OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
100 } | 100 } |
101 | 101 |
102 // Helper function for deleting a vector of certificates. | 102 // Helper function for deleting a vector of certificates. |
103 static void DeleteCert(SSLCertificate* cert) { delete cert; } | 103 static void DeleteCert(SSLCertificate* cert) { delete cert; } |
104 | 104 |
105 std::vector<SSLCertificate*> certs_; | 105 std::vector<SSLCertificate*> certs_; |
106 | 106 |
107 RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); | 107 RTC_DISALLOW_COPY_AND_ASSIGN(SSLCertChain); |
108 }; | 108 }; |
109 | 109 |
110 // KT_DEFAULT is currently an alias for KT_RSA. This is likely to change. | |
111 // KT_LAST is intended for vector declarations and loops over all key types; | |
112 // it does not represent any key type in itself. | |
110 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating | 113 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating |
111 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation | 114 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation |
112 // code. | 115 // code. |
113 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; | 116 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; |
114 | 117 |
118 static const int kRsaDefaultModSize = 1024; | |
119 static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 | |
120 | |
121 struct RSAParams { | |
122 int mod_size; | |
123 int pub_exp; | |
124 }; | |
125 | |
126 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; | |
127 | |
128 class KeyParams { | |
129 public: | |
130 // Default ctor only needed by gtest, it would be nice to avoid this. | |
131 // We set grossly invalid parameters to discourage its use. | |
132 KeyParams() { | |
hbos
2015/10/01 14:42:43
Hmm. If we have to have a default constructor for
torbjorng (webrtc)
2015/10/01 15:20:49
I think an API can be confusing if there are many
| |
133 type_ = KT_LAST; // Invalid type. | |
134 memset(¶ms_, 0xff, sizeof params_); // Bad values. | |
hbos
2015/10/01 14:42:43
Change "sizeof params_" to "sizeof(params_)"
torbjorng (webrtc)
2015/10/01 15:20:49
OK.
| |
135 } | |
136 | |
137 // Generate a KeyParams object from a simple KeyType, using default params. | |
138 explicit KeyParams(KeyType key_type) { | |
139 if (key_type == KT_ECDSA) { | |
140 type_ = KT_ECDSA; | |
141 params_.curve = EC_NIST_P256; | |
142 } else { | |
143 type_ = KT_RSA; | |
144 params_.rsa.mod_size = kRsaDefaultModSize; | |
145 params_.rsa.pub_exp = kRsaDefaultExponent; | |
146 } | |
147 } | |
148 | |
149 // Generate a a KeyParams for RSA with explicit parameters. | |
150 static KeyParams RSA(int mod_size, int pub_exp) { | |
151 KeyParams kt(KT_RSA); | |
152 kt.params_.rsa.mod_size = mod_size; | |
153 kt.params_.rsa.pub_exp = pub_exp; | |
154 return kt; | |
155 } | |
156 | |
157 // Generate a a KeyParams for RSA defaulting parameters. | |
158 static KeyParams RSA() { | |
159 KeyParams kt(KT_RSA); | |
160 kt.params_.rsa.mod_size = kRsaDefaultModSize; | |
161 kt.params_.rsa.pub_exp = kRsaDefaultExponent; | |
162 return kt; | |
163 } | |
164 | |
165 // Generate a a KeyParams for ECDSA specifying the curve. | |
166 static KeyParams ECDSA(ECCurve curve) { | |
167 KeyParams kt(KT_ECDSA); | |
168 kt.params_.curve = curve; | |
169 return kt; | |
170 } | |
171 | |
172 // Generate a a KeyParams for ECDSA defaulting the curve. | |
173 static KeyParams ECDSA() { | |
174 KeyParams kt(KT_ECDSA); | |
175 kt.params_.curve = EC_NIST_P256; | |
176 return kt; | |
177 } | |
178 | |
179 // Check validity of a KeyParams object. Since the factory functions have | |
hbos
2015/10/01 14:42:43
nit: remove double space after first sentence.
torbjorng (webrtc)
2015/10/05 12:03:05
Done.
