1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ 6 #define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ 7 8 #include <openssl/evp.h> 9 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/singleton.h" 15 #include "crypto/openssl_util.h" 16 #include "net/base/net_export.h" 17 18 namespace net { 19 20 class X509Certificate; 21 22 // OpenSSLClientKeyStore implements an in-memory store for client 23 // certificate private keys, because the platforms where OpenSSL is 24 // used do not provide a way to retrieve the private key of a known 25 // certificate. 26 // 27 // This class is not thread-safe and should only be used from the network 28 // thread. 29 class NET_EXPORT OpenSSLClientKeyStore { 30 public: 31 // Platforms must define this factory function as appropriate. 32 static OpenSSLClientKeyStore* GetInstance(); 33 34 struct EVP_PKEY_Deleter { 35 inline void operator()(EVP_PKEY* ptr) const { 36 EVP_PKEY_free(ptr); 37 } 38 }; 39 40 typedef scoped_ptr<EVP_PKEY, EVP_PKEY_Deleter> ScopedEVP_PKEY; 41 42 // Record the association between a certificate and its 43 // private key. This method should be called _before_ 44 // FetchClientCertPrivateKey to ensure that the private key is returned 45 // when it is called later. The association is recorded in memory 46 // exclusively. 47 // |cert| is a handle to a certificate object. 48 // |private_key| is an OpenSSL EVP_PKEY that corresponds to the 49 // certificate's private key. 50 // Returns false if an error occured. 51 // This function does not take ownership of the private_key, but may 52 // increment its internal reference count. 53 NET_EXPORT bool RecordClientCertPrivateKey(const X509Certificate* cert, 54 EVP_PKEY* private_key); 55 56 // Given a certificate's |public_key|, return the corresponding private 57 // key that has been recorded previously by RecordClientCertPrivateKey(). 58 // |cert| is a client certificate. 59 // |*private_key| will be reset to its matching private key on success. 60 // Returns true on success, false otherwise. This increments the reference 61 // count of the private key on success. 62 bool FetchClientCertPrivateKey(const X509Certificate* cert, 63 ScopedEVP_PKEY* private_key); 64 65 // Flush all recorded keys. Used only during testing. 66 void Flush(); 67 68 protected: 69 OpenSSLClientKeyStore(); 70 71 ~OpenSSLClientKeyStore(); 72 73 // Adds a given public/private key pair. 74 // |pub_key| and |private_key| can point to the same object. 75 // This increments the reference count on both objects, caller 76 // must still call EVP_PKEY_free on them. 77 void AddKeyPair(EVP_PKEY* pub_key, EVP_PKEY* private_key); 78 79 private: 80 // KeyPair is an internal class used to hold a pair of private / public 81 // EVP_PKEY objects, with appropriate ownership. 82 class KeyPair { 83 public: 84 explicit KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key); 85 KeyPair(const KeyPair& other); 86 void operator=(const KeyPair& other); 87 ~KeyPair(); 88 89 EVP_PKEY* public_key; 90 EVP_PKEY* private_key; 91 92 private: 93 KeyPair(); // intentionally not implemented. 94 }; 95 96 // Returns the index of the keypair for |public_key|. or -1 if not found. 97 int FindKeyPairIndex(EVP_PKEY* public_key); 98 99 std::vector<KeyPair> pairs_; 100 101 friend struct DefaultSingletonTraits<OpenSSLClientKeyStore>; 102 103 DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore); 104 }; 105 106 } // namespace net 107 108 #endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ 109
