net/ssl/openssl_client_key_store.h - chromium/src - Git at Google

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
 #define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_

 #include <map>
 #include <string>

 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/singleton.h"
 #include "net/base/net_export.h"
 #include "third_party/boringssl/src/include/openssl/base.h"

 namespace net {

 class SSLPrivateKey;
 class X509Certificate;

 // OpenSSLClientKeyStore implements an in-memory store for client
 // certificate private keys, because the platforms where OpenSSL is
 // used do not provide a way to retrieve the private key of a known
 // certificate.
 //
 // This class is not thread-safe and should only be used from the network
 // thread.
 class NET_EXPORT OpenSSLClientKeyStore {
  public:
   // Platforms must define this factory function as appropriate.
   static OpenSSLClientKeyStore* GetInstance();

   // Record the association between a certificate and its
   // private key. This method should be called _before_
   // FetchClientCertPrivateKey to ensure that the private key is returned
   // when it is called later. The association is recorded in memory
   // exclusively.
   // |cert| is a handle to a certificate object.
   // |private_key| is an SSLPrivateKey that corresponds to the certificate's
   // private key.
   // Returns false if an error occured.
   bool RecordClientCertPrivateKey(const X509Certificate* cert,
                                   scoped_refptr<SSLPrivateKey> key);

   // Given a certificate's |public_key|, return the corresponding private
   // key that has been recorded previously by RecordClientCertPrivateKey().
   // |cert| is a client certificate.
   // Returns its matching private key on success, NULL otherwise.
   scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
       const X509Certificate* cert);

   // Flush all recorded keys.
   void Flush();

  private:
   OpenSSLClientKeyStore();
   ~OpenSSLClientKeyStore();

   // Maps from the serialized SubjectPublicKeyInfo structure to the
   // corresponding private key.
   std::map<std::string, scoped_refptr<net::SSLPrivateKey>> key_map_;

   friend struct base::DefaultSingletonTraits<OpenSSLClientKeyStore>;

   DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore);
 };

 }  // namespace net

 #endif  // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
	// Copyright (c) 2013 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_
	#define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_

	#include <map>
	#include <string>

	#include "base/macros.h"
	#include "base/memory/ref_counted.h"
	#include "base/memory/singleton.h"
	#include "net/base/net_export.h"
	#include "third_party/boringssl/src/include/openssl/base.h"

	namespace net {

	class SSLPrivateKey;
	class X509Certificate;

	// OpenSSLClientKeyStore implements an in-memory store for client
	// certificate private keys, because the platforms where OpenSSL is
	// used do not provide a way to retrieve the private key of a known
	// certificate.
	//
	// This class is not thread-safe and should only be used from the network
	// thread.
	class NET_EXPORT OpenSSLClientKeyStore {
	public:
	// Platforms must define this factory function as appropriate.
	static OpenSSLClientKeyStore* GetInstance();

	// Record the association between a certificate and its
	// private key. This method should be called _before_
	// FetchClientCertPrivateKey to ensure that the private key is returned
	// when it is called later. The association is recorded in memory
	// exclusively.
	// \|cert\| is a handle to a certificate object.
	// \|private_key\| is an SSLPrivateKey that corresponds to the certificate's
	// private key.
	// Returns false if an error occured.
	bool RecordClientCertPrivateKey(const X509Certificate* cert,
	scoped_refptr<SSLPrivateKey> key);

	// Given a certificate's \|public_key\|, return the corresponding private
	// key that has been recorded previously by RecordClientCertPrivateKey().
	// \|cert\| is a client certificate.
	// Returns its matching private key on success, NULL otherwise.
	scoped_refptr<SSLPrivateKey> FetchClientCertPrivateKey(
	const X509Certificate* cert);

	// Flush all recorded keys.
	void Flush();

	private:
	OpenSSLClientKeyStore();
	~OpenSSLClientKeyStore();

	// Maps from the serialized SubjectPublicKeyInfo structure to the
	// corresponding private key.
	std::map<std::string, scoped_refptr<net::SSLPrivateKey>> key_map_;

	friend struct base::DefaultSingletonTraits<OpenSSLClientKeyStore>;

	DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore);
	};

	} // namespace net

	#endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_