Home | History | Annotate | Download | only in base 
      1 /*
      2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
      3  *
      4  *  Use of this source code is governed by a BSD-style license
      5  *  that can be found in the LICENSE file in the root of the source
      6  *  tree. An additional intellectual property rights grant can be found
      7  *  in the file PATENTS.  All contributing project authors may
      8  *  be found in the AUTHORS file in the root of the source tree.
      9  */
     10 
     11 #ifndef WEBRTC_BASE_NSSIDENTITY_H_
     12 #define WEBRTC_BASE_NSSIDENTITY_H_
     13 
     14 #include <string>
     15 
     16 #include "cert.h"
     17 #include "nspr.h"
     18 #include "hasht.h"
     19 #include "keythi.h"
     20 
     21 #include "webrtc/base/common.h"
     22 #include "webrtc/base/logging.h"
     23 #include "webrtc/base/scoped_ptr.h"
     24 #include "webrtc/base/sslidentity.h"
     25 
     26 namespace rtc {
     27 
     28 class NSSKeyPair {
     29  public:
     30   NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
     31       privkey_(privkey), pubkey_(pubkey) {}
     32   ~NSSKeyPair();
     33 
     34   // Generate a 1024-bit RSA key pair.
     35   static NSSKeyPair* Generate();
     36   NSSKeyPair* GetReference();
     37 
     38   SECKEYPrivateKey* privkey() const { return privkey_; }
     39   SECKEYPublicKey * pubkey() const { return pubkey_; }
     40 
     41  private:
     42   SECKEYPrivateKey* privkey_;
     43   SECKEYPublicKey* pubkey_;
     44 
     45   DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
     46 };
     47 
     48 
     49 class NSSCertificate : public SSLCertificate {
     50  public:
     51   static NSSCertificate* FromPEMString(const std::string& pem_string);
     52   // The caller retains ownership of the argument to all the constructors,
     53   // and the constructor makes a copy.
     54   explicit NSSCertificate(CERTCertificate* cert);
     55   explicit NSSCertificate(CERTCertList* cert_list);
     56   virtual ~NSSCertificate() {
     57     if (certificate_)
     58       CERT_DestroyCertificate(certificate_);
     59   }
     60 
     61   virtual NSSCertificate* GetReference() const;
     62 
     63   virtual std::string ToPEMString() const;
     64 
     65   virtual void ToDER(Buffer* der_buffer) const;
     66 
     67   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
     68 
     69   virtual bool ComputeDigest(const std::string& algorithm,
     70                              unsigned char* digest,
     71                              size_t size,
     72                              size_t* length) const;
     73 
     74   virtual bool GetChain(SSLCertChain** chain) const;
     75 
     76   CERTCertificate* certificate() { return certificate_; }
     77 
     78   // Performs minimal checks to determine if the list is a valid chain.  This
     79   // only checks that each certificate certifies the preceding certificate,
     80   // and ignores many other certificate features such as expiration dates.
     81   static bool IsValidChain(const CERTCertList* cert_list);
     82 
     83   // Helper function to get the length of a digest
     84   static bool GetDigestLength(const std::string& algorithm, size_t* length);
     85 
     86   // Comparison.  Only the certificate itself is considered, not the chain.
     87   bool Equals(const NSSCertificate* tocompare) const;
     88 
     89  private:
     90   NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
     91   static bool GetDigestObject(const std::string& algorithm,
     92                               const SECHashObject** hash_object);
     93 
     94   CERTCertificate* certificate_;
     95   scoped_ptr<SSLCertChain> chain_;
     96 
     97   DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
     98 };
     99 
    100 // Represents a SSL key pair and certificate for NSS.
    101 class NSSIdentity : public SSLIdentity {
    102  public:
    103   static NSSIdentity* Generate(const std::string& common_name);
    104   static NSSIdentity* GenerateForTest(const SSLIdentityParams& params);
    105   static SSLIdentity* FromPEMStrings(const std::string& private_key,
    106                                      const std::string& certificate);
    107   virtual ~NSSIdentity() {
    108     LOG(LS_INFO) << "Destroying NSS identity";
    109   }
    110 
    111   virtual NSSIdentity* GetReference() const;
    112   virtual NSSCertificate& certificate() const;
    113 
    114   NSSKeyPair* keypair() const { return keypair_.get(); }
    115 
    116  private:
    117   NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
    118       keypair_(keypair), certificate_(cert) {}
    119 
    120   static NSSIdentity* GenerateInternal(const SSLIdentityParams& params);
    121 
    122   rtc::scoped_ptr<NSSKeyPair> keypair_;
    123   rtc::scoped_ptr<NSSCertificate> certificate_;
    124 
    125   DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
    126 };
    127 
    128 }  // namespace rtc
    129 
    130 #endif  // WEBRTC_BASE_NSSIDENTITY_H_
    131