1 /* 2 * libjingle 3 * Copyright 2004--2008, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #ifndef TALK_BASE_SSLSTREAMADAPTERHELPER_H_ 29 #define TALK_BASE_SSLSTREAMADAPTERHELPER_H_ 30 31 #include <string> 32 #include <vector> 33 34 #include "talk/base/buffer.h" 35 #include "talk/base/stream.h" 36 #include "talk/base/sslidentity.h" 37 #include "talk/base/sslstreamadapter.h" 38 39 namespace talk_base { 40 41 // SSLStreamAdapterHelper : A stream adapter which implements much 42 // of the logic that is common between the known implementations 43 // (NSS and OpenSSL) 44 class SSLStreamAdapterHelper : public SSLStreamAdapter { 45 public: 46 explicit SSLStreamAdapterHelper(StreamInterface* stream) 47 : SSLStreamAdapter(stream), 48 state_(SSL_NONE), 49 role_(SSL_CLIENT), 50 ssl_error_code_(0), // Not meaningful yet 51 ssl_mode_(SSL_MODE_TLS) {} 52 53 54 // Overrides of SSLStreamAdapter 55 virtual void SetIdentity(SSLIdentity* identity); 56 virtual void SetServerRole(SSLRole role = SSL_SERVER); 57 virtual void SetMode(SSLMode mode); 58 59 virtual int StartSSLWithServer(const char* server_name); 60 virtual int StartSSLWithPeer(); 61 62 virtual void SetPeerCertificate(SSLCertificate* cert); 63 virtual bool SetPeerCertificateDigest(const std::string& digest_alg, 64 const unsigned char* digest_val, 65 size_t digest_len); 66 virtual bool GetPeerCertificate(SSLCertificate** cert) const; 67 virtual StreamState GetState() const; 68 virtual void Close(); 69 70 protected: 71 // Internal helper methods 72 // The following method returns 0 on success and a negative 73 // error code on failure. The error code may be either -1 or 74 // from the impl on some other error cases, so it can't really be 75 // interpreted unfortunately. 76 77 // Perform SSL negotiation steps. 78 int ContinueSSL(); 79 80 // Error handler helper. signal is given as true for errors in 81 // asynchronous contexts (when an error code was not returned 82 // through some other method), and in that case an SE_CLOSE event is 83 // raised on the stream with the specified error. 84 // A 0 error means a graceful close, otherwise there is not really enough 85 // context to interpret the error code. 86 virtual void Error(const char* context, int err, bool signal); 87 88 // Must be implemented by descendents 89 virtual int BeginSSL() = 0; 90 virtual void Cleanup() = 0; 91 virtual bool GetDigestLength(const std::string &algorithm, 92 std::size_t *length) = 0; 93 94 enum SSLState { 95 // Before calling one of the StartSSL methods, data flows 96 // in clear text. 97 SSL_NONE, 98 SSL_WAIT, // waiting for the stream to open to start SSL negotiation 99 SSL_CONNECTING, // SSL negotiation in progress 100 SSL_CONNECTED, // SSL stream successfully established 101 SSL_ERROR, // some SSL error occurred, stream is closed 102 SSL_CLOSED // Clean close 103 }; 104 105 // MSG_MAX is the maximum generic stream message number. 106 enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 }; 107 108 SSLState state_; 109 SSLRole role_; 110 int ssl_error_code_; // valid when state_ == SSL_ERROR 111 112 // Our key and certificate, mostly useful in peer-to-peer mode. 113 scoped_ptr<SSLIdentity> identity_; 114 // in traditional mode, the server name that the server's certificate 115 // must specify. Empty in peer-to-peer mode. 116 std::string ssl_server_name_; 117 // In peer-to-peer mode, the certificate that the peer must 118 // present. Empty in traditional mode. 119 scoped_ptr<SSLCertificate> peer_certificate_; 120 121 // In peer-to-peer mode, the digest of the certificate that 122 // the peer must present. 123 Buffer peer_certificate_digest_value_; 124 std::string peer_certificate_digest_algorithm_; 125 126 // Do DTLS or not 127 SSLMode ssl_mode_; 128 129 private: 130 // Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT, 131 // depending on whether the underlying stream is already open or 132 // not. Returns 0 on success and a negative value on error. 133 int StartSSL(); 134 }; 135 136 } // namespace talk_base 137 138 #endif // TALK_BASE_SSLSTREAMADAPTERHELPER_H_ 139