tls: add option for private keys for OpenSSL engines

Add `privateKeyIdentifier` and `privateKeyEngine` options to get private key from an OpenSSL engine in tls.createSecureContext(). PR-URL: https://github.com/nodejs/node/pull/28973 Reviewed-By: Rod Vagg <rod@vagg.org> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
author: Anton Gerasimov <agerasimov@twilio.com> 2019-08-05 12:03:23 +0200
committer: Rich Trott <rtrott@gmail.com> 2019-09-27 15:50:56 -0700
commit: c2ce8d05474c38c503b6ac57e94366421c960762 (patch)
tree: def403dc2cec32e1e689023669b23a37f9c03b68 /lib/_tls_common.js
parent: 3de5eae6dbe503485b95bdeb8bddbd67e4613d59 (diff)
download: android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.tar.gz
android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.tar.bz2
android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.zip
1 files changed, 30 insertions, 0 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index f24cfcbca6..6cd93036c2 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -166,6 +166,36 @@ exports.createSecureContext = function createSecureContext(options) {
     c.context.setSigalgs(sigalgs);
   }
 
+  const { privateKeyIdentifier, privateKeyEngine } = options;
+  if (privateKeyIdentifier !== undefined) {
+    if (privateKeyEngine === undefined) {
+      // Engine is required when privateKeyIdentifier is present
+      throw new ERR_INVALID_OPT_VALUE('privateKeyEngine',
+                                      privateKeyEngine);
+    }
+    if (key) {
+      // Both data key and engine key can't be set at the same time
+      throw new ERR_INVALID_OPT_VALUE('privateKeyIdentifier',
+                                      privateKeyIdentifier);
+    }
+
+    if (typeof privateKeyIdentifier === 'string' &&
+        typeof privateKeyEngine === 'string') {
+      if (c.context.setEngineKey)
+        c.context.setEngineKey(privateKeyIdentifier, privateKeyEngine);
+      else
+        throw new ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED();
+    } else if (typeof privateKeyIdentifier !== 'string') {
+      throw new ERR_INVALID_ARG_TYPE('options.privateKeyIdentifier',
+                                     ['string', 'undefined'],
+                                     privateKeyIdentifier);
+    } else {
+      throw new ERR_INVALID_ARG_TYPE('options.privateKeyEngine',
+                                     ['string', 'undefined'],
+                                     privateKeyEngine);
+    }
+  }
+
   if (options.ciphers && typeof options.ciphers !== 'string') {
     throw new ERR_INVALID_ARG_TYPE(
       'options.ciphers', 'string', options.ciphers);
author	Anton Gerasimov <agerasimov@twilio.com>	2019-08-05 12:03:23 +0200
committer	Rich Trott <rtrott@gmail.com>	2019-09-27 15:50:56 -0700
commit	c2ce8d05474c38c503b6ac57e94366421c960762 (patch)
tree	def403dc2cec32e1e689023669b23a37f9c03b68 /lib/_tls_common.js
parent	3de5eae6dbe503485b95bdeb8bddbd67e4613d59 (diff)
download	android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.tar.gz android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.tar.bz2 android-node-v8-c2ce8d05474c38c503b6ac57e94366421c960762.zip