1 /* 2 * libjingle 3 * Copyright 2004--2008, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode. 29 30 #ifndef TALK_BASE_SSLIDENTITY_H__ 31 #define TALK_BASE_SSLIDENTITY_H__ 32 33 #include <string> 34 35 namespace talk_base { 36 37 // Abstract interface overridden by SSL library specific 38 // implementations. 39 40 // A somewhat opaque type used to encapsulate a certificate. 41 // Wraps the SSL library's notion of a certificate, with reference counting. 42 // The SSLCertificate object is pretty much immutable once created. 43 // (The OpenSSL implementation only does reference counting and 44 // possibly caching of intermediate results.) 45 class SSLCertificate { 46 public: 47 // Parses and build a certificate from a PEM encoded string. 48 // Returns NULL on failure. 49 // The length of the string representation of the certificate is 50 // stored in *pem_length if it is non-NULL, and only if 51 // parsing was successful. 52 // Caller is responsible for freeing the returned object. 53 static SSLCertificate* FromPEMString(const std::string& pem_string, 54 int* pem_length); 55 virtual ~SSLCertificate() {} 56 57 // Returns a new SSLCertificate object instance wrapping the same 58 // underlying certificate. 59 // Caller is responsible for freeing the returned object. 60 virtual SSLCertificate* GetReference() = 0; 61 62 // Returns a PEM encoded string representation of the certificate. 63 virtual std::string ToPEMString() const = 0; 64 }; 65 66 // Our identity in an SSL negotiation: a keypair and certificate (both 67 // with the same public key). 68 // This too is pretty much immutable once created. 69 class SSLIdentity { 70 public: 71 // Generates an identity (keypair and self-signed certificate). If 72 // common_name is non-empty, it will be used for the certificate's 73 // subject and issuer name, otherwise a random string will be used. 74 // Returns NULL on failure. 75 // Caller is responsible for freeing the returned object. 76 static SSLIdentity* Generate(const std::string& common_name); 77 78 virtual ~SSLIdentity() {} 79 80 // Returns a new SSLIdentity object instance wrapping the same 81 // identity information. 82 // Caller is responsible for freeing the returned object. 83 virtual SSLIdentity* GetReference() = 0; 84 85 // Returns a temporary reference to the certificate. 86 virtual SSLCertificate& certificate() const = 0; 87 }; 88 89 } // namespace talk_base 90 91 #endif // TALK_BASE_SSLIDENTITY_H__ 92
