1 /* 2 * libjingle 3 * Copyright 2004, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode. 29 30 #ifndef TALK_BASE_SSLIDENTITY_H_ 31 #define TALK_BASE_SSLIDENTITY_H_ 32 33 #include <string> 34 #include "talk/base/messagedigest.h" 35 36 namespace talk_base { 37 38 // Abstract interface overridden by SSL library specific 39 // implementations. 40 41 // A somewhat opaque type used to encapsulate a certificate. 42 // Wraps the SSL library's notion of a certificate, with reference counting. 43 // The SSLCertificate object is pretty much immutable once created. 44 // (The OpenSSL implementation only does reference counting and 45 // possibly caching of intermediate results.) 46 class SSLCertificate { 47 public: 48 // Parses and build a certificate from a PEM encoded string. 49 // Returns NULL on failure. 50 // The length of the string representation of the certificate is 51 // stored in *pem_length if it is non-NULL, and only if 52 // parsing was successful. 53 // Caller is responsible for freeing the returned object. 54 static SSLCertificate* FromPEMString(const std::string& pem_string); 55 virtual ~SSLCertificate() {} 56 57 // Returns a new SSLCertificate object instance wrapping the same 58 // underlying certificate. 59 // Caller is responsible for freeing the returned object. 60 virtual SSLCertificate* GetReference() const = 0; 61 62 // Returns a PEM encoded string representation of the certificate. 63 virtual std::string ToPEMString() const = 0; 64 65 // Compute the digest of the certificate given algorithm 66 virtual bool ComputeDigest(const std::string &algorithm, 67 unsigned char* digest, std::size_t size, 68 std::size_t* length) const = 0; 69 }; 70 71 // Our identity in an SSL negotiation: a keypair and certificate (both 72 // with the same public key). 73 // This too is pretty much immutable once created. 74 class SSLIdentity { 75 public: 76 // Generates an identity (keypair and self-signed certificate). If 77 // common_name is non-empty, it will be used for the certificate's 78 // subject and issuer name, otherwise a random string will be used. 79 // Returns NULL on failure. 80 // Caller is responsible for freeing the returned object. 81 static SSLIdentity* Generate(const std::string& common_name); 82 83 // Construct an identity from a private key and a certificate. 84 static SSLIdentity* FromPEMStrings(const std::string& private_key, 85 const std::string& certificate); 86 87 virtual ~SSLIdentity() {} 88 89 // Returns a new SSLIdentity object instance wrapping the same 90 // identity information. 91 // Caller is responsible for freeing the returned object. 92 virtual SSLIdentity* GetReference() const = 0; 93 94 // Returns a temporary reference to the certificate. 95 virtual const SSLCertificate& certificate() const = 0; 96 97 // Helpers for parsing converting between PEM and DER format. 98 static bool PemToDer(const std::string& pem_type, 99 const std::string& pem_string, 100 std::string* der); 101 static std::string DerToPem(const std::string& pem_type, 102 const unsigned char* data, 103 size_t length); 104 }; 105 106 extern const char kPemTypeCertificate[]; 107 extern const char kPemTypeRsaPrivateKey[]; 108 109 } // namespace talk_base 110 111 #endif // TALK_BASE_SSLIDENTITY_H__ 112