1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/openssl_client_key_store.h"
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/singleton.h"
13 #include "net/cert/x509_certificate.h"
19 // Return the EVP_PKEY holding the public key of a given certificate.
20 // |cert| is a certificate.
21 // Returns a scoped EVP_PKEY for it.
22 crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
23 // X509_PUBKEY_get() increments the reference count of its result.
24 // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
26 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
28 LOG(ERROR) << "Can't extract private key from certificate!";
29 return crypto::ScopedEVP_PKEY(pkey);
34 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {
37 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
40 OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,
42 : public_key(EVP_PKEY_dup(pub_key)),
43 private_key(EVP_PKEY_dup(priv_key)) {
46 OpenSSLClientKeyStore::KeyPair::~KeyPair() {
49 OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other)
50 : public_key(EVP_PKEY_dup(other.public_key.get())),
51 private_key(EVP_PKEY_dup(other.private_key.get())) {
54 void OpenSSLClientKeyStore::KeyPair::operator=(KeyPair other) {
58 void OpenSSLClientKeyStore::KeyPair::swap(KeyPair& other) {
60 swap(public_key, other.public_key);
61 swap(private_key, other.private_key);
64 int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
67 for (size_t n = 0; n < pairs_.size(); ++n) {
68 if (EVP_PKEY_cmp(pairs_[n].public_key.get(), public_key) == 1)
69 return static_cast<int>(n);
74 void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,
75 EVP_PKEY* private_key) {
76 int index = FindKeyPairIndex(pub_key);
78 pairs_.push_back(KeyPair(pub_key, private_key));
81 // Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based
83 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
84 const X509Certificate* client_cert,
85 EVP_PKEY* private_key) {
87 if (!client_cert || !private_key)
90 // Get public key from certificate.
91 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
95 AddKeyPair(pub_key.get(), private_key);
99 crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
100 const X509Certificate* client_cert) {
102 return crypto::ScopedEVP_PKEY();
104 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
106 return crypto::ScopedEVP_PKEY();
108 int index = FindKeyPairIndex(pub_key.get());
110 return crypto::ScopedEVP_PKEY();
112 return crypto::ScopedEVP_PKEY(EVP_PKEY_dup(pairs_[index].private_key.get()));
115 void OpenSSLClientKeyStore::Flush() {
119 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
120 return Singleton<OpenSSLClientKeyStore>::get();