1 /* 2 * libjingle 3 * Copyright 2004, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode. 29 #if HAVE_CONFIG_H 30 #include "config.h" 31 #endif // HAVE_CONFIG_H 32 33 #include "talk/base/sslidentity.h" 34 35 #include <string> 36 37 #include "talk/base/base64.h" 38 #include "talk/base/logging.h" 39 #include "talk/base/sslconfig.h" 40 41 #if SSL_USE_SCHANNEL 42 43 #elif SSL_USE_OPENSSL // !SSL_USE_SCHANNEL 44 45 #include "talk/base/opensslidentity.h" 46 47 #elif SSL_USE_NSS // !SSL_USE_SCHANNEL && !SSL_USE_OPENSSL 48 49 #include "talk/base/nssidentity.h" 50 51 #endif // SSL_USE_SCHANNEL 52 53 namespace talk_base { 54 55 const char kPemTypeCertificate[] = "CERTIFICATE"; 56 const char kPemTypeRsaPrivateKey[] = "RSA PRIVATE KEY"; 57 58 bool SSLIdentity::PemToDer(const std::string& pem_type, 59 const std::string& pem_string, 60 std::string* der) { 61 // Find the inner body. We need this to fulfill the contract of 62 // returning pem_length. 63 size_t header = pem_string.find("-----BEGIN " + pem_type + "-----"); 64 if (header == std::string::npos) 65 return false; 66 67 size_t body = pem_string.find("\n", header); 68 if (body == std::string::npos) 69 return false; 70 71 size_t trailer = pem_string.find("-----END " + pem_type + "-----"); 72 if (trailer == std::string::npos) 73 return false; 74 75 std::string inner = pem_string.substr(body + 1, trailer - (body + 1)); 76 77 *der = Base64::Decode(inner, Base64::DO_PARSE_WHITE | 78 Base64::DO_PAD_ANY | 79 Base64::DO_TERM_BUFFER); 80 return true; 81 } 82 83 std::string SSLIdentity::DerToPem(const std::string& pem_type, 84 const unsigned char* data, 85 size_t length) { 86 std::stringstream result; 87 88 result << "-----BEGIN " << pem_type << "-----\n"; 89 90 std::string b64_encoded; 91 Base64::EncodeFromArray(data, length, &b64_encoded); 92 93 // Divide the Base-64 encoded data into 64-character chunks, as per 94 // 4.3.2.4 of RFC 1421. 95 static const size_t kChunkSize = 64; 96 size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize; 97 for (size_t i = 0, chunk_offset = 0; i < chunks; 98 ++i, chunk_offset += kChunkSize) { 99 result << b64_encoded.substr(chunk_offset, kChunkSize); 100 result << "\n"; 101 } 102 103 result << "-----END " << pem_type << "-----\n"; 104 105 return result.str(); 106 } 107 108 #if SSL_USE_SCHANNEL 109 110 SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) { 111 return NULL; 112 } 113 114 SSLIdentity* SSLIdentity::Generate(const std::string& common_name) { 115 return NULL; 116 } 117 118 SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key, 119 const std::string& certificate) { 120 return NULL; 121 } 122 123 #elif SSL_USE_OPENSSL // !SSL_USE_SCHANNEL 124 125 SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) { 126 return OpenSSLCertificate::FromPEMString(pem_string); 127 } 128 129 SSLIdentity* SSLIdentity::Generate(const std::string& common_name) { 130 return OpenSSLIdentity::Generate(common_name); 131 } 132 133 SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key, 134 const std::string& certificate) { 135 return OpenSSLIdentity::FromPEMStrings(private_key, certificate); 136 } 137 138 #elif SSL_USE_NSS // !SSL_USE_OPENSSL && !SSL_USE_SCHANNEL 139 140 SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) { 141 return NSSCertificate::FromPEMString(pem_string); 142 } 143 144 SSLIdentity* SSLIdentity::Generate(const std::string& common_name) { 145 return NSSIdentity::Generate(common_name); 146 } 147 148 SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key, 149 const std::string& certificate) { 150 return NSSIdentity::FromPEMStrings(private_key, certificate); 151 } 152 153 #else // !SSL_USE_OPENSSL && !SSL_USE_SCHANNEL && !SSL_USE_NSS 154 155 #error "No SSL implementation" 156 157 #endif // SSL_USE_SCHANNEL 158 159 } // namespace talk_base 160
