1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_OPENSSLIDENTITY_H_
#define WEBRTC_BASE_OPENSSLIDENTITY_H_
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <string>
#include "webrtc/base/common.h"
#include "webrtc/base/scoped_ptr.h"
#include "webrtc/base/sslidentity.h"
typedef struct ssl_ctx_st SSL_CTX;
namespace rtc {
// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
// which is reference counted inside the OpenSSL library.
class OpenSSLKeyPair {
public:
explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
ASSERT(pkey_ != NULL);
}
static OpenSSLKeyPair* Generate(const KeyParams& key_params);
virtual ~OpenSSLKeyPair();
virtual OpenSSLKeyPair* GetReference();
EVP_PKEY* pkey() const { return pkey_; }
private:
void AddReference();
EVP_PKEY* pkey_;
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair);
};
// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
// which is also reference counted inside the OpenSSL library.
class OpenSSLCertificate : public SSLCertificate {
public:
// Caller retains ownership of the X509 object.
explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
AddReference();
}
static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
const SSLIdentityParams& params);
static OpenSSLCertificate* FromPEMString(const std::string& pem_string);
~OpenSSLCertificate() override;
OpenSSLCertificate* GetReference() const override;
X509* x509() const { return x509_; }
std::string ToPEMString() const override;
void ToDER(Buffer* der_buffer) const override;
// Compute the digest of the certificate given algorithm
bool ComputeDigest(const std::string& algorithm,
unsigned char* digest,
size_t size,
size_t* length) const override;
// Compute the digest of a certificate as an X509 *
static bool ComputeDigest(const X509* x509,
const std::string& algorithm,
unsigned char* digest,
size_t size,
size_t* length);
bool GetSignatureDigestAlgorithm(std::string* algorithm) const override;
bool GetChain(SSLCertChain** chain) const override;
int64_t CertificateExpirationTime() const override;
private:
void AddReference() const;
X509* x509_;
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate);
};
// Holds a keypair and certificate together, and a method to generate
// them consistently.
class OpenSSLIdentity : public SSLIdentity {
public:
static OpenSSLIdentity* Generate(const std::string& common_name,
const KeyParams& key_params);
static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
static SSLIdentity* FromPEMStrings(const std::string& private_key,
const std::string& certificate);
~OpenSSLIdentity() override;
const OpenSSLCertificate& certificate() const override;
OpenSSLIdentity* GetReference() const override;
// Configure an SSL context object to use our key and certificate.
bool ConfigureIdentity(SSL_CTX* ctx);
private:
OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate);
static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
scoped_ptr<OpenSSLKeyPair> key_pair_;
scoped_ptr<OpenSSLCertificate> certificate_;
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity);
};
} // namespace rtc
#endif // WEBRTC_BASE_OPENSSLIDENTITY_H_
|
