Chromium Code Reviews Chromium Code Reviews
Issue 1898383003:
RTCCertificate serialization. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 157 | 157 |
| 158 OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) { | 158 OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) { |
| 159 EVP_PKEY* pkey = MakeKey(key_params); | 159 EVP_PKEY* pkey = MakeKey(key_params); |
| 160 if (!pkey) { | 160 if (!pkey) { |
| 161 LogSSLErrors("Generating key pair"); | 161 LogSSLErrors("Generating key pair"); |
| 162 return NULL; | 162 return NULL; |
| 163 } | 163 } |
| 164 return new OpenSSLKeyPair(pkey); | 164 return new OpenSSLKeyPair(pkey); |
| 165 } | 165 } |
| 166 | 166 |
| 167 OpenSSLKeyPair* OpenSSLKeyPair::FromPrivateKeyPEMString( | |
| 168 const std::string& pem_string) { | |
| 169 BIO* bio = BIO_new_mem_buf(const_cast<char*>(pem_string.c_str()), -1); | |
| 170 if (!bio) { | |
| 171 LOG(LS_ERROR) << "Failed to create a new BIO buffer."; | |
| 172 return nullptr; | |
| 173 } | |
| 174 BIO_set_mem_eof_return(bio, 0); | |
| 175 EVP_PKEY* pkey = | |
| 176 PEM_read_bio_PrivateKey(bio, nullptr, nullptr, const_cast<char*>("\0")); | |
| 177 BIO_free(bio); // Frees the BIO, but not the pointed-to string. | |
| 178 if (!pkey) { | |
| 179 LOG(LS_ERROR) << "Failed to create the private key from PEM string."; | |
| 180 return nullptr; | |
| 181 } | |
| 182 if (EVP_PKEY_missing_parameters(pkey) != 0) { | |
| 183 LOG(LS_ERROR) << "The resulting key pair is missing public key parameters."; | |
| 184 EVP_PKEY_free(pkey); | |
| 185 return nullptr; | |
| 186 } | |
| 187 return new OpenSSLKeyPair(pkey); | |
| 188 } | |
| 189 | |
| 167 OpenSSLKeyPair::~OpenSSLKeyPair() { | 190 OpenSSLKeyPair::~OpenSSLKeyPair() { |
| 168 EVP_PKEY_free(pkey_); | 191 EVP_PKEY_free(pkey_); |
| 169 } | 192 } |
| 170 | 193 |
| 171 OpenSSLKeyPair* OpenSSLKeyPair::GetReference() { | 194 OpenSSLKeyPair* OpenSSLKeyPair::GetReference() { |
| 172 AddReference(); | 195 AddReference(); |
| 173 return new OpenSSLKeyPair(pkey_); | 196 return new OpenSSLKeyPair(pkey_); |
| 174 } | 197 } |
| 175 | 198 |
| 176 void OpenSSLKeyPair::AddReference() { | 199 void OpenSSLKeyPair::AddReference() { |
| 177 #if defined(OPENSSL_IS_BORINGSSL) | 200 #if defined(OPENSSL_IS_BORINGSSL) |
| 178 EVP_PKEY_up_ref(pkey_); | 201 EVP_PKEY_up_ref(pkey_); |
| 179 #else | 202 #else |
| 180 CRYPTO_add(&pkey_->references, 1, CRYPTO_LOCK_EVP_PKEY); | 203 CRYPTO_add(&pkey_->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 181 #endif | 204 #endif |
| 182 } | 205 } |
| 183 | 206 |
| 207 std::string OpenSSLKeyPair::PrivateKeyToPEMString() const { | |
| 208 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); | |
| 209 if (!temp_memory_bio) { | |
| 210 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; | |
| 211 RTC_NOTREACHED(); | |
| 212 return ""; | |
| 213 } | |
| 214 if (!PEM_write_bio_PrivateKey( | |
| 215 temp_memory_bio, pkey_, nullptr, nullptr, 0, nullptr, nullptr)) { | |
| 216 LOG_F(LS_ERROR) << "Failed to write private key"; | |
| 217 BIO_free(temp_memory_bio); | |
| 218 RTC_NOTREACHED(); | |
| 219 return ""; | |
| 220 } | |
| 221 BIO_write(temp_memory_bio, "\0", 1); | |
| 222 char* buffer; | |
| 223 BIO_get_mem_data(temp_memory_bio, &buffer); | |
| 224 std::string priv_key_str = buffer; | |
| 225 BIO_free(temp_memory_bio); | |
| 226 return priv_key_str; | |
| 227 } | |
| 228 | |
| 229 std::string OpenSSLKeyPair::PublicKeyToPEMString() const { | |
| 230 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); | |
| 231 if (!temp_memory_bio) { | |
| 232 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; | |
| 233 RTC_NOTREACHED(); | |
| 234 return ""; | |
| 235 } | |
| 236 if (!PEM_write_bio_PUBKEY(temp_memory_bio, pkey_)) { | |
| 237 LOG_F(LS_ERROR) << "Failed to write public key"; | |
| 238 BIO_free(temp_memory_bio); | |
| 239 RTC_NOTREACHED(); | |
| 240 return ""; | |
| 241 } | |
| 242 BIO_write(temp_memory_bio, "\0", 1); | |
| 243 char* buffer; | |
| 244 BIO_get_mem_data(temp_memory_bio, &buffer); | |
