Refactor certificate stats collection, added SSLCertificateStats.

webrtc/base/sslidentity.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 // Handling of certificates and keypairs for SSLStreamAdapter's peer mode.
 #include "webrtc/base/sslidentity.h"
 
 #include <ctime>
 #include <string>
 
 #include "webrtc/base/base64.h"
 #include "webrtc/base/checks.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/sslconfig.h"
+#include "webrtc/base/sslfingerprint.h"
 
 #if SSL_USE_OPENSSL
 
 #include "webrtc/base/opensslidentity.h"
 
 #endif  // SSL_USE_OPENSSL
 
 namespace rtc {
 
 const char kPemTypeCertificate[] = "CERTIFICATE";
 const char kPemTypeRsaPrivateKey[] = "RSA PRIVATE KEY";
 const char kPemTypeEcPrivateKey[] = "EC PRIVATE KEY";
 
+SSLCertificateStats::SSLCertificateStats(
+    std::string&& fingerprint,
+    std::string&& fingerprint_algorithm,
+    std::string&& base64_certificate,
+    std::unique_ptr<SSLCertificateStats>&& issuer)
+    : fingerprint(std::move(fingerprint)),
+      fingerprint_algorithm(std::move(fingerprint_algorithm)),
+      base64_certificate(std::move(base64_certificate)),
+      issuer(std::move(issuer)) {
+}
+
+SSLCertificateStats::~SSLCertificateStats() {
+}
+
+std::unique_ptr<SSLCertificateStats> SSLCertificate::GetStats() const {
+  // We have a certificate and optionally a chain of certificates. This forms a
+  // linked list, starting with |this|, then the first element of |chain| and
+  // ending with the last element of |chain|. The "issuer" of a certificate is
+  // the next certificate in the chain. Stats are produced for each certificate
+  // in the list. Here, the "issuer" is the issuer's stats.
+  std::unique_ptr<SSLCertChain> chain = GetChain();
+  std::unique_ptr<SSLCertificateStats> issuer;
+  if (chain) {
+    // The loop runs in reverse so that the |issuer| is known before the
+    // |cert|'s stats.
+    for (ptrdiff_t i = chain->GetSize() - 1; i >= 0; --i) {
+      const SSLCertificate* cert = &chain->Get(i);
+      issuer = cert->GetStats(std::move(issuer));
+    }
+  }
+  return GetStats(std::move(issuer));
+}
+
+std::unique_ptr<SSLCertificateStats> SSLCertificate::GetStats(
+    std::unique_ptr<SSLCertificateStats> issuer) const {
+  // TODO(bemasc): Move this computation to a helper class that caches these
+  // values to reduce CPU use in |StatsCollector::GetStats|. This will require
+  // adding a fast |SSLCertificate::Equals| to detect certificate changes.
+  std::string digest_algorithm;
+  if (!GetSignatureDigestAlgorithm(&digest_algorithm))
+    return nullptr;
+
+  // |SSLFingerprint::Create| can fail if the algorithm returned by
+  // |SSLCertificate::GetSignatureDigestAlgorithm| is not supported by the
+  // implementation of |SSLCertificate::ComputeDigest|. This currently happens
+  // with MD5- and SHA-224-signed certificates when linked to libNSS.
+  std::unique_ptr<SSLFingerprint> ssl_fingerprint(
+      SSLFingerprint::Create(digest_algorithm, this));
+  if (!ssl_fingerprint)
+    return nullptr;
+  std::string fingerprint = ssl_fingerprint->GetRfc4572Fingerprint();
+
+  Buffer der_buffer;
+  ToDER(&der_buffer);
+  std::string der_base64;
+  Base64::EncodeFromArray(der_buffer.data(), der_buffer.size(), &der_base64);
+
+  return std::unique_ptr<SSLCertificateStats>(new SSLCertificateStats(
+      std::move(fingerprint),
+      std::move(digest_algorithm),
+      std::move(der_base64),
+      std::move(issuer)));
+}
+
 KeyParams::KeyParams(KeyType key_type) {
   if (key_type == KT_ECDSA) {
     type_ = KT_ECDSA;
     params_.curve = EC_NIST_P256;
   } else if (key_type == KT_RSA) {
     type_ = KT_RSA;
     params_.rsa.mod_size = kRsaDefaultModSize;
     params_.rsa.pub_exp = kRsaDefaultExponent;
   } else {
     RTC_NOTREACHED();
@@ skipping 221 matching lines @@
 
   if (bytes_left != 1) {
     // Now just Z should remain.  Its existence was asserted above.
     return -1;
   }
 
   return TmToSeconds(tm);
 }
 
 }  // namespace rtc