3 * Copyright 2004--2008, Google Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #ifndef TALK_BASE_SSLSTREAMADAPTERHELPER_H_
29 #define TALK_BASE_SSLSTREAMADAPTERHELPER_H_
34 #include "talk/base/buffer.h"
35 #include "talk/base/stream.h"
36 #include "talk/base/sslidentity.h"
37 #include "talk/base/sslstreamadapter.h"
41 // SSLStreamAdapterHelper : A stream adapter which implements much
42 // of the logic that is common between the known implementations
44 class SSLStreamAdapterHelper : public SSLStreamAdapter {
46 explicit SSLStreamAdapterHelper(StreamInterface* stream)
47 : SSLStreamAdapter(stream),
50 ssl_error_code_(0), // Not meaningful yet
51 ssl_mode_(SSL_MODE_TLS) {}
54 // Overrides of SSLStreamAdapter
55 virtual void SetIdentity(SSLIdentity* identity);
56 virtual void SetServerRole(SSLRole role = SSL_SERVER);
57 virtual void SetMode(SSLMode mode);
59 virtual int StartSSLWithServer(const char* server_name);
60 virtual int StartSSLWithPeer();
62 virtual void SetPeerCertificate(SSLCertificate* cert);
63 virtual bool SetPeerCertificateDigest(const std::string& digest_alg,
64 const unsigned char* digest_val,
66 virtual bool GetPeerCertificate(SSLCertificate** cert) const;
67 virtual StreamState GetState() const;
71 // Internal helper methods
72 // The following method returns 0 on success and a negative
73 // error code on failure. The error code may be either -1 or
74 // from the impl on some other error cases, so it can't really be
75 // interpreted unfortunately.
77 // Perform SSL negotiation steps.
80 // Error handler helper. signal is given as true for errors in
81 // asynchronous contexts (when an error code was not returned
82 // through some other method), and in that case an SE_CLOSE event is
83 // raised on the stream with the specified error.
84 // A 0 error means a graceful close, otherwise there is not really enough
85 // context to interpret the error code.
86 virtual void Error(const char* context, int err, bool signal);
88 // Must be implemented by descendents
89 virtual int BeginSSL() = 0;
90 virtual void Cleanup() = 0;
91 virtual bool GetDigestLength(const std::string &algorithm,
92 std::size_t *length) = 0;
95 // Before calling one of the StartSSL methods, data flows
98 SSL_WAIT, // waiting for the stream to open to start SSL negotiation
99 SSL_CONNECTING, // SSL negotiation in progress
100 SSL_CONNECTED, // SSL stream successfully established
101 SSL_ERROR, // some SSL error occurred, stream is closed
102 SSL_CLOSED // Clean close
105 // MSG_MAX is the maximum generic stream message number.
106 enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 };
110 int ssl_error_code_; // valid when state_ == SSL_ERROR
112 // Our key and certificate, mostly useful in peer-to-peer mode.
113 scoped_ptr<SSLIdentity> identity_;
114 // in traditional mode, the server name that the server's certificate
115 // must specify. Empty in peer-to-peer mode.
116 std::string ssl_server_name_;
117 // In peer-to-peer mode, the certificate that the peer must
118 // present. Empty in traditional mode.
119 scoped_ptr<SSLCertificate> peer_certificate_;
121 // In peer-to-peer mode, the digest of the certificate that
122 // the peer must present.
123 Buffer peer_certificate_digest_value_;
124 std::string peer_certificate_digest_algorithm_;
130 // Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT,
131 // depending on whether the underlying stream is already open or
132 // not. Returns 0 on success and a negative value on error.
136 } // namespace talk_base
138 #endif // TALK_BASE_SSLSTREAMADAPTERHELPER_H_