| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 159 | 159 |
| 160 OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) { | 160 OpenSSLKeyPair* OpenSSLKeyPair::Generate(const KeyParams& key_params) { |
| 161 EVP_PKEY* pkey = MakeKey(key_params); | 161 EVP_PKEY* pkey = MakeKey(key_params); |
| 162 if (!pkey) { | 162 if (!pkey) { |
| 163 LogSSLErrors("Generating key pair"); | 163 LogSSLErrors("Generating key pair"); |
| 164 return NULL; | 164 return NULL; |
| 165 } | 165 } |
| 166 return new OpenSSLKeyPair(pkey); | 166 return new OpenSSLKeyPair(pkey); |
| 167 } | 167 } |
| 168 | 168 |
| 169 OpenSSLKeyPair* OpenSSLKeyPair::FromPrivateKeyPEMString( |
| 170 const std::string& pem_string) { |
| 171 BIO* bio = BIO_new_mem_buf(const_cast<char*>(pem_string.c_str()), -1); |
| 172 if (!bio) { |
| 173 LOG(LS_ERROR) << "Failed to create a new BIO buffer."; |
| 174 return nullptr; |
| 175 } |
| 176 BIO_set_mem_eof_return(bio, 0); |
| 177 EVP_PKEY* pkey = |
| 178 PEM_read_bio_PrivateKey(bio, nullptr, nullptr, const_cast<char*>("\0")); |
| 179 BIO_free(bio); // Frees the BIO, but not the pointed-to string. |
| 180 if (!pkey) { |
| 181 LOG(LS_ERROR) << "Failed to create the private key from PEM string."; |
| 182 return nullptr; |
| 183 } |
| 184 if (EVP_PKEY_missing_parameters(pkey) != 0) { |
| 185 LOG(LS_ERROR) << "The resulting key pair is missing public key parameters."; |
| 186 EVP_PKEY_free(pkey); |
| 187 return nullptr; |
| 188 } |
| 189 return new OpenSSLKeyPair(pkey); |
| 190 } |
| 191 |
| 169 OpenSSLKeyPair::~OpenSSLKeyPair() { | 192 OpenSSLKeyPair::~OpenSSLKeyPair() { |
| 170 EVP_PKEY_free(pkey_); | 193 EVP_PKEY_free(pkey_); |
| 171 } | 194 } |
| 172 | 195 |
| 173 OpenSSLKeyPair* OpenSSLKeyPair::GetReference() { | 196 OpenSSLKeyPair* OpenSSLKeyPair::GetReference() { |
| 174 AddReference(); | 197 AddReference(); |
| 175 return new OpenSSLKeyPair(pkey_); | 198 return new OpenSSLKeyPair(pkey_); |
| 176 } | 199 } |
| 177 | 200 |
| 178 void OpenSSLKeyPair::AddReference() { | 201 void OpenSSLKeyPair::AddReference() { |
| 179 #if defined(OPENSSL_IS_BORINGSSL) | 202 #if defined(OPENSSL_IS_BORINGSSL) |
| 180 EVP_PKEY_up_ref(pkey_); | 203 EVP_PKEY_up_ref(pkey_); |
| 181 #else | 204 #else |
| 182 CRYPTO_add(&pkey_->references, 1, CRYPTO_LOCK_EVP_PKEY); | 205 CRYPTO_add(&pkey_->references, 1, CRYPTO_LOCK_EVP_PKEY); |
| 183 #endif | 206 #endif |
| 184 } | 207 } |
| 185 | 208 |
| 209 std::string OpenSSLKeyPair::PrivateKeyToPEMString() const { |
| 210 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); |
| 211 if (!temp_memory_bio) { |
| 212 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; |
| 213 RTC_NOTREACHED(); |
| 214 return ""; |
| 215 } |
| 216 if (!PEM_write_bio_PrivateKey( |
| 217 temp_memory_bio, pkey_, nullptr, nullptr, 0, nullptr, nullptr)) { |
| 218 LOG_F(LS_ERROR) << "Failed to write private key"; |
| 219 BIO_free(temp_memory_bio); |
| 220 RTC_NOTREACHED(); |
| 221 return ""; |
| 222 } |
| 223 BIO_write(temp_memory_bio, "\0", 1); |
| 224 char* buffer; |
| 225 BIO_get_mem_data(temp_memory_bio, &buffer); |
| 226 std::string priv_key_str = buffer; |
| 227 BIO_free(temp_memory_bio); |
| 228 return priv_key_str; |
| 229 } |
| 230 |
| 231 std::string OpenSSLKeyPair::PublicKeyToPEMString() const { |
| 232 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); |
| 233 if (!temp_memory_bio) { |
| 234 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; |
| 235 RTC_NOTREACHED(); |
| 236 return ""; |
| 237 } |
| 238 if (!PEM_write_bio_PUBKEY(temp_memory_bio, pkey_)) { |
| 239 LOG_F(LS_ERROR) << "Failed to write public key"; |
