1 /* 2 * libjingle 3 * Copyright 2004--2008, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #ifndef TALK_BASE_NSSIDENTITY_H_ 29 #define TALK_BASE_NSSIDENTITY_H_ 30 31 #include <string> 32 33 #include "cert.h" 34 #include "nspr.h" 35 #include "hasht.h" 36 #include "keythi.h" 37 38 #include "talk/base/common.h" 39 #include "talk/base/logging.h" 40 #include "talk/base/scoped_ptr.h" 41 #include "talk/base/sslidentity.h" 42 43 namespace talk_base { 44 45 class NSSKeyPair { 46 public: 47 NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) : 48 privkey_(privkey), pubkey_(pubkey) {} 49 ~NSSKeyPair(); 50 51 // Generate a 1024-bit RSA key pair. 52 static NSSKeyPair* Generate(); 53 NSSKeyPair* GetReference(); 54 55 SECKEYPrivateKey* privkey() const { return privkey_; } 56 SECKEYPublicKey * pubkey() const { return pubkey_; } 57 58 private: 59 SECKEYPrivateKey* privkey_; 60 SECKEYPublicKey* pubkey_; 61 62 DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair); 63 }; 64 65 66 class NSSCertificate : public SSLCertificate { 67 public: 68 static NSSCertificate* FromPEMString(const std::string& pem_string); 69 // The caller retains ownership of the argument to all the constructors, 70 // and the constructor makes a copy. 71 explicit NSSCertificate(CERTCertificate* cert); 72 explicit NSSCertificate(CERTCertList* cert_list); 73 virtual ~NSSCertificate() { 74 if (certificate_) 75 CERT_DestroyCertificate(certificate_); 76 } 77 78 virtual NSSCertificate* GetReference() const; 79 80 virtual std::string ToPEMString() const; 81 82 virtual void ToDER(Buffer* der_buffer) const; 83 84 virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const; 85 86 virtual bool ComputeDigest(const std::string& algorithm, 87 unsigned char* digest, std::size_t size, 88 std::size_t* length) const; 89 90 virtual bool GetChain(SSLCertChain** chain) const; 91 92 CERTCertificate* certificate() { return certificate_; } 93 94 // Helper function to get the length of a digest 95 static bool GetDigestLength(const std::string& algorithm, 96 std::size_t* length); 97 98 // Comparison. Only the certificate itself is considered, not the chain. 99 bool Equals(const NSSCertificate* tocompare) const; 100 101 private: 102 NSSCertificate(CERTCertificate* cert, SSLCertChain* chain); 103 static bool GetDigestObject(const std::string& algorithm, 104 const SECHashObject** hash_object); 105 106 CERTCertificate* certificate_; 107 scoped_ptr<SSLCertChain> chain_; 108 109 DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate); 110 }; 111 112 // Represents a SSL key pair and certificate for NSS. 113 class NSSIdentity : public SSLIdentity { 114 public: 115 static NSSIdentity* Generate(const std::string& common_name); 116 static SSLIdentity* FromPEMStrings(const std::string& private_key, 117 const std::string& certificate); 118 virtual ~NSSIdentity() { 119 LOG(LS_INFO) << "Destroying NSS identity"; 120 } 121 122 virtual NSSIdentity* GetReference() const; 123 virtual NSSCertificate& certificate() const; 124 125 NSSKeyPair* keypair() const { return keypair_.get(); } 126 127 private: 128 NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) : 129 keypair_(keypair), certificate_(cert) {} 130 131 talk_base::scoped_ptr<NSSKeyPair> keypair_; 132 talk_base::scoped_ptr<NSSCertificate> certificate_; 133 134 DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity); 135 }; 136 137 } // namespace talk_base 138 139 #endif // TALK_BASE_NSSIDENTITY_H_ 140