| Taylor Brandstetter | 165c618 | 2020-12-10 16:23:03 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2020 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef RTC_BASE_BORINGSSL_CERTIFICATE_H_ |
| 12 | #define RTC_BASE_BORINGSSL_CERTIFICATE_H_ |
| 13 | |
| 14 | #include <openssl/ossl_typ.h> |
| 15 | #include <stddef.h> |
| 16 | #include <stdint.h> |
| 17 | |
| 18 | #include <memory> |
| 19 | #include <string> |
| 20 | |
| 21 | #include "rtc_base/buffer.h" |
| 22 | #include "rtc_base/constructor_magic.h" |
| 23 | #include "rtc_base/ssl_certificate.h" |
| 24 | #include "rtc_base/ssl_identity.h" |
| 25 | |
| 26 | namespace rtc { |
| 27 | |
| 28 | class OpenSSLKeyPair; |
| 29 | |
| 30 | // BoringSSLCertificate encapsulates a BoringSSL CRYPTO_BUFFER object holding a |
| 31 | // certificate, which is also reference counted inside the BoringSSL library. |
| 32 | // This offers binary size and memory improvements over the OpenSSL X509 |
| 33 | // object. |
| 34 | class BoringSSLCertificate final : public SSLCertificate { |
| 35 | public: |
| 36 | explicit BoringSSLCertificate(bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer); |
| 37 | |
| 38 | static std::unique_ptr<BoringSSLCertificate> Generate( |
| 39 | OpenSSLKeyPair* key_pair, |
| 40 | const SSLIdentityParams& params); |
| 41 | static std::unique_ptr<BoringSSLCertificate> FromPEMString( |
| 42 | const std::string& pem_string); |
| 43 | |
| 44 | ~BoringSSLCertificate() override; |
| 45 | |
| 46 | std::unique_ptr<SSLCertificate> Clone() const override; |
| 47 | |
| 48 | CRYPTO_BUFFER* cert_buffer() const { return cert_buffer_.get(); } |
| 49 | |
| 50 | std::string ToPEMString() const override; |
| 51 | void ToDER(Buffer* der_buffer) const override; |
| 52 | bool operator==(const BoringSSLCertificate& other) const; |
| 53 | bool operator!=(const BoringSSLCertificate& other) const; |
| 54 | |
| 55 | // Compute the digest of the certificate given |algorithm|. |
| 56 | bool ComputeDigest(const std::string& algorithm, |
| 57 | unsigned char* digest, |
| 58 | size_t size, |
| 59 | size_t* length) const override; |
| 60 | |
| 61 | // Compute the digest of a certificate as a CRYPTO_BUFFER. |
| 62 | static bool ComputeDigest(const CRYPTO_BUFFER* cert_buffer, |
| 63 | const std::string& algorithm, |
| 64 | unsigned char* digest, |
| 65 | size_t size, |
| 66 | size_t* length); |
| 67 | |
| 68 | bool GetSignatureDigestAlgorithm(std::string* algorithm) const override; |
| 69 | |
| 70 | int64_t CertificateExpirationTime() const override; |
| 71 | |
| 72 | private: |
| 73 | // A handle to the DER encoded certificate data. |
| 74 | bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer_; |
| 75 | RTC_DISALLOW_COPY_AND_ASSIGN(BoringSSLCertificate); |
| 76 | }; |
| 77 | |
| 78 | } // namespace rtc |
| 79 | |
| 80 | #endif // RTC_BASE_BORINGSSL_CERTIFICATE_H_ |