1/* 2 * libjingle 3 * Copyright 2004, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28// Handling of certificates and keypairs for SSLStreamAdapter's peer mode. 29#if HAVE_CONFIG_H 30#include "config.h" 31#endif // HAVE_CONFIG_H 32 33#include "talk/base/sslidentity.h" 34 35#include <string> 36 37#include "talk/base/base64.h" 38#include "talk/base/logging.h" 39#include "talk/base/sslconfig.h" 40 41#if SSL_USE_SCHANNEL 42 43#elif SSL_USE_OPENSSL // !SSL_USE_SCHANNEL 44 45#include "talk/base/opensslidentity.h" 46 47#elif SSL_USE_NSS // !SSL_USE_SCHANNEL && !SSL_USE_OPENSSL 48 49#include "talk/base/nssidentity.h" 50 51#endif // SSL_USE_SCHANNEL 52 53namespace talk_base { 54 55const char kPemTypeCertificate[] = "CERTIFICATE"; 56const char kPemTypeRsaPrivateKey[] = "RSA PRIVATE KEY"; 57 58bool SSLIdentity::PemToDer(const std::string& pem_type, 59 const std::string& pem_string, 60 std::string* der) { 61 // Find the inner body. We need this to fulfill the contract of 62 // returning pem_length. 63 size_t header = pem_string.find("-----BEGIN " + pem_type + "-----"); 64 if (header == std::string::npos) 65 return false; 66 67 size_t body = pem_string.find("\n", header); 68 if (body == std::string::npos) 69 return false; 70 71 size_t trailer = pem_string.find("-----END " + pem_type + "-----"); 72 if (trailer == std::string::npos) 73 return false; 74 75 std::string inner = pem_string.substr(body + 1, trailer - (body + 1)); 76 77 *der = Base64::Decode(inner, Base64::DO_PARSE_WHITE | 78 Base64::DO_PAD_ANY | 79 Base64::DO_TERM_BUFFER); 80 return true; 81} 82 83std::string SSLIdentity::DerToPem(const std::string& pem_type, 84 const unsigned char* data, 85 size_t length) { 86 std::stringstream result; 87 88 result << "-----BEGIN " << pem_type << "-----\n"; 89 90 std::string b64_encoded; 91 Base64::EncodeFromArray(data, length, &b64_encoded); 92 93 // Divide the Base-64 encoded data into 64-character chunks, as per 94 // 4.3.2.4 of RFC 1421. 95 static const size_t kChunkSize = 64; 96 size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize; 97 for (size_t i = 0, chunk_offset = 0; i < chunks; 98 ++i, chunk_offset += kChunkSize) { 99 result << b64_encoded.substr(chunk_offset, kChunkSize); 100 result << "\n"; 101 } 102 103 result << "-----END " << pem_type << "-----\n"; 104 105 return result.str(); 106} 107 108#if SSL_USE_SCHANNEL 109 110SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) { 111 return NULL; 112} 113 114SSLIdentity* SSLIdentity::Generate(const std::string& common_name) { 115 return NULL; 116} 117 118SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key, 119 const std::string& certificate) { 120 return NULL; 121} 122 123#elif SSL_USE_OPENSSL // !SSL_USE_SCHANNEL 124 125SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) { 126 return OpenSSLCertificate::FromPEMString(pem_string); 127} 128 129SSLIdentity* SSLIdentity::Generate(const std::string& common_name) { 130 return OpenSSLIdentity::Generate(common_name); 131} 132 133SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key, 134 const std::string& certificate) { 135 return OpenSSLIdentity::FromPEMStrings(private_key, certificate); 136} 137 138#elif SSL_USE_NSS // !SSL_USE_OPENSSL && !SSL_USE_SCHANNEL 139 140SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) { 141 return NSSCertificate::FromPEMString(pem_string); 142} 143 144SSLIdentity* SSLIdentity::Generate(const std::string& common_name) { 145 return NSSIdentity::Generate(common_name); 146} 147 148SSLIdentity* SSLIdentity::FromPEMStrings(const std::string& private_key, 149 const std::string& certificate) { 150 return NSSIdentity::FromPEMStrings(private_key, certificate); 151} 152 153#else // !SSL_USE_OPENSSL && !SSL_USE_SCHANNEL && !SSL_USE_NSS 154 155#error "No SSL implementation" 156 157#endif // SSL_USE_SCHANNEL 158 159} // namespace talk_base 160