Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / webrtc / 34029e209d6d116c338e7d65d6980cc395184658 / . / rtc_base / opensslidentity.h
blob: e4a790e48e89c49cebefa68781f114c07fdf333b [file] [log] [blame]
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]1/*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
Mirko Bonadei92ea95e2017-09-15 06:47:31 +0200[diff] [blame]11#ifndef RTC_BASE_OPENSSLIDENTITY_H_
12#define RTC_BASE_OPENSSLIDENTITY_H_
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]13
Henrik Kjellanderec78f1c2017-06-29 07:52:50 +0200[diff] [blame]14#include <openssl/evp.h>
15#include <openssl/x509.h>
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]16
Henrik Kjellanderec78f1c2017-06-29 07:52:50 +0200[diff] [blame]17#include <memory>
18#include <string>
19
Mirko Bonadei92ea95e2017-09-15 06:47:31 +0200[diff] [blame]20#include "rtc_base/checks.h"
21#include "rtc_base/constructormagic.h"
22#include "rtc_base/sslidentity.h"
Henrik Kjellanderec78f1c2017-06-29 07:52:50 +0200[diff] [blame]23
24typedef struct ssl_ctx_st SSL_CTX;
25
26namespace rtc {
27
28// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
29// which is reference counted inside the OpenSSL library.
30class OpenSSLKeyPair {
31 public:
32 explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
33 RTC_DCHECK(pkey_ != nullptr);
34 }
35
36 static OpenSSLKeyPair* Generate(const KeyParams& key_params);
37 // Constructs a key pair from the private key PEM string. This must not result
38 // in missing public key parameters. Returns null on error.
39 static OpenSSLKeyPair* FromPrivateKeyPEMString(
40 const std::string& pem_string);
41
42 virtual ~OpenSSLKeyPair();
43
44 virtual OpenSSLKeyPair* GetReference();
45
46 EVP_PKEY* pkey() const { return pkey_; }
47 std::string PrivateKeyToPEMString() const;
48 std::string PublicKeyToPEMString() const;
49 bool operator==(const OpenSSLKeyPair& other) const;
50 bool operator!=(const OpenSSLKeyPair& other) const;
51
52 private:
53 void AddReference();
54
55 EVP_PKEY* pkey_;
56
57 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair);
58};
59
60// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
61// which is also reference counted inside the OpenSSL library.
62class OpenSSLCertificate : public SSLCertificate {
63 public:
64 // Caller retains ownership of the X509 object.
65 explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
66 AddReference();
67 }
68
69 static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
70 const SSLIdentityParams& params);
71 static OpenSSLCertificate* FromPEMString(const std::string& pem_string);
72
73 ~OpenSSLCertificate() override;
74
75 OpenSSLCertificate* GetReference() const override;
76
77 X509* x509() const { return x509_; }
78
79 std::string ToPEMString() const override;
80 void ToDER(Buffer* der_buffer) const override;
81 bool operator==(const OpenSSLCertificate& other) const;
82 bool operator!=(const OpenSSLCertificate& other) const;
83
84 // Compute the digest of the certificate given algorithm
85 bool ComputeDigest(const std::string& algorithm,
86 unsigned char* digest,
87 size_t size,
88 size_t* length) const override;
89
90 // Compute the digest of a certificate as an X509 *
91 static bool ComputeDigest(const X509* x509,
92 const std::string& algorithm,
93 unsigned char* digest,
94 size_t size,
95 size_t* length);
96
97 bool GetSignatureDigestAlgorithm(std::string* algorithm) const override;
98 std::unique_ptr<SSLCertChain> GetChain() const override;
99
100 int64_t CertificateExpirationTime() const override;
101
102 private:
103 void AddReference() const;
104
105 X509* x509_;
106
107 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate);
108};
109
110// Holds a keypair and certificate together, and a method to generate
111// them consistently.
112class OpenSSLIdentity : public SSLIdentity {
113 public:
114 static OpenSSLIdentity* GenerateWithExpiration(const std::string& common_name,
115 const KeyParams& key_params,
116 time_t certificate_lifetime);
117 static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
118 static SSLIdentity* FromPEMStrings(const std::string& private_key,
119 const std::string& certificate);
120 ~OpenSSLIdentity() override;
121
122 const OpenSSLCertificate& certificate() const override;
123 OpenSSLIdentity* GetReference() const override;
124
125 // Configure an SSL context object to use our key and certificate.
126 bool ConfigureIdentity(SSL_CTX* ctx);
127
128 std::string PrivateKeyToPEMString() const override;
129 std::string PublicKeyToPEMString() const override;
130 bool operator==(const OpenSSLIdentity& other) const;
131 bool operator!=(const OpenSSLIdentity& other) const;
132
133 private:
134 OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate);
135
136 static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
137
138 std::unique_ptr<OpenSSLKeyPair> key_pair_;
139 std::unique_ptr<OpenSSLCertificate> certificate_;
140
141 RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity);
142};
143
144
145} // namespace rtc
henrike@webrtc.orgf0488722014-05-13 18:00:26 +0000[diff] [blame]146
Mirko Bonadei92ea95e2017-09-15 06:47:31 +0200[diff] [blame]147#endif // RTC_BASE_OPENSSLIDENTITY_H_