Acasă Explorează Ajutor
Înregistrare Autentificare
SRI-DINO
/
Cockpit-cpp
2
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: 94cc2870f1
Ramuri Etichete
Cockpit-cpp
/
EgoQt
/
thirdparty
/
webrtc
/
include
/
rtc_base
/
ssl_identity.h

ssl_identity.h 6.4 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. /*
    2. 

  2.  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
    3. 

  3.  *
    4. 

  4.  *  Use of this source code is governed by a BSD-style license
    5. 

  5.  *  that can be found in the LICENSE file in the root of the source
    6. 

  6.  *  tree. An additional intellectual property rights grant can be found
    7. 

  7.  *  in the file PATENTS.  All contributing project authors may
    8. 

  8.  *  be found in the AUTHORS file in the root of the source tree.
    9. 

  9.  */
    10. 

  10. 

  11. // Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
    12. 

  12. 

  13. #ifndef RTC_BASE_SSL_IDENTITY_H_
    14. 

  14. #define RTC_BASE_SSL_IDENTITY_H_
    15. 

  15. 

  16. #include <stdint.h>
    17. 

  17. #include <ctime>
    18. 

  18. #include <memory>
    19. 

  19. #include <string>
    20. 

  20. 

  21. #include "rtc_base/deprecation.h"
    22. 

  22. #include "rtc_base/system/rtc_export.h"
    23. 

  23. 

  24. namespace rtc {
    25. 

  25. 

  26. class SSLCertChain;
    27. 

  27. class SSLCertificate;
    28. 

  28. 

  29. // KT_LAST is intended for vector declarations and loops over all key types;
    30. 

  30. // it does not represent any key type in itself.
    31. 

  31. // KT_DEFAULT is used as the default KeyType for KeyParams.
    32. 

  32. enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_ECDSA };
    33. 

  33. 

  34. static const int kRsaDefaultModSize = 1024;
    35. 

  35. static const int kRsaDefaultExponent = 0x10001;  // = 2^16+1 = 65537
    36. 

  36. static const int kRsaMinModSize = 1024;
    37. 

  37. static const int kRsaMaxModSize = 8192;
    38. 

  38. 

  39. // Certificate default validity lifetime.
    40. 

  40. static const int kDefaultCertificateLifetimeInSeconds =
    41. 

  41.     60 * 60 * 24 * 30;  // 30 days
    42. 

  42. // Certificate validity window.
    43. 

  43. // This is to compensate for slightly incorrect system clocks.
    44. 

  44. static const int kCertificateWindowInSeconds = -60 * 60 * 24;
    45. 

  45. 

  46. struct RSAParams {
    47. 

  47.   unsigned int mod_size;
    48. 

  48.   unsigned int pub_exp;
    49. 

  49. };
    50. 

  50. 

  51. enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST };
    52. 

  52. 

  53. class RTC_EXPORT KeyParams {
    54. 

  54.  public:
    55. 

  55.   // Generate a KeyParams object from a simple KeyType, using default params.
    56. 

  56.   explicit KeyParams(KeyType key_type = KT_DEFAULT);
    57. 

  57. 

  58.   // Generate a a KeyParams for RSA with explicit parameters.
    59. 

  59.   static KeyParams RSA(int mod_size = kRsaDefaultModSize,
    60. 

  60.                        int pub_exp = kRsaDefaultExponent);
    61. 

  61. 

  62.   // Generate a a KeyParams for ECDSA specifying the curve.
    63. 

  63.   static KeyParams ECDSA(ECCurve curve = EC_NIST_P256);
    64. 

  64. 

  65.   // Check validity of a KeyParams object. Since the factory functions have
    66. 

  66.   // no way of returning errors, this function can be called after creation
    67. 

  67.   // to make sure the parameters are OK.
    68. 

  68.   bool IsValid() const;
    69. 

  69. 

  70.   RSAParams rsa_params() const;
    71. 

  71. 

  72.   ECCurve ec_curve() const;
    73. 

  73. 

  74.   KeyType type() const { return type_; }
    75. 

  75. 

  76.  private:
    77. 

  77.   KeyType type_;
    78. 

  78.   union {
    79. 

  79.     RSAParams rsa;
    80. 

  80.     ECCurve curve;
    81. 

  81.   } params_;
    82. 

  82. };
    83. 

  83. 

  84. // TODO(hbos): Remove once rtc::KeyType (to be modified) and
    85. 

  85. // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium
    86. 

  86. // appropriately we can change KeyType enum -> class without breaking Chromium.
    87. 

  87. KeyType IntKeyTypeFamilyToKeyType(int key_type_family);
    88. 

  88. 

  89. // Parameters for generating a certificate. If |common_name| is non-empty, it
    90. 

  90. // will be used for the certificate's subject and issuer name, otherwise a
    91. 

  91. // random string will be used.
    92. 

