3
* Copyright 2004, Google Inc.
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions are met:
8
* 1. Redistributions of source code must retain the above copyright notice,
9
* this list of conditions and the following disclaimer.
10
* 2. Redistributions in binary form must reproduce the above copyright notice,
11
* this list of conditions and the following disclaimer in the documentation
12
* and/or other materials provided with the distribution.
13
* 3. The name of the author may not be used to endorse or promote products
14
* derived from this software without specific prior written permission.
16
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19
* EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22
* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28
// Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
30
#ifndef TALK_BASE_SSLIDENTITY_H_
31
#define TALK_BASE_SSLIDENTITY_H_
34
#include "talk/base/messagedigest.h"
38
// Abstract interface overridden by SSL library specific
41
// A somewhat opaque type used to encapsulate a certificate.
42
// Wraps the SSL library's notion of a certificate, with reference counting.
43
// The SSLCertificate object is pretty much immutable once created.
44
// (The OpenSSL implementation only does reference counting and
45
// possibly caching of intermediate results.)
46
class SSLCertificate {
48
// Parses and build a certificate from a PEM encoded string.
49
// Returns NULL on failure.
50
// The length of the string representation of the certificate is
51
// stored in *pem_length if it is non-NULL, and only if
52
// parsing was successful.
53
// Caller is responsible for freeing the returned object.
54
static SSLCertificate* FromPEMString(const std::string& pem_string,
56
virtual ~SSLCertificate() {}
58
// Returns a new SSLCertificate object instance wrapping the same
59
// underlying certificate.
60
// Caller is responsible for freeing the returned object.
61
virtual SSLCertificate* GetReference() = 0;
63
// Returns a PEM encoded string representation of the certificate.
64
virtual std::string ToPEMString() const = 0;
66
// Compute the digest of the certificate given algorithm
67
virtual bool ComputeDigest(const std::string &algorithm,
68
unsigned char *digest, std::size_t size,
69
std::size_t *length) const = 0;
72
// Our identity in an SSL negotiation: a keypair and certificate (both
73
// with the same public key).
74
// This too is pretty much immutable once created.
77
// Generates an identity (keypair and self-signed certificate). If
78
// common_name is non-empty, it will be used for the certificate's
79
// subject and issuer name, otherwise a random string will be used.
80
// Returns NULL on failure.
81
// Caller is responsible for freeing the returned object.
82
static SSLIdentity* Generate(const std::string& common_name);
84
virtual ~SSLIdentity() {}
86
// Returns a new SSLIdentity object instance wrapping the same
87
// identity information.
88
// Caller is responsible for freeing the returned object.
89
virtual SSLIdentity* GetReference() = 0;
91
// Returns a temporary reference to the certificate.
92
virtual SSLCertificate& certificate() const = 0;
95
} // namespace talk_base
97
#endif // TALK_BASE_SSLIDENTITY_H__