1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_ANDROID_KEYSTORE_OPENSSL_H 6 #define NET_ANDROID_KEYSTORE_OPENSSL_H 7 8 #include <jni.h> 9 #include <openssl/evp.h> 10 11 #include "crypto/scoped_openssl_types.h" 12 #include "net/base/net_export.h" 13 14 // OpenSSL-specific functions to use the Android platform keystore. 15 // The features provided here are highly specific to OpenSSL and are 16 // segregated from net/android/keystore.h because the latter only provides 17 // simply JNI stubs to call Java code which only uses platform APIs. 18 19 namespace net { 20 namespace android { 21 22 // Create a custom OpenSSL EVP_PKEY instance that wraps a platform 23 // java.security.PrivateKey object, and will call the platform APIs 24 // through JNI to implement signing (and only signing). 25 // 26 // This method can be called from any thread. It shall only be used 27 // to implement client certificate handling though. 28 // 29 // |private_key| is a JNI local (or global) reference to the Java 30 // PrivateKey object. 31 // 32 // Returns a new EVP_PKEY* object with the following features: 33 // 34 // - Only contains a private key. 35 // 36 // - Owns its own _global_ JNI reference to the object. This means the 37 // caller can free |private_key| safely after the call, and that the 38 // the returned EVP_PKEY instance can be used from any thread. 39 // 40 // - Uses a custom method to implement the minimum functions required to 41 // *sign* the digest that is part of the "Verify Certificate" message 42 // during the OpenSSL handshake. Anything else will result in undefined 43 // behaviour. 44 NET_EXPORT crypto::ScopedEVP_PKEY GetOpenSSLPrivateKeyWrapper( 45 jobject private_key); 46 47 } // namespace android 48 } // namespace net 49 50 #endif // NET_ANDROID_KEYSTORE_OPENSSL_H 51