| Index: net/ssl/openssl_client_key_store.cc
|
| diff --git a/net/ssl/openssl_client_key_store.cc b/net/ssl/openssl_client_key_store.cc
|
| index fb1b172a71ad67d231856717ac7f932e2830cc6f..c92f941ddf9cca2fcdcc9da75d013c025881f459 100644
|
| --- a/net/ssl/openssl_client_key_store.cc
|
| +++ b/net/ssl/openssl_client_key_store.cc
|
| @@ -5,124 +5,85 @@
|
| #include "net/ssl/openssl_client_key_store.h"
|
|
|
| #include <openssl/evp.h>
|
| +#include <openssl/mem.h>
|
| #include <openssl/x509.h>
|
|
|
| -#include <algorithm>
|
| -#include <memory>
|
| +#include <utility>
|
|
|
| #include "base/memory/singleton.h"
|
| +#include "crypto/auto_cbb.h"
|
| +#include "crypto/scoped_openssl_types.h"
|
| #include "net/cert/x509_certificate.h"
|
| +#include "net/ssl/ssl_private_key.h"
|
|
|
| namespace net {
|
|
|
| namespace {
|
|
|
| -// Return the EVP_PKEY holding the public key of a given certificate.
|
| -// |cert| is a certificate.
|
| -// Returns a scoped EVP_PKEY for it.
|
| -crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
|
| - // X509_PUBKEY_get() increments the reference count of its result.
|
| - // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
|
| - EVP_PKEY* pkey =
|
| - X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
|
| - if (!pkey)
|
| +// Serializes the SubjectPublicKeyInfo for |cert|.
|
| +bool GetCertificateSPKI(const X509Certificate* cert, std::string* spki) {
|
| + crypto::ScopedEVP_PKEY pkey(X509_get_pubkey(cert->os_cert_handle()));
|
| + if (!pkey) {
|
| LOG(ERROR) << "Can't extract private key from certificate!";
|
| - return crypto::ScopedEVP_PKEY(pkey);
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -OpenSSLClientKeyStore::OpenSSLClientKeyStore() {
|
| -}
|
| -
|
| -OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
|
| -}
|
| -
|
| -OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key)
|
| - : public_key(pub_key), private_key(priv_key) {
|
| - EVP_PKEY_up_ref(pub_key);
|
| - EVP_PKEY_up_ref(priv_key);
|
| -}
|
| -
|
| -OpenSSLClientKeyStore::KeyPair::~KeyPair() {
|
| -}
|
| -
|
| -OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other)
|
| - : public_key(other.public_key.get()), private_key(other.private_key.get()) {
|
| - EVP_PKEY_up_ref(public_key.get());
|
| - EVP_PKEY_up_ref(private_key.get());
|
| -}
|
| + return false;
|
| + }
|
|
|
| -void OpenSSLClientKeyStore::KeyPair::operator=(KeyPair other) {
|
| - swap(other);
|
| -}
|
| + crypto::AutoCBB cbb;
|
| + uint8_t* der;
|
| + size_t der_len;
|
| + if (!CBB_init(cbb.get(), 0) ||
|
| + !EVP_marshal_public_key(cbb.get(), pkey.get()) ||
|
| + !CBB_finish(cbb.get(), &der, &der_len)) {
|
| + return false;
|
| + }
|
|
|
| -void OpenSSLClientKeyStore::KeyPair::swap(KeyPair& other) {
|
| - using std::swap;
|
| - swap(public_key, other.public_key);
|
| - swap(private_key, other.private_key);
|
| + spki->assign(reinterpret_cast<char*>(der),
|
| + reinterpret_cast<char*>(der) + der_len);
|
| + OPENSSL_free(der);
|
| + return true;
|
| }
|
|
|
| -int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
|
| - if (!public_key)
|
| - return -1;
|
| - for (size_t n = 0; n < pairs_.size(); ++n) {
|
| - if (EVP_PKEY_cmp(pairs_[n].public_key.get(), public_key) == 1)
|
| - return static_cast<int>(n);
|
| - }
|
| - return -1;
|
| -}
|
| +} // namespace
|
|
|
| -void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,
|
| - EVP_PKEY* private_key) {
|
| - int index = FindKeyPairIndex(pub_key);
|
| - if (index < 0)
|
| - pairs_.push_back(KeyPair(pub_key, private_key));
|
| +OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
|
| + return base::Singleton<OpenSSLClientKeyStore>::get();
|
| }
|
|
|
| -// Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based
|
| -// builds.
|
| bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
|
| const X509Certificate* client_cert,
|
| - EVP_PKEY* private_key) {
|
| - // Sanity check.
|
| - if (!client_cert || !private_key)
|
| - return false;
|
| + scoped_refptr<SSLPrivateKey> private_key) {
|
| + DCHECK(client_cert);
|
| + DCHECK(private_key);
|
|
|
| - // Get public key from certificate.
|
| - crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
|
| - if (!pub_key.get())
|
| + std::string spki;
|
| + if (!GetCertificateSPKI(client_cert, &spki))
|
| return false;
|
|
|
| - AddKeyPair(pub_key.get(), private_key);
|
| + key_map_[spki] = std::move(private_key);
|
| return true;
|
| }
|
|
|
| -crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
|
| +scoped_refptr<SSLPrivateKey> OpenSSLClientKeyStore::FetchClientCertPrivateKey(
|
| const X509Certificate* client_cert) {
|
| - if (!client_cert)
|
| - return crypto::ScopedEVP_PKEY();
|
| + DCHECK(client_cert);
|
|
|
| - crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
|
| - if (!pub_key.get())
|
| - return crypto::ScopedEVP_PKEY();
|
| + std::string spki;
|
| + if (!GetCertificateSPKI(client_cert, &spki))
|
| + return nullptr;
|
|
|
| - int index = FindKeyPairIndex(pub_key.get());
|
| - if (index < 0)
|
| - return crypto::ScopedEVP_PKEY();
|
| + auto iter = key_map_.find(spki);
|
| + if (iter == key_map_.end())
|
| + return nullptr;
|
|
|
| - EVP_PKEY_up_ref(pairs_[index].private_key.get());
|
| - return crypto::ScopedEVP_PKEY(pairs_[index].private_key.get());
|
| + return iter->second;
|
| }
|
|
|
| void OpenSSLClientKeyStore::Flush() {
|
| - pairs_.clear();
|
| + key_map_.clear();
|
| }
|
|
|
| -OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
|
| - return base::Singleton<OpenSSLClientKeyStore>::get();
|
| -}
|
| -
|
| -} // namespace net
|
| +OpenSSLClientKeyStore::OpenSSLClientKeyStore() {}
|
|
|
| +OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {}
|
|
|
| +} // namespace net
|
|
|
Chromium Code Reviews
Issue 2291213002:
Remove ENGINE indirection from Android SSLPrivateKey. (Closed)
