OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
100 } | 100 } |
101 | 101 |
102 // Helper function for deleting a vector of certificates. | 102 // Helper function for deleting a vector of certificates. |
103 static void DeleteCert(SSLCertificate* cert) { delete cert; } | 103 static void DeleteCert(SSLCertificate* cert) { delete cert; } |
104 | 104 |
105 std::vector<SSLCertificate*> certs_; | 105 std::vector<SSLCertificate*> certs_; |
106 | 106 |
107 RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); | 107 RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); |
108 }; | 108 }; |
109 | 109 |
110 // KT_DEFAULT is currently an alias for KT_RSA. This is likely to change. | |
111 // KT_LAST is intended for vector declarations and loops over all key types; | |
112 // it does not represent any key type in itself. | |
113 // The WebRTC RFC draft mandates KT_ECDSA and KT_RSA2048. | |
110 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating | 114 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating |
111 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation | 115 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation |
112 // code. | 116 // code. |
113 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; | 117 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; |
hbos
2015/09/29 13:53:18
Is KT_DEFAULT still used/something we want to have
juberti
2015/09/29 16:44:05
We don't usually use _LAST enums. Is there a speci
torbjorng (webrtc)
2015/10/01 11:43:18
It is still used in one place, associated to the i
torbjorng (webrtc)
2015/10/01 11:43:19
It is intended for array decls and loops, and is r
| |
114 | 118 |
119 enum { RSA_MOD_SIZE_DEFAULT = 1024 }; | |
juberti
2015/09/29 16:44:05
These should be const ints, not enums. They should
torbjorng (webrtc)
2015/10/01 11:43:18
Done.
| |
120 enum { PUB_EXP_DEFAULT = 65537 }; | |
121 | |
122 struct RSAParams { | |
123 int mod_size; | |
124 int pub_exp; | |
125 }; | |
126 | |
127 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; | |
128 | |
129 union KeyParams { | |
130 RSAParams rsa; | |
131 ECCurve curve; | |
132 }; | |
133 | |
134 class KeyTypeFull { | |
hbos
2015/09/29 13:53:18
Document supported parameter ranges here or in Gen
juberti
2015/09/29 16:44:05
I think KeyParams would be a better name here. You
torbjorng (webrtc)
2015/10/01 11:43:18
Added an isValid() method.
torbjorng (webrtc)
2015/10/01 11:43:19
Agreed.
| |
135 public: | |
136 explicit KeyTypeFull() { | |
hbos
2015/09/29 13:53:18
Remove explicit keyword here. I would make this co
juberti
2015/09/29 16:44:05
I would just remove this constructor altogether. I
torbjorng (webrtc)
2015/10/01 11:43:18
Sure, but then we need a constructor for SSLIdenti
| |
137 type_ = KT_RSA; | |
138 params_.rsa.mod_size = RSA_MOD_SIZE_DEFAULT; | |
139 params_.rsa.pub_exp = PUB_EXP_DEFAULT; | |
140 } | |
141 | |
142 explicit KeyTypeFull(KeyType key_type) { | |
hbos
2015/09/29 13:53:18
I suggest replacing this with a factory function "
torbjorng (webrtc)
2015/10/05 12:03:05
Acknowledged.
| |
143 if (key_type == KT_ECDSA) { | |
144 type_ = KT_ECDSA; | |
145 params_.curve = EC_NIST_P256; | |
146 } else { | |
147 type_ = KT_RSA; | |
148 params_.rsa.mod_size = RSA_MOD_SIZE_DEFAULT; | |
149 params_.rsa.pub_exp = PUB_EXP_DEFAULT; | |
150 } | |
151 } | |
152 | |
153 static KeyTypeFull RSA(int mod_size = RSA_MOD_SIZE_DEFAULT, | |
juberti
2015/09/29 16:44:05
Default parameters are discouraged by the style gu
torbjorng (webrtc)
2015/10/01 11:43:18
The style guide allows it for ctors, I assumed tha
| |
154 int pub_exp = PUB_EXP_DEFAULT) { | |
hbos
2015/09/29 13:53:18
I'm happy with calling them RSA, ECDSA and Default
torbjorng (webrtc)
2015/10/05 12:03:05
Acknowledged.
| |
155 KeyTypeFull kt(KT_RSA); | |
156 kt.params_.rsa.mod_size = mod_size; | |
157 kt.params_.rsa.pub_exp = pub_exp; | |
158 return kt; | |
159 } | |
160 | |
161 static KeyTypeFull ECDSA(ECCurve curve = EC_NIST_P256) { | |
juberti
2015/09/29 16:44:05
Same here.
torbjorng (webrtc)
2015/10/01 11:43:19
Done.
| |
162 KeyTypeFull kt(KT_ECDSA); | |
163 kt.params_.curve = curve; | |
164 return kt; | |
165 } | |
166 | |
167 static KeyTypeFull Default() { return RSA(); } | |
juberti
2015/09/29 16:44:05
Not sure we need this
torbjorng (webrtc)
2015/10/01 11:43:18
Removed.
