xref: /aosp_15_r20/external/webrtc/rtc_base/ssl_certificate.h (revision d9f758449e529ab9291ac668be2861e7a55c2422) 
1 /*
2  *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 // Generic interface for SSL Certificates, used in both the SSLAdapter
12 // for TLS TURN connections and the SSLStreamAdapter for DTLS Peer to Peer
13 // Connections for SRTP Key negotiation and SCTP encryption.
14 
15 #ifndef RTC_BASE_SSL_CERTIFICATE_H_
16 #define RTC_BASE_SSL_CERTIFICATE_H_
17 
18 #include <stddef.h>
19 #include <stdint.h>
20 
21 #include <memory>
22 #include <string>
23 #include <vector>
24 
25 #include "absl/strings/string_view.h"
26 #include "rtc_base/buffer.h"
27 #include "rtc_base/system/rtc_export.h"
28 
29 namespace rtc {
30 
31 struct RTC_EXPORT SSLCertificateStats {
32   SSLCertificateStats(std::string&& fingerprint,
33                       std::string&& fingerprint_algorithm,
34                       std::string&& base64_certificate,
35                       std::unique_ptr<SSLCertificateStats> issuer);
36   ~SSLCertificateStats();
37   std::string fingerprint;
38   std::string fingerprint_algorithm;
39   std::string base64_certificate;
40   std::unique_ptr<SSLCertificateStats> issuer;
41 
42   std::unique_ptr<SSLCertificateStats> Copy() const;
43 };
44 
45 // Abstract interface overridden by SSL library specific
46 // implementations.
47 
48 // A somewhat opaque type used to encapsulate a certificate.
49 // Wraps the SSL library's notion of a certificate, with reference counting.
50 // The SSLCertificate object is pretty much immutable once created.
51 // (The OpenSSL implementation only does reference counting and
52 // possibly caching of intermediate results.)
53 class RTC_EXPORT SSLCertificate {
54  public:
55   // Parses and builds a certificate from a PEM encoded string.
56   // Returns null on failure.
57   // The length of the string representation of the certificate is
58   // stored in *pem_length if it is non-null, and only if
59   // parsing was successful.
60   static std::unique_ptr<SSLCertificate> FromPEMString(
61       absl::string_view pem_string);
62   virtual ~SSLCertificate() = default;
63 
64   // Returns a new SSLCertificate object instance wrapping the same
65   // underlying certificate, including its chain if present.
66   virtual std::unique_ptr<SSLCertificate> Clone() const = 0;
67 
68   // Returns a PEM encoded string representation of the certificate.
69   virtual std::string ToPEMString() const = 0;
70 
71   // Provides a DER encoded binary representation of the certificate.
72   virtual void ToDER(Buffer* der_buffer) const = 0;
73 
74   // Gets the name of the digest algorithm that was used to compute this
75   // certificate's signature.
76   virtual bool GetSignatureDigestAlgorithm(std::string* algorithm) const = 0;
77 
78   // Compute the digest of the certificate given algorithm
79   virtual bool ComputeDigest(absl::string_view algorithm,
80                              unsigned char* digest,
81                              size_t size,
82                              size_t* length) const = 0;
83 
84   // Returns the time in seconds relative to epoch, 1970-01-01T00:00:00Z (UTC),
85   // or -1 if an expiration time could not be retrieved.
86   virtual int64_t CertificateExpirationTime() const = 0;
87 
88   // Gets information (fingerprint, etc.) about this certificate. This is used
89   // for certificate stats, see
90   // https://w3c.github.io/webrtc-stats/#certificatestats-dict*.
91   std::unique_ptr<SSLCertificateStats> GetStats() const;
92 };
93 
94 // SSLCertChain is a simple wrapper for a vector of SSLCertificates. It serves
95 // primarily to ensure proper memory management (especially deletion) of the
96 // SSLCertificate pointers.
97 class RTC_EXPORT SSLCertChain final {
98  public:
99   explicit SSLCertChain(std::unique_ptr<SSLCertificate> single_cert);
100   explicit SSLCertChain(std::vector<std::unique_ptr<SSLCertificate>> certs);
101   // Allow move semantics for the object.
102   SSLCertChain(SSLCertChain&&);
103   SSLCertChain& operator=(SSLCertChain&&);
104 
105   ~SSLCertChain();
106 
107   SSLCertChain(const SSLCertChain&) = delete;
108   SSLCertChain& operator=(const SSLCertChain&) = delete;
109 
110   // Vector access methods.
GetSize()111   size_t GetSize() const { return certs_.size(); }
112 
113   // Returns a temporary reference, only valid until the chain is destroyed.
Get(size_t pos)114   const SSLCertificate& Get(size_t pos) const { return *(certs_[pos]); }
115 
116   // Returns a new SSLCertChain object instance wrapping the same underlying
117   // certificate chain.
118   std::unique_ptr<SSLCertChain> Clone() const;
119 
120   // Gets information (fingerprint, etc.) about this certificate chain. This is
121   // used for certificate stats, see
122   // https://w3c.github.io/webrtc-stats/#certificatestats-dict*.
123   std::unique_ptr<SSLCertificateStats> GetStats() const;
124 
125  private:
126   std::vector<std::unique_ptr<SSLCertificate>> certs_;
127 };
128 
129 // SSLCertificateVerifier provides a simple interface to allow third parties to
130 // define their own certificate verification code. It is completely independent
131 // from the underlying SSL implementation.
132 class SSLCertificateVerifier {
133  public:
134   virtual ~SSLCertificateVerifier() = default;
135   // Returns true if the certificate is valid, else false. It is up to the
136   // implementer to define what a valid certificate looks like.
137   virtual bool Verify(const SSLCertificate& certificate) = 0;
138 };
139 
140 }  // namespace rtc
141 
142 #endif  // RTC_BASE_SSL_CERTIFICATE_H_
143