| Taylor Brandstetter | 165c618 | 2020-12-11 00:23:03 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2020 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef RTC_BASE_BORINGSSL_IDENTITY_H_ |
| 12 | #define RTC_BASE_BORINGSSL_IDENTITY_H_ |
| 13 | |
| 14 | #include <openssl/ossl_typ.h> |
| 15 | |
| 16 | #include <ctime> |
| 17 | #include <memory> |
| 18 | #include <string> |
| 19 | |
| 20 | #include "rtc_base/boringssl_certificate.h" |
| 21 | #include "rtc_base/constructor_magic.h" |
| 22 | #include "rtc_base/openssl_key_pair.h" |
| 23 | #include "rtc_base/ssl_certificate.h" |
| 24 | #include "rtc_base/ssl_identity.h" |
| 25 | |
| 26 | namespace rtc { |
| 27 | |
| 28 | // Holds a keypair and certificate together, and a method to generate them |
| 29 | // consistently. Uses CRYPTO_BUFFER instead of X509, which offers binary size |
| 30 | // and memory improvements. |
| 31 | class BoringSSLIdentity final : public SSLIdentity { |
| 32 | public: |
| 33 | static std::unique_ptr<BoringSSLIdentity> CreateWithExpiration( |
| 34 | const std::string& common_name, |
| 35 | const KeyParams& key_params, |
| 36 | time_t certificate_lifetime); |
| 37 | static std::unique_ptr<BoringSSLIdentity> CreateForTest( |
| 38 | const SSLIdentityParams& params); |
| 39 | static std::unique_ptr<SSLIdentity> CreateFromPEMStrings( |
| 40 | const std::string& private_key, |
| 41 | const std::string& certificate); |
| 42 | static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings( |
| 43 | const std::string& private_key, |
| 44 | const std::string& certificate_chain); |
| 45 | ~BoringSSLIdentity() override; |
| 46 | |
| 47 | const BoringSSLCertificate& certificate() const override; |
| 48 | const SSLCertChain& cert_chain() const override; |
| 49 | |
| 50 | // Configure an SSL context object to use our key and certificate. |
| 51 | bool ConfigureIdentity(SSL_CTX* ctx); |
| 52 | |
| 53 | std::string PrivateKeyToPEMString() const override; |
| 54 | std::string PublicKeyToPEMString() const override; |
| 55 | bool operator==(const BoringSSLIdentity& other) const; |
| 56 | bool operator!=(const BoringSSLIdentity& other) const; |
| 57 | |
| 58 | private: |
| 59 | BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, |
| 60 | std::unique_ptr<BoringSSLCertificate> certificate); |
| 61 | BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair, |
| 62 | std::unique_ptr<SSLCertChain> cert_chain); |
| 63 | std::unique_ptr<SSLIdentity> CloneInternal() const override; |
| 64 | |
| 65 | static std::unique_ptr<BoringSSLIdentity> CreateInternal( |
| 66 | const SSLIdentityParams& params); |
| 67 | |
| 68 | std::unique_ptr<OpenSSLKeyPair> key_pair_; |
| 69 | std::unique_ptr<SSLCertChain> cert_chain_; |
| 70 | |
| 71 | RTC_DISALLOW_COPY_AND_ASSIGN(BoringSSLIdentity); |
| 72 | }; |
| 73 | |
| 74 | } // namespace rtc |
| 75 | |
| 76 | #endif // RTC_BASE_BORINGSSL_IDENTITY_H_ |
