search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix platform check in RootWindowController header.
[chromium-blink-merge.git] / net / ssl / openssl_client_key_store.h
blob6d90253ff14fb396755df0d57cb0ce5f7174b8ce
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
6 #define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
7
8 #include <openssl/evp.h>
9
10 #include <vector>
11
12 #include "base/basictypes.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/memory/singleton.h"
15 #include "crypto/openssl_util.h"
16 #include "net/base/net_export.h"
17
18 namespace net {
19
20 class X509Certificate;
21
22 // OpenSSLClientKeyStore implements an in-memory store for client
23 // certificate private keys, because the platforms where OpenSSL is
24 // used do not provide a way to retrieve the private key of a known
25 // certificate.
26 //
27 // This class is not thread-safe and should only be used from the network
28 // thread.
29 class NET_EXPORT OpenSSLClientKeyStore {
30 public:
31 // Platforms must define this factory function as appropriate.
32 static OpenSSLClientKeyStore* GetInstance();
33
34 struct EVP_PKEY_Deleter {
35 inline void operator()(EVP_PKEY* ptr) const {
36 EVP_PKEY_free(ptr);
37 }
38 };
39
40 typedef scoped_ptr<EVP_PKEY, EVP_PKEY_Deleter> ScopedEVP_PKEY;
41
42 // Record the association between a certificate and its
43 // private key. This method should be called _before_
44 // FetchClientCertPrivateKey to ensure that the private key is returned
45 // when it is called later. The association is recorded in memory
46 // exclusively.
47 // |cert| is a handle to a certificate object.
48 // |private_key| is an OpenSSL EVP_PKEY that corresponds to the
49 // certificate's private key.
50 // Returns false if an error occured.
51 // This function does not take ownership of the private_key, but may
52 // increment its internal reference count.
53 NET_EXPORT bool RecordClientCertPrivateKey(const X509Certificate* cert,
54 EVP_PKEY* private_key);
55
56 // Given a certificate's |public_key|, return the corresponding private
57 // key that has been recorded previously by RecordClientCertPrivateKey().
58 // |cert| is a client certificate.
59 // |*private_key| will be reset to its matching private key on success.
60 // Returns true on success, false otherwise. This increments the reference
61 // count of the private key on success.
62 bool FetchClientCertPrivateKey(const X509Certificate* cert,
63 ScopedEVP_PKEY* private_key);
64
65 // Flush all recorded keys. Used only during testing.
66 void Flush();
67
68 protected:
69 OpenSSLClientKeyStore();
70
71 ~OpenSSLClientKeyStore();
72
73 // Adds a given public/private key pair.
74 // |pub_key| and |private_key| can point to the same object.
75 // This increments the reference count on both objects, caller
76 // must still call EVP_PKEY_free on them.
77 void AddKeyPair(EVP_PKEY* pub_key, EVP_PKEY* private_key);
78
79 private:
80 // KeyPair is an internal class used to hold a pair of private / public
81 // EVP_PKEY objects, with appropriate ownership.
82 class KeyPair {
83 public:
84 explicit KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key);
85 KeyPair(const KeyPair& other);
86 void operator=(const KeyPair& other);
87 ~KeyPair();
88
89 EVP_PKEY* public_key;
90 EVP_PKEY* private_key;
91
92 private:
93 KeyPair(); // intentionally not implemented.
94 };
95
96 // Returns the index of the keypair for |public_key|. or -1 if not found.
97 int FindKeyPairIndex(EVP_PKEY* public_key);
98
99 std::vector<KeyPair> pairs_;
100
101 friend struct DefaultSingletonTraits<OpenSSLClientKeyStore>;
102
103 DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore);
104 };
105
106 } // namespace net
107
108 #endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_