| Taylor Brandstetter | 165c618 | 2020-12-10 16:23:03 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2020 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef RTC_BASE_BORINGSSL_CERTIFICATE_H_ |
| 12 | #define RTC_BASE_BORINGSSL_CERTIFICATE_H_ |
| 13 | |
| 14 | #include <openssl/ossl_typ.h> |
| 15 | #include <stddef.h> |
| 16 | #include <stdint.h> |
| 17 | |
| 18 | #include <memory> |
| 19 | #include <string> |
| 20 | |
| 21 | #include "rtc_base/buffer.h" |
| Taylor Brandstetter | 165c618 | 2020-12-10 16:23:03 -0800 | [diff] [blame] | 22 | #include "rtc_base/ssl_certificate.h" |
| 23 | #include "rtc_base/ssl_identity.h" |
| 24 | |
| 25 | namespace rtc { |
| 26 | |
| 27 | class OpenSSLKeyPair; |
| 28 | |
| 29 | // BoringSSLCertificate encapsulates a BoringSSL CRYPTO_BUFFER object holding a |
| 30 | // certificate, which is also reference counted inside the BoringSSL library. |
| 31 | // This offers binary size and memory improvements over the OpenSSL X509 |
| 32 | // object. |
| 33 | class BoringSSLCertificate final : public SSLCertificate { |
| 34 | public: |
| 35 | explicit BoringSSLCertificate(bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer); |
| 36 | |
| 37 | static std::unique_ptr<BoringSSLCertificate> Generate( |
| 38 | OpenSSLKeyPair* key_pair, |
| 39 | const SSLIdentityParams& params); |
| 40 | static std::unique_ptr<BoringSSLCertificate> FromPEMString( |
| 41 | const std::string& pem_string); |
| 42 | |
| 43 | ~BoringSSLCertificate() override; |
| 44 | |
| Byoungchan Lee | 14af762 | 2022-01-12 05:24:58 +0900 | [diff] [blame^] | 45 | BoringSSLCertificate(const BoringSSLCertificate&) = delete; |
| 46 | BoringSSLCertificate& operator=(const BoringSSLCertificate&) = delete; |
| 47 | |
| Taylor Brandstetter | 165c618 | 2020-12-10 16:23:03 -0800 | [diff] [blame] | 48 | std::unique_ptr<SSLCertificate> Clone() const override; |
| 49 | |
| 50 | CRYPTO_BUFFER* cert_buffer() const { return cert_buffer_.get(); } |
| 51 | |
| 52 | std::string ToPEMString() const override; |
| 53 | void ToDER(Buffer* der_buffer) const override; |
| 54 | bool operator==(const BoringSSLCertificate& other) const; |
| 55 | bool operator!=(const BoringSSLCertificate& other) const; |
| 56 | |
| Artem Titov | 96e3b99 | 2021-07-26 16:03:14 +0200 | [diff] [blame] | 57 | // Compute the digest of the certificate given `algorithm`. |
| Taylor Brandstetter | 165c618 | 2020-12-10 16:23:03 -0800 | [diff] [blame] | 58 | bool ComputeDigest(const std::string& algorithm, |
| 59 | unsigned char* digest, |
| 60 | size_t size, |
| 61 | size_t* length) const override; |
| 62 | |
| 63 | // Compute the digest of a certificate as a CRYPTO_BUFFER. |
| 64 | static bool ComputeDigest(const CRYPTO_BUFFER* cert_buffer, |
| 65 | const std::string& algorithm, |
| 66 | unsigned char* digest, |
| 67 | size_t size, |
| 68 | size_t* length); |
| 69 | |
| 70 | bool GetSignatureDigestAlgorithm(std::string* algorithm) const override; |
| 71 | |
| 72 | int64_t CertificateExpirationTime() const override; |
| 73 | |
| 74 | private: |
| 75 | // A handle to the DER encoded certificate data. |
| 76 | bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer_; |
| Taylor Brandstetter | 165c618 | 2020-12-10 16:23:03 -0800 | [diff] [blame] | 77 | }; |
| 78 | |
| 79 | } // namespace rtc |
| 80 | |
| 81 | #endif // RTC_BASE_BORINGSSL_CERTIFICATE_H_ |