1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/channel_id_chromium.h"
9 #include "base/stl_util.h"
10 #include "base/strings/string_util.h"
11 #include "crypto/ec_private_key.h"
12 #include "crypto/ec_signature_creator.h"
13 #include "net/base/net_errors.h"
14 #include "net/cert/asn1_util.h"
15 #include "net/ssl/server_bound_cert_service.h"
19 ChannelIDKeyChromium::ChannelIDKeyChromium(
20 crypto::ECPrivateKey
* ec_private_key
)
21 : ec_private_key_(ec_private_key
) {}
23 ChannelIDKeyChromium::~ChannelIDKeyChromium() {}
25 bool ChannelIDKeyChromium::Sign(base::StringPiece signed_data
,
26 std::string
* out_signature
) const {
27 scoped_ptr
<crypto::ECSignatureCreator
> sig_creator(
28 crypto::ECSignatureCreator::Create(ec_private_key_
.get()));
32 const size_t len1
= strlen(ChannelIDVerifier::kContextStr
) + 1;
33 const size_t len2
= strlen(ChannelIDVerifier::kClientToServerStr
) + 1;
34 std::vector
<uint8
> data(len1
+ len2
+ signed_data
.size());
35 memcpy(&data
[0], ChannelIDVerifier::kContextStr
, len1
);
36 memcpy(&data
[len1
], ChannelIDVerifier::kClientToServerStr
, len2
);
37 memcpy(&data
[len1
+ len2
], signed_data
.data(), signed_data
.size());
38 std::vector
<uint8
> der_signature
;
39 if (!sig_creator
->Sign(&data
[0], data
.size(), &der_signature
)) {
42 std::vector
<uint8
> raw_signature
;
43 if (!sig_creator
->DecodeSignature(der_signature
, &raw_signature
)) {
46 memcpy(WriteInto(out_signature
, raw_signature
.size() + 1),
47 &raw_signature
[0], raw_signature
.size());
51 std::string
ChannelIDKeyChromium::SerializeKey() const {
53 if (!ec_private_key_
->ExportRawPublicKey(&out_key
)) {
59 // A Job handles the lookup of a single channel ID. It is owned by the
60 // ChannelIDSource. If the operation can not complete synchronously, it will
61 // notify the ChannelIDSource upon completion.
62 class ChannelIDSourceChromium::Job
{
64 Job(ChannelIDSourceChromium
* channel_id_source
,
65 ServerBoundCertService
* server_bound_cert_service
);
67 // Starts the channel ID lookup. If |QUIC_PENDING| is returned, then
68 // |callback| will be invoked asynchronously when the operation completes.
69 QuicAsyncStatus
GetChannelIDKey(const std::string
& hostname
,
70 scoped_ptr
<ChannelIDKey
>* channel_id_key
,
71 ChannelIDSourceCallback
* callback
);
76 STATE_GET_CHANNEL_ID_KEY
,
77 STATE_GET_CHANNEL_ID_KEY_COMPLETE
,
80 int DoLoop(int last_io_result
);
81 void OnIOComplete(int result
);
82 int DoGetChannelIDKey(int result
);
83 int DoGetChannelIDKeyComplete(int result
);
85 // Channel ID source to notify when this jobs completes.
86 ChannelIDSourceChromium
* const channel_id_source_
;
88 ServerBoundCertService
* const server_bound_cert_service_
;
90 std::string channel_id_private_key_
;
91 std::string channel_id_cert_
;
92 ServerBoundCertService::RequestHandle channel_id_request_handle_
;
94 // |hostname| specifies the hostname for which we need a channel ID.
