Home | History | Annotate | Download | only in base 
      1 /*
      2  * libjingle
      3  * Copyright 2004, Google Inc.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions are met:
      7  *
      8  *  1. Redistributions of source code must retain the above copyright notice,
      9  *     this list of conditions and the following disclaimer.
     10  *  2. Redistributions in binary form must reproduce the above copyright notice,
     11  *     this list of conditions and the following disclaimer in the documentation
     12  *     and/or other materials provided with the distribution.
     13  *  3. The name of the author may not be used to endorse or promote products
     14  *     derived from this software without specific prior written permission.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
     17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
     19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
     22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
     24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
     25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26  */
     27 
     28 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
     29 
     30 #ifndef TALK_BASE_SSLIDENTITY_H_
     31 #define TALK_BASE_SSLIDENTITY_H_
     32 
     33 #include <string>
     34 #include "talk/base/messagedigest.h"
     35 
     36 namespace talk_base {
     37 
     38 // Abstract interface overridden by SSL library specific
     39 // implementations.
     40 
     41 // A somewhat opaque type used to encapsulate a certificate.
     42 // Wraps the SSL library's notion of a certificate, with reference counting.
     43 // The SSLCertificate object is pretty much immutable once created.
     44 // (The OpenSSL implementation only does reference counting and
     45 // possibly caching of intermediate results.)
     46 class SSLCertificate {
     47  public:
     48   // Parses and build a certificate from a PEM encoded string.
     49   // Returns NULL on failure.
     50   // The length of the string representation of the certificate is
     51   // stored in *pem_length if it is non-NULL, and only if
     52   // parsing was successful.
     53   // Caller is responsible for freeing the returned object.
     54   static SSLCertificate* FromPEMString(const std::string& pem_string);
     55   virtual ~SSLCertificate() {}
     56 
     57   // Returns a new SSLCertificate object instance wrapping the same
     58   // underlying certificate.
     59   // Caller is responsible for freeing the returned object.
     60   virtual SSLCertificate* GetReference() const = 0;
     61 
     62   // Returns a PEM encoded string representation of the certificate.
     63   virtual std::string ToPEMString() const = 0;
     64 
     65   // Compute the digest of the certificate given algorithm
     66   virtual bool ComputeDigest(const std::string &algorithm,
     67                              unsigned char* digest, std::size_t size,
     68                              std::size_t* length) const = 0;
     69 };
     70 
     71 // Our identity in an SSL negotiation: a keypair and certificate (both
     72 // with the same public key).
     73 // This too is pretty much immutable once created.
     74 class SSLIdentity {
     75  public:
     76   // Generates an identity (keypair and self-signed certificate). If
     77   // common_name is non-empty, it will be used for the certificate's
     78   // subject and issuer name, otherwise a random string will be used.
     79   // Returns NULL on failure.
     80   // Caller is responsible for freeing the returned object.
     81   static SSLIdentity* Generate(const std::string& common_name);
     82 
     83   // Construct an identity from a private key and a certificate.
     84   static SSLIdentity* FromPEMStrings(const std::string& private_key,
     85                                      const std::string& certificate);
     86 
     87   virtual ~SSLIdentity() {}
     88 
     89   // Returns a new SSLIdentity object instance wrapping the same
     90   // identity information.
     91   // Caller is responsible for freeing the returned object.
     92   virtual SSLIdentity* GetReference() const = 0;
     93 
     94   // Returns a temporary reference to the certificate.
     95   virtual const SSLCertificate& certificate() const = 0;
     96 
     97   // Helpers for parsing converting between PEM and DER format.
     98   static bool PemToDer(const std::string& pem_type,
     99                        const std::string& pem_string,
    100                        std::string* der);
    101   static std::string DerToPem(const std::string& pem_type,
    102                               const unsigned char* data,
    103                               size_t length);
    104 };
    105 
    106 extern const char kPemTypeCertificate[];
    107 extern const char kPemTypeRsaPrivateKey[];
    108 
    109 }  // namespace talk_base
    110 
    111 #endif  // TALK_BASE_SSLIDENTITY_H__
    112