Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / net / ssl / openssl_client_key_store.h
blobbba19a3116949f5a75bf32f3497d32bae053a96e
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
6 #define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
8 #include <openssl/evp.h>
10 #include <vector>
12 #include "base/basictypes.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/memory/singleton.h"
15 #include "crypto/openssl_util.h"
16 #include "crypto/scoped_openssl_types.h"
17 #include "net/base/net_export.h"
19 namespace net {
21 class X509Certificate;
23 // OpenSSLClientKeyStore implements an in-memory store for client
24 // certificate private keys, because the platforms where OpenSSL is
25 // used do not provide a way to retrieve the private key of a known
26 // certificate.
28 // This class is not thread-safe and should only be used from the network
29 // thread.
30 class NET_EXPORT OpenSSLClientKeyStore {
31 public:
32 // Platforms must define this factory function as appropriate.
33 static OpenSSLClientKeyStore* GetInstance();
35 // Record the association between a certificate and its
36 // private key. This method should be called _before_
37 // FetchClientCertPrivateKey to ensure that the private key is returned
38 // when it is called later. The association is recorded in memory
39 // exclusively.
40 // |cert| is a handle to a certificate object.
41 // |private_key| is an OpenSSL EVP_PKEY that corresponds to the
42 // certificate's private key.
43 // Returns false if an error occured.
44 // This function does not take ownership of the private_key, but may
45 // increment its internal reference count.
46 bool RecordClientCertPrivateKey(const X509Certificate* cert,
47 EVP_PKEY* private_key);
49 // Given a certificate's |public_key|, return the corresponding private
50 // key that has been recorded previously by RecordClientCertPrivateKey().
51 // |cert| is a client certificate.
52 // Returns its matching private key on success, NULL otherwise.
53 crypto::ScopedEVP_PKEY FetchClientCertPrivateKey(const X509Certificate* cert);
55 // Flush all recorded keys.
56 void Flush();
58 protected:
59 OpenSSLClientKeyStore();
61 ~OpenSSLClientKeyStore();
63 // Adds a given public/private key pair.
64 // |pub_key| and |private_key| can point to the same object.
65 // This increments the reference count on both objects, caller
66 // must still call EVP_PKEY_free on them.
67 void AddKeyPair(EVP_PKEY* pub_key, EVP_PKEY* private_key);
69 private:
70 // KeyPair is an internal class used to hold a pair of private / public
71 // EVP_PKEY objects, with appropriate ownership.
72 class KeyPair {
73 public:
74 explicit KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key);
75 KeyPair(const KeyPair& other);
76 // Intentionally pass by value, in order to use the copy-and-swap idiom.
77 void operator=(KeyPair other);
78 void swap(KeyPair& other);
79 ~KeyPair();
81 crypto::ScopedEVP_PKEY public_key;
82 crypto::ScopedEVP_PKEY private_key;
84 private:
85 KeyPair(); // intentionally not implemented.
88 // Returns the index of the keypair for |public_key|. or -1 if not found.
89 int FindKeyPairIndex(EVP_PKEY* public_key);
91 std::vector<KeyPair> pairs_;
93 friend struct DefaultSingletonTraits<OpenSSLClientKeyStore>;
95 DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore);
98 } // namespace net
100 #endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_