Roll src/third_party/WebKit d9c6159:8139f33 (svn 201974:201975)
[chromium-blink-merge.git] / net / ssl / openssl_client_key_store.cc
blob0bc97beb48e55670ac1d5901b7933d0f35f0574c
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/openssl_client_key_store.h"
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
9 #include <algorithm>
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/singleton.h"
13 #include "net/cert/x509_certificate.h"
15 namespace net {
17 namespace {
19 // Return the EVP_PKEY holding the public key of a given certificate.
20 // |cert| is a certificate.
21 // Returns a scoped EVP_PKEY for it.
22 crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
23 // X509_PUBKEY_get() increments the reference count of its result.
24 // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
25 EVP_PKEY* pkey =
26 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
27 if (!pkey)
28 LOG(ERROR) << "Can't extract private key from certificate!";
29 return crypto::ScopedEVP_PKEY(pkey);
32 } // namespace
34 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {
37 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
40 OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key)
41 : public_key(EVP_PKEY_up_ref(pub_key)),
42 private_key(EVP_PKEY_up_ref(priv_key)) {
45 OpenSSLClientKeyStore::KeyPair::~KeyPair() {
48 OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other)
49 : public_key(EVP_PKEY_up_ref(other.public_key.get())),
50 private_key(EVP_PKEY_up_ref(other.private_key.get())) {
53 void OpenSSLClientKeyStore::KeyPair::operator=(KeyPair other) {
54 swap(other);
57 void OpenSSLClientKeyStore::KeyPair::swap(KeyPair& other) {
58 using std::swap;
59 swap(public_key, other.public_key);
60 swap(private_key, other.private_key);
63 int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
64 if (!public_key)
65 return -1;
66 for (size_t n = 0; n < pairs_.size(); ++n) {
67 if (EVP_PKEY_cmp(pairs_[n].public_key.get(), public_key) == 1)
68 return static_cast<int>(n);
70 return -1;
73 void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,
74 EVP_PKEY* private_key) {
75 int index = FindKeyPairIndex(pub_key);
76 if (index < 0)
77 pairs_.push_back(KeyPair(pub_key, private_key));
80 // Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based
81 // builds.
82 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
83 const X509Certificate* client_cert,
84 EVP_PKEY* private_key) {
85 // Sanity check.
86 if (!client_cert || !private_key)
87 return false;
89 // Get public key from certificate.
90 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
91 if (!pub_key.get())
92 return false;
94 AddKeyPair(pub_key.get(), private_key);
95 return true;
98 crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
99 const X509Certificate* client_cert) {
100 if (!client_cert)
101 return crypto::ScopedEVP_PKEY();
103 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
104 if (!pub_key.get())
105 return crypto::ScopedEVP_PKEY();
107 int index = FindKeyPairIndex(pub_key.get());
108 if (index < 0)
109 return crypto::ScopedEVP_PKEY();
111 return crypto::ScopedEVP_PKEY(
112 EVP_PKEY_up_ref(pairs_[index].private_key.get()));
115 void OpenSSLClientKeyStore::Flush() {
116 pairs_.clear();
119 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
120 return Singleton<OpenSSLClientKeyStore>::get();
123 } // namespace net