1/*
2 * libjingle
3 * Copyright 2004--2008, Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 *  1. Redistributions of source code must retain the above copyright notice,
9 *     this list of conditions and the following disclaimer.
10 *  2. Redistributions in binary form must reproduce the above copyright notice,
11 *     this list of conditions and the following disclaimer in the documentation
12 *     and/or other materials provided with the distribution.
13 *  3. The name of the author may not be used to endorse or promote products
14 *     derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28#ifndef TALK_BASE_NSSIDENTITY_H_
29#define TALK_BASE_NSSIDENTITY_H_
30
31#include <string>
32
33#include "cert.h"
34#include "nspr.h"
35#include "hasht.h"
36#include "keythi.h"
37
38#include "talk/base/common.h"
39#include "talk/base/logging.h"
40#include "talk/base/scoped_ptr.h"
41#include "talk/base/sslidentity.h"
42
43namespace talk_base {
44
45class NSSKeyPair {
46 public:
47  NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
48      privkey_(privkey), pubkey_(pubkey) {}
49  ~NSSKeyPair();
50
51  // Generate a 1024-bit RSA key pair.
52  static NSSKeyPair* Generate();
53  NSSKeyPair* GetReference();
54
55  SECKEYPrivateKey* privkey() const { return privkey_; }
56  SECKEYPublicKey * pubkey() const { return pubkey_; }
57
58 private:
59  SECKEYPrivateKey* privkey_;
60  SECKEYPublicKey* pubkey_;
61
62  DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
63};
64
65
66class NSSCertificate : public SSLCertificate {
67 public:
68  static NSSCertificate* FromPEMString(const std::string& pem_string);
69  // The caller retains ownership of the argument to all the constructors,
70  // and the constructor makes a copy.
71  explicit NSSCertificate(CERTCertificate* cert);
72  explicit NSSCertificate(CERTCertList* cert_list);
73  virtual ~NSSCertificate() {
74    if (certificate_)
75      CERT_DestroyCertificate(certificate_);
76  }
77
78  virtual NSSCertificate* GetReference() const;
79
80  virtual std::string ToPEMString() const;
81
82  virtual void ToDER(Buffer* der_buffer) const;
83
84  virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
85
86  virtual bool ComputeDigest(const std::string& algorithm,
87                             unsigned char* digest, std::size_t size,
88                             std::size_t* length) const;
89
90  virtual bool GetChain(SSLCertChain** chain) const;
91
92  CERTCertificate* certificate() { return certificate_; }
93
94  // Helper function to get the length of a digest
95  static bool GetDigestLength(const std::string& algorithm,
96                              std::size_t* length);
97
98  // Comparison.  Only the certificate itself is considered, not the chain.
99  bool Equals(const NSSCertificate* tocompare) const;
100
101 private:
102  NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
103  static bool GetDigestObject(const std::string& algorithm,
104                              const SECHashObject** hash_object);
105
106  CERTCertificate* certificate_;
107  scoped_ptr<SSLCertChain> chain_;
108
109  DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
110};
111
112// Represents a SSL key pair and certificate for NSS.
113class NSSIdentity : public SSLIdentity {
114 public:
115  static NSSIdentity* Generate(const std::string& common_name);
116  static SSLIdentity* FromPEMStrings(const std::string& private_key,
117                                     const std::string& certificate);
118  virtual ~NSSIdentity() {
119    LOG(LS_INFO) << "Destroying NSS identity";
120  }
121
122  virtual NSSIdentity* GetReference() const;
123  virtual NSSCertificate& certificate() const;
124
125  NSSKeyPair* keypair() const { return keypair_.get(); }
126
127 private:
128  NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
129      keypair_(keypair), certificate_(cert) {}
130
131  talk_base::scoped_ptr<NSSKeyPair> keypair_;
132  talk_base::scoped_ptr<NSSCertificate> certificate_;
133
134  DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
135};
136
137}  // namespace talk_base
138
139#endif  // TALK_BASE_NSSIDENTITY_H_
140