95 std::string hostname_
;
97 scoped_ptr
<ChannelIDSourceCallback
> callback_
;
99 scoped_ptr
<ChannelIDKey
> channel_id_key_
;
103 DISALLOW_COPY_AND_ASSIGN(Job
);
106 ChannelIDSourceChromium::Job::Job(
107 ChannelIDSourceChromium
* channel_id_source
,
108 ServerBoundCertService
* server_bound_cert_service
)
109 : channel_id_source_(channel_id_source
),
110 server_bound_cert_service_(server_bound_cert_service
),
111 next_state_(STATE_NONE
) {
114 QuicAsyncStatus
ChannelIDSourceChromium::Job::GetChannelIDKey(
115 const std::string
& hostname
,
116 scoped_ptr
<ChannelIDKey
>* channel_id_key
,
117 ChannelIDSourceCallback
* callback
) {
118 DCHECK(channel_id_key
);
121 if (STATE_NONE
!= next_state_
) {
122 DLOG(DFATAL
) << "GetChannelIDKey has begun";
126 channel_id_key_
.reset();
128 hostname_
= hostname
;
130 next_state_
= STATE_GET_CHANNEL_ID_KEY
;
131 switch (DoLoop(OK
)) {
133 channel_id_key
->reset(channel_id_key_
.release());
136 callback_
.reset(callback
);
139 channel_id_key
->reset();
144 int ChannelIDSourceChromium::Job::DoLoop(int last_result
) {
145 int rv
= last_result
;
147 State state
= next_state_
;
148 next_state_
= STATE_NONE
;
150 case STATE_GET_CHANNEL_ID_KEY
:
152 rv
= DoGetChannelIDKey(rv
);
154 case STATE_GET_CHANNEL_ID_KEY_COMPLETE
:
155 rv
= DoGetChannelIDKeyComplete(rv
);
160 LOG(DFATAL
) << "unexpected state " << state
;
163 } while (rv
!= ERR_IO_PENDING
&& next_state_
!= STATE_NONE
);
167 void ChannelIDSourceChromium::Job::OnIOComplete(int result
) {
168 int rv
= DoLoop(result
);
169 if (rv
!= ERR_IO_PENDING
) {
170 scoped_ptr
<ChannelIDSourceCallback
> callback(callback_
.release());
171 callback
->Run(&channel_id_key_
);
172 // Will delete |this|.
173 channel_id_source_
->OnJobComplete(this);
177 int ChannelIDSourceChromium::Job::DoGetChannelIDKey(int result
) {
178 next_state_
= STATE_GET_CHANNEL_ID_KEY_COMPLETE
;
180 return server_bound_cert_service_
->GetOrCreateDomainBoundCert(
182 &channel_id_private_key_
,
184 base::Bind(&ChannelIDSourceChromium::Job::OnIOComplete
,
185 base::Unretained(this)),
186 &channel_id_request_handle_
);
189 int ChannelIDSourceChromium::Job::DoGetChannelIDKeyComplete(int result
) {
190 DCHECK_EQ(STATE_NONE
, next_state_
);
192 DLOG(WARNING
) << "Failed to look up channel ID: " << ErrorToString(result
);
196 std::vector
<uint8
> encrypted_private_key_info(
197 channel_id_private_key_
.size());
198 memcpy(&encrypted_private_key_info
[0], channel_id_private_key_
.data(),
199 channel_id_private_key_
.size());
201 base::StringPiece spki_piece
;
202 if (!asn1::ExtractSPKIFromDERCert(channel_id_cert_
, &spki_piece
)) {
203 return ERR_UNEXPECTED
;
205 std::vector
<uint8
> subject_public_key_info(spki_piece
.size());
206 memcpy(&subject_public_key_info
[0], spki_piece
.data(), spki_piece
.size());
208 crypto::ECPrivateKey
* ec_private_key
=
209 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
210 ServerBoundCertService::kEPKIPassword
, encrypted_private_key_info
,
211 subject_public_key_info
);
212 if (!ec_private_key
) {
213 // TODO(wtc): use the new error code ERR_CHANNEL_ID_IMPORT_FAILED to be
214 // added in https://codereview.chromium.org/338093012/.
215 return ERR_UNEXPECTED
;
217 channel_id_key_
.reset(new ChannelIDKeyChromium(ec_private_key
));
222 ChannelIDSourceChromium::ChannelIDSourceChromium(
223 ServerBoundCertService
* server_bound_cert_service
)
224 : server_bound_cert_service_(server_bound_cert_service
) {
227 ChannelIDSourceChromium::~ChannelIDSourceChromium() {
228 STLDeleteElements(&active_jobs_
);
231 QuicAsyncStatus
ChannelIDSourceChromium::GetChannelIDKey(
232 const std::string
& hostname
,
233 scoped_ptr
<ChannelIDKey
>* channel_id_key
,
234 ChannelIDSourceCallback
* callback
) {
235 scoped_ptr
<Job
> job(new Job(this, server_bound_cert_service_
));
236 QuicAsyncStatus status
= job
->GetChannelIDKey(hostname
, channel_id_key
,
238 if (status
== QUIC_PENDING
) {
239 active_jobs_
.insert(job
.release());
244 void ChannelIDSourceChromium::OnJobComplete(Job
* job
) {
245 active_jobs_
.erase(job
);