OLD | NEW |
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <secmod.h> | 8 #include <secmod.h> |
9 #include <ssl.h> | 9 #include <ssl.h> |
10 #include <secder.h> // DER_Encode() | 10 #include <secder.h> // DER_Encode() |
11 #include <cryptohi.h> // SEC_DerSignData() | 11 #include <cryptohi.h> // SEC_DerSignData() |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 DERTemplate CERTPublicKeyAndChallengeTemplate[] = { | 44 DERTemplate CERTPublicKeyAndChallengeTemplate[] = { |
45 { DER_SEQUENCE, | 45 { DER_SEQUENCE, |
46 0, NULL, sizeof(CERTPublicKeyAndChallenge) }, | 46 0, NULL, sizeof(CERTPublicKeyAndChallenge) }, |
47 { DER_ANY, | 47 { DER_ANY, |
48 offsetof(CERTPublicKeyAndChallenge, spki), }, | 48 offsetof(CERTPublicKeyAndChallenge, spki), }, |
49 { DER_IA5_STRING, | 49 { DER_IA5_STRING, |
50 offsetof(CERTPublicKeyAndChallenge, challenge), }, | 50 offsetof(CERTPublicKeyAndChallenge, challenge), }, |
51 { 0, } | 51 { 0, } |
52 }; | 52 }; |
53 | 53 |
| 54 void StoreKeyLocationInCache(const SECItem& public_key_info, |
| 55 PK11SlotInfo *slot) { |
| 56 KeygenHandler::Cache* cache = KeygenHandler::Cache::GetInstance(); |
| 57 KeygenHandler::KeyLocation key_location; |
| 58 const char* slot_name = PK11_GetSlotName(slot); |
| 59 key_location.slot_name.assign(slot_name); |
| 60 cache->Insert(std::string(reinterpret_cast<char*>(public_key_info.data), |
| 61 public_key_info.len), key_location); |
| 62 } |
| 63 |
| 64 bool KeygenHandler::KeyLocation::Equals( |
| 65 const net::KeygenHandler::KeyLocation& location) const { |
| 66 return slot_name == location.slot_name; |
| 67 } |
| 68 |
54 // This function is largely copied from the Firefox's | 69 // This function is largely copied from the Firefox's |
55 // <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp | 70 // <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp |
56 // FIXME(gauravsh): Do we need a copy of the Mozilla license here? | 71 // FIXME(gauravsh): Do we need a copy of the Mozilla license here? |
57 | 72 |
58 std::string KeygenHandler::GenKeyAndSignChallenge() { | 73 std::string KeygenHandler::GenKeyAndSignChallenge() { |
59 // Key pair generation mechanism - only RSA is supported at present. | 74 // Key pair generation mechanism - only RSA is supported at present. |
60 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h | 75 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h |
61 | 76 |
62 // Temporary structures used for generating the result | 77 // Temporary structures used for generating the result |
63 // in the right format. | 78 // in the right format. |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
187 | 202 |
188 // Convert the signed public key and challenge into base64/ascii. | 203 // Convert the signed public key and challenge into base64/ascii. |
189 if (!base::Base64Encode(std::string(reinterpret_cast<char*>(signedItem.data), | 204 if (!base::Base64Encode(std::string(reinterpret_cast<char*>(signedItem.data), |
190 signedItem.len), | 205 signedItem.len), |
191 &result_blob)) { | 206 &result_blob)) { |
192 LOG(ERROR) << "Couldn't convert signed public key into base64"; | 207 LOG(ERROR) << "Couldn't convert signed public key into base64"; |
193 isSuccess = false; | 208 isSuccess = false; |
194 goto failure; | 209 goto failure; |
195 } | 210 } |
196 | 211 |
| 212 StoreKeyLocationInCache(spkiItem, slot); |
| 213 |
197 failure: | 214 failure: |
198 if (!isSuccess) { | 215 if (!isSuccess) { |
199 LOG(ERROR) << "SSL Keygen failed!"; | 216 LOG(ERROR) << "SSL Keygen failed!"; |
200 } else { | 217 } else { |
201 LOG(INFO) << "SSl Keygen succeeded!"; | 218 LOG(INFO) << "SSL Keygen succeeded!"; |
202 } | 219 } |
203 | 220 |
204 // Do cleanups | 221 // Do cleanups |
205 if (privateKey) { | 222 if (privateKey) { |
206 if (!isSuccess || !stores_key_) { | |
207 PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID); | |
208 SECKEY_DestroyPrivateKey(privateKey); | |
209 } | |
210 // On successful keygen we need to keep the private key, of course, | 223 // On successful keygen we need to keep the private key, of course, |
211 // or we won't be able to use the client certificate. | 224 // or we won't be able to use the client certificate. |
| 225 if (!isSuccess || !stores_key_) { |
| 226 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); |
| 227 } |
| 228 SECKEY_DestroyPrivateKey(privateKey); |
212 } | 229 } |
213 | 230 |
214 if (publicKey) { | 231 if (publicKey) { |
215 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); | 232 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); |
216 } | 233 } |
217 if (spkInfo) { | 234 if (spkInfo) { |
218 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); | 235 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); |
219 } | 236 } |
220 if (publicKey) { | 237 if (publicKey) { |
221 SECKEY_DestroyPublicKey(publicKey); | 238 SECKEY_DestroyPublicKey(publicKey); |
222 } | 239 } |
223 if (arena) { | 240 if (arena) { |
224 PORT_FreeArena(arena, PR_TRUE); | 241 PORT_FreeArena(arena, PR_TRUE); |
225 } | 242 } |
226 if (slot != NULL) { | 243 if (slot != NULL) { |
227 PK11_FreeSlot(slot); | 244 PK11_FreeSlot(slot); |
228 } | 245 } |
229 if (pkac.challenge.data) { | 246 if (pkac.challenge.data) { |
230 free(pkac.challenge.data); | 247 free(pkac.challenge.data); |
231 } | 248 } |
232 | 249 |
233 return (isSuccess ? result_blob : std::string()); | 250 return (isSuccess ? result_blob : std::string()); |
234 } | 251 } |
235 | 252 |
236 } // namespace net | 253 } // namespace net |
OLD | NEW |