blob: b4376d521a66bc311e80f3c3f0a7c9d113c94a6f [file] [log] [blame]
henrike@webrtc.org0e118e72013-07-10 00:45:36 +00001/*
2 * libjingle
3 * Copyright 2004--2008, Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#ifndef TALK_BASE_NSSIDENTITY_H_
29#define TALK_BASE_NSSIDENTITY_H_
30
31#include <string>
32
33#include "cert.h"
34#include "nspr.h"
35#include "hasht.h"
36#include "keythi.h"
37
38#include "talk/base/common.h"
39#include "talk/base/logging.h"
40#include "talk/base/scoped_ptr.h"
41#include "talk/base/sslidentity.h"
42
43namespace talk_base {
44
45class NSSKeyPair {
46 public:
47 NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
48 privkey_(privkey), pubkey_(pubkey) {}
49 ~NSSKeyPair();
50
51 // Generate a 1024-bit RSA key pair.
52 static NSSKeyPair* Generate();
53 NSSKeyPair* GetReference();
54
55 SECKEYPrivateKey* privkey() const { return privkey_; }
56 SECKEYPublicKey * pubkey() const { return pubkey_; }
57
58 private:
59 SECKEYPrivateKey* privkey_;
60 SECKEYPublicKey* pubkey_;
61
62 DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
63};
64
65
66class NSSCertificate : public SSLCertificate {
67 public:
68 static NSSCertificate* FromPEMString(const std::string& pem_string);
wu@webrtc.org62fe97f2013-10-09 15:37:36 +000069 // The caller retains ownership of the argument to all the constructors,
70 // and the constructor makes a copy.
71 explicit NSSCertificate(CERTCertificate* cert);
72 explicit NSSCertificate(CERTCertList* cert_list);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +000073 virtual ~NSSCertificate() {
74 if (certificate_)
75 CERT_DestroyCertificate(certificate_);
76 }
77
78 virtual NSSCertificate* GetReference() const;
79
80 virtual std::string ToPEMString() const;
81
wu@webrtc.org62fe97f2013-10-09 15:37:36 +000082 virtual void ToDER(Buffer* der_buffer) const;
83
mallinath@webrtc.org8841d7b2013-10-13 17:18:27 +000084 virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
85
henrike@webrtc.org0e118e72013-07-10 00:45:36 +000086 virtual bool ComputeDigest(const std::string& algorithm,
pbos@webrtc.orgb9518272014-03-07 15:22:04 +000087 unsigned char* digest,
88 size_t size,
89 size_t* length) const;
henrike@webrtc.org0e118e72013-07-10 00:45:36 +000090
wu@webrtc.org62fe97f2013-10-09 15:37:36 +000091 virtual bool GetChain(SSLCertChain** chain) const;
92
henrike@webrtc.org0e118e72013-07-10 00:45:36 +000093 CERTCertificate* certificate() { return certificate_; }
94
wu@webrtc.org2a81a382014-01-03 22:08:47 +000095 // Performs minimal checks to determine if the list is a valid chain. This
96 // only checks that each certificate certifies the preceding certificate,
97 // and ignores many other certificate features such as expiration dates.
98 static bool IsValidChain(const CERTCertList* cert_list);
99
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000100 // Helper function to get the length of a digest
pbos@webrtc.orgb9518272014-03-07 15:22:04 +0000101 static bool GetDigestLength(const std::string& algorithm, size_t* length);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000102
wu@webrtc.org62fe97f2013-10-09 15:37:36 +0000103 // Comparison. Only the certificate itself is considered, not the chain.
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000104 bool Equals(const NSSCertificate* tocompare) const;
105
106 private:
wu@webrtc.org62fe97f2013-10-09 15:37:36 +0000107 NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000108 static bool GetDigestObject(const std::string& algorithm,
109 const SECHashObject** hash_object);
110
111 CERTCertificate* certificate_;
wu@webrtc.org62fe97f2013-10-09 15:37:36 +0000112 scoped_ptr<SSLCertChain> chain_;
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000113
114 DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
115};
116
117// Represents a SSL key pair and certificate for NSS.
118class NSSIdentity : public SSLIdentity {
119 public:
120 static NSSIdentity* Generate(const std::string& common_name);
wu@webrtc.org2a81a382014-01-03 22:08:47 +0000121 static NSSIdentity* GenerateForTest(const SSLIdentityParams& params);
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000122 static SSLIdentity* FromPEMStrings(const std::string& private_key,
123 const std::string& certificate);
124 virtual ~NSSIdentity() {
125 LOG(LS_INFO) << "Destroying NSS identity";
126 }
127
128 virtual NSSIdentity* GetReference() const;
129 virtual NSSCertificate& certificate() const;
130
131 NSSKeyPair* keypair() const { return keypair_.get(); }
132
133 private:
134 NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
135 keypair_(keypair), certificate_(cert) {}
136
wu@webrtc.org2a81a382014-01-03 22:08:47 +0000137 static NSSIdentity* GenerateInternal(const SSLIdentityParams& params);
138
henrike@webrtc.org0e118e72013-07-10 00:45:36 +0000139 talk_base::scoped_ptr<NSSKeyPair> keypair_;
140 talk_base::scoped_ptr<NSSCertificate> certificate_;
141
142 DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
143};
144
145} // namespace talk_base
146
147#endif // TALK_BASE_NSSIDENTITY_H_