Chromium Code Reviews Chromium Code Reviews
Issue 1304143010:
Plumbing SSLPrivateKey
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_platform_key.h" | 5 #include "net/ssl/ssl_platform_key.h" |
| 6 | 6 |
| 7 #include <keyhi.h> | 7 #include <keyhi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 #include <prerror.h> | 9 #include <prerror.h> |
| 10 | 10 |
| 11 #include <openssl/bn.h> | 11 #include <openssl/bn.h> |
| 12 #include <openssl/ecdsa.h> | 12 #include <openssl/ecdsa.h> |
| 13 #include <openssl/rsa.h> | 13 #include <openssl/rsa.h> |
| 14 | 14 |
| 15 #include "base/logging.h" | 15 #include "base/logging.h" |
| 16 #include "base/macros.h" | 16 #include "base/macros.h" |
| 17 #include "base/sequenced_task_runner.h" | 17 #include "base/sequenced_task_runner.h" |
| 18 #include "base/stl_util.h" | 18 #include "base/stl_util.h" |
| 19 #include "crypto/scoped_nss_types.h" | 19 #include "crypto/scoped_nss_types.h" |
| 20 #include "crypto/scoped_openssl_types.h" | 20 #include "crypto/scoped_openssl_types.h" |
| 21 #include "net/cert/x509_certificate.h" | 21 #include "net/cert/x509_certificate.h" |
| 22 #include "net/ssl/client_key_store.h" | 22 #include "net/ssl/client_key_store.h" |
| 23 #include "net/ssl/ssl_private_key.h" | 23 #include "net/ssl/ssl_private_key.h" |
| 24 #include "net/ssl/threaded_ssl_private_key.h" | 24 #include "net/ssl/threaded_ssl_private_key.h" |
| 25 | 25 |
| 26 namespace net { | 26 namespace net { |
| 27 | 27 |
| 28 namespace { | 28 namespace { |
| 29 | 29 |
| 30 base::LazyInstance<SSLPlatformKeyTaskRunner>::Leaky g_platform_key_task_runner = | |
| 31 LAZY_INSTANCE_INITIALIZER; | |
| 32 | |
| 30 void LogPRError() { | 33 void LogPRError() { |
| 31 PRErrorCode err = PR_GetError(); | 34 PRErrorCode err = PR_GetError(); |
| 32 const char* err_name = PR_ErrorToName(err); | 35 const char* err_name = PR_ErrorToName(err); |
| 33 if (err_name == nullptr) | 36 if (err_name == nullptr) |
| 34 err_name = ""; | 37 err_name = ""; |
| 35 LOG(ERROR) << "Could not sign digest: " << err << " (" << err_name << ")"; | 38 LOG(ERROR) << "Could not sign digest: " << err << " (" << err_name << ")"; |
| 36 } | 39 } |
| 37 | 40 |
| 38 class SSLPlatformKeyNSS : public ThreadedSSLPrivateKey::Delegate { | 41 class SSLPlatformKeyNSS : public ThreadedSSLPrivateKey::Delegate { |
| 39 public: | 42 public: |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 147 | 150 |
| 148 private: | 151 private: |
| 149 SSLPrivateKey::Type type_; | 152 SSLPrivateKey::Type type_; |
| 150 crypto::ScopedSECKEYPrivateKey key_; | 153 crypto::ScopedSECKEYPrivateKey key_; |
| 151 | 154 |
| 152 DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyNSS); | 155 DISALLOW_COPY_AND_ASSIGN(SSLPlatformKeyNSS); |
| 153 }; | 156 }; |
| 154 | 157 |
| 155 } // namespace | 158 } // namespace |
| 156 | 159 |
| 157 scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey( | 160 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( |
| 158 X509Certificate* certificate, | 161 X509Certificate* certificate) { |
| 159 scoped_refptr<base::SequencedTaskRunner> task_runner) { | 162 if (!certificate || !certificate->os_cert_handle()) { |
|
davidben
2015/09/25 20:10:12
Ditto about handling in caller.
(I don't think os
svaldez
2015/09/28 16:54:53
The handle could theoretically be closed or destru
davidben
2015/10/13 20:32:15
But the handle is owned by the X509Certificate. We
svaldez
2015/10/14 15:06:18
Its only owned insofar as we have a pointer to the
| |
| 163 return nullptr; | |
| 164 } | |
| 165 LOG(ERROR) << "Cert: " << certificate << "\n"; | |
| 166 LOG(ERROR) << "Cert Handle: " << certificate->os_cert_handle() << "\n"; | |
|
davidben
2015/09/25 20:10:12
Probably want to drop these two.
svaldez
2015/09/28 16:54:53
Done.
| |
| 167 | |
| 160 crypto::ScopedSECKEYPrivateKey key( | 168 crypto::ScopedSECKEYPrivateKey key( |
| 161 PK11_FindKeyByAnyCert(certificate->os_cert_handle(), nullptr)); | 169 PK11_FindKeyByAnyCert(certificate->os_cert_handle(), nullptr)); |
| 162 if (!key) { | 170 if (!key) { |
| 163 return ClientKeyStore::GetInstance()->FetchClientCertPrivateKey( | 171 return ClientKeyStore::GetInstance()->FetchClientCertPrivateKey( |
| 164 *certificate); | 172 *certificate); |
| 165 } | 173 } |
| 166 | 174 |
| 167 KeyType nss_type = SECKEY_GetPrivateKeyType(key.get()); | 175 KeyType nss_type = SECKEY_GetPrivateKeyType(key.get()); |
| 168 SSLPrivateKey::Type type; | 176 SSLPrivateKey::Type type; |
| 169 switch (nss_type) { | 177 switch (nss_type) { |
| 170 case rsaKey: | 178 case rsaKey: |
| 171 type = SSLPrivateKey::Type::RSA; | 179 type = SSLPrivateKey::Type::RSA; |
| 172 break; | 180 break; |
| 173 case ecKey: | 181 case ecKey: |
| 174 type = SSLPrivateKey::Type::ECDSA; | 182 type = SSLPrivateKey::Type::ECDSA; |
| 175 break; | 183 break; |
| 176 default: | 184 default: |
| 177 LOG(ERROR) << "Unknown key type: " << nss_type; | 185 LOG(ERROR) << "Unknown key type: " << nss_type; |
| 178 return nullptr; | 186 return nullptr; |
| 179 } | 187 } |
| 180 return make_scoped_ptr(new ThreadedSSLPrivateKey( | 188 return make_scoped_refptr(new ThreadedSSLPrivateKey( |
| 181 make_scoped_ptr(new SSLPlatformKeyNSS(type, key.Pass())), | 189 make_scoped_ptr(new SSLPlatformKeyNSS(type, key.Pass())), |
| 182 task_runner.Pass())); | 190 g_platform_key_task_runner.Get().task_runner().Pass())); |
| 183 } | 191 } |
| 184 | 192 |
| 185 } // namespace net | 193 } // namespace net |
| OLD | NEW |
