• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * libjingle
3  * Copyright 2004--2008, Google Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  *  1. Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *  2. Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *  3. The name of the author may not be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #ifndef TALK_BASE_SSLSTREAMADAPTER_H__
29 #define TALK_BASE_SSLSTREAMADAPTER_H__
30 
31 #include "talk/base/stream.h"
32 #include "talk/base/sslidentity.h"
33 
34 namespace talk_base {
35 
36 // SSLStreamAdapter : A StreamInterfaceAdapter that does SSL/TLS.
37 // After SSL has been started, the stream will only open on successful
38 // SSL verification of certificates, and the communication is
39 // encrypted of course.
40 //
41 // This class was written with SSLAdapter as a starting point. It
42 // offers a similar interface, with two differences: there is no
43 // support for a restartable SSL connection, and this class has a
44 // peer-to-peer mode.
45 //
46 // The SSL library requires initialization and cleanup. Static method
47 // for doing this are in SSLAdapter. They should possibly be moved out
48 // to a neutral class.
49 
50 class SSLStreamAdapter : public StreamAdapterInterface {
51  public:
52   // Instantiate an SSLStreamAdapter wrapping the given stream,
53   // (using the selected implementation for the platform).
54   // Caller is responsible for freeing the returned object.
55   static SSLStreamAdapter* Create(StreamInterface* stream);
56 
SSLStreamAdapter(StreamInterface * stream)57   explicit SSLStreamAdapter(StreamInterface* stream)
58       : StreamAdapterInterface(stream), ignore_bad_cert_(false) { }
59 
set_ignore_bad_cert(bool ignore)60   void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; }
ignore_bad_cert()61   bool ignore_bad_cert() const { return ignore_bad_cert_; }
62 
63   // Specify our SSL identity: key and certificate. Mostly this is
64   // only used in the peer-to-peer mode (unless we actually want to
65   // provide a client certificate to a server).
66   // SSLStream takes ownership of the SSLIdentity object and will
67   // free it when appropriate. Should be called no more than once on a
68   // given SSLStream instance.
69   virtual void SetIdentity(SSLIdentity* identity) = 0;
70 
71   // Call this to indicate that we are to play the server's role in
72   // the peer-to-peer mode.
73   virtual void SetServerRole() = 0;
74 
75   // The mode of operation is selected by calling either
76   // StartSSLWithServer or StartSSLWithPeer.
77   // Use of the stream prior to calling either of these functions will
78   // pass data in clear text.
79   // Calling one of these functions causes SSL negotiation to begin as
80   // soon as possible: right away if the underlying wrapped stream is
81   // already opened, or else as soon as it opens.
82   //
83   // These functions return a negative error code on failure.
84   // Returning 0 means success so far, but negotiation is probably not
85   // complete and will continue asynchronously.  In that case, the
86   // exposed stream will open after successful negotiation and
87   // verification, or an SE_CLOSE event will be raised if negotiation
88   // fails.
89 
90   // StartSSLWithServer starts SSL negotiation with a server in
91   // traditional mode. server_name specifies the expected server name
92   // which the server's certificate needs to specify.
93   virtual int StartSSLWithServer(const char* server_name) = 0;
94 
95   // StartSSLWithPeer starts negotiation in the special peer-to-peer
96   // mode.
97   // Generally, SetIdentity() and possibly SetServerRole() should have
98   // been called before this.
99   // SetPeerCertificate() must also be called. It may be called after
100   // StartSSLWithPeer() but must be called before the underlying
101   // stream opens.
102   virtual int StartSSLWithPeer() = 0;
103 
104   // Specify the certificate that our peer is expected to use in
105   // peer-to-peer mode. Only this certificate will be accepted during
106   // SSL verification. The certificate is assumed to have been
107   // obtained through some other secure channel (such as the XMPP
108   // channel). (This could also specify the certificate authority that
109   // will sign the peer's certificate.)
110   // SSLStream takes ownership of the SSLCertificate object and will
111   // free it when appropriate. Should be called no more than once on a
112   // given SSLStream instance.
113   virtual void SetPeerCertificate(SSLCertificate* cert) = 0;
114 
115   // If true, the server certificate need not match the configured
116   // server_name, and in fact missing certificate authority and other
117   // verification errors are ignored.
118   bool ignore_bad_cert_;
119 };
120 
121 }  // namespace talk_base
122 
123 #endif  // TALK_BASE_SSLSTREAMADAPTER_H__
124