// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/keygen_handler.h"
#include "base/logging.h"
#include "crypto/crypto_module_blocking_password_delegate.h"
#include "crypto/nss_util.h"
#include "crypto/nss_util_internal.h"
#include "crypto/scoped_nss_types.h"
#include "net/third_party/mozilla_security_manager/nsKeygenHandler.h"
// PSM = Mozilla's Personal Security Manager.
namespace psm = mozilla_security_manager;
namespace net {
std::string KeygenHandler::GenKeyAndSignChallenge() {
// Ensure NSS is initialized.
crypto::EnsureNSSInit();
// TODO(mattm): allow choosing which slot to generate and store the key.
crypto::ScopedPK11Slot slot(crypto::GetPrivateNSSKeySlot());
if (!slot.get()) {
LOG(ERROR) << "Couldn't get private key slot from NSS!";
return std::string();
}
// Authenticate to the token.
if (SECSuccess != PK11_Authenticate(slot.get(), PR_TRUE,
crypto_module_password_delegate_.get())) {
LOG(ERROR) << "Couldn't authenticate to private key slot!";
return std::string();
}
return psm::GenKeyAndSignChallenge(key_size_in_bits_, challenge_, url_,
slot.get(), stores_key_);
}
void KeygenHandler::set_crypto_module_password_delegate(
crypto::CryptoModuleBlockingPasswordDelegate* delegate) {
crypto_module_password_delegate_.reset(delegate);
}
} // namespace net