1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef WEBRTC_BASE_NSSSTREAMADAPTER_H_ 12 #define WEBRTC_BASE_NSSSTREAMADAPTER_H_ 13 14 #include <string> 15 #include <vector> 16 17 #include "nspr.h" 18 #include "nss.h" 19 #include "secmodt.h" 20 21 #include "webrtc/base/buffer.h" 22 #include "webrtc/base/nssidentity.h" 23 #include "webrtc/base/ssladapter.h" 24 #include "webrtc/base/sslstreamadapter.h" 25 #include "webrtc/base/sslstreamadapterhelper.h" 26 27 namespace rtc { 28 29 // Singleton 30 class NSSContext { 31 public: NSSContext()32 NSSContext() {} ~NSSContext()33 ~NSSContext() { 34 } 35 GetSlot()36 static PK11SlotInfo *GetSlot() { 37 return Instance() ? Instance()->slot_: NULL; 38 } 39 40 static NSSContext *Instance(); 41 static bool InitializeSSL(VerificationCallback callback); 42 static bool InitializeSSLThread(); 43 static bool CleanupSSL(); 44 45 private: 46 PK11SlotInfo *slot_; // The PKCS-11 slot 47 static bool initialized; // Was this initialized? 48 static NSSContext *global_nss_context; // The global context 49 }; 50 51 52 class NSSStreamAdapter : public SSLStreamAdapterHelper { 53 public: 54 explicit NSSStreamAdapter(StreamInterface* stream); 55 virtual ~NSSStreamAdapter(); 56 bool Init(); 57 58 virtual StreamResult Read(void* data, size_t data_len, 59 size_t* read, int* error); 60 virtual StreamResult Write(const void* data, size_t data_len, 61 size_t* written, int* error); 62 void OnMessage(Message *msg); 63 64 // Key Extractor interface 65 virtual bool ExportKeyingMaterial(const std::string& label, 66 const uint8* context, 67 size_t context_len, 68 bool use_context, 69 uint8* result, 70 size_t result_len); 71 72 // DTLS-SRTP interface 73 virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); 74 virtual bool GetDtlsSrtpCipher(std::string* cipher); 75 76 // Capabilities interfaces 77 static bool HaveDtls(); 78 static bool HaveDtlsSrtp(); 79 static bool HaveExporter(); 80 81 protected: 82 // Override SSLStreamAdapter 83 virtual void OnEvent(StreamInterface* stream, int events, int err); 84 85 // Override SSLStreamAdapterHelper 86 virtual int BeginSSL(); 87 virtual void Cleanup(); GetDigestLength(const std::string & algorithm,size_t * length)88 virtual bool GetDigestLength(const std::string& algorithm, size_t* length) { 89 return NSSCertificate::GetDigestLength(algorithm, length); 90 } 91 92 private: 93 int ContinueSSL(); 94 static SECStatus AuthCertificateHook(void *arg, PRFileDesc *fd, 95 PRBool checksig, PRBool isServer); 96 static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd, 97 CERTDistNames *caNames, 98 CERTCertificate **pRetCert, 99 SECKEYPrivateKey **pRetKey); 100 101 PRFileDesc *ssl_fd_; // NSS's SSL file descriptor 102 static bool initialized; // Was InitializeSSL() called? 103 bool cert_ok_; // Did we get and check a cert 104 std::vector<PRUint16> srtp_ciphers_; // SRTP cipher list 105 106 static PRDescIdentity nspr_layer_identity; // The NSPR layer identity 107 }; 108 109 } // namespace rtc 110 111 #endif // WEBRTC_BASE_NSSSTREAMADAPTER_H_ 112