| OLD | NEW |
|---|
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/keygen_handler.h" | 5 #include "net/base/keygen_handler.h" |
| 6 | 6 |
| 7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
| 8 #include <secmod.h> | 8 #include <secmod.h> |
| 9 #include <ssl.h> | 9 #include <ssl.h> |
| 10 #include <secder.h> // DER_Encode() | 10 #include <secder.h> // DER_Encode() |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 DERTemplate CERTPublicKeyAndChallengeTemplate[] = { | 44 DERTemplate CERTPublicKeyAndChallengeTemplate[] = { |
| 45 { DER_SEQUENCE, | 45 { DER_SEQUENCE, |
| 46 0, NULL, sizeof(CERTPublicKeyAndChallenge) }, | 46 0, NULL, sizeof(CERTPublicKeyAndChallenge) }, |
| 47 { DER_ANY, | 47 { DER_ANY, |
| 48 offsetof(CERTPublicKeyAndChallenge, spki), }, | 48 offsetof(CERTPublicKeyAndChallenge, spki), }, |
| 49 { DER_IA5_STRING, | 49 { DER_IA5_STRING, |
| 50 offsetof(CERTPublicKeyAndChallenge, challenge), }, | 50 offsetof(CERTPublicKeyAndChallenge, challenge), }, |
| 51 { 0, } | 51 { 0, } |
| 52 }; | 52 }; |
| 53 | 53 |
| 54 bool KeygenHandler::KeyLocation::Equals( |
| 55 const net::KeygenHandler::KeyLocation& location) const { |
| 56 return slot_name == location.slot_name; |
| 57 } |
| 58 |
| 54 // This function is largely copied from the Firefox's | 59 // This function is largely copied from the Firefox's |
| 55 // <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp | 60 // <keygen> implementation in security/manager/ssl/src/nsKeygenHandler.cpp |
| 56 // FIXME(gauravsh): Do we need a copy of the Mozilla license here? | 61 // FIXME(gauravsh): Do we need a copy of the Mozilla license here? |
| 57 | 62 |
| 58 std::string KeygenHandler::GenKeyAndSignChallenge() { | 63 std::string KeygenHandler::GenKeyAndSignChallenge() { |
| 59 // Key pair generation mechanism - only RSA is supported at present. | 64 // Key pair generation mechanism - only RSA is supported at present. |
| 60 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h | 65 PRUint32 keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; // from nss/pkcs11t.h |
| 61 | 66 |
| 62 // Temporary structures used for generating the result | 67 // Temporary structures used for generating the result |
| 63 // in the right format. | 68 // in the right format. |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 191 &result_blob)) { | 196 &result_blob)) { |
| 192 LOG(ERROR) << "Couldn't convert signed public key into base64"; | 197 LOG(ERROR) << "Couldn't convert signed public key into base64"; |
| 193 isSuccess = false; | 198 isSuccess = false; |
| 194 goto failure; | 199 goto failure; |
| 195 } | 200 } |
| 196 | 201 |
| 197 failure: | 202 failure: |
| 198 if (!isSuccess) { | 203 if (!isSuccess) { |
| 199 LOG(ERROR) << "SSL Keygen failed!"; | 204 LOG(ERROR) << "SSL Keygen failed!"; |
| 200 } else { | 205 } else { |
| 201 LOG(INFO) << "SSl Keygen succeeded!"; | 206 LOG(INFO) << "SSL Keygen succeeded!"; |
| 207 |
| 208 Cache* cache = KeyCache::GetInstance(); |
| 209 Location location; |
| 210 const char* slot_name = PK11_GetSlotName(slot); |
| 211 location.slot_name.assign(slot_name); |
| 212 |
| 213 cache->Insert(std::string(reinterpret_cast<char*>(spkiItem.data), |
| 214 spkiItem.len), location); |
| 215 |
| 202 } | 216 } |
| 203 | 217 |
| 204 // Do cleanups | 218 // Do cleanups |
| 205 if (privateKey) { | 219 if (privateKey) { |
| 206 if (!isSuccess || !stores_key_) { | |
| 207 PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID); | |
| 208 SECKEY_DestroyPrivateKey(privateKey); | |
| 209 } | |
| 210 // On successful keygen we need to keep the private key, of course, | 220 // On successful keygen we need to keep the private key, of course, |
| 211 // or we won't be able to use the client certificate. | 221 // or we won't be able to use the client certificate. |
| 222 if (!isSuccess || !stores_key_) |
| 223 PK11_DestroyTokenObject(privateKey->pkcs11Slot, privateKey->pkcs11ID); |
| 224 SECKEY_DestroyPrivateKey(privateKey); |
| 212 } | 225 } |
| 213 | 226 |
| 214 if (publicKey) { | 227 if (publicKey) { |
| 215 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); | 228 PK11_DestroyTokenObject(publicKey->pkcs11Slot, publicKey->pkcs11ID); |
| 216 } | 229 } |
| 217 if (spkInfo) { | 230 if (spkInfo) { |
| 218 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); | 231 SECKEY_DestroySubjectPublicKeyInfo(spkInfo); |
| 219 } | 232 } |
| 220 if (publicKey) { | 233 if (publicKey) { |
| 221 SECKEY_DestroyPublicKey(publicKey); | 234 SECKEY_DestroyPublicKey(publicKey); |
| 222 } | 235 } |
| 223 if (arena) { | 236 if (arena) { |
| 224 PORT_FreeArena(arena, PR_TRUE); | 237 PORT_FreeArena(arena, PR_TRUE); |
| 225 } | 238 } |
| 226 if (slot != NULL) { | 239 if (slot != NULL) { |
| 227 PK11_FreeSlot(slot); | 240 PK11_FreeSlot(slot); |
| 228 } | 241 } |
| 229 if (pkac.challenge.data) { | 242 if (pkac.challenge.data) { |
| 230 free(pkac.challenge.data); | 243 free(pkac.challenge.data); |
| 231 } | 244 } |
| 232 | 245 |
| 233 return (isSuccess ? result_blob : std::string()); | 246 return (isSuccess ? result_blob : std::string()); |
| 234 } | 247 } |
| 235 | 248 |
| 236 } // namespace net | 249 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 843005:
Adds support for the <keygen> element to Windows, matching support present on... (Closed)
Base URL: http://src.chromium.org/svn/trunk/src/