OLD | NEW |
| (Empty) |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/ssl/openssl_client_key_store.h" | |
6 | |
7 #include <utility> | |
8 | |
9 #include "base/memory/singleton.h" | |
10 #include "net/cert/asn1_util.h" | |
11 #include "net/cert/x509_certificate.h" | |
12 #include "net/ssl/ssl_private_key.h" | |
13 #include "third_party/boringssl/src/include/openssl/evp.h" | |
14 #include "third_party/boringssl/src/include/openssl/mem.h" | |
15 #include "third_party/boringssl/src/include/openssl/x509.h" | |
16 | |
17 namespace net { | |
18 | |
19 namespace { | |
20 | |
21 // Serializes the SubjectPublicKeyInfo for |cert|. | |
22 bool GetCertificateSPKI(const X509Certificate* cert, std::string* spki) { | |
23 #if BUILDFLAG(USE_BYTE_CERTS) | |
24 base::StringPiece cert_der( | |
25 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert->os_cert_handle())), | |
26 CRYPTO_BUFFER_len(cert->os_cert_handle())); | |
27 base::StringPiece spki_tmp; | |
28 if (!asn1::ExtractSPKIFromDERCert(cert_der, &spki_tmp)) | |
29 return false; | |
30 spki_tmp.CopyToString(spki); | |
31 return true; | |
32 #else | |
33 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert->os_cert_handle())); | |
34 if (!pkey) { | |
35 LOG(ERROR) << "Can't extract private key from certificate!"; | |
36 return false; | |
37 } | |
38 | |
39 bssl::ScopedCBB cbb; | |
40 uint8_t* der; | |
41 size_t der_len; | |
42 if (!CBB_init(cbb.get(), 0) || | |
43 !EVP_marshal_public_key(cbb.get(), pkey.get()) || | |
44 !CBB_finish(cbb.get(), &der, &der_len)) { | |
45 return false; | |
46 } | |
47 | |
48 spki->assign(reinterpret_cast<char*>(der), | |
49 reinterpret_cast<char*>(der) + der_len); | |
50 OPENSSL_free(der); | |
51 return true; | |
52 #endif | |
53 } | |
54 | |
55 } // namespace | |
56 | |
57 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() { | |
58 return base::Singleton<OpenSSLClientKeyStore>::get(); | |
59 } | |
60 | |
61 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey( | |
62 const X509Certificate* client_cert, | |
63 scoped_refptr<SSLPrivateKey> private_key) { | |
64 DCHECK(client_cert); | |
65 DCHECK(private_key); | |
66 | |
67 std::string spki; | |
68 if (!GetCertificateSPKI(client_cert, &spki)) | |
69 return false; | |
70 | |
71 key_map_[spki] = std::move(private_key); | |
72 return true; | |
73 } | |
74 | |
75 scoped_refptr<SSLPrivateKey> OpenSSLClientKeyStore::FetchClientCertPrivateKey( | |
76 const X509Certificate* client_cert) { | |
77 DCHECK(client_cert); | |
78 | |
79 std::string spki; | |
80 if (!GetCertificateSPKI(client_cert, &spki)) | |
81 return nullptr; | |
82 | |
83 auto iter = key_map_.find(spki); | |
84 if (iter == key_map_.end()) | |
85 return nullptr; | |
86 | |
87 return iter->second; | |
88 } | |
89 | |
90 void OpenSSLClientKeyStore::Flush() { | |
91 key_map_.clear(); | |
92 } | |
93 | |
94 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {} | |
95 | |
96 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {} | |
97 | |
98 } // namespace net | |
OLD | NEW |