Home | History | Annotate | Download | only in base 
      1 /*
      2  * libjingle
      3  * Copyright 2004--2008, Google Inc.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions are met:
      7  *
      8  *  1. Redistributions of source code must retain the above copyright notice,
      9  *     this list of conditions and the following disclaimer.
     10  *  2. Redistributions in binary form must reproduce the above copyright notice,
     11  *     this list of conditions and the following disclaimer in the documentation
     12  *     and/or other materials provided with the distribution.
     13  *  3. The name of the author may not be used to endorse or promote products
     14  *     derived from this software without specific prior written permission.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
     17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
     19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
     22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
     24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
     25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26  */
     27 
     28 #ifndef TALK_BASE_OPENSSLIDENTITY_H__
     29 #define TALK_BASE_OPENSSLIDENTITY_H__
     30 
     31 #include <openssl/evp.h>
     32 #include <openssl/x509.h>
     33 
     34 #include <string>
     35 
     36 #include "talk/base/common.h"
     37 #include "talk/base/scoped_ptr.h"
     38 #include "talk/base/sslidentity.h"
     39 
     40 typedef struct ssl_ctx_st SSL_CTX;
     41 
     42 namespace talk_base {
     43 
     44 // OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
     45 // which is reference counted inside the OpenSSL library.
     46 class OpenSSLKeyPair {
     47  public:
     48   static OpenSSLKeyPair* Generate();
     49 
     50   virtual ~OpenSSLKeyPair();
     51 
     52   virtual OpenSSLKeyPair* GetReference() {
     53     AddReference();
     54     return new OpenSSLKeyPair(pkey_);
     55   }
     56 
     57   EVP_PKEY* pkey() const { return pkey_; }
     58 
     59  private:
     60   explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
     61     ASSERT(pkey_ != NULL);
     62   }
     63   void AddReference();
     64 
     65   EVP_PKEY* pkey_;
     66 
     67   DISALLOW_EVIL_CONSTRUCTORS(OpenSSLKeyPair);
     68 };
     69 
     70 // OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
     71 // which is also reference counted inside the OpenSSL library.
     72 class OpenSSLCertificate : public SSLCertificate {
     73  public:
     74   static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
     75                                       const std::string& common_name);
     76   static OpenSSLCertificate* FromPEMString(const std::string& pem_string,
     77                                            int* pem_length);
     78 
     79   virtual ~OpenSSLCertificate();
     80 
     81   virtual OpenSSLCertificate* GetReference() {
     82     AddReference();
     83     return new OpenSSLCertificate(x509_);
     84   }
     85 
     86   X509* x509() const { return x509_; }
     87 
     88   virtual std::string ToPEMString() const;
     89 
     90  private:
     91   explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
     92     ASSERT(x509_ != NULL);
     93   }
     94   void AddReference();
     95 
     96   X509* x509_;
     97 
     98   DISALLOW_EVIL_CONSTRUCTORS(OpenSSLCertificate);
     99 };
    100 
    101 // Holds a keypair and certificate together, and a method to generate
    102 // them consistently.
    103 class OpenSSLIdentity : public SSLIdentity {
    104  public:
    105   static OpenSSLIdentity* Generate(const std::string& common_name);
    106 
    107   virtual ~OpenSSLIdentity() { }
    108 
    109   virtual OpenSSLCertificate& certificate() const {
    110     return *certificate_;
    111   }
    112 
    113   virtual OpenSSLIdentity* GetReference() {
    114     return new OpenSSLIdentity(key_pair_->GetReference(),
    115                                certificate_->GetReference());
    116   }
    117 
    118   // Configure an SSL context object to use our key and certificate.
    119   bool ConfigureIdentity(SSL_CTX* ctx);
    120 
    121  private:
    122   OpenSSLIdentity(OpenSSLKeyPair* key_pair,
    123                   OpenSSLCertificate* certificate)
    124       : key_pair_(key_pair), certificate_(certificate) {
    125     ASSERT(key_pair != NULL);
    126     ASSERT(certificate != NULL);
    127   }
    128 
    129   scoped_ptr<OpenSSLKeyPair> key_pair_;
    130   scoped_ptr<OpenSSLCertificate> certificate_;
    131 
    132   DISALLOW_EVIL_CONSTRUCTORS(OpenSSLIdentity);
    133 };
    134 
    135 }  // namespace talk_base
    136 
    137 #endif  // TALK_BASE_OPENSSLIDENTITY_H__
    138