diff options
author | Anton Gerasimov <agerasimov@twilio.com> | 2019-08-05 12:03:23 +0200 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2019-09-27 15:50:56 -0700 |
commit | c2ce8d05474c38c503b6ac57e94366421c960762 (patch) | |
tree | def403dc2cec32e1e689023669b23a37f9c03b68 /lib/_tls_common.js | |
parent | 3de5eae6dbe503485b95bdeb8bddbd67e4613d59 (diff) | |
download | android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.tar.gz android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.tar.bz2 android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.zip |
tls: add option for private keys for OpenSSL engines
Add `privateKeyIdentifier` and `privateKeyEngine` options
to get private key from an OpenSSL engine in tls.createSecureContext().
PR-URL: https://github.com/nodejs/node/pull/28973
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'lib/_tls_common.js')
-rw-r--r-- | lib/_tls_common.js | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index f24cfcbca6..6cd93036c2 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -166,6 +166,36 @@ exports.createSecureContext = function createSecureContext(options) { c.context.setSigalgs(sigalgs); } + const { privateKeyIdentifier, privateKeyEngine } = options; + if (privateKeyIdentifier !== undefined) { + if (privateKeyEngine === undefined) { + // Engine is required when privateKeyIdentifier is present + throw new ERR_INVALID_OPT_VALUE('privateKeyEngine', + privateKeyEngine); + } + if (key) { + // Both data key and engine key can't be set at the same time + throw new ERR_INVALID_OPT_VALUE('privateKeyIdentifier', + privateKeyIdentifier); + } + + if (typeof privateKeyIdentifier === 'string' && + typeof privateKeyEngine === 'string') { + if (c.context.setEngineKey) + c.context.setEngineKey(privateKeyIdentifier, privateKeyEngine); + else + throw new ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED(); + } else if (typeof privateKeyIdentifier !== 'string') { + throw new ERR_INVALID_ARG_TYPE('options.privateKeyIdentifier', + ['string', 'undefined'], + privateKeyIdentifier); + } else { + throw new ERR_INVALID_ARG_TYPE('options.privateKeyEngine', + ['string', 'undefined'], + privateKeyEngine); + } + } + if (options.ciphers && typeof options.ciphers !== 'string') { throw new ERR_INVALID_ARG_TYPE( 'options.ciphers', 'string', options.ciphers); |