OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 18 matching lines...) Expand all Loading... | |
29 // Abstract interface overridden by SSL library specific | 29 // Abstract interface overridden by SSL library specific |
30 // implementations. | 30 // implementations. |
31 | 31 |
32 // A somewhat opaque type used to encapsulate a certificate. | 32 // A somewhat opaque type used to encapsulate a certificate. |
33 // Wraps the SSL library's notion of a certificate, with reference counting. | 33 // Wraps the SSL library's notion of a certificate, with reference counting. |
34 // The SSLCertificate object is pretty much immutable once created. | 34 // The SSLCertificate object is pretty much immutable once created. |
35 // (The OpenSSL implementation only does reference counting and | 35 // (The OpenSSL implementation only does reference counting and |
36 // possibly caching of intermediate results.) | 36 // possibly caching of intermediate results.) |
37 class SSLCertificate { | 37 class SSLCertificate { |
38 public: | 38 public: |
39 // Parses and build a certificate from a PEM encoded string. | 39 // Parses and builds a certificate from a PEM encoded string. |
40 // Returns NULL on failure. | 40 // Returns NULL on failure. |
41 // The length of the string representation of the certificate is | 41 // The length of the string representation of the certificate is |
42 // stored in *pem_length if it is non-NULL, and only if | 42 // stored in *pem_length if it is non-NULL, and only if |
43 // parsing was successful. | 43 // parsing was successful. |
44 // Caller is responsible for freeing the returned object. | 44 // Caller is responsible for freeing the returned object. |
45 static SSLCertificate* FromPEMString(const std::string& pem_string); | 45 static SSLCertificate* FromPEMString(const std::string& pem_string); |
46 virtual ~SSLCertificate() {} | 46 virtual ~SSLCertificate() {} |
47 | 47 |
48 // Returns a new SSLCertificate object instance wrapping the same | 48 // Returns a new SSLCertificate object instance wrapping the same |
49 // underlying certificate, including its chain if present. | 49 // underlying certificate, including its chain if present. |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
118 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating | 118 // TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating |
119 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation | 119 // PeerConnectionFactory_nativeCreatePeerConnection's certificate generation |
120 // code. | 120 // code. |
121 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; | 121 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA }; |
122 | 122 |
123 static const int kRsaDefaultModSize = 1024; | 123 static const int kRsaDefaultModSize = 1024; |
124 static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 | 124 static const int kRsaDefaultExponent = 0x10001; // = 2^16+1 = 65537 |
125 static const int kRsaMinModSize = 1024; | 125 static const int kRsaMinModSize = 1024; |
126 static const int kRsaMaxModSize = 8192; | 126 static const int kRsaMaxModSize = 8192; |
127 | 127 |
128 // Certificate default validity lifetime. | |
129 static const int kDefaultCertificateLifetime = 60 * 60 * 24 * 30; // 30 days | |
130 // Certificate validity window. | |
131 // This is to compensate for slightly incorrect system clocks. | |
132 static const int kCertificateWindow = -60 * 60 * 24; | |
Ryan Sleevi
2016/03/08 17:04:43
Explain the units this is in (seconds?)
Explain wh
torbjorng (webrtc)
2016/03/30 14:00:29
Like all things in x509, this is seconds.
