search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / net / ssl / openssl_client_key_store.cc
blobde65cd9d677ddea26e9913e0655e8700c6aa67a5
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/ssl/openssl_client_key_store.h"
6
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
9 #include <algorithm>
10
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/singleton.h"
13 #include "net/cert/x509_certificate.h"
14
15 namespace net {
16
17 namespace {
18
19 // Return the EVP_PKEY holding the public key of a given certificate.
20 // |cert| is a certificate.
21 // Returns a scoped EVP_PKEY for it.
22 crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
23 // X509_PUBKEY_get() increments the reference count of its result.
24 // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
25 EVP_PKEY* pkey =
26 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
27 if (!pkey)
28 LOG(ERROR) << "Can't extract private key from certificate!";
29 return crypto::ScopedEVP_PKEY(pkey);
30 }
31
32 } // namespace
33
34 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {
35 }
36
37 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
38 }
39
40 OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,
41 EVP_PKEY* priv_key)
42 : public_key(EVP_PKEY_dup(pub_key)),
43 private_key(EVP_PKEY_dup(priv_key)) {
44 }
45
46 OpenSSLClientKeyStore::KeyPair::~KeyPair() {
47 }
48
49 OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other)
50 : public_key(EVP_PKEY_dup(other.public_key.get())),
51 private_key(EVP_PKEY_dup(other.private_key.get())) {
52 }
53
54 void OpenSSLClientKeyStore::KeyPair::operator=(KeyPair other) {
55 swap(other);
56 }
57
58 void OpenSSLClientKeyStore::KeyPair::swap(KeyPair& other) {
59 using std::swap;
60 swap(public_key, other.public_key);
61 swap(private_key, other.private_key);
62 }
63
64 int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
65 if (!public_key)
66 return -1;
67 for (size_t n = 0; n < pairs_.size(); ++n) {
68 if (EVP_PKEY_cmp(pairs_[n].public_key.get(), public_key) == 1)
69 return static_cast<int>(n);
70 }
71 return -1;
72 }
73
74 void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,
75 EVP_PKEY* private_key) {
76 int index = FindKeyPairIndex(pub_key);
77 if (index < 0)
78 pairs_.push_back(KeyPair(pub_key, private_key));
79 }
80
81 // Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based
82 // builds.
83 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
84 const X509Certificate* client_cert,
85 EVP_PKEY* private_key) {
86 // Sanity check.
87 if (!client_cert || !private_key)
88 return false;
89
90 // Get public key from certificate.
91 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
92 if (!pub_key.get())
93 return false;
94
95 AddKeyPair(pub_key.get(), private_key);
96 return true;
97 }
98
99 crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
100 const X509Certificate* client_cert) {
101 if (!client_cert)
102 return crypto::ScopedEVP_PKEY();
103
104 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
105 if (!pub_key.get())
106 return crypto::ScopedEVP_PKEY();
107
108 int index = FindKeyPairIndex(pub_key.get());
109 if (index < 0)
110 return crypto::ScopedEVP_PKEY();
111
112 return crypto::ScopedEVP_PKEY(EVP_PKEY_dup(pairs_[index].private_key.get()));
113 }
114
115 void OpenSSLClientKeyStore::Flush() {
116 pairs_.clear();
117 }
118
119 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
120 return Singleton<OpenSSLClientKeyStore>::get();
121 }
122
123 } // namespace net
124
125