This patch adds some Android-support code to allow the network

stack to use platform-specific private key objects to perform signing in the context of SSL handshakes which require a client certificate. More specifically: - Add net/android/keystore.h, which provides native functions to operate on JNI references pointing to java.security.PrivateKey objects provided by the platform. I.e.: net::android::GetPrivateKeyType() net::android::SignWithPrivateKey() Also provide a function that can get the system's own EVP_PKEY* handle corresponding to a given PrivateKey object. This uses reflection and should *only* be used for RSA private keys when running on Android 4.0 and 4.1, in order to route around a platform bug that was only fixed in 4.2. net::android::GetOpenSSLSytstemHandleForPrivateKey() See the comments in this source file for mode details: net/android/java/org/chromium/net/AndroidKeyStore.java - Add net/android/keystore_openssl.h, which provides a function that can wrap an existing PrivateKey JNI reference around an OpenSSL EVP_PKEY object which uses custom DSA/RSA/ECDSA methods to perform signing as expected to handle client certificates. net::android::GetOpenSSLPrivateKeyWrapper() - Add relevant unit tests for the new functions. Note that the unit test comes with its own Java helper function, which is used to create a platform PrivateKey object from encoded PKCS#8 private key data. This is called from the native unit test, but does not constitute a new Java test (AndroidKeyStoreTestUtil.java). - Add corresponding new test key files under net/data/ssl/certificates/, and their generation script in net/data/ssl/scripts/. - Add net/android/private_key_type_list.h which is used both from C++ and Java to define the list of supported private key types used by this code. - Minor improvements: Add a "release()" method to crypto::ScopedOpenSSL, add missing BASE_EXPORT to one base/android/jni_array.h function declaration. BUG=166642 Review URL: https://chromiumcodereview.appspot.com/11571059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181741 0039d316-1c4b-4281-b951-d872f2087c98
author: digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-02-11 20:13:45 +0000
committer: digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2013-02-11 20:13:45 +0000
commit: 03a07b2ea1a0cb314a7ef409d142cd0f668b2254 (patch)
tree: 87af038f051e44830d200d5ca7464b67ad3ea3b1 /net/android/keystore.cc
parent: a298f6e45114bdee170ed807033ba9fb5e00f35a (diff)
download: chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.zip
chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.tar.gz
chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.tar.bz2
1 files changed, 130 insertions, 0 deletions
diff --git a/net/android/keystore.cc b/net/android/keystore.cc
new file mode 100644
index 0000000..a3d8cc1
--- /dev/null
+++ b/net/android/keystore.cc
@@ -0,0 +1,130 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/android/keystore.h"
+
+#include <vector>
+
+#include "base/android/jni_android.h"
+#include "base/android/jni_array.h"
+#include "base/logging.h"
+
+#include "jni/AndroidKeyStore_jni.h"
+
+using base::android::AttachCurrentThread;
+using base::android::HasException;
+using base::android::JavaByteArrayToByteVector;
+using base::android::ScopedJavaLocalRef;
+using base::android::ToJavaByteArray;
+using base::android::JavaArrayOfByteArrayToStringVector;
+
+namespace net {
+namespace android {
+
+bool GetRSAKeyModulus(
+    jobject private_key_ref,
+    std::vector<uint8>* result) {
+  JNIEnv* env = AttachCurrentThread();
+
+  ScopedJavaLocalRef<jbyteArray> modulus_ref =
+      Java_AndroidKeyStore_getRSAKeyModulus(env, private_key_ref);
+  if (modulus_ref.is_null())
