Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / e667234ee2067470ebc3e781c39121e2201cb55f / . / talk / base / nssidentity.h
blob: 3f97ebbb6198666953f8ac85c6cb8d6d27ba03f5 [file] [log] [blame]
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]1/*
2 * libjingle
3 * Copyright 2004--2008, Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#ifndef TALK_BASE_NSSIDENTITY_H_
29#define TALK_BASE_NSSIDENTITY_H_
30
31#include <string>
32
33#include "cert.h"
34#include "nspr.h"
35#include "hasht.h"
36#include "keythi.h"
37
38#include "talk/base/common.h"
39#include "talk/base/logging.h"
40#include "talk/base/scoped_ptr.h"
41#include "talk/base/sslidentity.h"
42
43namespace talk_base {
44
45class NSSKeyPair {
46 public:
47 NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
48 privkey_(privkey), pubkey_(pubkey) {}
49 ~NSSKeyPair();
50
51 // Generate a 1024-bit RSA key pair.
52 static NSSKeyPair* Generate();
53 NSSKeyPair* GetReference();
54
55 SECKEYPrivateKey* privkey() const { return privkey_; }
56 SECKEYPublicKey * pubkey() const { return pubkey_; }
57
58 private:
59 SECKEYPrivateKey* privkey_;
60 SECKEYPublicKey* pubkey_;
61
62 DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
63};
64
65
66class NSSCertificate : public SSLCertificate {
67 public:
68 static NSSCertificate* FromPEMString(const std::string& pem_string);
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]69 // The caller retains ownership of the argument to all the constructors,
70 // and the constructor makes a copy.
71 explicit NSSCertificate(CERTCertificate* cert);
72 explicit NSSCertificate(CERTCertList* cert_list);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]73 virtual ~NSSCertificate() {
74 if (certificate_)
75 CERT_DestroyCertificate(certificate_);
76 }
77
78 virtual NSSCertificate* GetReference() const;
79
80 virtual std::string ToPEMString() const;
81
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]82 virtual void ToDER(Buffer* der_buffer) const;
83
mallinath@webrtc.org19f27e62013-10-13 17:18:27 +0000[diff] [blame]84 virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
85
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]86 virtual bool ComputeDigest(const std::string& algorithm,
87 unsigned char* digest, std::size_t size,
88 std::size_t* length) const;
89
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]90 virtual bool GetChain(SSLCertChain** chain) const;
91
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]92 CERTCertificate* certificate() { return certificate_; }
93
94 // Helper function to get the length of a digest
95 static bool GetDigestLength(const std::string& algorithm,
96 std::size_t* length);
97
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]98 // Comparison. Only the certificate itself is considered, not the chain.
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]99 bool Equals(const NSSCertificate* tocompare) const;
100
101 private:
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]102 NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]103 static bool GetDigestObject(const std::string& algorithm,
104 const SECHashObject** hash_object);
105
106 CERTCertificate* certificate_;
wu@webrtc.org4551b792013-10-09 15:37:36 +0000[diff] [blame]107 scoped_ptr<SSLCertChain> chain_;
henrike@webrtc.org28e20752013-07-10 00:45:36 +0000[diff] [blame]108
109 DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
110};
111
112// Represents a SSL key pair and certificate for NSS.
113class NSSIdentity : public SSLIdentity {
114 public:
115 static NSSIdentity* Generate(const std::string& common_name);
116 static SSLIdentity* FromPEMStrings(const std::string& private_key,
117 const std::string& certificate);
118 virtual ~NSSIdentity() {
119 LOG(LS_INFO) << "Destroying NSS identity";
120 }
121
122 virtual NSSIdentity* GetReference() const;
123 virtual NSSCertificate& certificate() const;
124
125 NSSKeyPair* keypair() const { return keypair_.get(); }
126
127 private:
128 NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
129 keypair_(keypair), certificate_(cert) {}
130
131 talk_base::scoped_ptr<NSSKeyPair> keypair_;
132 talk_base::scoped_ptr<NSSCertificate> certificate_;
133
134 DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
135};
136
137} // namespace talk_base
138
139#endif // TALK_BASE_NSSIDENTITY_H_