1f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch/*
2f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * libjingle
3f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Copyright 2004--2008, Google Inc.
4f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *
5f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Redistribution and use in source and binary forms, with or without
6f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * modification, are permitted provided that the following conditions are met:
7f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *
8f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *  1. Redistributions of source code must retain the above copyright notice,
9f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     this list of conditions and the following disclaimer.
10f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *  2. Redistributions in binary form must reproduce the above copyright notice,
11f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     this list of conditions and the following disclaimer in the documentation
12f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     and/or other materials provided with the distribution.
13f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *  3. The name of the author may not be used to endorse or promote products
14f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *     derived from this software without specific prior written permission.
15f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch *
16f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch */
27f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
28f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#ifndef TALK_BASE_OPENSSLIDENTITY_H__
29f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#define TALK_BASE_OPENSSLIDENTITY_H__
30f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
31f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <openssl/evp.h>
32f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <openssl/x509.h>
33f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
34f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <string>
35f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
36f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/common.h"
37f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/scoped_ptr.h"
38f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/sslidentity.h"
39f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
40f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochtypedef struct ssl_ctx_st SSL_CTX;
41f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
42f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochnamespace talk_base {
43f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
44f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
45f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// which is reference counted inside the OpenSSL library.
46f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLKeyPair {
47f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public:
48f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static OpenSSLKeyPair* Generate();
49f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
50f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual ~OpenSSLKeyPair();
51f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
52f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual OpenSSLKeyPair* GetReference() {
53f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    AddReference();
54f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    return new OpenSSLKeyPair(pkey_);
55f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
56f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
57f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  EVP_PKEY* pkey() const { return pkey_; }
58f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
59f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private:
60f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
61f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    ASSERT(pkey_ != NULL);
62f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
63f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  void AddReference();
64f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
65f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  EVP_PKEY* pkey_;
66f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
67f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  DISALLOW_EVIL_CONSTRUCTORS(OpenSSLKeyPair);
68f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch};
69f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
70f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
71f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// which is also reference counted inside the OpenSSL library.
72f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLCertificate : public SSLCertificate {
73f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public:
74f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
75f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch                                      const std::string& common_name);
76f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static OpenSSLCertificate* FromPEMString(const std::string& pem_string,
77f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch                                           int* pem_length);
78f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
79f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual ~OpenSSLCertificate();
80f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
81f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual OpenSSLCertificate* GetReference() {
82f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    AddReference();
83f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    return new OpenSSLCertificate(x509_);
84f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
85f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
86f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  X509* x509() const { return x509_; }
87f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
88f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual std::string ToPEMString() const;
89f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
90f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private:
91f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
92f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    ASSERT(x509_ != NULL);
93f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
94f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  void AddReference();
95f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
96f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  X509* x509_;
97f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
98f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  DISALLOW_EVIL_CONSTRUCTORS(OpenSSLCertificate);
99f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch};
100f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
101f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// Holds a keypair and certificate together, and a method to generate
102f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// them consistently.
103f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLIdentity : public SSLIdentity {
104f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public:
105f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  static OpenSSLIdentity* Generate(const std::string& common_name);
106f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
107f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual ~OpenSSLIdentity() { }
108f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
109f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual OpenSSLCertificate& certificate() const {
110f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    return *certificate_;
111f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
112f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
113f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  virtual OpenSSLIdentity* GetReference() {
114f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    return new OpenSSLIdentity(key_pair_->GetReference(),
115f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch                               certificate_->GetReference());
116f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
117f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
118f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  // Configure an SSL context object to use our key and certificate.
119f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  bool ConfigureIdentity(SSL_CTX* ctx);
120f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
121f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private:
122f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  OpenSSLIdentity(OpenSSLKeyPair* key_pair,
123f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch                  OpenSSLCertificate* certificate)
124f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch      : key_pair_(key_pair), certificate_(certificate) {
125f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    ASSERT(key_pair != NULL);
126f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch    ASSERT(certificate != NULL);
127f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  }
128f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
129f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  scoped_ptr<OpenSSLKeyPair> key_pair_;
130f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  scoped_ptr<OpenSSLCertificate> certificate_;
131f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
132f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch  DISALLOW_EVIL_CONSTRUCTORS(OpenSSLIdentity);
133f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch};
134f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
135f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch}  // namespace talk_base
136f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch
137f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#endif  // TALK_BASE_OPENSSLIDENTITY_H__
138