| 245 std::string pub_key_str = buffer; | |
| 246 BIO_free(temp_memory_bio); | |
| 247 return pub_key_str; | |
| 248 } | |
| 249 | |
| 250 bool OpenSSLKeyPair::operator==(const OpenSSLKeyPair& other) const { | |
| 251 return EVP_PKEY_cmp(this->pkey_, other.pkey_) == 1; | |
| 252 } | |
| 253 | |
| 254 bool OpenSSLKeyPair::operator!=(const OpenSSLKeyPair& other) const { | |
| 255 return !(*this == other); | |
| 256 } | |
| 257 | |
| 184 #if !defined(NDEBUG) | 258 #if !defined(NDEBUG) |
| 185 // Print a certificate to the log, for debugging. | 259 // Print a certificate to the log, for debugging. |
| 186 static void PrintCert(X509* x509) { | 260 static void PrintCert(X509* x509) { |
| 187 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); | 261 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); |
| 188 if (!temp_memory_bio) { | 262 if (!temp_memory_bio) { |
| 189 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; | 263 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; |
| 190 return; | 264 return; |
| 191 } | 265 } |
| 192 X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0); | 266 X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0); |
| 193 BIO_write(temp_memory_bio, "\0", 1); | 267 BIO_write(temp_memory_bio, "\0", 1); |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 361 | 435 |
| 362 void OpenSSLCertificate::AddReference() const { | 436 void OpenSSLCertificate::AddReference() const { |
| 363 ASSERT(x509_ != NULL); | 437 ASSERT(x509_ != NULL); |
| 364 #if defined(OPENSSL_IS_BORINGSSL) | 438 #if defined(OPENSSL_IS_BORINGSSL) |
| 365 X509_up_ref(x509_); | 439 X509_up_ref(x509_); |
| 366 #else | 440 #else |
| 367 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509); | 441 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509); |
| 368 #endif | 442 #endif |
| 369 } | 443 } |
| 370 | 444 |
| 445 bool OpenSSLCertificate::operator==(const OpenSSLCertificate& other) const { | |
| 446 return X509_cmp(this->x509_, other.x509_) == 0; | |
| 447 } | |
| 448 | |
| 449 bool OpenSSLCertificate::operator!=(const OpenSSLCertificate& other) const { | |
| 450 return !(*this == other); | |
| 451 } | |
| 452 | |
| 371 // Documented in sslidentity.h. | 453 // Documented in sslidentity.h. |
| 372 int64_t OpenSSLCertificate::CertificateExpirationTime() const { | 454 int64_t OpenSSLCertificate::CertificateExpirationTime() const { |
| 373 ASN1_TIME* expire_time = X509_get_notAfter(x509_); | 455 ASN1_TIME* expire_time = X509_get_notAfter(x509_); |
| 374 bool long_format; | 456 bool long_format; |
| 375 | 457 |
| 376 if (expire_time->type == V_ASN1_UTCTIME) { | 458 if (expire_time->type == V_ASN1_UTCTIME) { |
| 377 long_format = false; | 459 long_format = false; |
| 378 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) { | 460 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) { |
| 379 long_format = true; | 461 long_format = true; |
| 380 } else { | 462 } else { |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 427 return GenerateInternal(params); | 509 return GenerateInternal(params); |
| 428 } | 510 } |
| 429 | 511 |
| 430 SSLIdentity* OpenSSLIdentity::FromPEMStrings( | 512 SSLIdentity* OpenSSLIdentity::FromPEMStrings( |
| 431 const std::string& private_key, | 513 const std::string& private_key, |
| 432 const std::string& certificate) { | 514 const std::string& certificate) { |
| 433 scoped_ptr<OpenSSLCertificate> cert( | 515 scoped_ptr<OpenSSLCertificate> cert( |
| 434 OpenSSLCertificate::FromPEMString(certificate)); | 516 OpenSSLCertificate::FromPEMString(certificate)); |
| 435 if (!cert) { | 517 if (!cert) { |
| 436 LOG(LS_ERROR) << "Failed to create OpenSSLCertificate from PEM string."; | 518 LOG(LS_ERROR) << "Failed to create OpenSSLCertificate from PEM string."; |
| 437 return NULL; | 519 return nullptr; |
| 438 } | 520 } |
| 439 | 521 |
| 440 BIO* bio = BIO_new_mem_buf(const_cast<char*>(private_key.c_str()), -1); | 522 scoped_ptr<OpenSSLKeyPair> key_pair( |
|
torbjorng (webrtc)
2016/04/26 13:35:51
Isn't scoped_ptr overkill here?
