1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef RTC_BASE_OPENSSL_IDENTITY_H_ 12 #define RTC_BASE_OPENSSL_IDENTITY_H_ 13 14 #include <openssl/ossl_typ.h> 15 16 #include <ctime> 17 #include <memory> 18 #include <string> 19 20 #include "rtc_base/checks.h" 21 #include "rtc_base/constructor_magic.h" 22 #include "rtc_base/openssl_certificate.h" 23 #include "rtc_base/ssl_certificate.h" 24 #include "rtc_base/ssl_identity.h" 25 26 namespace rtc { 27 28 // OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object, 29 // which is reference counted inside the OpenSSL library. 30 class OpenSSLKeyPair final { 31 public: OpenSSLKeyPair(EVP_PKEY * pkey)32 explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) { 33 RTC_DCHECK(pkey_ != nullptr); 34 } 35 36 static OpenSSLKeyPair* Generate(const KeyParams& key_params); 37 // Constructs a key pair from the private key PEM string. This must not result 38 // in missing public key parameters. Returns null on error. 39 static OpenSSLKeyPair* FromPrivateKeyPEMString(const std::string& pem_string); 40 41 virtual ~OpenSSLKeyPair(); 42 43 virtual OpenSSLKeyPair* GetReference(); 44 pkey()45 EVP_PKEY* pkey() const { return pkey_; } 46 std::string PrivateKeyToPEMString() const; 47 std::string PublicKeyToPEMString() const; 48 bool operator==(const OpenSSLKeyPair& other) const; 49 bool operator!=(const OpenSSLKeyPair& other) const; 50 51 private: 52 void AddReference(); 53 54 EVP_PKEY* pkey_; 55 56 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair); 57 }; 58 59 // Holds a keypair and certificate together, and a method to generate 60 // them consistently. 61 class OpenSSLIdentity final : public SSLIdentity { 62 public: 63 static std::unique_ptr<OpenSSLIdentity> CreateWithExpiration( 64 const std::string& common_name, 65 const KeyParams& key_params, 66 time_t certificate_lifetime); 67 static std::unique_ptr<OpenSSLIdentity> CreateForTest( 68 const SSLIdentityParams& params); 69 static std::unique_ptr<SSLIdentity> CreateFromPEMStrings( 70 const std::string& private_key, 71 const std::string& certificate); 72 static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings( 73 const std::string& private_key, 74 const std::string& certificate_chain); 75 ~OpenSSLIdentity() override; 76 77 const OpenSSLCertificate& certificate() const override; 78 const SSLCertChain& cert_chain() const override; 79 80 // Configure an SSL context object to use our key and certificate. 81 bool ConfigureIdentity(SSL_CTX* ctx); 82 83 std::string PrivateKeyToPEMString() const override; 84 std::string PublicKeyToPEMString() const override; 85 bool operator==(const OpenSSLIdentity& other) const; 86 bool operator!=(const OpenSSLIdentity& other) const; 87 88 private: 89 OpenSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, 90 std::unique_ptr<OpenSSLCertificate> certificate); 91 OpenSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, 92 std::unique_ptr<SSLCertChain> cert_chain); 93 std::unique_ptr<SSLIdentity> CloneInternal() const override; 94 95 static std::unique_ptr<OpenSSLIdentity> CreateInternal( 96 const SSLIdentityParams& params); 97 98 std::unique_ptr<OpenSSLKeyPair> key_pair_; 99 std::unique_ptr<SSLCertChain> cert_chain_; 100 101 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity); 102 }; 103 104 } // namespace rtc 105 106 #endif // RTC_BASE_OPENSSL_IDENTITY_H_ 107