diff options
Diffstat (limited to 'chromium/net/ssl/openssl_client_key_store.h')
-rw-r--r-- | chromium/net/ssl/openssl_client_key_store.h | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/chromium/net/ssl/openssl_client_key_store.h b/chromium/net/ssl/openssl_client_key_store.h new file mode 100644 index 00000000000..6d90253ff14 --- /dev/null +++ b/chromium/net/ssl/openssl_client_key_store.h @@ -0,0 +1,108 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ +#define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ + +#include <openssl/evp.h> + +#include <vector> + +#include "base/basictypes.h" +#include "base/memory/scoped_ptr.h" +#include "base/memory/singleton.h" +#include "crypto/openssl_util.h" +#include "net/base/net_export.h" + +namespace net { + +class X509Certificate; + +// OpenSSLClientKeyStore implements an in-memory store for client +// certificate private keys, because the platforms where OpenSSL is +// used do not provide a way to retrieve the private key of a known +// certificate. +// +// This class is not thread-safe and should only be used from the network +// thread. +class NET_EXPORT OpenSSLClientKeyStore { + public: + // Platforms must define this factory function as appropriate. + static OpenSSLClientKeyStore* GetInstance(); + + struct EVP_PKEY_Deleter { + inline void operator()(EVP_PKEY* ptr) const { + EVP_PKEY_free(ptr); + } + }; + + typedef scoped_ptr<EVP_PKEY, EVP_PKEY_Deleter> ScopedEVP_PKEY; + + // Record the association between a certificate and its + // private key. This method should be called _before_ + // FetchClientCertPrivateKey to ensure that the private key is returned + // when it is called later. The association is recorded in memory + // exclusively. + // |cert| is a handle to a certificate object. + // |private_key| is an OpenSSL EVP_PKEY that corresponds to the + // certificate's private key. + // Returns false if an error occured. + // This function does not take ownership of the private_key, but may + // increment its internal reference count. + NET_EXPORT bool RecordClientCertPrivateKey(const X509Certificate* cert, + EVP_PKEY* private_key); + + // Given a certificate's |public_key|, return the corresponding private + // key that has been recorded previously by RecordClientCertPrivateKey(). + // |cert| is a client certificate. + // |*private_key| will be reset to its matching private key on success. + // Returns true on success, false otherwise. This increments the reference + // count of the private key on success. + bool FetchClientCertPrivateKey(const X509Certificate* cert, + ScopedEVP_PKEY* private_key); + + // Flush all recorded keys. Used only during testing. + void Flush(); + + protected: + OpenSSLClientKeyStore(); + + ~OpenSSLClientKeyStore(); + + // Adds a given public/private key pair. + // |pub_key| and |private_key| can point to the same object. + // This increments the reference count on both objects, caller + // must still call EVP_PKEY_free on them. + void AddKeyPair(EVP_PKEY* pub_key, EVP_PKEY* private_key); + + private: + // KeyPair is an internal class used to hold a pair of private / public + // EVP_PKEY objects, with appropriate ownership. + class KeyPair { + public: + explicit KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key); + KeyPair(const KeyPair& other); + void operator=(const KeyPair& other); + ~KeyPair(); + + EVP_PKEY* public_key; + EVP_PKEY* private_key; + + private: + KeyPair(); // intentionally not implemented. + }; + + // Returns the index of the keypair for |public_key|. or -1 if not found. + int FindKeyPairIndex(EVP_PKEY* public_key); + + std::vector<KeyPair> pairs_; + + friend struct DefaultSingletonTraits<OpenSSLClientKeyStore>; + + DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore); +}; + +} // namespace net + +#endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ |