Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(672)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/openssl_client_key_store.cc

Issue 2898573002: Refactor client cert private key handling. (Closed)
Patch Set: removed no longer needed forward declaration Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/openssl_client_key_store.h ('k') | net/ssl/openssl_client_key_store_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/openssl_client_key_store.h"
6
7 #include <utility>
8
9 #include "base/memory/singleton.h"
10 #include "net/cert/asn1_util.h"
11 #include "net/cert/x509_certificate.h"
12 #include "net/ssl/ssl_private_key.h"
13 #include "third_party/boringssl/src/include/openssl/evp.h"
14 #include "third_party/boringssl/src/include/openssl/mem.h"
15 #include "third_party/boringssl/src/include/openssl/x509.h"
16
17 namespace net {
18
19 namespace {
20
21 // Serializes the SubjectPublicKeyInfo for |cert|.
22 bool GetCertificateSPKI(const X509Certificate* cert, std::string* spki) {
23 #if BUILDFLAG(USE_BYTE_CERTS)
24 base::StringPiece cert_der(
25 reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert->os_cert_handle())),
26 CRYPTO_BUFFER_len(cert->os_cert_handle()));
27 base::StringPiece spki_tmp;
28 if (!asn1::ExtractSPKIFromDERCert(cert_der, &spki_tmp))
29 return false;
30 spki_tmp.CopyToString(spki);
31 return true;
32 #else
33 bssl::UniquePtr<EVP_PKEY> pkey(X509_get_pubkey(cert->os_cert_handle()));
34 if (!pkey) {
35 LOG(ERROR) << "Can't extract private key from certificate!";
36 return false;
37 }
38
39 bssl::ScopedCBB cbb;
40 uint8_t* der;
41 size_t der_len;
42 if (!CBB_init(cbb.get(), 0) ||
43 !EVP_marshal_public_key(cbb.get(), pkey.get()) ||
44 !CBB_finish(cbb.get(), &der, &der_len)) {
45 return false;
46 }
47
48 spki->assign(reinterpret_cast<char*>(der),
49 reinterpret_cast<char*>(der) + der_len);
50 OPENSSL_free(der);
51 return true;
52 #endif
53 }
54
55 } // namespace
56
57 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
58 return base::Singleton<OpenSSLClientKeyStore>::get();
59 }
60
61 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
62 const X509Certificate* client_cert,
63 scoped_refptr<SSLPrivateKey> private_key) {
64 DCHECK(client_cert);
65 DCHECK(private_key);
66
67 std::string spki;
68 if (!GetCertificateSPKI(client_cert, &spki))
69 return false;
70
71 key_map_[spki] = std::move(private_key);
72 return true;
73 }
74
75 scoped_refptr<SSLPrivateKey> OpenSSLClientKeyStore::FetchClientCertPrivateKey(
76 const X509Certificate* client_cert) {
77 DCHECK(client_cert);
78
79 std::string spki;
80 if (!GetCertificateSPKI(client_cert, &spki))
81 return nullptr;
82
83 auto iter = key_map_.find(spki);
84 if (iter == key_map_.end())
85 return nullptr;
86
87 return iter->second;
88 }
89
90 void OpenSSLClientKeyStore::Flush() {
91 key_map_.clear();
92 }
93
94 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {}
95
96 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {}
97
98 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/openssl_client_key_store.h ('k') | net/ssl/openssl_client_key_store_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698