net/base/keygen_handler_openssl.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/base/keygen_handler.h"
   6
   7 #include <openssl/ssl.h>
   8
   9 #include "base/logging.h"
  10 #include "base/memory/scoped_ptr.h"
  11 #include "crypto/openssl_util.h"
  12 #include "crypto/rsa_private_key.h"
  13 #include "net/base/openssl_private_key_store.h"
  14
  15 namespace net {
  16
  17 std::string KeygenHandler::GenKeyAndSignChallenge() {
  18   scoped_ptr<crypto::RSAPrivateKey> key(
  19       crypto::RSAPrivateKey::Create(key_size_in_bits_));
  20   EVP_PKEY* pkey = key->key();
  21
  22   if (stores_key_)
  23     OpenSSLPrivateKeyStore::StoreKeyPair(url_, pkey);
  24
  25   crypto::ScopedOpenSSL<NETSCAPE_SPKI, NETSCAPE_SPKI_free> spki(
  26        NETSCAPE_SPKI_new());
  27   ASN1_STRING_set(spki.get()->spkac->challenge,
  28                   challenge_.data(), challenge_.size());
  29   NETSCAPE_SPKI_set_pubkey(spki.get(), pkey);
  30   // Using MD5 as this is what is required in HTML5, even though the SPKI
  31   // structure does allow the use of a SHA-1 signature.
  32   NETSCAPE_SPKI_sign(spki.get(), pkey, EVP_md5());
  33   char* spkistr = NETSCAPE_SPKI_b64_encode(spki.get());
  34
  35   std::string result(spkistr);
  36   OPENSSL_free(spkistr);
  37
  38   return result;
  39 }
  40
  41 }  // namespace net
  42