1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "remoting/base/rsa_key_pair.h"
6
7 #include <limits>
8 #include <string>
9 #include <vector>
10
11 #include "base/base64.h"
12 #include "base/logging.h"
13 #include "base/rand_util.h"
14 #include "base/time/time.h"
15 #include "crypto/rsa_private_key.h"
16 #include "crypto/signature_creator.h"
17 #include "net/cert/x509_util.h"
18
19 namespace remoting {
20
RsaKeyPair(scoped_ptr<crypto::RSAPrivateKey> key)21 RsaKeyPair::RsaKeyPair(scoped_ptr<crypto::RSAPrivateKey> key)
22 : key_(key.Pass()){
23 DCHECK(key_);
24 }
25
~RsaKeyPair()26 RsaKeyPair::~RsaKeyPair() {}
27
28 //static
Generate()29 scoped_refptr<RsaKeyPair> RsaKeyPair::Generate() {
30 scoped_ptr<crypto::RSAPrivateKey> key(crypto::RSAPrivateKey::Create(2048));
31 if (!key) {
32 LOG(ERROR) << "Cannot generate private key.";
33 return NULL;
34 }
35 return new RsaKeyPair(key.Pass());
36 }
37
38 //static
FromString(const std::string & key_base64)39 scoped_refptr<RsaKeyPair> RsaKeyPair::FromString(
40 const std::string& key_base64) {
41 std::string key_str;
42 if (!base::Base64Decode(key_base64, &key_str)) {
43 LOG(ERROR) << "Failed to decode private key.";
44 return NULL;
45 }
46
47 std::vector<uint8> key_buf(key_str.begin(), key_str.end());
48 scoped_ptr<crypto::RSAPrivateKey> key(
49 crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_buf));
50 if (!key) {
51 LOG(ERROR) << "Invalid private key.";
52 return NULL;
53 }
54
55 return new RsaKeyPair(key.Pass());
56 }
57
ToString() const58 std::string RsaKeyPair::ToString() const {
59 // Check that the key initialized.
60 DCHECK(key_.get() != NULL);
61
62 std::vector<uint8> key_buf;
63 CHECK(key_->ExportPrivateKey(&key_buf));
64 std::string key_str(key_buf.begin(), key_buf.end());
65 std::string key_base64;
66 base::Base64Encode(key_str, &key_base64);
67 return key_base64;
68 }
69
GetPublicKey() const70 std::string RsaKeyPair::GetPublicKey() const {
71 std::vector<uint8> public_key;
72 CHECK(key_->ExportPublicKey(&public_key));
73 std::string public_key_str(public_key.begin(), public_key.end());
74 std::string public_key_base64;
75 base::Base64Encode(public_key_str, &public_key_base64);
76 return public_key_base64;
77 }
78
SignMessage(const std::string & message) const79 std::string RsaKeyPair::SignMessage(const std::string& message) const {
80 scoped_ptr<crypto::SignatureCreator> signature_creator(
81 crypto::SignatureCreator::Create(key_.get()));
82 signature_creator->Update(reinterpret_cast<const uint8*>(message.c_str()),
83 message.length());
84 std::vector<uint8> signature_buf;
85 signature_creator->Final(&signature_buf);
86 std::string signature_str(signature_buf.begin(), signature_buf.end());
87 std::string signature_base64;
88 base::Base64Encode(signature_str, &signature_base64);
89 return signature_base64;
90 }
91
GenerateCertificate() const92 std::string RsaKeyPair::GenerateCertificate() const {
93 std::string der_cert;
94 // Certificates are SHA1-signed because |key_| has likely been used to sign
95 // with SHA1 previously, and you should not re-use a key for signing data with
96 // multiple signature algorithms.
97 net::x509_util::CreateSelfSignedCert(
98 key_.get(),
99 net::x509_util::DIGEST_SHA1,
100 "CN=chromoting",
101 base::RandInt(1, std::numeric_limits<int>::max()),
102 base::Time::Now(),
103 base::Time::Now() + base::TimeDelta::FromDays(1),
104 &der_cert);
105 return der_cert;
106 }
107
108 } // namespace remoting
109