Home | History | Annotate | Download | only in base 
      1 /*
      2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
      3  *
      4  *  Use of this source code is governed by a BSD-style license
      5  *  that can be found in the LICENSE file in the root of the source
      6  *  tree. An additional intellectual property rights grant can be found
      7  *  in the file PATENTS.  All contributing project authors may
      8  *  be found in the AUTHORS file in the root of the source tree.
      9  */
     10 
     11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
     12 #define WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
     13 
     14 #include <string>
     15 #include <vector>
     16 
     17 #include "webrtc/base/buffer.h"
     18 #include "webrtc/base/stream.h"
     19 #include "webrtc/base/sslidentity.h"
     20 #include "webrtc/base/sslstreamadapter.h"
     21 
     22 namespace rtc {
     23 
     24 // SSLStreamAdapterHelper : A stream adapter which implements much
     25 // of the logic that is common between the known implementations
     26 // (OpenSSL and previously NSS)
     27 class SSLStreamAdapterHelper : public SSLStreamAdapter {
     28  public:
     29   explicit SSLStreamAdapterHelper(StreamInterface* stream);
     30   ~SSLStreamAdapterHelper() override;
     31 
     32   // Overrides of SSLStreamAdapter
     33   void SetIdentity(SSLIdentity* identity) override;
     34   void SetServerRole(SSLRole role = SSL_SERVER) override;
     35   void SetMode(SSLMode mode) override;
     36   void SetMaxProtocolVersion(SSLProtocolVersion version) override;
     37 
     38   int StartSSLWithServer(const char* server_name) override;
     39   int StartSSLWithPeer() override;
     40 
     41   bool SetPeerCertificateDigest(const std::string& digest_alg,
     42                                 const unsigned char* digest_val,
     43                                 size_t digest_len) override;
     44   bool GetPeerCertificate(SSLCertificate** cert) const override;
     45   StreamState GetState() const override;
     46   void Close() override;
     47 
     48  protected:
     49   // Internal helper methods
     50   // The following method returns 0 on success and a negative
     51   // error code on failure. The error code may be either -1 or
     52   // from the impl on some other error cases, so it can't really be
     53   // interpreted unfortunately.
     54 
     55   // Perform SSL negotiation steps.
     56   int ContinueSSL();
     57 
     58   // Error handler helper. signal is given as true for errors in
     59   // asynchronous contexts (when an error code was not returned
     60   // through some other method), and in that case an SE_CLOSE event is
     61   // raised on the stream with the specified error.
     62   // A 0 error means a graceful close, otherwise there is not really enough
     63   // context to interpret the error code.
     64   virtual void Error(const char* context, int err, bool signal);
     65 
     66   // Must be implemented by descendents
     67   virtual int BeginSSL() = 0;
     68   virtual void Cleanup() = 0;
     69   virtual bool GetDigestLength(const std::string& algorithm,
     70                                size_t* length) = 0;
     71 
     72   enum SSLState {
     73     // Before calling one of the StartSSL methods, data flows
     74     // in clear text.
     75     SSL_NONE,
     76     SSL_WAIT,  // waiting for the stream to open to start SSL negotiation
     77     SSL_CONNECTING,  // SSL negotiation in progress
     78     SSL_CONNECTED,  // SSL stream successfully established
     79     SSL_ERROR,  // some SSL error occurred, stream is closed
     80     SSL_CLOSED  // Clean close
     81   };
     82 
     83   // MSG_MAX is the maximum generic stream message number.
     84   enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 };
     85 
     86   SSLState state_;
     87   SSLRole role_;
     88   int ssl_error_code_;  // valid when state_ == SSL_ERROR
     89 
     90   // Our key and certificate, mostly useful in peer-to-peer mode.
     91   scoped_ptr<SSLIdentity> identity_;
     92   // in traditional mode, the server name that the server's certificate
     93   // must specify. Empty in peer-to-peer mode.
     94   std::string ssl_server_name_;
     95   // The peer's certificate. Only used for GetPeerCertificate.
     96   scoped_ptr<SSLCertificate> peer_certificate_;
     97 
     98   // The digest of the certificate that the peer must present.
     99   Buffer peer_certificate_digest_value_;
    100   std::string peer_certificate_digest_algorithm_;
    101 
    102   // Do DTLS or not
    103   SSLMode ssl_mode_;
    104 
    105   // Maximum allowed protocol version.
    106   SSLProtocolVersion ssl_max_version_;
    107 
    108  private:
    109   // Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT,
    110   // depending on whether the underlying stream is already open or
    111   // not. Returns 0 on success and a negative value on error.
    112   int StartSSL();
    113 };
    114 
    115 }  // namespace rtc
    116 
    117 #endif  // WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
    118