Note: We no longer publish the latest version of our code here. We primarily use a kumc-bmi github organization. The heron ETL repository, in particular, is not public. Peers in the informatics community should see MultiSiteDev for details on requesting access.

source: webrtc/talk/base/sslidentity.h @ 0:4bda6873e34c

pub_scrub_3792 tip
Last change on this file since 0:4bda6873e34c was 0:4bda6873e34c, checked in by Michael Prittie <mprittie@…>, 6 years ago

Scrubbed password for publication.

File size: 6.8 KB
Line 
1/*
2 * libjingle
3 * Copyright 2004, Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 *  1. Redistributions of source code must retain the above copyright notice,
9 *     this list of conditions and the following disclaimer.
10 *  2. Redistributions in binary form must reproduce the above copyright notice,
11 *     this list of conditions and the following disclaimer in the documentation
12 *     and/or other materials provided with the distribution.
13 *  3. The name of the author may not be used to endorse or promote products
14 *     derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28// Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
29
30#ifndef TALK_BASE_SSLIDENTITY_H_
31#define TALK_BASE_SSLIDENTITY_H_
32
33#include <algorithm>
34#include <string>
35#include <vector>
36
37#include "talk/base/buffer.h"
38#include "talk/base/messagedigest.h"
39
40namespace talk_base {
41
42// Forward declaration due to circular dependency with SSLCertificate.
43class SSLCertChain;
44
45// Abstract interface overridden by SSL library specific
46// implementations.
47
48// A somewhat opaque type used to encapsulate a certificate.
49// Wraps the SSL library's notion of a certificate, with reference counting.
50// The SSLCertificate object is pretty much immutable once created.
51// (The OpenSSL implementation only does reference counting and
52// possibly caching of intermediate results.)
53class SSLCertificate {
54 public:
55  // Parses and build a certificate from a PEM encoded string.
56  // Returns NULL on failure.
57  // The length of the string representation of the certificate is
58  // stored in *pem_length if it is non-NULL, and only if
59  // parsing was successful.
60  // Caller is responsible for freeing the returned object.
61  static SSLCertificate* FromPEMString(const std::string& pem_string);
62  virtual ~SSLCertificate() {}
63
64  // Returns a new SSLCertificate object instance wrapping the same
65  // underlying certificate, including its chain if present.
66  // Caller is responsible for freeing the returned object.
67  virtual SSLCertificate* GetReference() const = 0;
68
69  // Provides the cert chain, or returns false.  The caller owns the chain.
70  // The chain includes a copy of each certificate, excluding the leaf.
71  virtual bool GetChain(SSLCertChain** chain) const = 0;
72
73  // Returns a PEM encoded string representation of the certificate.
74  virtual std::string ToPEMString() const = 0;
75
76  // Provides a DER encoded binary representation of the certificate.
77  virtual void ToDER(Buffer* der_buffer) const = 0;
78
79  // Gets the name of the digest algorithm that was used to compute this
80  // certificate's signature.
81  virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
82
83  // Compute the digest of the certificate given algorithm
84  virtual bool ComputeDigest(const std::string &algorithm,
85                             unsigned char* digest, std::size_t size,
86                             std::size_t* length) const = 0;
87};
88
89// SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
90// primarily to ensure proper memory management (especially deletion) of the
91// SSLCertificate pointers.
92class SSLCertChain {
93 public:
94  // These constructors copy the provided SSLCertificate(s), so the caller
95  // retains ownership.
96  explicit SSLCertChain(const std::vector<SSLCertificate*>& certs) {
97    ASSERT(!certs.empty());
98    certs_.resize(certs.size());
99    std::transform(certs.begin(), certs.end(), certs_.begin(), DupCert);
100  }
101  explicit SSLCertChain(const SSLCertificate* cert) {
102    certs_.push_back(cert->GetReference());
103  }
104
105  ~SSLCertChain() {
106    std::for_each(certs_.begin(), certs_.end(), DeleteCert);
107  }
108
109  // Vector access methods.
110  size_t GetSize() const { return certs_.size(); }
111
112  // Returns a temporary reference, only valid until the chain is destroyed.
113  const SSLCertificate& Get(size_t pos) const { return *(certs_[pos]); }
114
115  // Returns a new SSLCertChain object instance wrapping the same underlying
116  // certificate chain.  Caller is responsible for freeing the returned object.
117  SSLCertChain* Copy() const {
118    return new SSLCertChain(certs_);
119  }
120
121 private:
122  // Helper function for duplicating a vector of certificates.
123  static SSLCertificate* DupCert(const SSLCertificate* cert) {
124    return cert->GetReference();
125  }
126
127  // Helper function for deleting a vector of certificates.
128  static void DeleteCert(SSLCertificate* cert) { delete cert; }
129
130  std::vector<SSLCertificate*> certs_;
131
132  DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
133};
134
135// Our identity in an SSL negotiation: a keypair and certificate (both
136// with the same public key).
137// This too is pretty much immutable once created.
138class SSLIdentity {
139 public:
140  // Generates an identity (keypair and self-signed certificate). If
141  // common_name is non-empty, it will be used for the certificate's
142  // subject and issuer name, otherwise a random string will be used.
143  // Returns NULL on failure.
144  // Caller is responsible for freeing the returned object.
145  static SSLIdentity* Generate(const std::string& common_name);
146
147  // Construct an identity from a private key and a certificate.
148  static SSLIdentity* FromPEMStrings(const std::string& private_key,
149                                     const std::string& certificate);
150
151  virtual ~SSLIdentity() {}
152
153  // Returns a new SSLIdentity object instance wrapping the same
154  // identity information.
155  // Caller is responsible for freeing the returned object.
156  virtual SSLIdentity* GetReference() const = 0;
157
158  // Returns a temporary reference to the certificate.
159  virtual const SSLCertificate& certificate() const = 0;
160
161  // Helpers for parsing converting between PEM and DER format.
162  static bool PemToDer(const std::string& pem_type,
163                       const std::string& pem_string,
164                       std::string* der);
165  static std::string DerToPem(const std::string& pem_type,
166                              const unsigned char* data,
167                              size_t length);
168};
169
170extern const char kPemTypeCertificate[];
171extern const char kPemTypeRsaPrivateKey[];
172
173}  // namespace talk_base
174
175#endif  // TALK_BASE_SSLIDENTITY_H_
Note: See TracBrowser for help on using the repository browser.