hbos
2016/04/27 07:52:09
Done.
| |
| 441 if (!bio) { | 523 OpenSSLKeyPair::FromPrivateKeyPEMString(private_key)); |
| 442 LOG(LS_ERROR) << "Failed to create a new BIO buffer."; | 524 if (!key_pair) { |
| 443 return NULL; | 525 LOG(LS_ERROR) << "Failed to create key pair from PEM string."; |
| 444 } | 526 return nullptr; |
| 445 BIO_set_mem_eof_return(bio, 0); | |
| 446 EVP_PKEY* pkey = | |
| 447 PEM_read_bio_PrivateKey(bio, NULL, NULL, const_cast<char*>("\0")); | |
| 448 BIO_free(bio); // Frees the BIO, but not the pointed-to string. | |
| 449 | |
| 450 if (!pkey) { | |
| 451 LOG(LS_ERROR) << "Failed to create the private key from PEM string."; | |
| 452 return NULL; | |
| 453 } | 527 } |
| 454 | 528 |
| 455 return new OpenSSLIdentity(new OpenSSLKeyPair(pkey), | 529 return new OpenSSLIdentity(key_pair.release(), |
| 456 cert.release()); | 530 cert.release()); |
| 457 } | 531 } |
| 458 | 532 |
| 459 const OpenSSLCertificate& OpenSSLIdentity::certificate() const { | 533 const OpenSSLCertificate& OpenSSLIdentity::certificate() const { |
| 460 return *certificate_; | 534 return *certificate_; |
| 461 } | 535 } |
| 462 | 536 |
| 463 OpenSSLIdentity* OpenSSLIdentity::GetReference() const { | 537 OpenSSLIdentity* OpenSSLIdentity::GetReference() const { |
| 464 return new OpenSSLIdentity(key_pair_->GetReference(), | 538 return new OpenSSLIdentity(key_pair_->GetReference(), |
| 465 certificate_->GetReference()); | 539 certificate_->GetReference()); |
| 466 } | 540 } |
| 467 | 541 |
| 468 bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) { | 542 bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) { |
| 469 // 1 is the documented success return code. | 543 // 1 is the documented success return code. |
| 470 if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 || | 544 if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 || |
| 471 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { | 545 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { |
| 472 LogSSLErrors("Configuring key and certificate"); | 546 LogSSLErrors("Configuring key and certificate"); |
| 473 return false; | 547 return false; |
| 474 } | 548 } |
| 475 return true; | 549 return true; |
| 476 } | 550 } |
| 477 | 551 |
| 552 std::string OpenSSLIdentity::PrivateKeyToPEMString() const { | |
| 553 return key_pair_->PrivateKeyToPEMString(); | |
| 554 } | |
| 555 | |
| 556 std::string OpenSSLIdentity::PublicKeyToPEMString() const { | |
| 557 return key_pair_->PublicKeyToPEMString(); | |
| 558 } | |
| 559 | |
| 560 bool OpenSSLIdentity::operator==(const OpenSSLIdentity& other) const { | |
| 561 return *this->key_pair_ == *other.key_pair_ && | |
| 562 *this->certificate_ == *other.certificate_; | |
| 563 } | |
| 564 | |
| 565 bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const { | |
| 566 return !(*this == other); | |
| 567 } | |
| 568 | |
| 478 } // namespace rtc | 569 } // namespace rtc |
| 479 | 570 |
| 480 #endif // HAVE_OPENSSL_SSL_H | 571 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
