Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 7419a723832e7b74d1fbbd21d95f86a65c0e1da7 / . / talk / base / nssidentity.h
blob: f4bfc8bcc1a424184819b36061bc1405f5f4d97a [file] [log] [blame]
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]1/*
2 * libjingle
3 * Copyright 2004--2008, Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#ifndef TALK_BASE_NSSIDENTITY_H_
29#define TALK_BASE_NSSIDENTITY_H_
30
31#include <string>
32
33#include "cert.h"
34#include "nspr.h"
35#include "hasht.h"
36#include "keythi.h"
37
38#include "talk/base/common.h"
39#include "talk/base/logging.h"
40#include "talk/base/scoped_ptr.h"
41#include "talk/base/sslidentity.h"
42
43namespace talk_base {
44
45class NSSKeyPair {
46 public:
47 NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
48 privkey_(privkey), pubkey_(pubkey) {}
49 ~NSSKeyPair();
50
51 // Generate a 1024-bit RSA key pair.
52 static NSSKeyPair* Generate();
53 NSSKeyPair* GetReference();
54
55 SECKEYPrivateKey* privkey() const { return privkey_; }
56 SECKEYPublicKey * pubkey() const { return pubkey_; }
57
58 private:
59 SECKEYPrivateKey* privkey_;
60 SECKEYPublicKey* pubkey_;
61
62 DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
63};
64
65
66class NSSCertificate : public SSLCertificate {
67 public:
68 static NSSCertificate* FromPEMString(const std::string& pem_string);
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]69 // The caller retains ownership of the argument to all the constructors,
70 // and the constructor makes a copy.
71 explicit NSSCertificate(CERTCertificate* cert);
72 explicit NSSCertificate(CERTCertList* cert_list);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]73 virtual ~NSSCertificate() {
74 if (certificate_)
75 CERT_DestroyCertificate(certificate_);
76 }
77
78 virtual NSSCertificate* GetReference() const;
79
80 virtual std::string ToPEMString() const;
81
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]82 virtual void ToDER(Buffer* der_buffer) const;
83
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]84 virtual bool ComputeDigest(const std::string& algorithm,
85 unsigned char* digest, std::size_t size,
86 std::size_t* length) const;
87
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]88 virtual bool GetChain(SSLCertChain** chain) const;
89
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]90 CERTCertificate* certificate() { return certificate_; }
91
92 // Helper function to get the length of a digest
93 static bool GetDigestLength(const std::string& algorithm,
94 std::size_t* length);
95
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]96 // Comparison. Only the certificate itself is considered, not the chain.
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]97 bool Equals(const NSSCertificate* tocompare) const;
98
99 private:
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]100 NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]101 static bool GetDigestObject(const std::string& algorithm,
102 const SECHashObject** hash_object);
103
104 CERTCertificate* certificate_;
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]105 scoped_ptr<SSLCertChain> chain_;
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]106
107 DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
108};
109
110// Represents a SSL key pair and certificate for NSS.
111class NSSIdentity : public SSLIdentity {
112 public:
113 static NSSIdentity* Generate(const std::string& common_name);
114 static SSLIdentity* FromPEMStrings(const std::string& private_key,
115 const std::string& certificate);
116 virtual ~NSSIdentity() {
117 LOG(LS_INFO) << "Destroying NSS identity";
118 }
119
120 virtual NSSIdentity* GetReference() const;
121 virtual NSSCertificate& certificate() const;
122
123 NSSKeyPair* keypair() const { return keypair_.get(); }
124
125 private:
126 NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
127 keypair_(keypair), certificate_(cert) {}
128
129 talk_base::scoped_ptr<NSSKeyPair> keypair_;
130 talk_base::scoped_ptr<NSSCertificate> certificate_;
131
132 DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
133};
134
135} // namespace talk_base
136
137#endif // TALK_BASE_NSSIDENTITY_H_