Home | History | Annotate | Download | only in base 
      1 /*
      2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
      3  *
      4  *  Use of this source code is governed by a BSD-style license
      5  *  that can be found in the LICENSE file in the root of the source
      6  *  tree. An additional intellectual property rights grant can be found
      7  *  in the file PATENTS.  All contributing project authors may
      8  *  be found in the AUTHORS file in the root of the source tree.
      9  */
     10 
     11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
     12 #define WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
     13 
     14 #include <string>
     15 #include <vector>
     16 
     17 #include "webrtc/base/buffer.h"
     18 #include "webrtc/base/stream.h"
     19 #include "webrtc/base/sslidentity.h"
     20 #include "webrtc/base/sslstreamadapter.h"
     21 
     22 namespace rtc {
     23 
     24 // SSLStreamAdapterHelper : A stream adapter which implements much
     25 // of the logic that is common between the known implementations
     26 // (NSS and OpenSSL)
     27 class SSLStreamAdapterHelper : public SSLStreamAdapter {
     28  public:
     29   explicit SSLStreamAdapterHelper(StreamInterface* stream)
     30       : SSLStreamAdapter(stream),
     31         state_(SSL_NONE),
     32         role_(SSL_CLIENT),
     33         ssl_error_code_(0),  // Not meaningful yet
     34         ssl_mode_(SSL_MODE_TLS) {}
     35 
     36 
     37   // Overrides of SSLStreamAdapter
     38   virtual void SetIdentity(SSLIdentity* identity);
     39   virtual void SetServerRole(SSLRole role = SSL_SERVER);
     40   virtual void SetMode(SSLMode mode);
     41 
     42   virtual int StartSSLWithServer(const char* server_name);
     43   virtual int StartSSLWithPeer();
     44 
     45   virtual bool SetPeerCertificateDigest(const std::string& digest_alg,
     46                                         const unsigned char* digest_val,
     47                                         size_t digest_len);
     48   virtual bool GetPeerCertificate(SSLCertificate** cert) const;
     49   virtual StreamState GetState() const;
     50   virtual void Close();
     51 
     52  protected:
     53   // Internal helper methods
     54   // The following method returns 0 on success and a negative
     55   // error code on failure. The error code may be either -1 or
     56   // from the impl on some other error cases, so it can't really be
     57   // interpreted unfortunately.
     58 
     59   // Perform SSL negotiation steps.
     60   int ContinueSSL();
     61 
     62   // Error handler helper. signal is given as true for errors in
     63   // asynchronous contexts (when an error code was not returned
     64   // through some other method), and in that case an SE_CLOSE event is
     65   // raised on the stream with the specified error.
     66   // A 0 error means a graceful close, otherwise there is not really enough
     67   // context to interpret the error code.
     68   virtual void Error(const char* context, int err, bool signal);
     69 
     70   // Must be implemented by descendents
     71   virtual int BeginSSL() = 0;
     72   virtual void Cleanup() = 0;
     73   virtual bool GetDigestLength(const std::string& algorithm,
     74                                size_t* length) = 0;
     75 
     76   enum SSLState {
     77     // Before calling one of the StartSSL methods, data flows
     78     // in clear text.
     79     SSL_NONE,
     80     SSL_WAIT,  // waiting for the stream to open to start SSL negotiation
     81     SSL_CONNECTING,  // SSL negotiation in progress
     82     SSL_CONNECTED,  // SSL stream successfully established
     83     SSL_ERROR,  // some SSL error occurred, stream is closed
     84     SSL_CLOSED  // Clean close
     85   };
     86 
     87   // MSG_MAX is the maximum generic stream message number.
     88   enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 };
     89 
     90   SSLState state_;
     91   SSLRole role_;
     92   int ssl_error_code_;  // valid when state_ == SSL_ERROR
     93 
     94   // Our key and certificate, mostly useful in peer-to-peer mode.
     95   scoped_ptr<SSLIdentity> identity_;
     96   // in traditional mode, the server name that the server's certificate
     97   // must specify. Empty in peer-to-peer mode.
     98   std::string ssl_server_name_;
     99   // The peer's certificate. Only used for GetPeerCertificate.
    100   scoped_ptr<SSLCertificate> peer_certificate_;
    101 
    102   // The digest of the certificate that the peer must present.
    103   Buffer peer_certificate_digest_value_;
    104   std::string peer_certificate_digest_algorithm_;
    105 
    106   // Do DTLS or not
    107   SSLMode ssl_mode_;
    108 
    109  private:
    110   // Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT,
    111   // depending on whether the underlying stream is already open or
    112   // not. Returns 0 on success and a negative value on error.
    113   int StartSSL();
    114 };
    115 
    116 }  // namespace rtc
    117 
    118 #endif  // WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
    119