mirror of
https://github.com/mollyim/webrtc.git
synced 2025-05-13 05:40:42 +01:00
72f638a9a2
Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and security gains, and will provide binary size improvements as well once the default list of built-in certificates can be removed; the code dealing with them still depends on the X509 API. Implemented by splitting openssl_identity and openssl_certificate into BoringSSL and vanilla OpenSSL implementations. Bug: webrtc:11410 Change-Id: Idc043462faac5e4ab1b75bedab2057197f80aba6 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/174120 Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: David Benjamin <davidben@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Taylor <deadbeef@webrtc.org> Cr-Commit-Position: refs/heads/master@{#32811}
76 lines
2.6 KiB
C++
76 lines
2.6 KiB
C++
/*
|
|
* Copyright 2020 The WebRTC Project Authors. All rights reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#ifndef RTC_BASE_BORINGSSL_IDENTITY_H_
|
|
#define RTC_BASE_BORINGSSL_IDENTITY_H_
|
|
|
|
#include <openssl/ossl_typ.h>
|
|
|
|
#include <ctime>
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include "rtc_base/boringssl_certificate.h"
|
|
#include "rtc_base/constructor_magic.h"
|
|
#include "rtc_base/openssl_key_pair.h"
|
|
#include "rtc_base/ssl_certificate.h"
|
|
#include "rtc_base/ssl_identity.h"
|
|
|
|
namespace rtc {
|
|
|
|
// Holds a keypair and certificate together, and a method to generate them
|
|
// consistently. Uses CRYPTO_BUFFER instead of X509, which offers binary size
|
|
// and memory improvements.
|
|
class BoringSSLIdentity final : public SSLIdentity {
|
|
public:
|
|
static std::unique_ptr<BoringSSLIdentity> CreateWithExpiration(
|
|
const std::string& common_name,
|
|
const KeyParams& key_params,
|
|
time_t certificate_lifetime);
|
|
static std::unique_ptr<BoringSSLIdentity> CreateForTest(
|
|
const SSLIdentityParams& params);
|
|
static std::unique_ptr<SSLIdentity> CreateFromPEMStrings(
|
|
const std::string& private_key,
|
|
const std::string& certificate);
|
|
static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings(
|
|
const std::string& private_key,
|
|
const std::string& certificate_chain);
|
|
~BoringSSLIdentity() override;
|
|
|
|
const BoringSSLCertificate& certificate() const override;
|
|
const SSLCertChain& cert_chain() const override;
|
|
|
|
// Configure an SSL context object to use our key and certificate.
|
|
bool ConfigureIdentity(SSL_CTX* ctx);
|
|
|
|
std::string PrivateKeyToPEMString() const override;
|
|
std::string PublicKeyToPEMString() const override;
|
|
bool operator==(const BoringSSLIdentity& other) const;
|
|
bool operator!=(const BoringSSLIdentity& other) const;
|
|
|
|
private:
|
|
BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair,
|
|
std::unique_ptr<BoringSSLCertificate> certificate);
|
|
BoringSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair,
|
|
std::unique_ptr<SSLCertChain> cert_chain);
|
|
std::unique_ptr<SSLIdentity> CloneInternal() const override;
|
|
|
|
static std::unique_ptr<BoringSSLIdentity> CreateInternal(
|
|
const SSLIdentityParams& params);
|
|
|
|
std::unique_ptr<OpenSSLKeyPair> key_pair_;
|
|
std::unique_ptr<SSLCertChain> cert_chain_;
|
|
|
|
RTC_DISALLOW_COPY_AND_ASSIGN(BoringSSLIdentity);
|
|
};
|
|
|
|
} // namespace rtc
|
|
|
|
#endif // RTC_BASE_BORINGSSL_IDENTITY_H_
|