OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/ssl/ssl_platform_key_win.h" | 5 #include "net/ssl/ssl_platform_key_win.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/macros.h" | 13 #include "base/macros.h" |
14 #include "base/memory/ptr_util.h" | 14 #include "base/memory/ptr_util.h" |
15 #include "crypto/openssl_util.h" | 15 #include "crypto/openssl_util.h" |
16 #include "crypto/scoped_capi_types.h" | 16 #include "crypto/scoped_capi_types.h" |
17 #include "net/base/net_errors.h" | 17 #include "net/base/net_errors.h" |
18 #include "net/cert/x509_certificate.h" | 18 #include "net/cert/x509_certificate.h" |
19 #include "net/ssl/ssl_platform_key.h" | |
20 #include "net/ssl/ssl_platform_key_util.h" | 19 #include "net/ssl/ssl_platform_key_util.h" |
21 #include "net/ssl/ssl_private_key.h" | 20 #include "net/ssl/ssl_private_key.h" |
22 #include "net/ssl/threaded_ssl_private_key.h" | 21 #include "net/ssl/threaded_ssl_private_key.h" |
23 #include "third_party/boringssl/src/include/openssl/bn.h" | 22 #include "third_party/boringssl/src/include/openssl/bn.h" |
24 #include "third_party/boringssl/src/include/openssl/ecdsa.h" | 23 #include "third_party/boringssl/src/include/openssl/ecdsa.h" |
25 #include "third_party/boringssl/src/include/openssl/evp.h" | 24 #include "third_party/boringssl/src/include/openssl/evp.h" |
26 | 25 |
27 namespace net { | 26 namespace net { |
28 | 27 |
29 namespace { | 28 namespace { |
(...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
254 NCryptFreeObject(key); | 253 NCryptFreeObject(key); |
255 return nullptr; | 254 return nullptr; |
256 } | 255 } |
257 | 256 |
258 return make_scoped_refptr(new ThreadedSSLPrivateKey( | 257 return make_scoped_refptr(new ThreadedSSLPrivateKey( |
259 base::MakeUnique<SSLPlatformKeyCNG>(key, key_type, max_length), | 258 base::MakeUnique<SSLPlatformKeyCNG>(key, key_type, max_length), |
260 GetSSLPlatformKeyTaskRunner())); | 259 GetSSLPlatformKeyTaskRunner())); |
261 } | 260 } |
262 | 261 |
263 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( | 262 scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey( |
264 const X509Certificate* certificate) { | 263 const X509Certificate* certificate, |
265 PCCERT_CONTEXT cert_context = certificate->os_cert_handle(); | 264 PCCERT_CONTEXT cert_context) { |
266 | |
267 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0; | 265 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE prov_or_key = 0; |
268 DWORD key_spec = 0; | 266 DWORD key_spec = 0; |
269 BOOL must_free = FALSE; | 267 BOOL must_free = FALSE; |
270 DWORD flags = CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; | 268 DWORD flags = CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; |
271 | 269 |
272 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr, | 270 if (!CryptAcquireCertificatePrivateKey(cert_context, flags, nullptr, |
273 &prov_or_key, &key_spec, &must_free)) { | 271 &prov_or_key, &key_spec, &must_free)) { |
274 PLOG(WARNING) << "Could not acquire private key"; | 272 PLOG(WARNING) << "Could not acquire private key"; |
275 return nullptr; | 273 return nullptr; |
276 } | 274 } |
277 | 275 |
278 // Should never get a cached handle back - ownership must always be | 276 // Should never get a cached handle back - ownership must always be |
279 // transferred. | 277 // transferred. |
280 CHECK_EQ(must_free, TRUE); | 278 CHECK_EQ(must_free, TRUE); |
281 | 279 |
282 if (key_spec == CERT_NCRYPT_KEY_SPEC) { | 280 if (key_spec == CERT_NCRYPT_KEY_SPEC) { |
283 return WrapCNGPrivateKey(certificate, prov_or_key); | 281 return WrapCNGPrivateKey(certificate, prov_or_key); |
284 } else { | 282 } else { |
285 return WrapCAPIPrivateKey(certificate, prov_or_key, key_spec); | 283 return WrapCAPIPrivateKey(certificate, prov_or_key, key_spec); |
286 } | 284 } |
287 } | 285 } |
288 | 286 |
289 } // namespace net | 287 } // namespace net |
OLD | NEW |