Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1431)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_platform_key_win.cc

Issue 2898573002: Refactor client cert private key handling. (Closed)
Patch Set: rebase on https://codereview.chromium.org/2899083006/ Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_platform_key_win.h ('k') | net/test/url_request/url_request_mock_data_job.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_platform_key_win.h" 5 #include "net/ssl/ssl_platform_key_win.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
11 11
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "base/macros.h" 13 #include "base/macros.h"
14 #include "base/memory/ptr_util.h" 14 #include "base/memory/ptr_util.h"
15 #include "crypto/openssl_util.h" 15 #include "crypto/openssl_util.h"
16 #include "crypto/scoped_capi_types.h" 16 #include "crypto/scoped_capi_types.h"
17 #include "net/base/net_errors.h" 17 #include "net/base/net_errors.h"
18 #include "net/cert/x509_certificate.h" 18 #include "net/cert/x509_certificate.h"
19 #include "net/ssl/ssl_platform_key.h"
20 #include "net/ssl/ssl_platform_key_util.h" 19 #include "net/ssl/ssl_platform_key_util.h"
21 #include "net/ssl/ssl_private_key.h" 20 #include "net/ssl/ssl_private_key.h"
22 #include "net/ssl/threaded_ssl_private_key.h" 21 #include "net/ssl/threaded_ssl_private_key.h"
23 #include "third_party/boringssl/src/include/openssl/bn.h" 22 #include "third_party/boringssl/src/include/openssl/bn.h"
24 #include "third_party/boringssl/src/include/openssl/ecdsa.h" 23 #include "third_party/boringssl/src/include/openssl/ecdsa.h"
25 #include "third_party/boringssl/src/include/openssl/evp.h" 24 #include "third_party/boringssl/src/include/openssl/evp.h"
26 25
27 namespace net { 26 namespace net {
28 27
29 namespace { 28 namespace {
(...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after
254 NCryptFreeObject(key); 253 NCryptFreeObject(key);
255 return nullptr; 254 return nullptr;
256 } 255 }
257 256
258 return make_scoped_refptr(new ThreadedSSLPrivateKey( 257 return make_scoped_refptr(new ThreadedSSLPrivateKey(
259 base::MakeUnique<SSLPlatformKeyCNG>(key, key_type, max_length), 258 base::MakeUnique<SSLPlatformKeyCNG>(key, key_type, max_length),
260 GetSSLPlatformKeyTaskRunner())); 259 GetSSLPlatformKeyTaskRunner()));
261 } 260 }
262 261
263 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( 262 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
264 const X509Certificate* certificate) { 263 const X509Certificate* certificate,
265 PCCERT_CONTEXT cert_context = certificate->os_cert_handle(); 264 PCCERT_CONTEXT cert_context) {
266
267 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0; 265 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0;
268 DWORD key_spec = 0; 266 DWORD key_spec = 0;
269 BOOL must_free = FALSE; 267 BOOL must_free = FALSE;
270 DWORD flags = CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; 268 DWORD flags = CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
271 269
272 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr, 270 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr,
273 &prov_or_key, &key_spec, &must_free)) { 271 &prov_or_key, &key_spec, &must_free)) {
274 PLOG(WARNING) << "Could not acquire private key"; 272 PLOG(WARNING) << "Could not acquire private key";
275 return nullptr; 273 return nullptr;
276 } 274 }
277 275
278 // Should never get a cached handle back - ownership must always be 276 // Should never get a cached handle back - ownership must always be
279 // transferred. 277 // transferred.
280 CHECK_EQ(must_free, TRUE); 278 CHECK_EQ(must_free, TRUE);
281 279
282 if (key_spec == CERT_NCRYPT_KEY_SPEC) { 280 if (key_spec == CERT_NCRYPT_KEY_SPEC) {
283 return WrapCNGPrivateKey(certificate, prov_or_key); 281 return WrapCNGPrivateKey(certificate, prov_or_key);
284 } else { 282 } else {
285 return WrapCAPIPrivateKey(certificate, prov_or_key, key_spec); 283 return WrapCAPIPrivateKey(certificate, prov_or_key, key_spec);
286 } 284 }
287 } 285 }
288 286
289 } // namespace net 287 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_platform_key_win.h ('k') | net/test/url_request/url_request_mock_data_job.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698