zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
14a01a403a3a03350623687a5a5ca1e64a985224
platform-external-webrtc/webrtc/base/opensslidentity.h
Torbjorn Granlund 46c9cc0190 Provide method for returning certificate expiration time stamp. 
We convert ASN1 time via std::tm to int64_t representing milliseconds-since-epoch. We do not use time_t since that cannot store milliseconds, and expires for 32-bit platforms in 2038 also for seconds.

Conversion via std::tm might might seem silly, but actually doesn't add any complexity.

One would expect tm -> seconds-since-epoch to already exist on the standard library. There is mktime, but it uses localtime (and sets an environment variable, and has the 2038 problem).

The ASN1 TIME parsing is limited to what is required by RFC 5280.

BUG=webrtc:5150
R=hbos@webrtc.org, nisse@webrtc.org, tommi@webrtc.org

Review URL: https://codereview.webrtc.org/1468273004 .

Cr-Commit-Position: refs/heads/master@{#10854}
2015-12-01 12:06:46 +00:00

132 lines
3.9 KiB
C++
Raw Blame History

/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_OPENSSLIDENTITY_H_
#define WEBRTC_BASE_OPENSSLIDENTITY_H_
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <string>
#include "webrtc/base/common.h"
#include "webrtc/base/scoped_ptr.h"
#include "webrtc/base/sslidentity.h"
typedef struct ssl_ctx_st SSL_CTX;
namespace rtc {
// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
// which is reference counted inside the OpenSSL library.
class OpenSSLKeyPair {
public:
explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
ASSERT(pkey_ != NULL);
}
static OpenSSLKeyPair* Generate(const KeyParams& key_params);
virtual ~OpenSSLKeyPair();
virtual OpenSSLKeyPair* GetReference();
EVP_PKEY* pkey() const { return pkey_; }
private:
void AddReference();
EVP_PKEY* pkey_;
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair);
};
// OpenSSLCertificate encapsulates an OpenSSL X509* certificate object,
// which is also reference counted inside the OpenSSL library.
class OpenSSLCertificate : public SSLCertificate {
public:
// Caller retains ownership of the X509 object.
explicit OpenSSLCertificate(X509* x509) : x509_(x509) {
AddReference();
}
static OpenSSLCertificate* Generate(OpenSSLKeyPair* key_pair,
const SSLIdentityParams& params);
static OpenSSLCertificate* FromPEMString(const std::string& pem_string);
~OpenSSLCertificate() override;
OpenSSLCertificate* GetReference() const override;
X509* x509() const { return x509_; }
std::string ToPEMString() const override;
void ToDER(Buffer* der_buffer) const override;
// Compute the digest of the certificate given algorithm
bool ComputeDigest(const std::string& algorithm,
unsigned char* digest,
size_t size,
size_t* length) const override;
// Compute the digest of a certificate as an X509 *
static bool ComputeDigest(const X509* x509,
const std::string& algorithm,
unsigned char* digest,
size_t size,
size_t* length);
bool GetSignatureDigestAlgorithm(std::string* algorithm) const override;
bool GetChain(SSLCertChain** chain) const override;
int64_t CertificateExpirationTime() const override;
private:
void AddReference() const;
X509* x509_;
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLCertificate);
};
// Holds a keypair and certificate together, and a method to generate
// them consistently.
class OpenSSLIdentity : public SSLIdentity {
public:
static OpenSSLIdentity* Generate(const std::string& common_name,
const KeyParams& key_params);
static OpenSSLIdentity* GenerateForTest(const SSLIdentityParams& params);
static SSLIdentity* FromPEMStrings(const std::string& private_key,
const std::string& certificate);
~OpenSSLIdentity() override;
const OpenSSLCertificate& certificate() const override;
OpenSSLIdentity* GetReference() const override;
// Configure an SSL context object to use our key and certificate.
bool ConfigureIdentity(SSL_CTX* ctx);
private:
OpenSSLIdentity(OpenSSLKeyPair* key_pair, OpenSSLCertificate* certificate);
static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
scoped_ptr<OpenSSLKeyPair> key_pair_;
scoped_ptr<OpenSSLCertificate> certificate_;
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLIdentity);
};
} // namespace rtc
#endif // WEBRTC_BASE_OPENSSLIDENTITY_H_
Reference in New Issue View Git Blame Copy Permalink