15976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org/* 25976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * libjingle 35976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * Copyright 2004--2008, Google Inc. 45976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * 55976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * Redistribution and use in source and binary forms, with or without 65976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * modification, are permitted provided that the following conditions are met: 75976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * 85976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * 1. Redistributions of source code must retain the above copyright notice, 95976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * this list of conditions and the following disclaimer. 105976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * 2. Redistributions in binary form must reproduce the above copyright notice, 115976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * this list of conditions and the following disclaimer in the documentation 125976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * and/or other materials provided with the distribution. 135976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * 3. The name of the author may not be used to endorse or promote products 145976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * derived from this software without specific prior written permission. 155976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * 165976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 175976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 185976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 195976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 205976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 215976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 225976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 235976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 245976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 255976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 265976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org */ 275976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 285976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#ifndef TALK_BASE_OPENSSLIDENTITY_H__ 295976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#define TALK_BASE_OPENSSLIDENTITY_H__ 305976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 315976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include <openssl/evp.h> 325976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include <openssl/x509.h> 335976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 345976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include <string> 355976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 365976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/common.h" 375976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/scoped_ptr.h" 385976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/sslidentity.h" 395976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 405976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgtypedef struct ssl_ctx_st SSL_CTX; 415976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 425976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgnamespace talk_base { 435976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 445976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object, 455976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// which is reference counted inside the OpenSSL library. 465976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgclass OpenSSLKeyPair { 475976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org public: 485976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) { 495976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org ASSERT(pkey_ != NULL); 505976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 515976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 525976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org static OpenSSLKeyPair* Generate(); 535976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 545976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual ~OpenSSLKeyPair(); 555976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 565976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual OpenSSLKeyPair* GetReference() { 575976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org AddReference(); 585976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org return new OpenSSLKeyPair(pkey_); 595976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 605976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 615976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org EVP_PKEY* pkey() const { return pkey_; } 625976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 635976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org private: 645976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org void AddReference(); 655976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 665976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org EVP_PKEY* pkey_; 675976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 685976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org DISALLOW_EVIL_CONSTRUCTORS(OpenSSLKeyPair); 695976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org}; 705976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 715976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object, 725976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// which is also reference counted inside the OpenSSL library. 735976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgclass OpenSSLCertificate : public SSLCertificate { 745976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org public: 755976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair, 765976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org const std::string& common_name); 775976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org static OpenSSLCertificate* FromPEMString(const std::string& pem_string); 785976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 795976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual ~OpenSSLCertificate(); 805976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 815976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual OpenSSLCertificate* GetReference() const { 825976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org AddReference(); 835976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org return new OpenSSLCertificate(x509_); 845976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 855976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 865976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org X509* x509() const { return x509_; } 875976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 885976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual std::string ToPEMString() const; 895976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 905976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org // Compute the digest of the certificate given algorithm 915976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual bool ComputeDigest(const std::string &algorithm, 925976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org unsigned char *digest, std::size_t size, 935976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org std::size_t *length) const; 945976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 955976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org // Compute the digest of a certificate as an X509 * 965976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org static bool ComputeDigest(const X509 *x509, 975976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org const std::string &algorithm, 985976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org unsigned char *digest, 995976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org std::size_t size, 1005976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org std::size_t *length); 1015976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1025976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org private: 1035976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org explicit OpenSSLCertificate(X509* x509) : x509_(x509) { 1045976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org ASSERT(x509_ != NULL); 1055976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 1065976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org void AddReference() const; 1075976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1085976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org X509* x509_; 1095976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1105976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org DISALLOW_EVIL_CONSTRUCTORS(OpenSSLCertificate); 1115976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org}; 1125976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1135976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// Holds a keypair and certificate together, and a method to generate 1145976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// them consistently. 1155976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgclass OpenSSLIdentity : public SSLIdentity { 1165976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org public: 1175976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org static OpenSSLIdentity* Generate(const std::string& common_name); 1185976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org static SSLIdentity* FromPEMStrings(const std::string& private_key, 1195976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org const std::string& certificate); 1205976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual ~OpenSSLIdentity() { } 1215976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1225976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual const OpenSSLCertificate& certificate() const { 1235976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org return *certificate_; 1245976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 1255976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1265976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org virtual OpenSSLIdentity* GetReference() const { 1275976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org return new OpenSSLIdentity(key_pair_->GetReference(), 1285976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org certificate_->GetReference()); 1295976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 1305976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1315976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org // Configure an SSL context object to use our key and certificate. 1325976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org bool ConfigureIdentity(SSL_CTX* ctx); 1335976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1345976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org private: 1355976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org OpenSSLIdentity(OpenSSLKeyPair* key_pair, 1365976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org OpenSSLCertificate* certificate) 1375976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org : key_pair_(key_pair), certificate_(certificate) { 1385976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org ASSERT(key_pair != NULL); 1395976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org ASSERT(certificate != NULL); 1405976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org } 1415976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1425976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org scoped_ptr<OpenSSLKeyPair> key_pair_; 1435976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org scoped_ptr<OpenSSLCertificate> certificate_; 1445976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1455976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org DISALLOW_EVIL_CONSTRUCTORS(OpenSSLIdentity); 1465976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org}; 1475976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1485976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1495976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org} // namespace talk_base 1505976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org 1515976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#endif // TALK_BASE_OPENSSLIDENTITY_H__ 152