net/ssl/ssl_platform_key_win.cc - Issue 1304143010: Plumbing SSLPrivateKey

Side by Side Diff: net/ssl/ssl_platform_key_win.cc

Issue 1304143010: Plumbing SSLPrivateKey Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixing unused function in Android. Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/ssl_platform_key.h"	5 #include "net/ssl/ssl_platform_key.h"

6	6

7 #include <windows.h>	7 #include <windows.h>

8 #include <NCrypt.h>	8 #include <NCrypt.h>

9	9

10 #include <algorithm>	10 #include <algorithm>

11 #include <string>	11 #include <string>

12 #include <vector>	12 #include <vector>

13	13

14 #include <openssl/bn.h>	14 #include <openssl/bn.h>

15 #include <openssl/ecdsa.h>	15 #include <openssl/ecdsa.h>

16 #include <openssl/evp.h>	16 #include <openssl/evp.h>

17 #include <openssl/x509.h>	17 #include <openssl/x509.h>

18	18

19 #include "base/lazy_instance.h"
davidben 2015/10/13 20:32:16 Still needed for this file. Still needed for this file. svaldez 2015/10/14 15:06:19 Done. Show quoted text On 2015/10/13 20:32:16, David Benjamin wrote: > Still needed for this file. Done.
20 #include "base/logging.h"	19 #include "base/logging.h"

21 #include "base/macros.h"	20 #include "base/macros.h"

22 #include "base/sequenced_task_runner.h"	21 #include "base/sequenced_task_runner.h"

23 #include "base/stl_util.h"	22 #include "base/stl_util.h"

24 #include "base/win/windows_version.h"	23 #include "base/win/windows_version.h"

25 #include "crypto/openssl_util.h"	24 #include "crypto/openssl_util.h"

26 #include "crypto/scoped_capi_types.h"	25 #include "crypto/scoped_capi_types.h"

27 #include "crypto/wincrypt_shim.h"	26 #include "crypto/wincrypt_shim.h"

28 #include "net/base/net_errors.h"	27 #include "net/base/net_errors.h"

29 #include "net/cert/x509_certificate.h"	28 #include "net/cert/x509_certificate.h"

30 #include "net/ssl/scoped_openssl_types.h"	29 #include "net/ssl/scoped_openssl_types.h"

	30 #include "net/ssl/ssl_platform_key_task_runner.h"

31 #include "net/ssl/ssl_private_key.h"	31 #include "net/ssl/ssl_private_key.h"

32 #include "net/ssl/threaded_ssl_private_key.h"	32 #include "net/ssl/threaded_ssl_private_key.h"

33	33

34 namespace net {	34 namespace net {

35	35

36 namespace {	36 namespace {

37	37

38 using NCryptFreeObjectFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_HANDLE);	38 using NCryptFreeObjectFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_HANDLE);

39 using NCryptSignHashFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_KEY_HANDLE, // hKey	39 using NCryptSignHashFunc = SECURITY_STATUS(WINAPI*)(NCRYPT_KEY_HANDLE, // hKey

40 VOID*, // pPaddingInfo	40 VOID*, // pPaddingInfo

(...skipping 269 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
310 break;	310 break;

311 default:	311 default:

312 return false;	312 return false;

313 }	313 }

314 *out_max_length = EVP_PKEY_size(key.get());	314 *out_max_length = EVP_PKEY_size(key.get());

315 return true;	315 return true;

316 }	316 }

317	317

318 } // namespace	318 } // namespace

319	319

320 scoped_ptr<SSLPrivateKey> FetchClientCertPrivateKey(	320 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(

321 X509Certificate* certificate,	321 X509Certificate* certificate) {

322 scoped_refptr<base::SequencedTaskRunner> task_runner) {	322 if (!certificate) {

	323 return nullptr;

	324 }

	325

323 // Rather than query the private key for metadata, extract the public key from	326 // Rather than query the private key for metadata, extract the public key from

324 // the certificate without using Windows APIs. CAPI and CNG do not	327 // the certificate without using Windows APIs. CAPI and CNG do not

325 // consistently work depending on the system. See https://crbug.com/468345.	328 // consistently work depending on the system. See https://crbug.com/468345.

326 SSLPrivateKey::Type key_type;	329 SSLPrivateKey::Type key_type;

327 size_t max_length;	330 size_t max_length;

328 if (!GetKeyInfo(certificate, &key_type, &max_length))	331 if (!GetKeyInfo(certificate, &key_type, &max_length))

329 return nullptr;	332 return nullptr;

330	333

331 PCCERT_CONTEXT cert_context = certificate->os_cert_handle();	334 PCCERT_CONTEXT cert_context = certificate->os_cert_handle();

332	335

(...skipping 14 matching lines...) Expand all Loading...
347 // transferred.	350 // transferred.

348 CHECK_EQ(must_free, TRUE);	351 CHECK_EQ(must_free, TRUE);

349	352

350 scoped_ptr<ThreadedSSLPrivateKey::Delegate> delegate;	353 scoped_ptr<ThreadedSSLPrivateKey::Delegate> delegate;

351 if (key_spec == CERT_NCRYPT_KEY_SPEC) {	354 if (key_spec == CERT_NCRYPT_KEY_SPEC) {

352 delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length));	355 delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length));

353 } else {	356 } else {

354 DCHECK(SSLPrivateKey::Type::RSA == key_type);	357 DCHECK(SSLPrivateKey::Type::RSA == key_type);

355 delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length));	358 delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length));

356 }	359 }

357 return make_scoped_ptr(	360 return make_scoped_refptr(new ThreadedSSLPrivateKey(

358 new ThreadedSSLPrivateKey(delegate.Pass(), task_runner.Pass()));	361 delegate.Pass(), GetSSLPlatformKeyTaskRunner()));

359 }	362 }

360	363

361 } // namespace net	364 } // namespace net

OLD	NEW

« net/ssl/ssl_platform_key.h ('K') | « net/ssl/ssl_platform_key_task_runner.cc ('k') | net/ssl/ssl_private_key.h » ('j') | no next file with comments »