net/base/keygen_handler_openssl.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/base/keygen_handler.h"
   6
   7 #include <openssl/mem.h>
   8 #include <openssl/ssl.h>
   9
  10 #include "base/logging.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "crypto/openssl_util.h"
  13 #include "crypto/rsa_private_key.h"
  14 #include "crypto/scoped_openssl_types.h"
  15 #include "net/base/openssl_private_key_store.h"
  16
  17 namespace net {
  18
  19 std::string KeygenHandler::GenKeyAndSignChallenge() {
  20   scoped_ptr<crypto::RSAPrivateKey> key(
  21       crypto::RSAPrivateKey::Create(key_size_in_bits_));
  22   EVP_PKEY* pkey = key->key();
  23
  24   if (stores_key_)
  25     OpenSSLPrivateKeyStore::StoreKeyPair(url_, pkey);
  26
  27   crypto::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki(
  28       NETSCAPE_SPKI_new());
  29   ASN1_STRING_set(spki.get()->spkac->challenge,
  30                   challenge_.data(), challenge_.size());
  31   NETSCAPE_SPKI_set_pubkey(spki.get(), pkey);
  32   // Using MD5 as this is what is required in HTML5, even though the SPKI
  33   // structure does allow the use of a SHA-1 signature.
  34   NETSCAPE_SPKI_sign(spki.get(), pkey, EVP_md5());
  35   char* spkistr = NETSCAPE_SPKI_b64_encode(spki.get());
  36
  37   std::string result(spkistr);
  38   OPENSSL_free(spkistr);
  39
  40   return result;
  41 }
  42
  43 }  // namespace net
  44