <utility>
 
 #include "base/android/jni_array.h"
 #include "base/android/jni_string.h"
 #include "base/android/scoped_java_ref.h"
 #include "base/bind.h"
 #include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "chrome/browser/ssl/ssl_client_certificate_selector.h"
 #include "chrome/browser/ui/android/view_android_helper.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/client_certificate_delegate.h"
 #include "crypto/scoped_openssl_types.h"
 #include "jni/SSLClientCertificateRequest_jni.h"
 #include "net/android/keystore_openssl.h"
 #include "net/base/host_port_pair.h"
 #include "net/cert/cert_database.h"
 #include "net/cert/x509_certificate.h"
-#include "net/ssl/openssl_client_key_store.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_client_cert_type.h"
+#include "net/ssl/ssl_platform_key_android.h"
+#include "net/ssl/ssl_private_key.h"
 #include "ui/android/view_android.h"
 #include "ui/android/window_android.h"
 
 namespace chrome {
 
 namespace {
 
-// Must be called on the I/O thread to record a client certificate
-// and its private key in the OpenSSLClientKeyStore.
-void RecordClientCertificateKey(
-    const scoped_refptr<net::X509Certificate>& client_cert,
-    crypto::ScopedEVP_PKEY private_key) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
-  net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
-      client_cert.get(), private_key.get());
-}
-
 void StartClientCertificateRequest(
     const net::SSLCertRequestInfo* cert_request_info,
     ui::WindowAndroid* window,
     scoped_ptr<content::ClientCertificateDelegate> delegate) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 
   // Build the |key_types| JNI parameter, as a String[]
   std::vector<std::string> key_types;
   for (size_t n = 0; n < cert_request_info->cert_key_types.size(); ++n) {
     switch (cert_request_info->cert_key_types[n]) {
@@ skipping 73 matching lines @@
     const JavaParamRef<jobjectArray>& encoded_chain_ref,
     const JavaParamRef<jobject>& private_key_ref) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 
   // Take back ownership of the delegate object.
   scoped_ptr<content::ClientCertificateDelegate> delegate(
       reinterpret_cast<content::ClientCertificateDelegate*>(request_id));
 
   if (encoded_chain_ref == NULL || private_key_ref == NULL) {
     LOG(ERROR) << "No client certificate selected";
-    delegate->ContinueWithCertificate(nullptr);
+    delegate->ContinueWithCertificate(nullptr, nullptr);
     return;
   }
 
   // Convert the encoded chain to a vector of strings.
   std::vector<std::string> encoded_chain_strings;
   if (encoded_chain_ref) {
     base::android::JavaArrayOfByteArrayToStringVector(
         env, encoded_chain_ref, &encoded_chain_strings);
   }
 
@@ skipping 10 matching lines @@
   }
 
   // Create an EVP_PKEY wrapper for the private key JNI reference.
   crypto::ScopedEVP_PKEY private_key(
       net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref));
   if (!private_key.get()) {
     LOG(ERROR) << "Could not create OpenSSL wrapper for private key";
     return;
   }
 
-  // RecordClientCertificateKey() must be called on the I/O thread,
-  // before the callback is called with the selected certificate on
-  // the UI thread.
-  content::BrowserThread::PostTaskAndReply(
+  scoped_refptr<net::SSLPrivateKey> client_private_key =
+      net::WrapOpenSSLPrivateKey(std::move(private_key));
+
+  content::BrowserThread::PostTask(
       content::BrowserThread::IO, FROM_HERE,
-      base::Bind(&RecordClientCertificateKey, client_cert,
-                 base::Passed(&private_key)),
       base::Bind(&content::ClientCertificateDelegate::ContinueWithCertificate,
-                 base::Owned(delegate.release()), client_cert));
+                 base::Owned(delegate.release()), client_cert,
+                 client_private_key));
 }
 
 static void NotifyClientCertificatesChanged() {
   net::CertDatabase::GetInstance()->OnAndroidKeyStoreChanged();
 }
 
 static void NotifyClientCertificatesChangedOnIOThread(
     JNIEnv* env,
     const JavaParamRef<jclass>&) {
   if (content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)) {
@@ skipping 17 matching lines @@
     net::SSLCertRequestInfo* cert_request_info,
     scoped_ptr<content::ClientCertificateDelegate> delegate) {
   ui::WindowAndroid* window = ViewAndroidHelper::FromWebContents(contents)
       ->GetViewAndroid()->GetWindowAndroid();
   DCHECK(window);
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   StartClientCertificateRequest(cert_request_info, window, std::move(delegate));
 }
 
 }  // namespace chrome