| |
168 | |
169 RSAParams rsa_params() const { | |
170 // DCHECK(type_ == KT_RSA); | |
171 return params_.rsa; | |
172 } | |
173 | |
174 ECCurve ec_params() const { | |
hbos
2015/09/29 13:53:18
Does it make sense to have an ECParams struct cont
torbjorng (webrtc)
2015/10/01 11:43:19
I think "named curve" is the only reasonable param
hbos
2015/10/01 14:42:43
Acknowledged.
| |
175 // DCHECK(type_ == KT_ECDSA); | |
176 return params_.curve; | |
177 } | |
178 | |
179 KeyType type() const { return type_; } | |
180 | |
181 private: | |
182 KeyType type_; | |
183 KeyParams params_; | |
184 }; | |
185 | |
115 // TODO(hbos): Remove once rtc::KeyType (to be modified) and | 186 // TODO(hbos): Remove once rtc::KeyType (to be modified) and |
116 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium | 187 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium |
117 // appropriately we can change KeyType enum -> class without breaking Chromium. | 188 // appropriately we can change KeyType enum -> class without breaking Chromium. |
118 KeyType IntKeyTypeFamilyToKeyType(int key_type_family); | 189 KeyType IntKeyTypeFamilyToKeyType(int key_type_family); |
hbos
2015/09/29 13:53:18
This file is already pretty long with multiple cla
torbjorng (webrtc)
2015/10/05 12:03:05
Let's consider that for a separate CL.
(Incidental
| |
119 | 190 |
120 // Parameters for generating an identity for testing. If common_name is | 191 // Parameters for generating an identity for. If common_name is non-empty, it |
121 // non-empty, it will be used for the certificate's subject and issuer name, | 192 // will be used for the certificate's subject and issuer name, otherwise a |
122 // otherwise a random string will be used. |not_before| and |not_after| are | 193 // random string will be used. |
123 // offsets to the current time in number of seconds. | |
124 struct SSLIdentityParams { | 194 struct SSLIdentityParams { |
125 std::string common_name; | 195 std::string common_name; |
126 int not_before; // in seconds. | 196 int not_before; // offset from current time in seconds. |
127 int not_after; // in seconds. | 197 int not_after; // offset from current time in seconds. |
128 KeyType key_type; | 198 KeyTypeFull key_type; |
129 }; | 199 }; |
130 | 200 |
131 // Our identity in an SSL negotiation: a keypair and certificate (both | 201 // Our identity in an SSL negotiation: a keypair and certificate (both |
132 // with the same public key). | 202 // with the same public key). |
133 // This too is pretty much immutable once created. | 203 // This too is pretty much immutable once created. |
134 class SSLIdentity { | 204 class SSLIdentity { |
135 public: | 205 public: |
136 // Generates an identity (keypair and self-signed certificate). If | 206 // Generates an identity (keypair and self-signed certificate). If |
137 // common_name is non-empty, it will be used for the certificate's | 207 // common_name is non-empty, it will be used for the certificate's |
138 // subject and issuer name, otherwise a random string will be used. | 208 // subject and issuer name, otherwise a random string will be used. |
139 // Returns NULL on failure. | 209 // Returns NULL on failure. |
140 // Caller is responsible for freeing the returned object. | 210 // Caller is responsible for freeing the returned object. |
141 static SSLIdentity* Generate(const std::string& common_name, | 211 static SSLIdentity* Generate(const std::string& common_name, |
142 KeyType key_type); | 212 KeyTypeFull key_type); |
juberti
2015/09/29 16:44:05
as this is taking a structure, it should be const
torbjorng (webrtc)
2015/10/01 11:43:19
This surely is always a good idea for large struct
| |
143 | 213 |
144 // Generates an identity with the specified validity period. | 214 // Generates an identity with the specified validity period. |
145 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); | 215 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); |
146 | 216 |
147 // Construct an identity from a private key and a certificate. | 217 // Construct an identity from a private key and a certificate. |
148 static SSLIdentity* FromPEMStrings(const std::string& private_key, | 218 static SSLIdentity* FromPEMStrings(const std::string& private_key, |
149 const std::string& certificate); | 219 const std::string& certificate); |
150 | 220 |
151 virtual ~SSLIdentity() {} | 221 virtual ~SSLIdentity() {} |
152 | 222 |
(...skipping 15 matching lines...) Expand all Loading... | |
168 size_t length); | 238 size_t length); |
169 }; | 239 }; |
170 | 240 |
171 extern const char kPemTypeCertificate[]; | 241 extern const char kPemTypeCertificate[]; |
172 extern const char kPemTypeRsaPrivateKey[]; | 242 extern const char kPemTypeRsaPrivateKey[]; |
173 extern const char kPemTypeEcPrivateKey[]; | 243 extern const char kPemTypeEcPrivateKey[]; |
174 | 244 |
175 } // namespace rtc | 245 } // namespace rtc |
176 | 246 |
177 #endif // WEBRTC_BASE_SSLIDENTITY_H_ | 247 #endif // WEBRTC_BASE_SSLIDENTITY_H_ |
OLD | NEW |