net/android/keystore_openssl.h

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_ANDROID_KEYSTORE_OPENSSL_H
   6 #define NET_ANDROID_KEYSTORE_OPENSSL_H
   7
   8 #include <jni.h>
   9 #include <openssl/evp.h>
  10
  11 #include "net/base/net_export.h"
  12
  13 // OpenSSL-specific functions to use the Android platform keystore.
  14 // The features provided here are highly specific to OpenSSL and are
  15 // segregated from net/android/keystore.h because the latter only provides
  16 // simply JNI stubs to call Java code which only uses platform APIs.
  17
  18 namespace net {
  19 namespace android {
  20
  21 // Create a custom OpenSSL EVP_PKEY instance that wraps a platform
  22 // java.security.PrivateKey object, and will call the platform APIs
  23 // through JNI to implement signing (and only signing).
  24 //
  25 // This method can be called from any thread. It shall only be used
  26 // to implement client certificate handling though.
  27 //
  28 // |private_key| is a JNI local (or global) reference to the Java
  29 // PrivateKey object.
  30 //
  31 // Returns a new EVP_PKEY* object with the following features:
  32 //
  33 // - Only contains a private key.
  34 //
  35 // - Owns its own _global_ JNI reference to the object. This means the
  36 //   caller can free |private_key| safely after the call, and that the
  37 //   the returned EVP_PKEY instance can be used from any thread.
  38 //
  39 // - Uses a custom method to implement the minimum functions required to
  40 //   *sign* the digest that is part of the "Verify Certificate" message
  41 //   during the OpenSSL handshake. Anything else will result in undefined
  42 //   behaviour.
  43 NET_EXPORT EVP_PKEY* GetOpenSSLPrivateKeyWrapper(jobject private_key);
  44
  45 }  // namespace android
  46 }  // namespace net
  47
  48 #endif  // NET_ANDROID_KEYSTORE_OPENSSL_H