1 /* 2 * Copyright 2020 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef RTC_BASE_BORINGSSL_IDENTITY_H_ 12 #define RTC_BASE_BORINGSSL_IDENTITY_H_ 13 14 #include <openssl/ossl_typ.h> 15 16 #include <ctime> 17 #include <memory> 18 #include <string> 19 20 #include "absl/strings/string_view.h" 21 #include "rtc_base/boringssl_certificate.h" 22 #include "rtc_base/openssl_key_pair.h" 23 #include "rtc_base/ssl_certificate.h" 24 #include "rtc_base/ssl_identity.h" 25 26 namespace rtc { 27 28 // Holds a keypair and certificate together, and a method to generate them 29 // consistently. Uses CRYPTO_BUFFER instead of X509, which offers binary size 30 // and memory improvements. 31 class BoringSSLIdentity final : public SSLIdentity { 32 public: 33 static std::unique_ptr<BoringSSLIdentity> CreateWithExpiration( 34 absl::string_view common_name, 35 const KeyParams& key_params, 36 time_t certificate_lifetime); 37 static std::unique_ptr<BoringSSLIdentity> CreateForTest( 38 const SSLIdentityParams& params); 39 static std::unique_ptr<SSLIdentity> CreateFromPEMStrings( 40 absl::string_view private_key, 41 absl::string_view certificate); 42 static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings( 43 absl::string_view private_key, 44 absl::string_view certificate_chain); 45 ~BoringSSLIdentity() override; 46 47 BoringSSLIdentity(const BoringSSLIdentity&) = delete; 48 BoringSSLIdentity& operator=(const BoringSSLIdentity&) = delete; 49 50 const BoringSSLCertificate& certificate() const override; 51 const SSLCertChain& cert_chain() const override; 52 53 // Configure an SSL context object to use our key and certificate. 54 bool ConfigureIdentity(SSL_CTX* ctx); 55 56 std::string PrivateKeyToPEMString() const override; 57 std::string PublicKeyToPEMString() const override; 58 bool operator==(const BoringSSLIdentity& other) const; 59 bool operator!=(const BoringSSLIdentity& other) const; 60 61 private: 62 BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, 63 std::unique_ptr<BoringSSLCertificate> certificate); 64 BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, 65 std::unique_ptr<SSLCertChain> cert_chain); 66 std::unique_ptr<SSLIdentity> CloneInternal() const override; 67 68 static std::unique_ptr<BoringSSLIdentity> CreateInternal( 69 const SSLIdentityParams& params); 70 71 std::unique_ptr<OpenSSLKeyPair> key_pair_; 72 std::unique_ptr<SSLCertChain> cert_chain_; 73 }; 74 75 } // namespace rtc 76 77 #endif // RTC_BASE_BORINGSSL_IDENTITY_H_ 78