| // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ |
| #define NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ |
| |
| #include <openssl/evp.h> |
| |
| #include <memory> |
| #include <vector> |
| |
| #include "base/macros.h" |
| #include "base/memory/singleton.h" |
| #include "crypto/openssl_util.h" |
| #include "crypto/scoped_openssl_types.h" |
| #include "net/base/net_export.h" |
| |
| namespace net { |
| |
| class X509Certificate; |
| |
| // OpenSSLClientKeyStore implements an in-memory store for client |
| // certificate private keys, because the platforms where OpenSSL is |
| // used do not provide a way to retrieve the private key of a known |
| // certificate. |
| // |
| // This class is not thread-safe and should only be used from the network |
| // thread. |
| class NET_EXPORT OpenSSLClientKeyStore { |
| public: |
| // Platforms must define this factory function as appropriate. |
| static OpenSSLClientKeyStore* GetInstance(); |
| |
| // Record the association between a certificate and its |
| // private key. This method should be called _before_ |
| // FetchClientCertPrivateKey to ensure that the private key is returned |
| // when it is called later. The association is recorded in memory |
| // exclusively. |
| // |cert| is a handle to a certificate object. |
| // |private_key| is an OpenSSL EVP_PKEY that corresponds to the |
| // certificate's private key. |
| // Returns false if an error occured. |
| // This function does not take ownership of the private_key, but may |
| // increment its internal reference count. |
| bool RecordClientCertPrivateKey(const X509Certificate* cert, |
| EVP_PKEY* private_key); |
| |
| // Given a certificate's |public_key|, return the corresponding private |
| // key that has been recorded previously by RecordClientCertPrivateKey(). |
| // |cert| is a client certificate. |
| // Returns its matching private key on success, NULL otherwise. |
| crypto::ScopedEVP_PKEY FetchClientCertPrivateKey(const X509Certificate* cert); |
| |
| // Flush all recorded keys. |
| void Flush(); |
| |
| protected: |
| OpenSSLClientKeyStore(); |
| |
| ~OpenSSLClientKeyStore(); |
| |
| // Adds a given public/private key pair. |
| // |pub_key| and |private_key| can point to the same object. |
| // This increments the reference count on both objects, caller |
| // must still call EVP_PKEY_free on them. |
| void AddKeyPair(EVP_PKEY* pub_key, EVP_PKEY* private_key); |
| |
| private: |
| // KeyPair is an internal class used to hold a pair of private / public |
| // EVP_PKEY objects, with appropriate ownership. |
| class KeyPair { |
| public: |
| explicit KeyPair(EVP_PKEY* pub_key, EVP_PKEY* priv_key); |
| KeyPair(const KeyPair& other); |
| // Intentionally pass by value, in order to use the copy-and-swap idiom. |
| void operator=(KeyPair other); |
| void swap(KeyPair& other); |
| ~KeyPair(); |
| |
| crypto::ScopedEVP_PKEY public_key; |
| crypto::ScopedEVP_PKEY private_key; |
| |
| private: |
| KeyPair(); // intentionally not implemented. |
| }; |
| |
| // Returns the index of the keypair for |public_key|. or -1 if not found. |
| int FindKeyPairIndex(EVP_PKEY* public_key); |
| |
| std::vector<KeyPair> pairs_; |
| |
| friend struct base::DefaultSingletonTraits<OpenSSLClientKeyStore>; |
| |
| DISALLOW_COPY_AND_ASSIGN(OpenSSLClientKeyStore); |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_SSL_OPENSSL_CLIENT_KEY_STORE_H_ |