1f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch/* 2f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * libjingle 3f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Copyright 2004--2008, Google Inc. 4f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 5f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * Redistribution and use in source and binary forms, with or without 6f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * modification, are permitted provided that the following conditions are met: 7f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 8f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 1. Redistributions of source code must retain the above copyright notice, 9f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * this list of conditions and the following disclaimer. 10f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 2. Redistributions in binary form must reproduce the above copyright notice, 11f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * this list of conditions and the following disclaimer in the documentation 12f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * and/or other materials provided with the distribution. 13f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 3. The name of the author may not be used to endorse or promote products 14f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * derived from this software without specific prior written permission. 15f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * 16f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch */ 27f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 28f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#ifndef TALK_BASE_OPENSSLIDENTITY_H__ 29f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#define TALK_BASE_OPENSSLIDENTITY_H__ 30f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 31f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <openssl/evp.h> 32f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <openssl/x509.h> 33f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 34f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include <string> 35f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 36f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/common.h" 37f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/scoped_ptr.h" 38f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#include "talk/base/sslidentity.h" 39f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 40f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochtypedef struct ssl_ctx_st SSL_CTX; 41f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 42f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochnamespace talk_base { 43f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 44f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object, 45f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// which is reference counted inside the OpenSSL library. 46f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLKeyPair { 47f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public: 48f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch static OpenSSLKeyPair* Generate(); 49f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 50f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual ~OpenSSLKeyPair(); 51f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 52f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual OpenSSLKeyPair* GetReference() { 53f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch AddReference(); 54f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch return new OpenSSLKeyPair(pkey_); 55f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 56f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 57f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch EVP_PKEY* pkey() const { return pkey_; } 58f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 59f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private: 60f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) { 61f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch ASSERT(pkey_ != NULL); 62f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 63f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void AddReference(); 64f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 65f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch EVP_PKEY* pkey_; 66f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 67f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch DISALLOW_EVIL_CONSTRUCTORS(OpenSSLKeyPair); 68f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch}; 69f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 70f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object, 71f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// which is also reference counted inside the OpenSSL library. 72f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLCertificate : public SSLCertificate { 73f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public: 74f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair, 75f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch const std::string& common_name); 76f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch static OpenSSLCertificate* FromPEMString(const std::string& pem_string, 77f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch int* pem_length); 78f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 79f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual ~OpenSSLCertificate(); 80f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 81f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual OpenSSLCertificate* GetReference() { 82f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch AddReference(); 83f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch return new OpenSSLCertificate(x509_); 84f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 85f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 86f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch X509* x509() const { return x509_; } 87f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 88f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual std::string ToPEMString() const; 89f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 90f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private: 91f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch explicit OpenSSLCertificate(X509* x509) : x509_(x509) { 92f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch ASSERT(x509_ != NULL); 93f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 94f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch void AddReference(); 95f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 96f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch X509* x509_; 97f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 98f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch DISALLOW_EVIL_CONSTRUCTORS(OpenSSLCertificate); 99f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch}; 100f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 101f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// Holds a keypair and certificate together, and a method to generate 102f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch// them consistently. 103f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdochclass OpenSSLIdentity : public SSLIdentity { 104f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch public: 105f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch static OpenSSLIdentity* Generate(const std::string& common_name); 106f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 107f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual ~OpenSSLIdentity() { } 108f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 109f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual OpenSSLCertificate& certificate() const { 110f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch return *certificate_; 111f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 112f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 113f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch virtual OpenSSLIdentity* GetReference() { 114f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch return new OpenSSLIdentity(key_pair_->GetReference(), 115f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch certificate_->GetReference()); 116f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 117f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 118f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch // Configure an SSL context object to use our key and certificate. 119f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch bool ConfigureIdentity(SSL_CTX* ctx); 120f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 121f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch private: 122f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch OpenSSLIdentity(OpenSSLKeyPair* key_pair, 123f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch OpenSSLCertificate* certificate) 124f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch : key_pair_(key_pair), certificate_(certificate) { 125f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch ASSERT(key_pair != NULL); 126f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch ASSERT(certificate != NULL); 127f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch } 128f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 129f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch scoped_ptr<OpenSSLKeyPair> key_pair_; 130f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch scoped_ptr<OpenSSLCertificate> certificate_; 131f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 132f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch DISALLOW_EVIL_CONSTRUCTORS(OpenSSLIdentity); 133f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch}; 134f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 135f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch} // namespace talk_base 136f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch 137f74420b3285b9fe04a7e00aa3b8c0ab07ea344bcBen Murdoch#endif // TALK_BASE_OPENSSLIDENTITY_H__ 138