1 /* 2 * Copyright 2015 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef RTC_BASE_RTC_CERTIFICATE_H_ 12 #define RTC_BASE_RTC_CERTIFICATE_H_ 13 14 #include <stdint.h> 15 16 #include <memory> 17 #include <string> 18 19 #include "absl/base/attributes.h" 20 #include "absl/strings/string_view.h" 21 #include "api/ref_counted_base.h" 22 #include "api/scoped_refptr.h" 23 #include "rtc_base/system/rtc_export.h" 24 25 namespace rtc { 26 27 class SSLCertChain; 28 class SSLCertificate; 29 class SSLIdentity; 30 31 // This class contains PEM strings of an RTCCertificate's private key and 32 // certificate and acts as a text representation of RTCCertificate. Certificates 33 // can be serialized and deserialized to and from this format, which allows for 34 // cloning and storing of certificates to disk. The PEM format is that of 35 // `SSLIdentity::PrivateKeyToPEMString` and `SSLCertificate::ToPEMString`, e.g. 36 // the string representations used by OpenSSL. 37 class RTCCertificatePEM { 38 public: RTCCertificatePEM(absl::string_view private_key,absl::string_view certificate)39 RTCCertificatePEM(absl::string_view private_key, 40 absl::string_view certificate) 41 : private_key_(private_key), certificate_(certificate) {} 42 private_key()43 const std::string& private_key() const { return private_key_; } certificate()44 const std::string& certificate() const { return certificate_; } 45 46 private: 47 std::string private_key_; 48 std::string certificate_; 49 }; 50 51 // A thin abstraction layer between "lower level crypto stuff" like 52 // SSLCertificate and WebRTC usage. Takes ownership of some lower level objects, 53 // reference counting protects these from premature destruction. 54 class RTC_EXPORT RTCCertificate final 55 : public RefCountedNonVirtual<RTCCertificate> { 56 public: 57 // Takes ownership of `identity`. 58 static scoped_refptr<RTCCertificate> Create( 59 std::unique_ptr<SSLIdentity> identity); 60 61 // Returns the expiration time in ms relative to epoch, 1970-01-01T00:00:00Z. 62 uint64_t Expires() const; 63 // Checks if the certificate has expired, where `now` is expressed in ms 64 // relative to epoch, 1970-01-01T00:00:00Z. 65 bool HasExpired(uint64_t now) const; 66 67 const SSLCertificate& GetSSLCertificate() const; 68 const SSLCertChain& GetSSLCertificateChain() const; 69 70 // TODO(hbos): If possible, remove once RTCCertificate and its 71 // GetSSLCertificate() is used in all relevant places. Should not pass around 72 // raw SSLIdentity* for the sake of accessing SSLIdentity::certificate(). 73 // However, some places might need SSLIdentity* for its public/private key... identity()74 SSLIdentity* identity() const { return identity_.get(); } 75 76 // To/from PEM, a text representation of the RTCCertificate. 77 RTCCertificatePEM ToPEM() const; 78 // Can return nullptr if the certificate is invalid. 79 static scoped_refptr<RTCCertificate> FromPEM(const RTCCertificatePEM& pem); 80 bool operator==(const RTCCertificate& certificate) const; 81 bool operator!=(const RTCCertificate& certificate) const; 82 83 protected: 84 explicit RTCCertificate(SSLIdentity* identity); 85 86 friend class RefCountedNonVirtual<RTCCertificate>; 87 ~RTCCertificate(); 88 89 private: 90 // The SSLIdentity is the owner of the SSLCertificate. To protect our 91 // GetSSLCertificate() we take ownership of `identity_`. 92 const std::unique_ptr<SSLIdentity> identity_; 93 }; 94 95 } // namespace rtc 96 97 #endif // RTC_BASE_RTC_CERTIFICATE_H_ 98