1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/ssl/openssl_client_key_store.h"
7 #include <openssl/evp.h>
8 #include <openssl/x509.h>
10 #include "base/memory/scoped_ptr.h"
11 #include "base/memory/singleton.h"
12 #include "net/cert/x509_certificate.h"
18 // Return the EVP_PKEY holding the public key of a given certificate.
19 // |cert| is a certificate.
20 // Returns a scoped EVP_PKEY for it.
21 crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
22 // X509_PUBKEY_get() increments the reference count of its result.
23 // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
25 X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
27 LOG(ERROR) << "Can't extract private key from certificate!";
28 return crypto::ScopedEVP_PKEY(pkey);
33 OpenSSLClientKeyStore::OpenSSLClientKeyStore() {
36 OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
39 OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,
41 : public_key(EVP_PKEY_dup(pub_key)),
42 private_key(EVP_PKEY_dup(priv_key)) {
45 OpenSSLClientKeyStore::KeyPair::~KeyPair() {
48 OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other)
49 : public_key(EVP_PKEY_dup(other.public_key.get())),
50 private_key(EVP_PKEY_dup(other.private_key.get())) {
53 void OpenSSLClientKeyStore::KeyPair::operator=(const KeyPair& other) {
54 // Use a temporary ScopedEVP_PKEY because scoped_ptr does not allow resetting
55 // to the current value, even though it's safe here.
56 crypto::ScopedEVP_PKEY public_key_tmp(EVP_PKEY_dup(other.public_key.get()));
57 crypto::ScopedEVP_PKEY private_key_tmp(EVP_PKEY_dup(other.private_key.get()));
59 public_key = public_key_tmp.Pass();
61 private_key = private_key_tmp.Pass();
64 int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
67 for (size_t n = 0; n < pairs_.size(); ++n) {
68 if (EVP_PKEY_cmp(pairs_[n].public_key.get(), public_key) == 1)
69 return static_cast<int>(n);
74 void OpenSSLClientKeyStore::AddKeyPair(EVP_PKEY* pub_key,
75 EVP_PKEY* private_key) {
76 int index = FindKeyPairIndex(pub_key);
78 pairs_.push_back(KeyPair(pub_key, private_key));
81 // Common code for OpenSSLClientKeyStore. Shared by all OpenSSL-based
83 bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
84 const X509Certificate* client_cert,
85 EVP_PKEY* private_key) {
87 if (!client_cert || !private_key)
90 // Get public key from certificate.
91 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
95 AddKeyPair(pub_key.get(), private_key);
99 crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
100 const X509Certificate* client_cert) {
102 return crypto::ScopedEVP_PKEY();
104 crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
106 return crypto::ScopedEVP_PKEY();
108 int index = FindKeyPairIndex(pub_key.get());
110 return crypto::ScopedEVP_PKEY();
112 return crypto::ScopedEVP_PKEY(EVP_PKEY_dup(pairs_[index].private_key.get()));
115 void OpenSSLClientKeyStore::Flush() {
119 OpenSSLClientKeyStore* OpenSSLClientKeyStore::GetInstance() {
120 return Singleton<OpenSSLClientKeyStore>::get();