+    return false;
+
+  JavaByteArrayToByteVector(env, modulus_ref.obj(), result);
+  return true;
+}
+
+bool GetDSAKeyParamQ(jobject private_key_ref,
+                     std::vector<uint8>* result) {
+  JNIEnv* env = AttachCurrentThread();
+
+  ScopedJavaLocalRef<jbyteArray> q_ref =
+      Java_AndroidKeyStore_getDSAKeyParamQ(env, private_key_ref);
+  if (q_ref.is_null())
+    return false;
+
+  JavaByteArrayToByteVector(env, q_ref.obj(), result);
+  return true;
+}
+
+bool GetECKeyOrder(jobject private_key_ref,
+                   std::vector<uint8>* result) {
+  JNIEnv* env = AttachCurrentThread();
+
+  ScopedJavaLocalRef<jbyteArray> order_ref =
+      Java_AndroidKeyStore_getECKeyOrder(env, private_key_ref);
+  if (order_ref.is_null())
+    return false;
+
+  JavaByteArrayToByteVector(env, order_ref.obj(), result);
+  return true;
+}
+
+bool GetPrivateKeyEncodedBytes(jobject private_key,
+                               std::vector<uint8>* result) {
+  JNIEnv* env = AttachCurrentThread();
+
+  ScopedJavaLocalRef<jbyteArray> encoded_ref =
+      Java_AndroidKeyStore_getPrivateKeyEncodedBytes(env, private_key);
+  if (encoded_ref.is_null())
+    return false;
+
+  JavaByteArrayToByteVector(env, encoded_ref.obj(), result);
+  return true;
+}
+
+bool RawSignDigestWithPrivateKey(
+    jobject private_key_ref,
+    const base::StringPiece& digest,
+    std::vector<uint8>* signature) {
+  JNIEnv* env = AttachCurrentThread();
+
+  // Convert message to byte[] array.
+  ScopedJavaLocalRef<jbyteArray> digest_ref =
+      ToJavaByteArray(env,
+                      reinterpret_cast<const uint8*>(digest.data()),
+                      digest.length());
+  DCHECK(!digest_ref.is_null());
+
+  // Invoke platform API
+  ScopedJavaLocalRef<jbyteArray> signature_ref =
+      Java_AndroidKeyStore_rawSignDigestWithPrivateKey(
+          env, private_key_ref, digest_ref.obj());
+  if (HasException(env) || signature_ref.is_null())
+    return false;
+
+  // Write signature to string.
+  JavaByteArrayToByteVector(env, signature_ref.obj(), signature);
+  return true;
+}
+
+PrivateKeyType GetPrivateKeyType(jobject private_key) {
+  JNIEnv* env = AttachCurrentThread();
+  int type = Java_AndroidKeyStore_getPrivateKeyType(
+      env, private_key);
+  return static_cast<PrivateKeyType>(type);
+}
+
+EVP_PKEY* GetOpenSSLSystemHandleForPrivateKey(jobject private_key) {
+  JNIEnv* env = AttachCurrentThread();
+  // Note: the pointer is passed as a jint here because that's how it
+  // is stored in the Java object. Java doesn't have a primitive type
+  // like intptr_t that matches the size of pointers on the host
+  // machine, and Android only runs on 32-bit CPUs.
+  //
+  // Given that this routine shall only be called on Android < 4.2,
+  // this won't be a problem in the far future (e.g. when Android gets
+  // ported to 64-bit environments, if ever).
+  int pkey =
+      Java_AndroidKeyStore_getOpenSSLHandleForPrivateKey(env, private_key);
+  return reinterpret_cast<EVP_PKEY*>(pkey);
+}
+
+bool RegisterKeyStore(JNIEnv* env) {
+  return RegisterNativesImpl(env);
+}
+
+}  // namespace android
+}  // namespace net
author	digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-02-11 20:13:45 +0000
committer	digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2013-02-11 20:13:45 +0000
commit	03a07b2ea1a0cb314a7ef409d142cd0f668b2254 (patch)
tree	87af038f051e44830d200d5ca7464b67ad3ea3b1 /net/android/keystore.cc
parent	a298f6e45114bdee170ed807033ba9fb5e00f35a (diff)
download	chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.zip chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.tar.gz chromium_src-03a07b2ea1a0cb314a7ef409d142cd0f668b2254.tar.bz2