• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 // Generic interface for SSL Certificates, used in both the SSLAdapter
12 // for TLS TURN connections and the SSLStreamAdapter for DTLS Peer to Peer
13 // Connections for SRTP Key negotiation and SCTP encryption.
14 
15 #ifndef RTC_BASE_SSL_CERTIFICATE_H_
16 #define RTC_BASE_SSL_CERTIFICATE_H_
17 
18 #include <stddef.h>
19 #include <stdint.h>
20 #include <memory>
21 #include <string>
22 #include <vector>
23 
24 #include "rtc_base/buffer.h"
25 #include "rtc_base/constructor_magic.h"
26 #include "rtc_base/system/rtc_export.h"
27 
28 namespace rtc {
29 
30 struct RTC_EXPORT SSLCertificateStats {
31   SSLCertificateStats(std::string&& fingerprint,
32                       std::string&& fingerprint_algorithm,
33                       std::string&& base64_certificate,
34                       std::unique_ptr<SSLCertificateStats> issuer);
35   ~SSLCertificateStats();
36   std::string fingerprint;
37   std::string fingerprint_algorithm;
38   std::string base64_certificate;
39   std::unique_ptr<SSLCertificateStats> issuer;
40 };
41 
42 // Abstract interface overridden by SSL library specific
43 // implementations.
44 
45 // A somewhat opaque type used to encapsulate a certificate.
46 // Wraps the SSL library's notion of a certificate, with reference counting.
47 // The SSLCertificate object is pretty much immutable once created.
48 // (The OpenSSL implementation only does reference counting and
49 // possibly caching of intermediate results.)
50 class RTC_EXPORT SSLCertificate {
51  public:
52   // Parses and builds a certificate from a PEM encoded string.
53   // Returns null on failure.
54   // The length of the string representation of the certificate is
55   // stored in *pem_length if it is non-null, and only if
56   // parsing was successful.
57   static std::unique_ptr<SSLCertificate> FromPEMString(
58       const std::string& pem_string);
59   virtual ~SSLCertificate() = default;
60 
61   // Returns a new SSLCertificate object instance wrapping the same
62   // underlying certificate, including its chain if present.
63   virtual std::unique_ptr<SSLCertificate> Clone() const = 0;
64 
65   // Returns a PEM encoded string representation of the certificate.
66   virtual std::string ToPEMString() const = 0;
67 
68   // Provides a DER encoded binary representation of the certificate.
69   virtual void ToDER(Buffer* der_buffer) const = 0;
70 
71   // Gets the name of the digest algorithm that was used to compute this
72   // certificate's signature.
73   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
74 
75   // Compute the digest of the certificate given algorithm
76   virtual bool ComputeDigest(const std::string& algorithm,
77                              unsigned char* digest,
78                              size_t size,
79                              size_t* length) const = 0;
80 
81   // Returns the time in seconds relative to epoch, 1970-01-01T00:00:00Z (UTC),
82   // or -1 if an expiration time could not be retrieved.
83   virtual int64_t CertificateExpirationTime() const = 0;
84 
85   // Gets information (fingerprint, etc.) about this certificate. This is used
86   // for certificate stats, see
87   // https://w3c.github.io/webrtc-stats/#certificatestats-dict*.
88   std::unique_ptr<SSLCertificateStats> GetStats() const;
89 };
90 
91 // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
92 // primarily to ensure proper memory management (especially deletion) of the
93 // SSLCertificate pointers.
94 class RTC_EXPORT SSLCertChain final {
95  public:
96   explicit SSLCertChain(std::unique_ptr<SSLCertificate> single_cert);
97   explicit SSLCertChain(std::vector<std::unique_ptr<SSLCertificate>> certs);
98   // Allow move semantics for the object.
99   SSLCertChain(SSLCertChain&&);
100   SSLCertChain& operator=(SSLCertChain&&);
101 
102   ~SSLCertChain();
103 
104   // Vector access methods.
GetSize()105   size_t GetSize() const { return certs_.size(); }
106 
107   // Returns a temporary reference, only valid until the chain is destroyed.
Get(size_t pos)108   const SSLCertificate& Get(size_t pos) const { return *(certs_[pos]); }
109 
110   // Returns a new SSLCertChain object instance wrapping the same underlying
111   // certificate chain.
112   std::unique_ptr<SSLCertChain> Clone() const;
113 
114   // Gets information (fingerprint, etc.) about this certificate chain. This is
115   // used for certificate stats, see
116   // https://w3c.github.io/webrtc-stats/#certificatestats-dict*.
117   std::unique_ptr<SSLCertificateStats> GetStats() const;
118 
119  private:
120   std::vector<std::unique_ptr<SSLCertificate>> certs_;
121 
122   RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
123 };
124 
125 // SSLCertificateVerifier provides a simple interface to allow third parties to
126 // define their own certificate verification code. It is completely independent
127 // from the underlying SSL implementation.
128 class SSLCertificateVerifier {
129  public:
130   virtual ~SSLCertificateVerifier() = default;
131   // Returns true if the certificate is valid, else false. It is up to the
132   // implementer to define what a valid certificate looks like.
133   virtual bool Verify(const SSLCertificate& certificate) = 0;
134 };
135 
136 }  // namespace rtc
137 
138 #endif  // RTC_BASE_SSL_CERTIFICATE_H_
139