| // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_ANDROID_KEYSTORE_OPENSSL_H |
| #define NET_ANDROID_KEYSTORE_OPENSSL_H |
| |
| #include <jni.h> |
| #include <openssl/evp.h> |
| |
| #include "net/base/net_export.h" |
| |
| // OpenSSL-specific functions to use the Android platform keystore. |
| // The features provided here are highly specific to OpenSSL and are |
| // segregated from net/android/keystore.h because the latter only provides |
| // simply JNI stubs to call Java code which only uses platform APIs. |
| |
| namespace net { |
| namespace android { |
| |
| // Create a custom OpenSSL EVP_PKEY instance that wraps a platform |
| // java.security.PrivateKey object, and will call the platform APIs |
| // through JNI to implement signing (and only signing). |
| // |
| // This method can be called from any thread. It shall only be used |
| // to implement client certificate handling though. |
| // |
| // |private_key| is a JNI local (or global) reference to the Java |
| // PrivateKey object. |
| // |
| // Returns a new EVP_PKEY* object with the following features: |
| // |
| // - Only contains a private key. |
| // |
| // - Owns its own _global_ JNI reference to the object. This means the |
| // caller can free |private_key| safely after the call, and that the |
| // the returned EVP_PKEY instance can be used from any thread. |
| // |
| // - Uses a custom method to implement the minimum functions required to |
| // *sign* the digest that is part of the "Verify Certificate" message |
| // during the OpenSSL handshake. Anything else will result in undefined |
| // behaviour. |
| NET_EXPORT EVP_PKEY* GetOpenSSLPrivateKeyWrapper(jobject private_key); |
| |
| } // namespace android |
| } // namespace net |
| |
| #endif // NET_ANDROID_KEYSTORE_OPENSSL_H |