1 /*
2  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef WEBRTC_BASE_OPENSSLIDENTITY_H_
12 #define WEBRTC_BASE_OPENSSLIDENTITY_H_
13 
14 #include <openssl/evp.h>
15 #include <openssl/x509.h>
16 
17 #include <string>
18 
19 #include "webrtc/base/common.h"
20 #include "webrtc/base/scoped_ptr.h"
21 #include "webrtc/base/sslidentity.h"
22 
23 typedef struct ssl_ctx_st SSL_CTX;
24 
25 namespace rtc {
26 
27 // OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
28 // which is reference counted inside the OpenSSL library.
29 class OpenSSLKeyPair {
30  public:
OpenSSLKeyPair(EVP_PKEY * pkey)31   explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
32     ASSERT(pkey_ != NULL);
33   }
34 
35   static OpenSSLKeyPair* Generate(const KeyParams& key_params);
36 
37   virtual ~OpenSSLKeyPair();
38 
39   virtual OpenSSLKeyPair* GetReference();
40 
pkey()41   EVP_PKEY* pkey() const { return pkey_; }
42 
43  private:
44   void AddReference();
45 
46   EVP_PKEY* pkey_;
47 
48   RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair);
49 };
50 
51 // OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
52 // which is also reference counted inside the OpenSSL library.
53 class OpenSSLCertificate : public SSLCertificate {
54  public:
55   // Caller retains ownership of the X509 object.
OpenSSLCertificate(X509 * x509)56   explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
57     AddReference();
58   }
59 
60   static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
61                                       const SSLIdentityParams& params);
62   static OpenSSLCertificate* FromPEMString(const std::string& pem_string);
63 
64   ~OpenSSLCertificate() override;
65 
66   OpenSSLCertificate* GetReference() const override;
67 
x509()68   X509* x509() const { return x509_; }
69 
70   std::string ToPEMString() const override;
71 
72   void ToDER(Buffer* der_buffer) const override;
73 
74   // Compute the digest of the certificate given algorithm
75   bool ComputeDigest(const std::string& algorithm,
76                      unsigned char* digest,
77                      size_t size,
78                      size_t* length) const override;
79 
80   // Compute the digest of a certificate as an X509 *
81   static bool ComputeDigest(const X509* x509,
82                             const std::string& algorithm,
83                             unsigned char* digest,
84                             size_t size,
85                             size_t* length);
86 
87   bool GetSignatureDigestAlgorithm(std::string* algorithm) const override;
88   bool GetChain(SSLCertChain** chain) const override;
89 
90   int64_t CertificateExpirationTime() const override;
91 
92  private:
93   void AddReference() const;
94 
95   X509* x509_;
96 
97   RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate);
98 };
99 
100 // Holds a keypair and certificate together, and a method to generate
101 // them consistently.
102 class OpenSSLIdentity : public SSLIdentity {
103  public:
104   static OpenSSLIdentity* Generate(const std::string& common_name,
105                                    const KeyParams& key_params);
106   static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
107   static SSLIdentity* FromPEMStrings(const std::string& private_key,
108                                      const std::string& certificate);
109   ~OpenSSLIdentity() override;
110 
111   const OpenSSLCertificate& certificate() const override;
112   OpenSSLIdentity* GetReference() const override;
113 
114   // Configure an SSL context object to use our key and certificate.
115   bool ConfigureIdentity(SSL_CTX* ctx);
116 
117  private:
118   OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate);
119 
120   static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
121 
122   scoped_ptr<OpenSSLKeyPair> key_pair_;
123   scoped_ptr<OpenSSLCertificate> certificate_;
124 
125   RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity);
126 };
127 
128 
129 }  // namespace rtc
130 
131 #endif  // WEBRTC_BASE_OPENSSLIDENTITY_H_
132