| |
180 // no way of returning errors, this function can be called after creation | |
181 // to make sure the parameters are OK. | |
182 bool isValid() { | |
183 if (this->type_ == KT_RSA && this->params_.rsa.mod_size >= 1024 && | |
184 this->params_.rsa.mod_size <= 8192 && | |
185 this->params_.rsa.pub_exp > this->params_.rsa.mod_size) { | |
186 return true; | |
187 } | |
188 if (this->type_ == KT_ECDSA) { | |
189 if (this->params_.curve == EC_NIST_P256) | |
190 return true; | |
191 } | |
192 return false; | |
193 } | |
194 | |
195 RSAParams rsa_params() const { | |
196 // RTC_DCHECK(type_ == KT_RSA); | |
197 return params_.rsa; | |
198 } | |
199 | |
200 ECCurve ec_curve() const { | |
201 // RTC_DCHECK(type_ == KT_ECDSA); | |
202 return params_.curve; | |
203 } | |
204 | |
205 KeyType type() const { return type_; } | |
206 | |
207 private: | |
208 KeyType type_; | |
209 union { | |
210 RSAParams rsa; | |
211 ECCurve curve; | |
212 } params_; | |
213 }; | |
214 | |
115 // TODO(hbos): Remove once rtc::KeyType (to be modified) and | 215 // TODO(hbos): Remove once rtc::KeyType (to be modified) and |
116 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium | 216 // blink::WebRTCKeyType (to be landed) match. By using this function in Chromium |
117 // appropriately we can change KeyType enum -> class without breaking Chromium. | 217 // appropriately we can change KeyType enum -> class without breaking Chromium. |
118 KeyType IntKeyTypeFamilyToKeyType(int key_type_family); | 218 KeyType IntKeyTypeFamilyToKeyType(int key_type_family); |
119 | 219 |
120 // Parameters for generating an identity for testing. If common_name is | 220 // Parameters for generating an identity for. If common_name is non-empty, it |
121 // non-empty, it will be used for the certificate's subject and issuer name, | 221 // will be used for the certificate's subject and issuer name, otherwise a |
122 // otherwise a random string will be used. |not_before| and |not_after| are | 222 // random string will be used. |
123 // offsets to the current time in number of seconds. | |
124 struct SSLIdentityParams { | 223 struct SSLIdentityParams { |
224 SSLIdentityParams(const KeyParams& key_params) : key_params(key_params) {} | |
225 | |
125 std::string common_name; | 226 std::string common_name; |
126 int not_before; // in seconds. | 227 int not_before; // offset from current time in seconds. |
127 int not_after; // in seconds. | 228 int not_after; // offset from current time in seconds. |
128 KeyType key_type; | 229 KeyParams key_params; |
129 }; | 230 }; |
130 | 231 |
131 // Our identity in an SSL negotiation: a keypair and certificate (both | 232 // Our identity in an SSL negotiation: a keypair and certificate (both |
132 // with the same public key). | 233 // with the same public key). |
133 // This too is pretty much immutable once created. | 234 // This too is pretty much immutable once created. |
134 class SSLIdentity { | 235 class SSLIdentity { |
135 public: | 236 public: |
136 // Generates an identity (keypair and self-signed certificate). If | 237 // Generates an identity (keypair and self-signed certificate). If |
137 // common_name is non-empty, it will be used for the certificate's | 238 // common_name is non-empty, it will be used for the certificate's |
138 // subject and issuer name, otherwise a random string will be used. | 239 // subject and issuer name, otherwise a random string will be used. |
139 // Returns NULL on failure. | 240 // Returns NULL on failure. |
140 // Caller is responsible for freeing the returned object. | 241 // Caller is responsible for freeing the returned object. |
141 static SSLIdentity* Generate(const std::string& common_name, | 242 static SSLIdentity* Generate(const std::string& common_name, |
142 KeyType key_type); | 243 KeyType key_type); |
244 static SSLIdentity* Generate(const std::string& common_name, | |
245 const KeyParams& key_param); | |
143 | 246 |
144 // Generates an identity with the specified validity period. | 247 // Generates an identity with the specified validity period. |
145 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); | 248 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); |
146 | 249 |
147 // Construct an identity from a private key and a certificate. | 250 // Construct an identity from a private key and a certificate. |
148 static SSLIdentity* FromPEMStrings(const std::string& private_key, | 251 static SSLIdentity* FromPEMStrings(const std::string& private_key, |
149 const std::string& certificate); | 252 const std::string& certificate); |
150 | 253 |
151 virtual ~SSLIdentity() {} | 254 virtual ~SSLIdentity() {} |
152 | 255 |
(...skipping 15 matching lines...) Expand all Loading... | |
168 size_t length); | 271 size_t length); |
169 }; | 272 }; |
170 | 273 |
171 extern const char kPemTypeCertificate[]; | 274 extern const char kPemTypeCertificate[]; |
172 extern const char kPemTypeRsaPrivateKey[]; | 275 extern const char kPemTypeRsaPrivateKey[]; |
173 extern const char kPemTypeEcPrivateKey[]; | 276 extern const char kPemTypeEcPrivateKey[]; |
174 | 277 |
175 } // namespace rtc | 278 } // namespace rtc |
176 | 279 |
177 #endif // WEBRTC_BASE_SSLIDENTITY_H_ | 280 #endif // WEBRTC_BASE_SSLIDENTITY_H_ |
OLD | NEW |