1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef RTC_BASE_SSL_ADAPTER_H_ 12 #define RTC_BASE_SSL_ADAPTER_H_ 13 14 #include <string> 15 #include <vector> 16 17 #include "rtc_base/async_socket.h" 18 #include "rtc_base/ssl_certificate.h" 19 #include "rtc_base/ssl_identity.h" 20 #include "rtc_base/ssl_stream_adapter.h" 21 #include "rtc_base/system/rtc_export.h" 22 23 namespace rtc { 24 25 class SSLAdapter; 26 27 // Class for creating SSL adapters with shared state, e.g., a session cache, 28 // which allows clients to resume SSL sessions to previously-contacted hosts. 29 // Clients should create the factory using Create(), set up the factory as 30 // needed using SetMode, and then call CreateAdapter to create adapters when 31 // needed. 32 class SSLAdapterFactory { 33 public: ~SSLAdapterFactory()34 virtual ~SSLAdapterFactory() {} 35 36 // Specifies whether TLS or DTLS is to be used for the SSL adapters. 37 virtual void SetMode(SSLMode mode) = 0; 38 39 // Specify a custom certificate verifier for SSL. 40 virtual void SetCertVerifier(SSLCertificateVerifier* ssl_cert_verifier) = 0; 41 42 // Creates a new SSL adapter, but from a shared context. 43 virtual SSLAdapter* CreateAdapter(AsyncSocket* socket) = 0; 44 45 static SSLAdapterFactory* Create(); 46 }; 47 48 // Class that abstracts a client-to-server SSL session. It can be created 49 // standalone, via SSLAdapter::Create, or through a factory as described above, 50 // in which case it will share state with other SSLAdapters created from the 51 // same factory. 52 // After creation, call StartSSL to initiate the SSL handshake to the server. 53 class SSLAdapter : public AsyncSocketAdapter { 54 public: SSLAdapter(AsyncSocket * socket)55 explicit SSLAdapter(AsyncSocket* socket) : AsyncSocketAdapter(socket) {} 56 57 // Methods that control server certificate verification, used in unit tests. 58 // Do not call these methods in production code. 59 // TODO(juberti): Remove the opportunistic encryption mechanism in 60 // BasicPacketSocketFactory that uses this function. 61 virtual void SetIgnoreBadCert(bool ignore) = 0; 62 63 virtual void SetAlpnProtocols(const std::vector<std::string>& protos) = 0; 64 virtual void SetEllipticCurves(const std::vector<std::string>& curves) = 0; 65 66 // Do DTLS or TLS (default is TLS, if unspecified) 67 virtual void SetMode(SSLMode mode) = 0; 68 // Specify a custom certificate verifier for SSL. 69 virtual void SetCertVerifier(SSLCertificateVerifier* ssl_cert_verifier) = 0; 70 71 // Set the certificate this socket will present to incoming clients. 72 // Takes ownership of |identity|. 73 virtual void SetIdentity(std::unique_ptr<SSLIdentity> identity) = 0; 74 75 // Choose whether the socket acts as a server socket or client socket. 76 virtual void SetRole(SSLRole role) = 0; 77 78 // StartSSL returns 0 if successful. 79 // If StartSSL is called while the socket is closed or connecting, the SSL 80 // negotiation will begin as soon as the socket connects. 81 virtual int StartSSL(const char* hostname) = 0; 82 83 // When an SSLAdapterFactory is used, an SSLAdapter may be used to resume 84 // a previous SSL session, which results in an abbreviated handshake. 85 // This method, if called after SSL has been established for this adapter, 86 // indicates whether the current session is a resumption of a previous 87 // session. 88 virtual bool IsResumedSession() = 0; 89 90 // Create the default SSL adapter for this platform. On failure, returns null 91 // and deletes |socket|. Otherwise, the returned SSLAdapter takes ownership 92 // of |socket|. 93 static SSLAdapter* Create(AsyncSocket* socket); 94 }; 95 96 /////////////////////////////////////////////////////////////////////////////// 97 98 // Call this on the main thread, before using SSL. 99 // Call CleanupSSL when finished with SSL. 100 RTC_EXPORT bool InitializeSSL(); 101 102 // Call to cleanup additional threads, and also the main thread. 103 RTC_EXPORT bool CleanupSSL(); 104 105 } // namespace rtc 106 107 #endif // RTC_BASE_SSL_ADAPTER_H_ 108