1/* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11#ifndef WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_ 12#define WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_ 13 14#include <string> 15#include <vector> 16 17#include "webrtc/base/buffer.h" 18#include "webrtc/base/stream.h" 19#include "webrtc/base/sslidentity.h" 20#include "webrtc/base/sslstreamadapter.h" 21 22namespace rtc { 23 24// SSLStreamAdapterHelper : A stream adapter which implements much 25// of the logic that is common between the known implementations 26// (NSS and OpenSSL) 27class SSLStreamAdapterHelper : public SSLStreamAdapter { 28 public: 29 explicit SSLStreamAdapterHelper(StreamInterface* stream) 30 : SSLStreamAdapter(stream), 31 state_(SSL_NONE), 32 role_(SSL_CLIENT), 33 ssl_error_code_(0), // Not meaningful yet 34 ssl_mode_(SSL_MODE_TLS) {} 35 36 37 // Overrides of SSLStreamAdapter 38 virtual void SetIdentity(SSLIdentity* identity); 39 virtual void SetServerRole(SSLRole role = SSL_SERVER); 40 virtual void SetMode(SSLMode mode); 41 42 virtual int StartSSLWithServer(const char* server_name); 43 virtual int StartSSLWithPeer(); 44 45 virtual bool SetPeerCertificateDigest(const std::string& digest_alg, 46 const unsigned char* digest_val, 47 size_t digest_len); 48 virtual bool GetPeerCertificate(SSLCertificate** cert) const; 49 virtual StreamState GetState() const; 50 virtual void Close(); 51 52 protected: 53 // Internal helper methods 54 // The following method returns 0 on success and a negative 55 // error code on failure. The error code may be either -1 or 56 // from the impl on some other error cases, so it can't really be 57 // interpreted unfortunately. 58 59 // Perform SSL negotiation steps. 60 int ContinueSSL(); 61 62 // Error handler helper. signal is given as true for errors in 63 // asynchronous contexts (when an error code was not returned 64 // through some other method), and in that case an SE_CLOSE event is 65 // raised on the stream with the specified error. 66 // A 0 error means a graceful close, otherwise there is not really enough 67 // context to interpret the error code. 68 virtual void Error(const char* context, int err, bool signal); 69 70 // Must be implemented by descendents 71 virtual int BeginSSL() = 0; 72 virtual void Cleanup() = 0; 73 virtual bool GetDigestLength(const std::string& algorithm, 74 size_t* length) = 0; 75 76 enum SSLState { 77 // Before calling one of the StartSSL methods, data flows 78 // in clear text. 79 SSL_NONE, 80 SSL_WAIT, // waiting for the stream to open to start SSL negotiation 81 SSL_CONNECTING, // SSL negotiation in progress 82 SSL_CONNECTED, // SSL stream successfully established 83 SSL_ERROR, // some SSL error occurred, stream is closed 84 SSL_CLOSED // Clean close 85 }; 86 87 // MSG_MAX is the maximum generic stream message number. 88 enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 }; 89 90 SSLState state_; 91 SSLRole role_; 92 int ssl_error_code_; // valid when state_ == SSL_ERROR 93 94 // Our key and certificate, mostly useful in peer-to-peer mode. 95 scoped_ptr<SSLIdentity> identity_; 96 // in traditional mode, the server name that the server's certificate 97 // must specify. Empty in peer-to-peer mode. 98 std::string ssl_server_name_; 99 // The peer's certificate. Only used for GetPeerCertificate. 100 scoped_ptr<SSLCertificate> peer_certificate_; 101 102 // The digest of the certificate that the peer must present. 103 Buffer peer_certificate_digest_value_; 104 std::string peer_certificate_digest_algorithm_; 105 106 // Do DTLS or not 107 SSLMode ssl_mode_; 108 109 private: 110 // Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT, 111 // depending on whether the underlying stream is already open or 112 // not. Returns 0 on success and a negative value on error. 113 int StartSSL(); 114}; 115 116} // namespace rtc 117 118#endif // WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_ 119