1 /* 2 * libjingle 3 * Copyright 2004--2008, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #ifndef TALK_BASE_OPENSSLIDENTITY_H_ 29 #define TALK_BASE_OPENSSLIDENTITY_H_ 30 31 #include <openssl/evp.h> 32 #include <openssl/x509.h> 33 34 #include <string> 35 36 #include "talk/base/common.h" 37 #include "talk/base/scoped_ptr.h" 38 #include "talk/base/sslidentity.h" 39 40 typedef struct ssl_ctx_st SSL_CTX; 41 42 namespace talk_base { 43 44 // OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object, 45 // which is reference counted inside the OpenSSL library. 46 class OpenSSLKeyPair { 47 public: 48 explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) { 49 ASSERT(pkey_ != NULL); 50 } 51 52 static OpenSSLKeyPair* Generate(); 53 54 virtual ~OpenSSLKeyPair(); 55 56 virtual OpenSSLKeyPair* GetReference() { 57 AddReference(); 58 return new OpenSSLKeyPair(pkey_); 59 } 60 61 EVP_PKEY* pkey() const { return pkey_; } 62 63 private: 64 void AddReference(); 65 66 EVP_PKEY* pkey_; 67 68 DISALLOW_EVIL_CONSTRUCTORS(OpenSSLKeyPair); 69 }; 70 71 // OpenSSLCertificate encapsulates an OpenSSL X509* certificate object, 72 // which is also reference counted inside the OpenSSL library. 73 class OpenSSLCertificate : public SSLCertificate { 74 public: 75 // Caller retains ownership of the X509 object. 76 explicit OpenSSLCertificate(X509* x509) : x509_(x509) { 77 AddReference(); 78 } 79 80 static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair, 81 const SSLIdentityParams& params); 82 static OpenSSLCertificate* FromPEMString(const std::string& pem_string); 83 84 virtual ~OpenSSLCertificate(); 85 86 virtual OpenSSLCertificate* GetReference() const { 87 return new OpenSSLCertificate(x509_); 88 } 89 90 X509* x509() const { return x509_; } 91 92 virtual std::string ToPEMString() const; 93 94 virtual void ToDER(Buffer* der_buffer) const; 95 96 // Compute the digest of the certificate given algorithm 97 virtual bool ComputeDigest(const std::string& algorithm, 98 unsigned char* digest, 99 size_t size, 100 size_t* length) const; 101 102 // Compute the digest of a certificate as an X509 * 103 static bool ComputeDigest(const X509* x509, 104 const std::string& algorithm, 105 unsigned char* digest, 106 size_t size, 107 size_t* length); 108 109 virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const; 110 111 virtual bool GetChain(SSLCertChain** chain) const { 112 // Chains are not yet supported when using OpenSSL. 113 // OpenSSLStreamAdapter::SSLVerifyCallback currently requires the remote 114 // certificate to be self-signed. 115 return false; 116 } 117 118 private: 119 void AddReference() const; 120 121 X509* x509_; 122 123 DISALLOW_EVIL_CONSTRUCTORS(OpenSSLCertificate); 124 }; 125 126 // Holds a keypair and certificate together, and a method to generate 127 // them consistently. 128 class OpenSSLIdentity : public SSLIdentity { 129 public: 130 static OpenSSLIdentity* Generate(const std::string& common_name); 131 static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params); 132 static SSLIdentity* FromPEMStrings(const std::string& private_key, 133 const std::string& certificate); 134 virtual ~OpenSSLIdentity() { } 135 136 virtual const OpenSSLCertificate& certificate() const { 137 return *certificate_; 138 } 139 140 virtual OpenSSLIdentity* GetReference() const { 141 return new OpenSSLIdentity(key_pair_->GetReference(), 142 certificate_->GetReference()); 143 } 144 145 // Configure an SSL context object to use our key and certificate. 146 bool ConfigureIdentity(SSL_CTX* ctx); 147 148 private: 149 OpenSSLIdentity(OpenSSLKeyPair* key_pair, 150 OpenSSLCertificate* certificate) 151 : key_pair_(key_pair), certificate_(certificate) { 152 ASSERT(key_pair != NULL); 153 ASSERT(certificate != NULL); 154 } 155 156 static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params); 157 158 scoped_ptr<OpenSSLKeyPair> key_pair_; 159 scoped_ptr<OpenSSLCertificate> certificate_; 160 161 DISALLOW_EVIL_CONSTRUCTORS(OpenSSLIdentity); 162 }; 163 164 165 } // namespace talk_base 166 167 #endif // TALK_BASE_OPENSSLIDENTITY_H_ 168