  92. struct SSLIdentityParams {
    93. 

  93.   std::string common_name;
    94. 

  94.   time_t not_before;  // Absolute time since epoch in seconds.
    95. 

  95.   time_t not_after;   // Absolute time since epoch in seconds.
    96. 

  96.   KeyParams key_params;
    97. 

  97. };
    98. 

  98. 

  99. // Our identity in an SSL negotiation: a keypair and certificate (both
    100. 

  100. // with the same public key).
    101. 

  101. // This too is pretty much immutable once created.
    102. 

  102. class RTC_EXPORT SSLIdentity {
    103. 

  103.  public:
    104. 

  104.   // Generates an identity (keypair and self-signed certificate). If
    105. 

  105.   // |common_name| is non-empty, it will be used for the certificate's subject
    106. 

  106.   // and issuer name, otherwise a random string will be used. The key type and
    107. 

  107.   // parameters are defined in |key_param|. The certificate's lifetime in
    108. 

  108.   // seconds from the current time is defined in |certificate_lifetime|; it
    109. 

  109.   // should be a non-negative number.
    110. 

  110.   // Returns null on failure.
    111. 

  111.   // Caller is responsible for freeing the returned object.
    112. 

  112.   static std::unique_ptr<SSLIdentity> Create(const std::string& common_name,
    113. 

  113.                                              const KeyParams& key_param,
    114. 

  114.                                              time_t certificate_lifetime);
    115. 

  115.   static std::unique_ptr<SSLIdentity> Create(const std::string& common_name,
    116. 

  116.                                              const KeyParams& key_param);
    117. 

  117.   static std::unique_ptr<SSLIdentity> Create(const std::string& common_name,
    118. 

  118.                                              KeyType key_type);
    119. 

  119. 

  120.   // Allows fine-grained control over expiration time.
    121. 

  121.   static std::unique_ptr<SSLIdentity> CreateForTest(
    122. 

  122.       const SSLIdentityParams& params);
    123. 

  123. 

  124.   // Construct an identity from a private key and a certificate.
    125. 

  125.   static std::unique_ptr<SSLIdentity> CreateFromPEMStrings(
    126. 

  126.       const std::string& private_key,
    127. 

  127.       const std::string& certificate);
    128. 

  128. 

  129.   // Construct an identity from a private key and a certificate chain.
    130. 

  130.   static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings(
    131. 

  131.       const std::string& private_key,
    132. 

  132.       const std::string& certificate_chain);
    133. 

  133. 

  134.   virtual ~SSLIdentity() {}
    135. 

  135. 

  136.   // Returns a new SSLIdentity object instance wrapping the same
    137. 

  137.   // identity information.
    138. 

  138.   std::unique_ptr<SSLIdentity> Clone() const { return CloneInternal(); }
    139. 

  139. 

  140.   // Returns a temporary reference to the end-entity (leaf) certificate.
    141. 

  141.   virtual const SSLCertificate& certificate() const = 0;
    142. 

  142.   // Returns a temporary reference to the entire certificate chain.
    143. 

  143.   virtual const SSLCertChain& cert_chain() const = 0;
    144. 

  144.   virtual std::string PrivateKeyToPEMString() const = 0;
    145. 

  145.   virtual std::string PublicKeyToPEMString() const = 0;
    146. 

  146. 

  147.   // Helpers for parsing converting between PEM and DER format.
    148. 

  148.   static bool PemToDer(const std::string& pem_type,
    149. 

  149.                        const std::string& pem_string,
    150. 

  150.                        std::string* der);
    151. 

  151.   static std::string DerToPem(const std::string& pem_type,
    152. 

  152.                               const unsigned char* data,
    153. 

  153.                               size_t length);
    154. 

  154. 

  155.  protected:
    156. 

  156.   virtual std::unique_ptr<SSLIdentity> CloneInternal() const = 0;
    157. 

  157. };
    158. 

  158. 

  159. bool operator==(const SSLIdentity& a, const SSLIdentity& b);
    160. 

  160. bool operator!=(const SSLIdentity& a, const SSLIdentity& b);
    161. 

  161. 

  162. // Convert from ASN1 time as restricted by RFC 5280 to seconds from 1970-01-01
    163. 

  163. // 00.00 ("epoch").  If the ASN1 time cannot be read, return -1.  The data at
    164. 

  164. // |s| is not 0-terminated; its char count is defined by |length|.
    165. 

  165. int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format);
    166. 

  166. 

  167. extern const char kPemTypeCertificate[];
    168. 

  168. extern const char kPemTypeRsaPrivateKey[];
    169. 

  169. extern const char kPemTypeEcPrivateKey[];
    170. 

  170. 

  171. }  // namespace rtc
    172. 

  172. 

  173. #endif  // RTC_BASE_SSL_IDENTITY_H_
    174.