I agree
Ryan Sleevi
2016/03/31 02:07:53
I'm not sure what you meant, but X.509 is based on
torbjorng (webrtc)
2016/03/31 13:18:34
Really? The ANS1_TIME type used therein explicitly
| |
133 | |
128 struct RSAParams { | 134 struct RSAParams { |
129 unsigned int mod_size; | 135 unsigned int mod_size; |
130 unsigned int pub_exp; | 136 unsigned int pub_exp; |
131 }; | 137 }; |
132 | 138 |
133 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; | 139 enum ECCurve { EC_NIST_P256, /* EC_FANCY, */ EC_LAST }; |
134 | 140 |
135 class KeyParams { | 141 class KeyParams { |
136 public: | 142 public: |
137 // Generate a KeyParams object from a simple KeyType, using default params. | 143 // Generate a KeyParams object from a simple KeyType, using default params. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
177 time_t not_after; // Absolute time since epoch in seconds. | 183 time_t not_after; // Absolute time since epoch in seconds. |
178 KeyParams key_params; | 184 KeyParams key_params; |
179 }; | 185 }; |
180 | 186 |
181 // Our identity in an SSL negotiation: a keypair and certificate (both | 187 // Our identity in an SSL negotiation: a keypair and certificate (both |
182 // with the same public key). | 188 // with the same public key). |
183 // This too is pretty much immutable once created. | 189 // This too is pretty much immutable once created. |
184 class SSLIdentity { | 190 class SSLIdentity { |
185 public: | 191 public: |
186 // Generates an identity (keypair and self-signed certificate). If | 192 // Generates an identity (keypair and self-signed certificate). If |
187 // common_name is non-empty, it will be used for the certificate's | 193 // |common_name| is non-empty, it will be used for the certificate's subject |
188 // subject and issuer name, otherwise a random string will be used. | 194 // and issuer name, otherwise a random string will be used. The key type and |
195 // parameters are defined in |key_param|. The certificate's lifetime in | |
196 // seconds from the current time is defined in |certificate_lifetime|; it | |
197 // should be a non-negative number. | |
189 // Returns NULL on failure. | 198 // Returns NULL on failure. |
190 // Caller is responsible for freeing the returned object. | 199 // Caller is responsible for freeing the returned object. |
191 static SSLIdentity* Generate(const std::string& common_name, | 200 static SSLIdentity* Generate(const std::string& common_name, |
Ryan Sleevi
2016/03/08 17:04:43
Per Google style guide on overloading, this would
torbjorng (webrtc)
2016/03/30 14:00:29
I'm fixing this in a follow-up CL.
| |
192 const KeyParams& key_param); | 201 const KeyParams& key_param, |
202 time_t certificate_lifetime); | |
203 static SSLIdentity* Generate(const std::string& common_name, | |
204 const KeyParams& key_param) { | |
205 return Generate(common_name, key_param, kDefaultCertificateLifetime); | |
206 } | |
193 static SSLIdentity* Generate(const std::string& common_name, | 207 static SSLIdentity* Generate(const std::string& common_name, |
194 KeyType key_type) { | 208 KeyType key_type) { |
195 return Generate(common_name, KeyParams(key_type)); | 209 return Generate(common_name, KeyParams(key_type)); |
196 } | 210 } |
197 | 211 |
198 // Generates an identity with the specified validity period. | 212 // Generates an identity with the specified validity period. |
213 // TODO(torbjorng): Now that Generate() accepts relevant params, make tests | |
214 // use that instead of this function. | |
199 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); | 215 static SSLIdentity* GenerateForTest(const SSLIdentityParams& params); |
200 | 216 |
201 // Construct an identity from a private key and a certificate. | 217 // Construct an identity from a private key and a certificate. |
202 static SSLIdentity* FromPEMStrings(const std::string& private_key, | 218 static SSLIdentity* FromPEMStrings(const std::string& private_key, |
203 const std::string& certificate); | 219 const std::string& certificate); |
204 | 220 |
205 virtual ~SSLIdentity() {} | 221 virtual ~SSLIdentity() {} |
206 | 222 |
207 // Returns a new SSLIdentity object instance wrapping the same | 223 // Returns a new SSLIdentity object instance wrapping the same |
208 // identity information. | 224 // identity information. |
(...skipping 18 matching lines...) Expand all Loading... | |
227 // |s| is not 0-terminated; its char count is defined by |length|. | 243 // |s| is not 0-terminated; its char count is defined by |length|. |
228 int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format); | 244 int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format); |
229 | 245 |
230 extern const char kPemTypeCertificate[]; | 246 extern const char kPemTypeCertificate[]; |
231 extern const char kPemTypeRsaPrivateKey[]; | 247 extern const char kPemTypeRsaPrivateKey[]; |
232 extern const char kPemTypeEcPrivateKey[]; | 248 extern const char kPemTypeEcPrivateKey[]; |
233 | 249 |
234 } // namespace rtc | 250 } // namespace rtc |
235 | 251 |
236 #endif // WEBRTC_BASE_SSLIDENTITY_H_ | 252 #endif // WEBRTC_BASE_SSLIDENTITY_H_ |
OLD | NEW |