rtc_certificate.h 3.5 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495
  1. /*
  2. * Copyright 2015 The WebRTC Project Authors. All rights reserved.
  3. *
  4. * Use of this source code is governed by a BSD-style license
  5. * that can be found in the LICENSE file in the root of the source
  6. * tree. An additional intellectual property rights grant can be found
  7. * in the file PATENTS. All contributing project authors may
  8. * be found in the AUTHORS file in the root of the source tree.
  9. */
  10. #ifndef RTC_BASE_RTC_CERTIFICATE_H_
  11. #define RTC_BASE_RTC_CERTIFICATE_H_
  12. #include <stdint.h>
  13. #include <memory>
  14. #include <string>
  15. #include "api/scoped_refptr.h"
  16. #include "rtc_base/ref_count.h"
  17. #include "rtc_base/system/rtc_export.h"
  18. namespace rtc {
  19. class SSLCertChain;
  20. class SSLCertificate;
  21. class SSLIdentity;
  22. // This class contains PEM strings of an RTCCertificate's private key and
  23. // certificate and acts as a text representation of RTCCertificate. Certificates
  24. // can be serialized and deserialized to and from this format, which allows for
  25. // cloning and storing of certificates to disk. The PEM format is that of
  26. // |SSLIdentity::PrivateKeyToPEMString| and |SSLCertificate::ToPEMString|, e.g.
  27. // the string representations used by OpenSSL.
  28. class RTCCertificatePEM {
  29. public:
  30. RTCCertificatePEM(const std::string& private_key,
  31. const std::string& certificate)
  32. : private_key_(private_key), certificate_(certificate) {}
  33. const std::string& private_key() const { return private_key_; }
  34. const std::string& certificate() const { return certificate_; }
  35. private:
  36. std::string private_key_;
  37. std::string certificate_;
  38. };
  39. // A thin abstraction layer between "lower level crypto stuff" like
  40. // SSLCertificate and WebRTC usage. Takes ownership of some lower level objects,
  41. // reference counting protects these from premature destruction.
  42. class RTC_EXPORT RTCCertificate : public RefCountInterface {
  43. public:
  44. // Takes ownership of |identity|.
  45. static scoped_refptr<RTCCertificate> Create(
  46. std::unique_ptr<SSLIdentity> identity);
  47. // Returns the expiration time in ms relative to epoch, 1970-01-01T00:00:00Z.
  48. uint64_t Expires() const;
  49. // Checks if the certificate has expired, where |now| is expressed in ms
  50. // relative to epoch, 1970-01-01T00:00:00Z.
  51. bool HasExpired(uint64_t now) const;
  52. const SSLCertificate& GetSSLCertificate() const;
  53. const SSLCertChain& GetSSLCertificateChain() const;
  54. // Deprecated: TODO(benwright) - Remove once chromium is updated.
  55. const SSLCertificate& ssl_certificate() const;
  56. // TODO(hbos): If possible, remove once RTCCertificate and its
  57. // GetSSLCertificate() is used in all relevant places. Should not pass around
  58. // raw SSLIdentity* for the sake of accessing SSLIdentity::certificate().
  59. // However, some places might need SSLIdentity* for its public/private key...
  60. SSLIdentity* identity() const { return identity_.get(); }
  61. // To/from PEM, a text representation of the RTCCertificate.
  62. RTCCertificatePEM ToPEM() const;
  63. // Can return nullptr if the certificate is invalid.
  64. static scoped_refptr<RTCCertificate> FromPEM(const RTCCertificatePEM& pem);
  65. bool operator==(const RTCCertificate& certificate) const;
  66. bool operator!=(const RTCCertificate& certificate) const;
  67. protected:
  68. explicit RTCCertificate(SSLIdentity* identity);
  69. ~RTCCertificate() override;
  70. private:
  71. // The SSLIdentity is the owner of the SSLCertificate. To protect our
  72. // GetSSLCertificate() we take ownership of |identity_|.
  73. std::unique_ptr<SSLIdentity> identity_;
  74. };
  75. } // namespace rtc
  76. #endif // RTC_BASE_RTC_CERTIFICATE_H_