OLD | NEW |
| (Empty) |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ | |
6 #define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ | |
7 | |
8 #include <map> | |
9 #include <string> | |
10 | |
11 #include "base/macros.h" | |
12 #include "base/memory/ref_counted.h" | |
13 #include "base/memory/singleton.h" | |
14 #include "net/base/net_export.h" | |
15 #include "third_party/boringssl/src/include/openssl/base.h" | |
16 | |
17 namespace net { | |
18 | |
19 class SSLPrivateKey; | |
20 class X509Certificate; | |
21 | |
22 // OpenSSLClientKeyStore implements an in-memory store for client | |
23 // certificate private keys, because the platforms where OpenSSL is | |
24 // used do not provide a way to retrieve the private key of a known | |
25 // certificate. | |
26 // | |
27 // This class is not thread-safe and should only be used from the network | |
28 // thread. | |
29 class NET_EXPORT OpenSSLClientKeyStore { | |
30 public: | |
31 // Platforms must define this factory function as appropriate. | |
32 static OpenSSLClientKeyStore* GetInstance(); | |
33 | |
34 // Record the association between a certificate and its | |
35 // private key. This method should be called _before_ | |
36 // FetchClientCertPrivateKey to ensure that the private key is returned | |
37 // when it is called later. The association is recorded in memory | |
38 // exclusively. | |
39 // |cert| is a handle to a certificate object. | |
40 // |private_key| is an SSLPrivateKey that corresponds to the certificate's | |
41 // private key. | |
42 // Returns false if an error occured. | |
43 bool RecordClientCertPrivateKey(const X509Certificate* cert, | |
44 scoped_refptr<SSLPrivateKey> key); | |
45 | |
46 // Given a certificate's |public_key|, return the corresponding private | |
47 // key that has been recorded previously by RecordClientCertPrivateKey(). | |
48 // |cert| is a client certificate. | |
49 // Returns its matching private key on success, NULL otherwise. | |
50 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( | |
51 const X509Certificate* cert); | |
52 | |
53 // Flush all recorded keys. | |
54 void Flush(); | |
55 | |
56 private: | |
57 OpenSSLClientKeyStore(); | |
58 ~OpenSSLClientKeyStore(); | |
59 | |
60 // Maps from the serialized SubjectPublicKeyInfo structure to the | |
61 // corresponding private key. | |
62 std::map<std::string, scoped_refptr<net::SSLPrivateKey>> key_map_; | |
63 | |
64 friend struct base::DefaultSingletonTraits<OpenSSLClientKeyStore>; | |
65 | |
66 DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore); | |
67 }; | |
68 | |
69 } // namespace net | |
70 | |
71 #endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ | |
OLD | NEW |