OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_platform_key.h" | 5 #include "net/ssl/ssl_platform_key.h" |
6 | 6 |
7 #include <windows.h> | 7 #include <windows.h> |
8 #include <NCrypt.h> | 8 #include <NCrypt.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
11 #include <string> | 11 #include <string> |
12 #include <utility> | 12 #include <utility> |
13 #include <vector> | 13 #include <vector> |
14 | 14 |
15 #include <openssl/bn.h> | 15 #include <openssl/bn.h> |
16 #include <openssl/ecdsa.h> | 16 #include <openssl/ecdsa.h> |
17 #include <openssl/evp.h> | 17 #include <openssl/evp.h> |
18 #include <openssl/x509.h> | 18 #include <openssl/x509.h> |
19 | 19 |
20 #include "base/lazy_instance.h" | 20 #include "base/lazy_instance.h" |
21 #include "base/logging.h" | 21 #include "base/logging.h" |
22 #include "base/macros.h" | 22 #include "base/macros.h" |
23 #include "base/sequenced_task_runner.h" | 23 #include "base/sequenced_task_runner.h" |
24 #include "base/win/windows_version.h" | |
25 #include "crypto/openssl_util.h" | 24 #include "crypto/openssl_util.h" |
26 #include "crypto/scoped_capi_types.h" | 25 #include "crypto/scoped_capi_types.h" |
27 #include "crypto/wincrypt_shim.h" | 26 #include "crypto/wincrypt_shim.h" |
28 #include "net/base/net_errors.h" | 27 #include "net/base/net_errors.h" |
29 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
30 #include "net/ssl/scoped_openssl_types.h" | 29 #include "net/ssl/scoped_openssl_types.h" |
31 #include "net/ssl/ssl_platform_key_task_runner.h" | 30 #include "net/ssl/ssl_platform_key_task_runner.h" |
32 #include "net/ssl/ssl_private_key.h" | 31 #include "net/ssl/ssl_private_key.h" |
33 #include "net/ssl/threaded_ssl_private_key.h" | 32 #include "net/ssl/threaded_ssl_private_key.h" |
34 | 33 |
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
330 SSLPrivateKey::Type key_type; | 329 SSLPrivateKey::Type key_type; |
331 size_t max_length; | 330 size_t max_length; |
332 if (!GetKeyInfo(certificate, &key_type, &max_length)) | 331 if (!GetKeyInfo(certificate, &key_type, &max_length)) |
333 return nullptr; | 332 return nullptr; |
334 | 333 |
335 PCCERT_CONTEXT cert_context = certificate->os_cert_handle(); | 334 PCCERT_CONTEXT cert_context = certificate->os_cert_handle(); |
336 | 335 |
337 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0; | 336 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0; |
338 DWORD key_spec = 0; | 337 DWORD key_spec = 0; |
339 BOOL must_free = FALSE; | 338 BOOL must_free = FALSE; |
340 DWORD flags = 0; | 339 DWORD flags = CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; |
341 if (base::win::GetVersion() >= base::win::VERSION_VISTA) | |
342 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; | |
343 | 340 |
344 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr, | 341 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr, |
345 &prov_or_key, &key_spec, &must_free)) { | 342 &prov_or_key, &key_spec, &must_free)) { |
346 PLOG(WARNING) << "Could not acquire private key"; | 343 PLOG(WARNING) << "Could not acquire private key"; |
347 return nullptr; | 344 return nullptr; |
348 } | 345 } |
349 | 346 |
350 // Should never get a cached handle back - ownership must always be | 347 // Should never get a cached handle back - ownership must always be |
351 // transferred. | 348 // transferred. |
352 CHECK_EQ(must_free, TRUE); | 349 CHECK_EQ(must_free, TRUE); |
353 | 350 |
354 std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate; | 351 std::unique_ptr<ThreadedSSLPrivateKey::Delegate> delegate; |
355 if (key_spec == CERT_NCRYPT_KEY_SPEC) { | 352 if (key_spec == CERT_NCRYPT_KEY_SPEC) { |
356 delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length)); | 353 delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length)); |
357 } else { | 354 } else { |
358 DCHECK(SSLPrivateKey::Type::RSA == key_type); | 355 DCHECK(SSLPrivateKey::Type::RSA == key_type); |
359 delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length)); | 356 delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length)); |
360 } | 357 } |
361 return make_scoped_refptr(new ThreadedSSLPrivateKey( | 358 return make_scoped_refptr(new ThreadedSSLPrivateKey( |
362 std::move(delegate), GetSSLPlatformKeyTaskRunner())); | 359 std::move(delegate), GetSSLPlatformKeyTaskRunner())); |
363 } | 360 } |
364 | 361 |
365 } // namespace net | 362 } // namespace net |
OLD | NEW |