Home | History | Annotate | Download | only in base 
      1 /*
      2  * libjingle
      3  * Copyright 2004--2008, Google Inc.
      4  *
      5  * Redistribution and use in source and binary forms, with or without
      6  * modification, are permitted provided that the following conditions are met:
      7  *
      8  *  1. Redistributions of source code must retain the above copyright notice,
      9  *     this list of conditions and the following disclaimer.
     10  *  2. Redistributions in binary form must reproduce the above copyright notice,
     11  *     this list of conditions and the following disclaimer in the documentation
     12  *     and/or other materials provided with the distribution.
     13  *  3. The name of the author may not be used to endorse or promote products
     14  *     derived from this software without specific prior written permission.
     15  *
     16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
     17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
     18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
     19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
     21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
     22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
     23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
     24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
     25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26  */
     27 
     28 #ifndef TALK_BASE_NSSIDENTITY_H_
     29 #define TALK_BASE_NSSIDENTITY_H_
     30 
     31 #include <string>
     32 
     33 #include "cert.h"
     34 #include "nspr.h"
     35 #include "hasht.h"
     36 #include "keythi.h"
     37 
     38 #include "talk/base/common.h"
     39 #include "talk/base/logging.h"
     40 #include "talk/base/scoped_ptr.h"
     41 #include "talk/base/sslidentity.h"
     42 
     43 namespace talk_base {
     44 
     45 class NSSKeyPair {
     46  public:
     47   NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
     48       privkey_(privkey), pubkey_(pubkey) {}
     49   ~NSSKeyPair();
     50 
     51   // Generate a 1024-bit RSA key pair.
     52   static NSSKeyPair* Generate();
     53   NSSKeyPair* GetReference();
     54 
     55   SECKEYPrivateKey* privkey() const { return privkey_; }
     56   SECKEYPublicKey * pubkey() const { return pubkey_; }
     57 
     58  private:
     59   SECKEYPrivateKey* privkey_;
     60   SECKEYPublicKey* pubkey_;
     61 
     62   DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
     63 };
     64 
     65 
     66 class NSSCertificate : public SSLCertificate {
     67  public:
     68   static NSSCertificate* FromPEMString(const std::string& pem_string);
     69   // The caller retains ownership of the argument to all the constructors,
     70   // and the constructor makes a copy.
     71   explicit NSSCertificate(CERTCertificate* cert);
     72   explicit NSSCertificate(CERTCertList* cert_list);
     73   virtual ~NSSCertificate() {
     74     if (certificate_)
     75       CERT_DestroyCertificate(certificate_);
     76   }
     77 
     78   virtual NSSCertificate* GetReference() const;
     79 
     80   virtual std::string ToPEMString() const;
     81 
     82   virtual void ToDER(Buffer* der_buffer) const;
     83 
     84   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
     85 
     86   virtual bool ComputeDigest(const std::string& algorithm,
     87                              unsigned char* digest, std::size_t size,
     88                              std::size_t* length) const;
     89 
     90   virtual bool GetChain(SSLCertChain** chain) const;
     91 
     92   CERTCertificate* certificate() { return certificate_; }
     93 
     94   // Helper function to get the length of a digest
     95   static bool GetDigestLength(const std::string& algorithm,
     96                               std::size_t* length);
     97 
     98   // Comparison.  Only the certificate itself is considered, not the chain.
     99   bool Equals(const NSSCertificate* tocompare) const;
    100 
    101  private:
    102   NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
    103   static bool GetDigestObject(const std::string& algorithm,
    104                               const SECHashObject** hash_object);
    105 
    106   CERTCertificate* certificate_;
    107   scoped_ptr<SSLCertChain> chain_;
    108 
    109   DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
    110 };
    111 
    112 // Represents a SSL key pair and certificate for NSS.
    113 class NSSIdentity : public SSLIdentity {
    114  public:
    115   static NSSIdentity* Generate(const std::string& common_name);
    116   static SSLIdentity* FromPEMStrings(const std::string& private_key,
    117                                      const std::string& certificate);
    118   virtual ~NSSIdentity() {
    119     LOG(LS_INFO) << "Destroying NSS identity";
    120   }
    121 
    122   virtual NSSIdentity* GetReference() const;
    123   virtual NSSCertificate& certificate() const;
    124 
    125   NSSKeyPair* keypair() const { return keypair_.get(); }
    126 
    127  private:
    128   NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
    129       keypair_(keypair), certificate_(cert) {}
    130 
    131   talk_base::scoped_ptr<NSSKeyPair> keypair_;
    132   talk_base::scoped_ptr<NSSCertificate> certificate_;
    133 
    134   DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
    135 };
    136 
    137 }  // namespace talk_base
    138 
    139 #endif  // TALK_BASE_NSSIDENTITY_H_
    140