1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_ANDROID_KEYSTORE_OPENSSL_H 6#define NET_ANDROID_KEYSTORE_OPENSSL_H 7 8#include <jni.h> 9#include <openssl/evp.h> 10 11#include "crypto/scoped_openssl_types.h" 12#include "net/base/net_export.h" 13 14// OpenSSL-specific functions to use the Android platform keystore. 15// The features provided here are highly specific to OpenSSL and are 16// segregated from net/android/keystore.h because the latter only provides 17// simply JNI stubs to call Java code which only uses platform APIs. 18 19namespace net { 20namespace android { 21 22// Create a custom OpenSSL EVP_PKEY instance that wraps a platform 23// java.security.PrivateKey object, and will call the platform APIs 24// through JNI to implement signing (and only signing). 25// 26// This method can be called from any thread. It shall only be used 27// to implement client certificate handling though. 28// 29// |private_key| is a JNI local (or global) reference to the Java 30// PrivateKey object. 31// 32// Returns a new EVP_PKEY* object with the following features: 33// 34// - Only contains a private key. 35// 36// - Owns its own _global_ JNI reference to the object. This means the 37// caller can free |private_key| safely after the call, and that the 38// the returned EVP_PKEY instance can be used from any thread. 39// 40// - Uses a custom method to implement the minimum functions required to 41// *sign* the digest that is part of the "Verify Certificate" message 42// during the OpenSSL handshake. Anything else will result in undefined 43// behaviour. 44NET_EXPORT crypto::ScopedEVP_PKEY GetOpenSSLPrivateKeyWrapper( 45 jobject private_key); 46 47} // namespace android 48} // namespace net 49 50#endif // NET_ANDROID_KEYSTORE_OPENSSL_H 51