blob: f88ffd5fda843792027b8574ccbdfc63a325fe8f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_BASE_KEYGEN_HANDLER_H_
#define NET_BASE_KEYGEN_HANDLER_H_
#include <map>
#include <string>
#include "base/lock.h"
#include "base/singleton.h"
namespace net {
// This class handles keypair generation for generating client
// certificates via the <keygen> tag.
// <http://dev.w3.org/html5/spec/Overview.html#the-keygen-element>
// <https://developer.mozilla.org/En/HTML/HTML_Extensions/KEYGEN_Tag>
class KeygenHandler {
public:
// This class stores the relative location for a given private key. It does
// not store the private key, or a handle to the private key, on the basis
// that the key may be located on a smart card or device which may not be
// present at the time of retrieval.
class KeyLocation {
public:
#if defined(OS_WIN)
std::wstring container_name;
std::wstring provider_name;
#elif defined(OS_MACOSX)
std::string keychain_path;
#elif defined(USE_NSS)
std::string slot_name;
#endif
// Only used by unit tests.
bool Equals(const KeyLocation& location) const;
};
// This class stores information about the keys the KeygenHandler has
// generated, so that the private keys can be properly associated with any
// certificates that might be sent to the client based on those keys.
// TODO(wtc): consider adding a Remove() method.
class Cache {
public:
static Cache* GetInstance();
void Insert(const std::string& public_key_info,
const KeyLocation& location);
// True if the |public_key_info| was located and the location stored into
// |*location|.
bool Find(const std::string& public_key_info, KeyLocation* location);
private:
typedef std::map<std::string, KeyLocation> KeyLocationMap;
// Obtain an instance of the KeyCache by using GetInstance().
Cache() {}
friend struct DefaultSingletonTraits<Cache>;
Lock lock_;
// The key cache. You must obtain |lock_| before using |cache_|.
KeyLocationMap cache_;
DISALLOW_COPY_AND_ASSIGN(Cache);
};
// Creates a handler that will generate a key with the given key size
// and incorporate the |challenge| into the Netscape SPKAC structure.
inline KeygenHandler(int key_size_in_bits, const std::string& challenge);
// Actually generates the key-pair and the cert request (SPKAC), and returns
// a base64-encoded string suitable for use as the form value of <keygen>.
std::string GenKeyAndSignChallenge();
// Exposed only for unit tests.
void set_stores_key(bool store) { stores_key_ = store;}
private:
int key_size_in_bits_; // key size in bits (usually 2048)
std::string challenge_; // challenge string sent by server
bool stores_key_; // should the generated key-pair be stored persistently?
};
KeygenHandler::KeygenHandler(int key_size_in_bits,
const std::string& challenge)
: key_size_in_bits_(key_size_in_bits),
challenge_(challenge),
stores_key_(true) {
}
} // namespace net
#endif // NET_BASE_KEYGEN_HANDLER_H_
|