| 240 BIO_free(temp_memory_bio); |
| 241 RTC_NOTREACHED(); |
| 242 return ""; |
| 243 } |
| 244 BIO_write(temp_memory_bio, "\0", 1); |
| 245 char* buffer; |
| 246 BIO_get_mem_data(temp_memory_bio, &buffer); |
| 247 std::string pub_key_str = buffer; |
| 248 BIO_free(temp_memory_bio); |
| 249 return pub_key_str; |
| 250 } |
| 251 |
| 252 bool OpenSSLKeyPair::operator==(const OpenSSLKeyPair& other) const { |
| 253 return EVP_PKEY_cmp(this->pkey_, other.pkey_) == 1; |
| 254 } |
| 255 |
| 256 bool OpenSSLKeyPair::operator!=(const OpenSSLKeyPair& other) const { |
| 257 return !(*this == other); |
| 258 } |
| 259 |
| 186 #if !defined(NDEBUG) | 260 #if !defined(NDEBUG) |
| 187 // Print a certificate to the log, for debugging. | 261 // Print a certificate to the log, for debugging. |
| 188 static void PrintCert(X509* x509) { | 262 static void PrintCert(X509* x509) { |
| 189 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); | 263 BIO* temp_memory_bio = BIO_new(BIO_s_mem()); |
| 190 if (!temp_memory_bio) { | 264 if (!temp_memory_bio) { |
| 191 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; | 265 LOG_F(LS_ERROR) << "Failed to allocate temporary memory bio"; |
| 192 return; | 266 return; |
| 193 } | 267 } |
| 194 X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0); | 268 X509_print_ex(temp_memory_bio, x509, XN_FLAG_SEP_CPLUS_SPC, 0); |
| 195 BIO_write(temp_memory_bio, "\0", 1); | 269 BIO_write(temp_memory_bio, "\0", 1); |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 363 | 437 |
| 364 void OpenSSLCertificate::AddReference() const { | 438 void OpenSSLCertificate::AddReference() const { |
| 365 ASSERT(x509_ != NULL); | 439 ASSERT(x509_ != NULL); |
| 366 #if defined(OPENSSL_IS_BORINGSSL) | 440 #if defined(OPENSSL_IS_BORINGSSL) |
| 367 X509_up_ref(x509_); | 441 X509_up_ref(x509_); |
| 368 #else | 442 #else |
| 369 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509); | 443 CRYPTO_add(&x509_->references, 1, CRYPTO_LOCK_X509); |
| 370 #endif | 444 #endif |
| 371 } | 445 } |
| 372 | 446 |
| 447 bool OpenSSLCertificate::operator==(const OpenSSLCertificate& other) const { |
| 448 return X509_cmp(this->x509_, other.x509_) == 0; |
| 449 } |
| 450 |
| 451 bool OpenSSLCertificate::operator!=(const OpenSSLCertificate& other) const { |
| 452 return !(*this == other); |
| 453 } |
| 454 |
| 373 // Documented in sslidentity.h. | 455 // Documented in sslidentity.h. |
| 374 int64_t OpenSSLCertificate::CertificateExpirationTime() const { | 456 int64_t OpenSSLCertificate::CertificateExpirationTime() const { |
| 375 ASN1_TIME* expire_time = X509_get_notAfter(x509_); | 457 ASN1_TIME* expire_time = X509_get_notAfter(x509_); |
| 376 bool long_format; | 458 bool long_format; |
| 377 | 459 |
| 378 if (expire_time->type == V_ASN1_UTCTIME) { | 460 if (expire_time->type == V_ASN1_UTCTIME) { |
| 379 long_format = false; | 461 long_format = false; |
| 380 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) { | 462 } else if (expire_time->type == V_ASN1_GENERALIZEDTIME) { |
| 381 long_format = true; | 463 long_format = true; |
| 382 } else { | 464 } else { |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 429 return GenerateInternal(params); | 511 return GenerateInternal(params); |
| 430 } | 512 } |
| 431 | 513 |
| 432 SSLIdentity* OpenSSLIdentity::FromPEMStrings( | 514 SSLIdentity* OpenSSLIdentity::FromPEMStrings( |
| 433 const std::string& private_key, | 515 const std::string& private_key, |
| 434 const std::string& certificate) { | 516 const std::string& certificate) { |
| 435 std::unique_ptr<OpenSSLCertificate> cert( | 517 std::unique_ptr<OpenSSLCertificate> cert( |
