Home | History | Annotate | Download | only in base 
      1 /*
      2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
      3  *
      4  *  Use of this source code is governed by a BSD-style license
      5  *  that can be found in the LICENSE file in the root of the source
      6  *  tree. An additional intellectual property rights grant can be found
      7  *  in the file PATENTS.  All contributing project authors may
      8  *  be found in the AUTHORS file in the root of the source tree.
      9  */
     10 
     11 #ifndef WEBRTC_BASE_OPENSSLIDENTITY_H_
     12 #define WEBRTC_BASE_OPENSSLIDENTITY_H_
     13 
     14 #include <openssl/evp.h>
     15 #include <openssl/x509.h>
     16 
     17 #include <string>
     18 
     19 #include "webrtc/base/common.h"
     20 #include "webrtc/base/scoped_ptr.h"
     21 #include "webrtc/base/sslidentity.h"
     22 
     23 typedef struct ssl_ctx_st SSL_CTX;
     24 
     25 namespace rtc {
     26 
     27 // OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
     28 // which is reference counted inside the OpenSSL library.
     29 class OpenSSLKeyPair {
     30  public:
     31   explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
     32     ASSERT(pkey_ != NULL);
     33   }
     34 
     35   static OpenSSLKeyPair* Generate();
     36 
     37   virtual ~OpenSSLKeyPair();
     38 
     39   virtual OpenSSLKeyPair* GetReference() {
     40     AddReference();
     41     return new OpenSSLKeyPair(pkey_);
     42   }
     43 
     44   EVP_PKEY* pkey() const { return pkey_; }
     45 
     46  private:
     47   void AddReference();
     48 
     49   EVP_PKEY* pkey_;
     50 
     51   DISALLOW_EVIL_CONSTRUCTORS(OpenSSLKeyPair);
     52 };
     53 
     54 // OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
     55 // which is also reference counted inside the OpenSSL library.
     56 class OpenSSLCertificate : public SSLCertificate {
     57  public:
     58   // Caller retains ownership of the X509 object.
     59   explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
     60     AddReference();
     61   }
     62 
     63   static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
     64                                       const SSLIdentityParams& params);
     65   static OpenSSLCertificate* FromPEMString(const std::string& pem_string);
     66 
     67   virtual ~OpenSSLCertificate();
     68 
     69   virtual OpenSSLCertificate* GetReference() const {
     70     return new OpenSSLCertificate(x509_);
     71   }
     72 
     73   X509* x509() const { return x509_; }
     74 
     75   virtual std::string ToPEMString() const;
     76 
     77   virtual void ToDER(Buffer* der_buffer) const;
     78 
     79   // Compute the digest of the certificate given algorithm
     80   virtual bool ComputeDigest(const std::string& algorithm,
     81                              unsigned char* digest,
     82                              size_t size,
     83                              size_t* length) const;
     84 
     85   // Compute the digest of a certificate as an X509 *
     86   static bool ComputeDigest(const X509* x509,
     87                             const std::string& algorithm,
     88                             unsigned char* digest,
     89                             size_t size,
     90                             size_t* length);
     91 
     92   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
     93 
     94   virtual bool GetChain(SSLCertChain** chain) const {
     95     // Chains are not yet supported when using OpenSSL.
     96     // OpenSSLStreamAdapter::SSLVerifyCallback currently requires the remote
     97     // certificate to be self-signed.
     98     return false;
     99   }
    100 
    101  private:
    102   void AddReference() const;
    103 
    104   X509* x509_;
    105 
    106   DISALLOW_EVIL_CONSTRUCTORS(OpenSSLCertificate);
    107 };
    108 
    109 // Holds a keypair and certificate together, and a method to generate
    110 // them consistently.
    111 class OpenSSLIdentity : public SSLIdentity {
    112  public:
    113   static OpenSSLIdentity* Generate(const std::string& common_name);
    114   static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
    115   static SSLIdentity* FromPEMStrings(const std::string& private_key,
    116                                      const std::string& certificate);
    117   virtual ~OpenSSLIdentity() { }
    118 
    119   virtual const OpenSSLCertificate& certificate() const {
    120     return *certificate_;
    121   }
    122 
    123   virtual OpenSSLIdentity* GetReference() const {
    124     return new OpenSSLIdentity(key_pair_->GetReference(),
    125                                certificate_->GetReference());
    126   }
    127 
    128   // Configure an SSL context object to use our key and certificate.
    129   bool ConfigureIdentity(SSL_CTX* ctx);
    130 
    131  private:
    132   OpenSSLIdentity(OpenSSLKeyPair* key_pair,
    133                   OpenSSLCertificate* certificate)
    134       : key_pair_(key_pair), certificate_(certificate) {
    135     ASSERT(key_pair != NULL);
    136     ASSERT(certificate != NULL);
    137   }
    138 
    139   static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
    140 
    141   scoped_ptr<OpenSSLKeyPair> key_pair_;
    142   scoped_ptr<OpenSSLCertificate> certificate_;
    143 
    144   DISALLOW_EVIL_CONSTRUCTORS(OpenSSLIdentity);
    145 };
    146 
    147 
    148 }  // namespace rtc
    149 
    150 #endif  // WEBRTC_BASE_OPENSSLIDENTITY_H_
    151