1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef WEBRTC_BASE_OPENSSLIDENTITY_H_ 12 #define WEBRTC_BASE_OPENSSLIDENTITY_H_ 13 14 #include <openssl/evp.h> 15 #include <openssl/x509.h> 16 17 #include <string> 18 19 #include "webrtc/base/common.h" 20 #include "webrtc/base/scoped_ptr.h" 21 #include "webrtc/base/sslidentity.h" 22 23 typedef struct ssl_ctx_st SSL_CTX; 24 25 namespace rtc { 26 27 // OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object, 28 // which is reference counted inside the OpenSSL library. 29 class OpenSSLKeyPair { 30 public: OpenSSLKeyPair(EVP_PKEY * pkey)31 explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) { 32 ASSERT(pkey_ != NULL); 33 } 34 35 static OpenSSLKeyPair* Generate(const KeyParams& key_params); 36 37 virtual ~OpenSSLKeyPair(); 38 39 virtual OpenSSLKeyPair* GetReference(); 40 pkey()41 EVP_PKEY* pkey() const { return pkey_; } 42 43 private: 44 void AddReference(); 45 46 EVP_PKEY* pkey_; 47 48 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair); 49 }; 50 51 // OpenSSLCertificate encapsulates an OpenSSL X509* certificate object, 52 // which is also reference counted inside the OpenSSL library. 53 class OpenSSLCertificate : public SSLCertificate { 54 public: 55 // Caller retains ownership of the X509 object. OpenSSLCertificate(X509 * x509)56 explicit OpenSSLCertificate(X509* x509) : x509_(x509) { 57 AddReference(); 58 } 59 60 static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair, 61 const SSLIdentityParams& params); 62 static OpenSSLCertificate* FromPEMString(const std::string& pem_string); 63 64 ~OpenSSLCertificate() override; 65 66 OpenSSLCertificate* GetReference() const override; 67 x509()68 X509* x509() const { return x509_; } 69 70 std::string ToPEMString() const override; 71 72 void ToDER(Buffer* der_buffer) const override; 73 74 // Compute the digest of the certificate given algorithm 75 bool ComputeDigest(const std::string& algorithm, 76 unsigned char* digest, 77 size_t size, 78 size_t* length) const override; 79 80 // Compute the digest of a certificate as an X509 * 81 static bool ComputeDigest(const X509* x509, 82 const std::string& algorithm, 83 unsigned char* digest, 84 size_t size, 85 size_t* length); 86 87 bool GetSignatureDigestAlgorithm(std::string* algorithm) const override; 88 bool GetChain(SSLCertChain** chain) const override; 89 90 int64_t CertificateExpirationTime() const override; 91 92 private: 93 void AddReference() const; 94 95 X509* x509_; 96 97 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate); 98 }; 99 100 // Holds a keypair and certificate together, and a method to generate 101 // them consistently. 102 class OpenSSLIdentity : public SSLIdentity { 103 public: 104 static OpenSSLIdentity* Generate(const std::string& common_name, 105 const KeyParams& key_params); 106 static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params); 107 static SSLIdentity* FromPEMStrings(const std::string& private_key, 108 const std::string& certificate); 109 ~OpenSSLIdentity() override; 110 111 const OpenSSLCertificate& certificate() const override; 112 OpenSSLIdentity* GetReference() const override; 113 114 // Configure an SSL context object to use our key and certificate. 115 bool ConfigureIdentity(SSL_CTX* ctx); 116 117 private: 118 OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate); 119 120 static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params); 121 122 scoped_ptr<OpenSSLKeyPair> key_pair_; 123 scoped_ptr<OpenSSLCertificate> certificate_; 124 125 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity); 126 }; 127 128 129 } // namespace rtc 130 131 #endif // WEBRTC_BASE_OPENSSLIDENTITY_H_ 132