| 436 OpenSSLCertificate::FromPEMString(certificate)); | 518 OpenSSLCertificate::FromPEMString(certificate)); |
| 437 if (!cert) { | 519 if (!cert) { |
| 438 LOG(LS_ERROR) << "Failed to create OpenSSLCertificate from PEM string."; | 520 LOG(LS_ERROR) << "Failed to create OpenSSLCertificate from PEM string."; |
| 439 return NULL; | 521 return nullptr; |
| 440 } | 522 } |
| 441 | 523 |
| 442 BIO* bio = BIO_new_mem_buf(const_cast<char*>(private_key.c_str()), -1); | 524 OpenSSLKeyPair* key_pair = |
| 443 if (!bio) { | 525 OpenSSLKeyPair::FromPrivateKeyPEMString(private_key); |
| 444 LOG(LS_ERROR) << "Failed to create a new BIO buffer."; | 526 if (!key_pair) { |
| 445 return NULL; | 527 LOG(LS_ERROR) << "Failed to create key pair from PEM string."; |
| 446 } | 528 return nullptr; |
| 447 BIO_set_mem_eof_return(bio, 0); | |
| 448 EVP_PKEY* pkey = | |
| 449 PEM_read_bio_PrivateKey(bio, NULL, NULL, const_cast<char*>("\0")); | |
| 450 BIO_free(bio); // Frees the BIO, but not the pointed-to string. | |
| 451 | |
| 452 if (!pkey) { | |
| 453 LOG(LS_ERROR) << "Failed to create the private key from PEM string."; | |
| 454 return NULL; | |
| 455 } | 529 } |
| 456 | 530 |
| 457 return new OpenSSLIdentity(new OpenSSLKeyPair(pkey), | 531 return new OpenSSLIdentity(key_pair, |
| 458 cert.release()); | 532 cert.release()); |
| 459 } | 533 } |
| 460 | 534 |
| 461 const OpenSSLCertificate& OpenSSLIdentity::certificate() const { | 535 const OpenSSLCertificate& OpenSSLIdentity::certificate() const { |
| 462 return *certificate_; | 536 return *certificate_; |
| 463 } | 537 } |
| 464 | 538 |
| 465 OpenSSLIdentity* OpenSSLIdentity::GetReference() const { | 539 OpenSSLIdentity* OpenSSLIdentity::GetReference() const { |
| 466 return new OpenSSLIdentity(key_pair_->GetReference(), | 540 return new OpenSSLIdentity(key_pair_->GetReference(), |
| 467 certificate_->GetReference()); | 541 certificate_->GetReference()); |
| 468 } | 542 } |
| 469 | 543 |
| 470 bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) { | 544 bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) { |
| 471 // 1 is the documented success return code. | 545 // 1 is the documented success return code. |
| 472 if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 || | 546 if (SSL_CTX_use_certificate(ctx, certificate_->x509()) != 1 || |
| 473 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { | 547 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { |
| 474 LogSSLErrors("Configuring key and certificate"); | 548 LogSSLErrors("Configuring key and certificate"); |
| 475 return false; | 549 return false; |
| 476 } | 550 } |
| 477 return true; | 551 return true; |
| 478 } | 552 } |
| 479 | 553 |
| 554 std::string OpenSSLIdentity::PrivateKeyToPEMString() const { |
| 555 return key_pair_->PrivateKeyToPEMString(); |
| 556 } |
| 557 |
| 558 std::string OpenSSLIdentity::PublicKeyToPEMString() const { |
| 559 return key_pair_->PublicKeyToPEMString(); |
| 560 } |
| 561 |
| 562 bool OpenSSLIdentity::operator==(const OpenSSLIdentity& other) const { |
| 563 return *this->key_pair_ == *other.key_pair_ && |
| 564 *this->certificate_ == *other.certificate_; |
| 565 } |
| 566 |
| 567 bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const { |
| 568 return !(*this == other); |
| 569 } |
| 570 |
| 480 } // namespace rtc | 571 } // namespace rtc |
| 481 | 572 |
| 482 #endif // HAVE_OPENSSL_SSL_H | 573 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1898383003:
RTCCertificate serialization. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master