15976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org/*
25976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * libjingle
35976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * Copyright 2004--2008, Google Inc.
45976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *
55976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * Redistribution and use in source and binary forms, with or without
65976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * modification, are permitted provided that the following conditions are met:
75976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *
85976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *  1. Redistributions of source code must retain the above copyright notice,
95976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *     this list of conditions and the following disclaimer.
105976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *  2. Redistributions in binary form must reproduce the above copyright notice,
115976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *     this list of conditions and the following disclaimer in the documentation
125976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *     and/or other materials provided with the distribution.
135976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *  3. The name of the author may not be used to endorse or promote products
145976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *     derived from this software without specific prior written permission.
155976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org *
165976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
175976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
185976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
195976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
205976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
215976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
225976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
235976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
245976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
255976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
265976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org */
275976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
285976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#ifndef TALK_BASE_NSSIDENTITY_H_
295976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#define TALK_BASE_NSSIDENTITY_H_
305976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
315976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include <string>
325976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
335976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "cert.h"
345976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "nspr.h"
355976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "hasht.h"
365976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "keythi.h"
375976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
385976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/common.h"
395976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/logging.h"
405976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/scoped_ptr.h"
415976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#include "talk/base/sslidentity.h"
425976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
435976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgnamespace talk_base {
445976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
455976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgclass NSSKeyPair {
465976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org public:
475976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
485976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org      privkey_(privkey), pubkey_(pubkey) {}
495976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  ~NSSKeyPair();
505976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
515976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  // Generate a 1024-bit RSA key pair.
525976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  static NSSKeyPair* Generate();
535976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  NSSKeyPair* GetReference();
545976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
555976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  SECKEYPrivateKey* privkey() const { return privkey_; }
565976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  SECKEYPublicKey * pubkey() const { return pubkey_; }
575976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
585976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org private:
595976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  SECKEYPrivateKey* privkey_;
605976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  SECKEYPublicKey* pubkey_;
615976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
625976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
635976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org};
645976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
655976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
665976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgclass NSSCertificate : public SSLCertificate {
675976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org public:
685976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  static NSSCertificate* FromPEMString(const std::string& pem_string);
6959a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  // The caller retains ownership of the argument to all the constructors,
7059a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  // and the constructor makes a copy.
7159a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  explicit NSSCertificate(CERTCertificate* cert);
7259a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  explicit NSSCertificate(CERTCertList* cert_list);
735976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual ~NSSCertificate() {
745976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org    if (certificate_)
755976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org      CERT_DestroyCertificate(certificate_);
765976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  }
775976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
785976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual NSSCertificate* GetReference() const;
795976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
805976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual std::string ToPEMString() const;
815976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
8259a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  virtual void ToDER(Buffer* der_buffer) const;
8359a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org
84bc7581abbe24c0f45fd04ec30099198670c92512mallinath@webrtc.org  virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
85bc7581abbe24c0f45fd04ec30099198670c92512mallinath@webrtc.org
865976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual bool ComputeDigest(const std::string& algorithm,
875976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org                             unsigned char* digest, std::size_t size,
885976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org                             std::size_t* length) const;
895976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
9059a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  virtual bool GetChain(SSLCertChain** chain) const;
9159a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org
925976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  CERTCertificate* certificate() { return certificate_; }
935976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
945976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  // Helper function to get the length of a digest
955976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  static bool GetDigestLength(const std::string& algorithm,
965976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org                              std::size_t* length);
975976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
9859a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  // Comparison.  Only the certificate itself is considered, not the chain.
995976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  bool Equals(const NSSCertificate* tocompare) const;
1005976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1015976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org private:
10259a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
1035976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  static bool GetDigestObject(const std::string& algorithm,
1045976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org                              const SECHashObject** hash_object);
1055976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1065976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  CERTCertificate* certificate_;
10759a1e5569576b61b7ae1f0d7fe72c958c940e156wu@webrtc.org  scoped_ptr<SSLCertChain> chain_;
1085976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1095976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
1105976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org};
1115976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1125976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org// Represents a SSL key pair and certificate for NSS.
1135976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.orgclass NSSIdentity : public SSLIdentity {
1145976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org public:
1155976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  static NSSIdentity* Generate(const std::string& common_name);
1165976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  static SSLIdentity* FromPEMStrings(const std::string& private_key,
1175976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org                                     const std::string& certificate);
1185976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual ~NSSIdentity() {
1195976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org    LOG(LS_INFO) << "Destroying NSS identity";
1205976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  }
1215976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1225976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual NSSIdentity* GetReference() const;
1235976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  virtual NSSCertificate& certificate() const;
1245976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1255976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  NSSKeyPair* keypair() const { return keypair_.get(); }
1265976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1275976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org private:
1285976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
1295976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org      keypair_(keypair), certificate_(cert) {}
1305976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1315976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  talk_base::scoped_ptr<NSSKeyPair> keypair_;
1325976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  talk_base::scoped_ptr<NSSCertificate> certificate_;
1335976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1345976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org  DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
1355976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org};
1365976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1375976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org}  // namespace talk_base
1385976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org
1395976650443d68ccfadf1dea24999ee459dd2819mflodman@webrtc.org#endif  // TALK_BASE_NSSIDENTITY_H_
140