| Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2020 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef RTC_BASE_BORINGSSL_IDENTITY_H_ |
| 12 | #define RTC_BASE_BORINGSSL_IDENTITY_H_ |
| 13 | |
| 14 | #include <openssl/ossl_typ.h> |
| 15 | |
| 16 | #include <ctime> |
| 17 | #include <memory> |
| 18 | #include <string> |
| 19 | |
| 20 | #include "rtc_base/boringssl_certificate.h" |
| Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 21 | #include "rtc_base/openssl_key_pair.h" |
| 22 | #include "rtc_base/ssl_certificate.h" |
| 23 | #include "rtc_base/ssl_identity.h" |
| 24 | |
| 25 | namespace rtc { |
| 26 | |
| 27 | // Holds a keypair and certificate together, and a method to generate them |
| 28 | // consistently. Uses CRYPTO_BUFFER instead of X509, which offers binary size |
| 29 | // and memory improvements. |
| 30 | class BoringSSLIdentity final : public SSLIdentity { |
| 31 | public: |
| 32 | static std::unique_ptr<BoringSSLIdentity> CreateWithExpiration( |
| 33 | const std::string& common_name, |
| 34 | const KeyParams& key_params, |
| 35 | time_t certificate_lifetime); |
| 36 | static std::unique_ptr<BoringSSLIdentity> CreateForTest( |
| 37 | const SSLIdentityParams& params); |
| 38 | static std::unique_ptr<SSLIdentity> CreateFromPEMStrings( |
| 39 | const std::string& private_key, |
| 40 | const std::string& certificate); |
| 41 | static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings( |
| 42 | const std::string& private_key, |
| 43 | const std::string& certificate_chain); |
| 44 | ~BoringSSLIdentity() override; |
| 45 | |
| Byoungchan Lee | 14af762 | 2022-01-11 20:24:58 | [diff] [blame] | 46 | BoringSSLIdentity(const BoringSSLIdentity&) = delete; |
| 47 | BoringSSLIdentity& operator=(const BoringSSLIdentity&) = delete; |
| 48 | |
| Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 49 | const BoringSSLCertificate& certificate() const override; |
| 50 | const SSLCertChain& cert_chain() const override; |
| 51 | |
| 52 | // Configure an SSL context object to use our key and certificate. |
| 53 | bool ConfigureIdentity(SSL_CTX* ctx); |
| 54 | |
| 55 | std::string PrivateKeyToPEMString() const override; |
| 56 | std::string PublicKeyToPEMString() const override; |
| 57 | bool operator==(const BoringSSLIdentity& other) const; |
| 58 | bool operator!=(const BoringSSLIdentity& other) const; |
| 59 | |
| 60 | private: |
| 61 | BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, |
| 62 | std::unique_ptr<BoringSSLCertificate> certificate); |
| 63 | BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, |
| 64 | std::unique_ptr<SSLCertChain> cert_chain); |
| 65 | std::unique_ptr<SSLIdentity> CloneInternal() const override; |
| 66 | |
| 67 | static std::unique_ptr<BoringSSLIdentity> CreateInternal( |
| 68 | const SSLIdentityParams& params); |
| 69 | |
| 70 | std::unique_ptr<OpenSSLKeyPair> key_pair_; |
| 71 | std::unique_ptr<SSLCertChain> cert_chain_; |
| Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 72 | }; |
| 73 | |
| 74 | } // namespace rtc |
| 75 | |
| 76 | #endif // RTC_BASE_BORINGSSL_IDENTITY_H_ |
