1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "remoting/base/rsa_key_pair.h" 6 7#include <limits> 8#include <string> 9#include <vector> 10 11#include "base/base64.h" 12#include "base/logging.h" 13#include "base/rand_util.h" 14#include "base/time/time.h" 15#include "crypto/rsa_private_key.h" 16#include "crypto/signature_creator.h" 17#include "net/cert/x509_util.h" 18 19namespace remoting { 20 21RsaKeyPair::RsaKeyPair(scoped_ptr<crypto::RSAPrivateKey> key) 22 : key_(key.Pass()){ 23 DCHECK(key_); 24} 25 26RsaKeyPair::~RsaKeyPair() {} 27 28//static 29scoped_refptr<RsaKeyPair> RsaKeyPair::Generate() { 30 scoped_ptr<crypto::RSAPrivateKey> key(crypto::RSAPrivateKey::Create(2048)); 31 if (!key) { 32 LOG(ERROR) << "Cannot generate private key."; 33 return NULL; 34 } 35 return new RsaKeyPair(key.Pass()); 36} 37 38//static 39scoped_refptr<RsaKeyPair> RsaKeyPair::FromString( 40 const std::string& key_base64) { 41 std::string key_str; 42 if (!base::Base64Decode(key_base64, &key_str)) { 43 LOG(ERROR) << "Failed to decode private key."; 44 return NULL; 45 } 46 47 std::vector<uint8> key_buf(key_str.begin(), key_str.end()); 48 scoped_ptr<crypto::RSAPrivateKey> key( 49 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_buf)); 50 if (!key) { 51 LOG(ERROR) << "Invalid private key."; 52 return NULL; 53 } 54 55 return new RsaKeyPair(key.Pass()); 56} 57 58std::string RsaKeyPair::ToString() const { 59 // Check that the key initialized. 60 DCHECK(key_.get() != NULL); 61 62 std::vector<uint8> key_buf; 63 CHECK(key_->ExportPrivateKey(&key_buf)); 64 std::string key_str(key_buf.begin(), key_buf.end()); 65 std::string key_base64; 66 base::Base64Encode(key_str, &key_base64); 67 return key_base64; 68} 69 70std::string RsaKeyPair::GetPublicKey() const { 71 std::vector<uint8> public_key; 72 CHECK(key_->ExportPublicKey(&public_key)); 73 std::string public_key_str(public_key.begin(), public_key.end()); 74 std::string public_key_base64; 75 base::Base64Encode(public_key_str, &public_key_base64); 76 return public_key_base64; 77} 78 79std::string RsaKeyPair::SignMessage(const std::string& message) const { 80 scoped_ptr<crypto::SignatureCreator> signature_creator( 81 crypto::SignatureCreator::Create(key_.get(), 82 crypto::SignatureCreator::SHA1)); 83 signature_creator->Update(reinterpret_cast<const uint8*>(message.c_str()), 84 message.length()); 85 std::vector<uint8> signature_buf; 86 signature_creator->Final(&signature_buf); 87 std::string signature_str(signature_buf.begin(), signature_buf.end()); 88 std::string signature_base64; 89 base::Base64Encode(signature_str, &signature_base64); 90 return signature_base64; 91} 92 93std::string RsaKeyPair::GenerateCertificate() const { 94 std::string der_cert; 95 // Certificates are SHA1-signed because |key_| has likely been used to sign 96 // with SHA1 previously, and you should not re-use a key for signing data with 97 // multiple signature algorithms. 98 net::x509_util::CreateSelfSignedCert( 99 key_.get(), 100 net::x509_util::DIGEST_SHA1, 101 "CN=chromoting", 102 base::RandInt(1, std::numeric_limits<int>::max()), 103 base::Time::Now(), 104 base::Time::Now() + base::TimeDelta::FromDays(1), 105 &der_cert); 106 return der_cert; 107} 108 109} // namespace remoting 110