ssl_certificate.h 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. /*
  2. * Copyright 2018 The WebRTC Project Authors. All rights reserved.
  3. *
  4. * Use of this source code is governed by a BSD-style license
  5. * that can be found in the LICENSE file in the root of the source
  6. * tree. An additional intellectual property rights grant can be found
  7. * in the file PATENTS. All contributing project authors may
  8. * be found in the AUTHORS file in the root of the source tree.
  9. */
  10. // Generic interface for SSL Certificates, used in both the SSLAdapter
  11. // for TLS TURN connections and the SSLStreamAdapter for DTLS Peer to Peer
  12. // Connections for SRTP Key negotiation and SCTP encryption.
  13. #ifndef RTC_BASE_SSL_CERTIFICATE_H_
  14. #define RTC_BASE_SSL_CERTIFICATE_H_
  15. #include <stddef.h>
  16. #include <stdint.h>
  17. #include <memory>
  18. #include <string>
  19. #include <vector>
  20. #include "rtc_base/buffer.h"
  21. #include "rtc_base/constructor_magic.h"
  22. #include "rtc_base/system/rtc_export.h"
  23. namespace rtc {
  24. struct RTC_EXPORT SSLCertificateStats {
  25. SSLCertificateStats(std::string&& fingerprint,
  26. std::string&& fingerprint_algorithm,
  27. std::string&& base64_certificate,
  28. std::unique_ptr<SSLCertificateStats> issuer);
  29. ~SSLCertificateStats();
  30. std::string fingerprint;
  31. std::string fingerprint_algorithm;
  32. std::string base64_certificate;
  33. std::unique_ptr<SSLCertificateStats> issuer;
  34. };
  35. // Abstract interface overridden by SSL library specific
  36. // implementations.
  37. // A somewhat opaque type used to encapsulate a certificate.
  38. // Wraps the SSL library's notion of a certificate, with reference counting.
  39. // The SSLCertificate object is pretty much immutable once created.
  40. // (The OpenSSL implementation only does reference counting and
  41. // possibly caching of intermediate results.)
  42. class RTC_EXPORT SSLCertificate {
  43. public:
  44. // Parses and builds a certificate from a PEM encoded string.
  45. // Returns null on failure.
  46. // The length of the string representation of the certificate is
  47. // stored in *pem_length if it is non-null, and only if
  48. // parsing was successful.
  49. static std::unique_ptr<SSLCertificate> FromPEMString(
  50. const std::string& pem_string);
  51. virtual ~SSLCertificate() = default;
  52. // Returns a new SSLCertificate object instance wrapping the same
  53. // underlying certificate, including its chain if present.
  54. virtual std::unique_ptr<SSLCertificate> Clone() const = 0;
  55. // Returns a PEM encoded string representation of the certificate.
  56. virtual std::string ToPEMString() const = 0;
  57. // Provides a DER encoded binary representation of the certificate.
  58. virtual void ToDER(Buffer* der_buffer) const = 0;
  59. // Gets the name of the digest algorithm that was used to compute this
  60. // certificate's signature.
  61. virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
  62. // Compute the digest of the certificate given algorithm
  63. virtual bool ComputeDigest(const std::string& algorithm,
  64. unsigned char* digest,
  65. size_t size,
  66. size_t* length) const = 0;
  67. // Returns the time in seconds relative to epoch, 1970-01-01T00:00:00Z (UTC),
  68. // or -1 if an expiration time could not be retrieved.
  69. virtual int64_t CertificateExpirationTime() const = 0;
  70. // Gets information (fingerprint, etc.) about this certificate. This is used
  71. // for certificate stats, see
  72. // https://w3c.github.io/webrtc-stats/#certificatestats-dict*.
  73. std::unique_ptr<SSLCertificateStats> GetStats() const;
  74. };
  75. // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
  76. // primarily to ensure proper memory management (especially deletion) of the
  77. // SSLCertificate pointers.
  78. class RTC_EXPORT SSLCertChain final {
  79. public:
  80. explicit SSLCertChain(std::unique_ptr<SSLCertificate> single_cert);
  81. explicit SSLCertChain(std::vector<std::unique_ptr<SSLCertificate>> certs);
  82. // Allow move semantics for the object.
  83. SSLCertChain(SSLCertChain&&);
  84. SSLCertChain& operator=(SSLCertChain&&);
  85. ~SSLCertChain();
  86. // Vector access methods.
  87. size_t GetSize() const { return certs_.size(); }
  88. // Returns a temporary reference, only valid until the chain is destroyed.
  89. const SSLCertificate& Get(size_t pos) const { return *(certs_[pos]); }
  90. // Returns a new SSLCertChain object instance wrapping the same underlying
  91. // certificate chain.
  92. std::unique_ptr<SSLCertChain> Clone() const;
  93. // Gets information (fingerprint, etc.) about this certificate chain. This is
  94. // used for certificate stats, see
  95. // https://w3c.github.io/webrtc-stats/#certificatestats-dict*.
  96. std::unique_ptr<SSLCertificateStats> GetStats() const;
  97. private:
  98. std::vector<std::unique_ptr<SSLCertificate>> certs_;
  99. RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain);
  100. };
  101. // SSLCertificateVerifier provides a simple interface to allow third parties to
  102. // define their own certificate verification code. It is completely independent
  103. // from the underlying SSL implementation.
  104. class SSLCertificateVerifier {
  105. public:
  106. virtual ~SSLCertificateVerifier() = default;
  107. // Returns true if the certificate is valid, else false. It is up to the
  108. // implementer to define what a valid certificate looks like.
  109. virtual bool Verify(const SSLCertificate& certificate) = 0;
  110. };
  111. } // namespace rtc
  112. #endif // RTC_BASE_SSL_CERTIFICATE_H_