• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
12 
13 #ifndef WEBRTC_BASE_SSLIDENTITY_H_
14 #define WEBRTC_BASE_SSLIDENTITY_H_
15 
16 #include <algorithm>
17 #include <string>
18 #include <vector>
19 
20 #include "webrtc/base/buffer.h"
21 #include "webrtc/base/messagedigest.h"
22 
23 namespace rtc {
24 
25 // Forward declaration due to circular dependency with SSLCertificate.
26 class SSLCertChain;
27 
28 // Abstract interface overridden by SSL library specific
29 // implementations.
30 
31 // A somewhat opaque type used to encapsulate a certificate.
32 // Wraps the SSL library's notion of a certificate, with reference counting.
33 // The SSLCertificate object is pretty much immutable once created.
34 // (The OpenSSL implementation only does reference counting and
35 // possibly caching of intermediate results.)
36 class SSLCertificate {
37  public:
38   // Parses and build a certificate from a PEM encoded string.
39   // Returns NULL on failure.
40   // The length of the string representation of the certificate is
41   // stored in *pem_length if it is non-NULL, and only if
42   // parsing was successful.
43   // Caller is responsible for freeing the returned object.
44   static SSLCertificate* FromPEMString(const std::string& pem_string);
~SSLCertificate()45   virtual ~SSLCertificate() {}
46 
47   // Returns a new SSLCertificate object instance wrapping the same
48   // underlying certificate, including its chain if present.
49   // Caller is responsible for freeing the returned object.
50   virtual SSLCertificate* GetReference() const = 0;
51 
52   // Provides the cert chain, or returns false.  The caller owns the chain.
53   // The chain includes a copy of each certificate, excluding the leaf.
54   virtual bool GetChain(SSLCertChain** chain) const = 0;
55 
56   // Returns a PEM encoded string representation of the certificate.
57   virtual std::string ToPEMString() const = 0;
58 
59   // Provides a DER encoded binary representation of the certificate.
60   virtual void ToDER(Buffer* der_buffer) const = 0;
61 
62   // Gets the name of the digest algorithm that was used to compute this
63   // certificate's signature.
64   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
65 
66   // Compute the digest of the certificate given algorithm
67   virtual bool ComputeDigest(const std::string& algorithm,
68                              unsigned char* digest,
69                              size_t size,
70                              size_t* length) const = 0;
71 };
72 
73 // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
74 // primarily to ensure proper memory management (especially deletion) of the
75 // SSLCertificate pointers.
76 class SSLCertChain {
77  public:
78   // These constructors copy the provided SSLCertificate(s), so the caller
79   // retains ownership.
SSLCertChain(const std::vector<SSLCertificate * > & certs)80   explicit SSLCertChain(const std::vector<SSLCertificate*>& certs) {
81     ASSERT(!certs.empty());
82     certs_.resize(certs.size());
83     std::transform(certs.begin(), certs.end(), certs_.begin(), DupCert);
84   }
SSLCertChain(const SSLCertificate * cert)85   explicit SSLCertChain(const SSLCertificate* cert) {
86     certs_.push_back(cert->GetReference());
87   }
88 
~SSLCertChain()89   ~SSLCertChain() {
90     std::for_each(certs_.begin(), certs_.end(), DeleteCert);
91   }
92 
93   // Vector access methods.
GetSize()94   size_t GetSize() const { return certs_.size(); }
95 
96   // Returns a temporary reference, only valid until the chain is destroyed.
Get(size_t pos)97   const SSLCertificate& Get(size_t pos) const { return *(certs_[pos]); }
98 
99   // Returns a new SSLCertChain object instance wrapping the same underlying
100   // certificate chain.  Caller is responsible for freeing the returned object.
Copy()101   SSLCertChain* Copy() const {
102     return new SSLCertChain(certs_);
103   }
104 
105  private:
106   // Helper function for duplicating a vector of certificates.
DupCert(const SSLCertificate * cert)107   static SSLCertificate* DupCert(const SSLCertificate* cert) {
108     return cert->GetReference();
109   }
110 
111   // Helper function for deleting a vector of certificates.
DeleteCert(SSLCertificate * cert)112   static void DeleteCert(SSLCertificate* cert) { delete cert; }
113 
114   std::vector<SSLCertificate*> certs_;
115 
116   DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
117 };
118 
119 // Parameters for generating an identity for testing. If common_name is
120 // non-empty, it will be used for the certificate's subject and issuer name,
121 // otherwise a random string will be used. |not_before| and |not_after| are
122 // offsets to the current time in number of seconds.
123 struct SSLIdentityParams {
124   std::string common_name;
125   int not_before;  // in seconds.
126   int not_after;  // in seconds.
127 };
128 
129 // Our identity in an SSL negotiation: a keypair and certificate (both
130 // with the same public key).
131 // This too is pretty much immutable once created.
132 class SSLIdentity {
133  public:
134   // Generates an identity (keypair and self-signed certificate). If
135   // common_name is non-empty, it will be used for the certificate's
136   // subject and issuer name, otherwise a random string will be used.
137   // Returns NULL on failure.
138   // Caller is responsible for freeing the returned object.
139   static SSLIdentity* Generate(const std::string& common_name);
140 
141   // Generates an identity with the specified validity period.
142   static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);
143 
144   // Construct an identity from a private key and a certificate.
145   static SSLIdentity* FromPEMStrings(const std::string& private_key,
146                                      const std::string& certificate);
147 
~SSLIdentity()148   virtual ~SSLIdentity() {}
149 
150   // Returns a new SSLIdentity object instance wrapping the same
151   // identity information.
152   // Caller is responsible for freeing the returned object.
153   virtual SSLIdentity* GetReference() const = 0;
154 
155   // Returns a temporary reference to the certificate.
156   virtual const SSLCertificate& certificate() const = 0;
157 
158   // Helpers for parsing converting between PEM and DER format.
159   static bool PemToDer(const std::string& pem_type,
160                        const std::string& pem_string,
161                        std::string* der);
162   static std::string DerToPem(const std::string& pem_type,
163                               const unsigned char* data,
164                               size_t length);
165 };
166 
167 extern const char kPemTypeCertificate[];
168 extern const char kPemTypeRsaPrivateKey[];
169 
170 }  // namespace rtc
171 
172 #endif  // WEBRTC_BASE_SSLIDENTITY_H_
173