12a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 22a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 32a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// found in the LICENSE file. 42a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 52a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef NET_ANDROID_KEYSTORE_OPENSSL_H 62a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define NET_ANDROID_KEYSTORE_OPENSSL_H 72a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 82a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include <jni.h> 92a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include <openssl/evp.h> 102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 111320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "crypto/scoped_openssl_types.h" 122a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/base/net_export.h" 132a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// OpenSSL-specific functions to use the Android platform keystore. 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// The features provided here are highly specific to OpenSSL and are 162a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// segregated from net/android/keystore.h because the latter only provides 172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// simply JNI stubs to call Java code which only uses platform APIs. 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace net { 202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)namespace android { 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Create a custom OpenSSL EVP_PKEY instance that wraps a platform 232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// java.security.PrivateKey object, and will call the platform APIs 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// through JNI to implement signing (and only signing). 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// This method can be called from any thread. It shall only be used 272a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// to implement client certificate handling though. 282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// |private_key| is a JNI local (or global) reference to the Java 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// PrivateKey object. 312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 322a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Returns a new EVP_PKEY* object with the following features: 332a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// - Only contains a private key. 352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// - Owns its own _global_ JNI reference to the object. This means the 372a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// caller can free |private_key| safely after the call, and that the 382a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// the returned EVP_PKEY instance can be used from any thread. 392a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// 402a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// - Uses a custom method to implement the minimum functions required to 412a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// *sign* the digest that is part of the "Verify Certificate" message 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// during the OpenSSL handshake. Anything else will result in undefined 432a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// behaviour. 441320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciNET_EXPORT crypto::ScopedEVP_PKEY GetOpenSSLPrivateKeyWrapper( 451320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci jobject private_key); 462a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 472a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace android 482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)} // namespace net 492a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 502a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#endif // NET_ANDROID_KEYSTORE_OPENSSL_H 51