3 * Copyright 2004--2008, Google Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #ifndef TALK_BASE_NSSIDENTITY_H_
29 #define TALK_BASE_NSSIDENTITY_H_
38 #include "talk/base/common.h"
39 #include "talk/base/logging.h"
40 #include "talk/base/scoped_ptr.h"
41 #include "talk/base/sslidentity.h"
47 NSSKeyPair(SECKEYPrivateKey* privkey, SECKEYPublicKey* pubkey) :
48 privkey_(privkey), pubkey_(pubkey) {}
51 // Generate a 1024-bit RSA key pair.
52 static NSSKeyPair* Generate();
53 NSSKeyPair* GetReference();
55 SECKEYPrivateKey* privkey() const { return privkey_; }
56 SECKEYPublicKey * pubkey() const { return pubkey_; }
59 SECKEYPrivateKey* privkey_;
60 SECKEYPublicKey* pubkey_;
62 DISALLOW_EVIL_CONSTRUCTORS(NSSKeyPair);
66 class NSSCertificate : public SSLCertificate {
68 static NSSCertificate* FromPEMString(const std::string& pem_string);
69 // The caller retains ownership of the argument to all the constructors,
70 // and the constructor makes a copy.
71 explicit NSSCertificate(CERTCertificate* cert);
72 explicit NSSCertificate(CERTCertList* cert_list);
73 virtual ~NSSCertificate() {
75 CERT_DestroyCertificate(certificate_);
78 virtual NSSCertificate* GetReference() const;
80 virtual std::string ToPEMString() const;
82 virtual void ToDER(Buffer* der_buffer) const;
84 virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const;
86 virtual bool ComputeDigest(const std::string& algorithm,
87 unsigned char* digest, std::size_t size,
88 std::size_t* length) const;
90 virtual bool GetChain(SSLCertChain** chain) const;
92 CERTCertificate* certificate() { return certificate_; }
94 // Helper function to get the length of a digest
95 static bool GetDigestLength(const std::string& algorithm,
98 // Comparison. Only the certificate itself is considered, not the chain.
99 bool Equals(const NSSCertificate* tocompare) const;
102 NSSCertificate(CERTCertificate* cert, SSLCertChain* chain);
103 static bool GetDigestObject(const std::string& algorithm,
104 const SECHashObject** hash_object);
106 CERTCertificate* certificate_;
107 scoped_ptr<SSLCertChain> chain_;
109 DISALLOW_EVIL_CONSTRUCTORS(NSSCertificate);
112 // Represents a SSL key pair and certificate for NSS.
113 class NSSIdentity : public SSLIdentity {
115 static NSSIdentity* Generate(const std::string& common_name);
116 static SSLIdentity* FromPEMStrings(const std::string& private_key,
117 const std::string& certificate);
118 virtual ~NSSIdentity() {
119 LOG(LS_INFO) << "Destroying NSS identity";
122 virtual NSSIdentity* GetReference() const;
123 virtual NSSCertificate& certificate() const;
125 NSSKeyPair* keypair() const { return keypair_.get(); }
128 NSSIdentity(NSSKeyPair* keypair, NSSCertificate* cert) :
129 keypair_(keypair), certificate_(cert) {}
131 talk_base::scoped_ptr<NSSKeyPair> keypair_;
132 talk_base::scoped_ptr<NSSCertificate> certificate_;
134 DISALLOW_EVIL_CONSTRUCTORS(NSSIdentity);
137 } // namespace talk_base
139 #endif // TALK_BASE_NSSIDENTITY_H_