| henrike@webrtc.org | 47be73b | 2014-05-13 18:00:26 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef WEBRTC_BASE_NSSSTREAMADAPTER_H_ |
| 12 | #define WEBRTC_BASE_NSSSTREAMADAPTER_H_ |
| 13 | |
| 14 | #include <string> |
| 15 | #include <vector> |
| 16 | |
| 17 | #include "nspr.h" |
| 18 | #include "nss.h" |
| 19 | #include "secmodt.h" |
| 20 | |
| 21 | #include "webrtc/base/buffer.h" |
| 22 | #include "webrtc/base/nssidentity.h" |
| 23 | #include "webrtc/base/ssladapter.h" |
| 24 | #include "webrtc/base/sslstreamadapter.h" |
| 25 | #include "webrtc/base/sslstreamadapterhelper.h" |
| 26 | |
| 27 | namespace rtc { |
| 28 | |
| 29 | // Singleton |
| 30 | class NSSContext { |
| 31 | public: |
| 32 | NSSContext() {} |
| 33 | ~NSSContext() { |
| 34 | } |
| 35 | |
| 36 | static PK11SlotInfo *GetSlot() { |
| 37 | return Instance() ? Instance()->slot_: NULL; |
| 38 | } |
| 39 | |
| 40 | static NSSContext *Instance(); |
| 41 | static bool InitializeSSL(VerificationCallback callback); |
| 42 | static bool InitializeSSLThread(); |
| 43 | static bool CleanupSSL(); |
| 44 | |
| 45 | private: |
| 46 | PK11SlotInfo *slot_; // The PKCS-11 slot |
| 47 | static bool initialized; // Was this initialized? |
| 48 | static NSSContext *global_nss_context; // The global context |
| 49 | }; |
| 50 | |
| 51 | |
| 52 | class NSSStreamAdapter : public SSLStreamAdapterHelper { |
| 53 | public: |
| 54 | explicit NSSStreamAdapter(StreamInterface* stream); |
| 55 | virtual ~NSSStreamAdapter(); |
| 56 | bool Init(); |
| 57 | |
| 58 | virtual StreamResult Read(void* data, size_t data_len, |
| 59 | size_t* read, int* error); |
| 60 | virtual StreamResult Write(const void* data, size_t data_len, |
| 61 | size_t* written, int* error); |
| 62 | void OnMessage(Message *msg); |
| 63 | |
| 64 | // Key Extractor interface |
| 65 | virtual bool ExportKeyingMaterial(const std::string& label, |
| 66 | const uint8* context, |
| 67 | size_t context_len, |
| 68 | bool use_context, |
| 69 | uint8* result, |
| 70 | size_t result_len); |
| 71 | |
| 72 | // DTLS-SRTP interface |
| 73 | virtual bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers); |
| 74 | virtual bool GetDtlsSrtpCipher(std::string* cipher); |
| 75 | |
| 76 | // Capabilities interfaces |
| 77 | static bool HaveDtls(); |
| 78 | static bool HaveDtlsSrtp(); |
| 79 | static bool HaveExporter(); |
| 80 | |
| 81 | protected: |
| 82 | // Override SSLStreamAdapter |
| 83 | virtual void OnEvent(StreamInterface* stream, int events, int err); |
| 84 | |
| 85 | // Override SSLStreamAdapterHelper |
| 86 | virtual int BeginSSL(); |
| 87 | virtual void Cleanup(); |
| 88 | virtual bool GetDigestLength(const std::string& algorithm, size_t* length) { |
| 89 | return NSSCertificate::GetDigestLength(algorithm, length); |
| 90 | } |
| 91 | |
| 92 | private: |
| 93 | int ContinueSSL(); |
| 94 | static SECStatus AuthCertificateHook(void *arg, PRFileDesc *fd, |
| 95 | PRBool checksig, PRBool isServer); |
| 96 | static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd, |
| 97 | CERTDistNames *caNames, |
| 98 | CERTCertificate **pRetCert, |
| 99 | SECKEYPrivateKey **pRetKey); |
| 100 | |
| 101 | PRFileDesc *ssl_fd_; // NSS's SSL file descriptor |
| 102 | static bool initialized; // Was InitializeSSL() called? |
| 103 | bool cert_ok_; // Did we get and check a cert |
| 104 | std::vector<PRUint16> srtp_ciphers_; // SRTP cipher list |
| 105 | |
| 106 | static PRDescIdentity nspr_layer_identity; // The NSPR layer identity |
| 107 | }; |
| 108 | |
| 109 | } // namespace rtc |
| 110 | |
| 111 | #endif // WEBRTC_BASE_NSSSTREAMADAPTER_H_ |