1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_ 12 #define WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_ 13 14 #include <string> 15 #include <vector> 16 17 #include "webrtc/base/buffer.h" 18 #include "webrtc/base/stream.h" 19 #include "webrtc/base/sslidentity.h" 20 #include "webrtc/base/sslstreamadapter.h" 21 22 namespace rtc { 23 24 // SSLStreamAdapterHelper : A stream adapter which implements much 25 // of the logic that is common between the known implementations 26 // (OpenSSL and previously NSS) 27 class SSLStreamAdapterHelper : public SSLStreamAdapter { 28 public: 29 explicit SSLStreamAdapterHelper(StreamInterface* stream); 30 ~SSLStreamAdapterHelper() override; 31 32 // Overrides of SSLStreamAdapter 33 void SetIdentity(SSLIdentity* identity) override; 34 void SetServerRole(SSLRole role = SSL_SERVER) override; 35 void SetMode(SSLMode mode) override; 36 void SetMaxProtocolVersion(SSLProtocolVersion version) override; 37 38 int StartSSLWithServer(const char* server_name) override; 39 int StartSSLWithPeer() override; 40 41 bool SetPeerCertificateDigest(const std::string& digest_alg, 42 const unsigned char* digest_val, 43 size_t digest_len) override; 44 bool GetPeerCertificate(SSLCertificate** cert) const override; 45 StreamState GetState() const override; 46 void Close() override; 47 48 protected: 49 // Internal helper methods 50 // The following method returns 0 on success and a negative 51 // error code on failure. The error code may be either -1 or 52 // from the impl on some other error cases, so it can't really be 53 // interpreted unfortunately. 54 55 // Perform SSL negotiation steps. 56 int ContinueSSL(); 57 58 // Error handler helper. signal is given as true for errors in 59 // asynchronous contexts (when an error code was not returned 60 // through some other method), and in that case an SE_CLOSE event is 61 // raised on the stream with the specified error. 62 // A 0 error means a graceful close, otherwise there is not really enough 63 // context to interpret the error code. 64 virtual void Error(const char* context, int err, bool signal); 65 66 // Must be implemented by descendents 67 virtual int BeginSSL() = 0; 68 virtual void Cleanup() = 0; 69 virtual bool GetDigestLength(const std::string& algorithm, 70 size_t* length) = 0; 71 72 enum SSLState { 73 // Before calling one of the StartSSL methods, data flows 74 // in clear text. 75 SSL_NONE, 76 SSL_WAIT, // waiting for the stream to open to start SSL negotiation 77 SSL_CONNECTING, // SSL negotiation in progress 78 SSL_CONNECTED, // SSL stream successfully established 79 SSL_ERROR, // some SSL error occurred, stream is closed 80 SSL_CLOSED // Clean close 81 }; 82 83 // MSG_MAX is the maximum generic stream message number. 84 enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 }; 85 86 SSLState state_; 87 SSLRole role_; 88 int ssl_error_code_; // valid when state_ == SSL_ERROR 89 90 // Our key and certificate, mostly useful in peer-to-peer mode. 91 scoped_ptr<SSLIdentity> identity_; 92 // in traditional mode, the server name that the server's certificate 93 // must specify. Empty in peer-to-peer mode. 94 std::string ssl_server_name_; 95 // The peer's certificate. Only used for GetPeerCertificate. 96 scoped_ptr<SSLCertificate> peer_certificate_; 97 98 // The digest of the certificate that the peer must present. 99 Buffer peer_certificate_digest_value_; 100 std::string peer_certificate_digest_algorithm_; 101 102 // Do DTLS or not 103 SSLMode ssl_mode_; 104 105 // Maximum allowed protocol version. 106 SSLProtocolVersion ssl_max_version_; 107 108 private: 109 // Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT, 110 // depending on whether the underlying stream is already open or 111 // not. Returns 0 on success and a negative value on error. 112 int StartSSL(); 113 }; 114 115 } // namespace rtc 116 117 #endif // WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_ 118