2012-10-03 00:04:58 +04:00
|
|
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
|
|
|
/* vim: set ts=2 et sw=2 tw=80: */
|
|
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
#ifndef dtls_identity_h__
|
|
|
|
|
#define dtls_identity_h__
|
|
|
|
|
|
|
|
|
|
#include <string>
|
2019-01-29 17:56:19 +03:00
|
|
|
#include <vector>
|
2012-10-03 00:04:58 +04:00
|
|
|
|
|
|
|
|
#include "m_cpp_utils.h"
|
2016-12-21 17:09:10 +03:00
|
|
|
#include "mozilla/Move.h"
|
2015-10-18 08:24:48 +03:00
|
|
|
#include "mozilla/RefPtr.h"
|
2012-10-03 00:04:58 +04:00
|
|
|
#include "nsISupportsImpl.h"
|
|
|
|
|
#include "ScopedNSSTypes.h"
|
2016-12-21 17:09:10 +03:00
|
|
|
#include "sslt.h"
|
2019-01-29 17:56:19 +03:00
|
|
|
#include "nsTArray.h"
|
2012-10-03 00:04:58 +04:00
|
|
|
|
|
|
|
|
// All code in this module requires NSS to be live.
|
|
|
|
|
// Callers must initialize NSS and implement the nsNSSShutdownObject
|
|
|
|
|
// protocol.
|
|
|
|
|
namespace mozilla {
|
|
|
|
|
|
2019-01-29 17:56:19 +03:00
|
|
|
class DtlsDigest {
|
|
|
|
|
public:
|
|
|
|
|
const static size_t kMaxDtlsDigestLength = HASH_LENGTH_MAX;
|
2019-02-26 00:50:42 +03:00
|
|
|
DtlsDigest() = default;
|
2019-01-29 17:56:19 +03:00
|
|
|
explicit DtlsDigest(const std::string& algorithm) : algorithm_(algorithm) {}
|
|
|
|
|
DtlsDigest(const std::string& algorithm, const std::vector<uint8_t>& value)
|
|
|
|
|
: algorithm_(algorithm), value_(value) {
|
|
|
|
|
MOZ_ASSERT(value.size() <= kMaxDtlsDigestLength);
|
|
|
|
|
}
|
|
|
|
|
~DtlsDigest() = default;
|
|
|
|
|
|
|
|
|
|
bool operator!=(const DtlsDigest& rhs) const { return !operator==(rhs); }
|
|
|
|
|
|
|
|
|
|
bool operator==(const DtlsDigest& rhs) const {
|
|
|
|
|
if (algorithm_ != rhs.algorithm_) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return value_ == rhs.value_;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::string algorithm_;
|
|
|
|
|
std::vector<uint8_t> value_;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
typedef std::vector<DtlsDigest> DtlsDigestList;
|
|
|
|
|
|
2015-07-06 20:40:04 +03:00
|
|
|
class DtlsIdentity final {
|
2014-06-20 15:08:24 +04:00
|
|
|
public:
|
2015-07-06 20:40:04 +03:00
|
|
|
// This constructor takes ownership of privkey and cert.
|
2016-12-21 17:09:10 +03:00
|
|
|
DtlsIdentity(UniqueSECKEYPrivateKey privkey, UniqueCERTCertificate cert,
|
2015-07-06 20:40:04 +03:00
|
|
|
SSLKEAType authType)
|
2018-05-30 22:15:35 +03:00
|
|
|
: private_key_(std::move(privkey)),
|
|
|
|
|
cert_(std::move(cert)),
|
|
|
|
|
auth_type_(authType) {}
|
2012-10-03 00:04:58 +04:00
|
|
|
|
2019-01-29 17:56:19 +03:00
|
|
|
// Allows serialization/deserialization; cannot write IPC serialization code
|
|
|
|
|
// directly for DtlsIdentity, since IPC-able types need to be constructable
|
|
|
|
|
// on the stack.
|
|
|
|
|
nsresult Serialize(nsTArray<uint8_t>* aKeyDer, nsTArray<uint8_t>* aCertDer);
|
|
|
|
|
static RefPtr<DtlsIdentity> Deserialize(const nsTArray<uint8_t>& aKeyDer,
|
|
|
|
|
const nsTArray<uint8_t>& aCertDer,
|
|
|
|
|
SSLKEAType authType);
|
|
|
|
|
|
2015-07-06 20:40:04 +03:00
|
|
|
// This is only for use in tests, or for external linkage. It makes a (bad)
|
|
|
|
|
// instance of this class.
|
2015-10-18 08:24:48 +03:00
|
|
|
static RefPtr<DtlsIdentity> Generate();
|
2012-10-03 00:04:58 +04:00
|
|
|
|
2015-07-06 20:40:04 +03:00
|
|
|
// These don't create copies or transfer ownership. If you want these to live
|
|
|
|
|
// on, make a copy.
|
2019-01-29 17:56:19 +03:00
|
|
|
const UniqueCERTCertificate& cert() const { return cert_; }
|
|
|
|
|
const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
|
2015-07-06 20:40:04 +03:00
|
|
|
// Note: this uses SSLKEAType because that is what the libssl API requires.
|
|
|
|
|
// This is a giant confusing mess, but libssl indexes certificates based on a
|
|
|
|
|
// key exchange type, not authentication type (as you might have reasonably
|
|
|
|
|
// expected).
|
|
|
|
|
SSLKEAType auth_type() const { return auth_type_; }
|
2012-10-03 00:04:58 +04:00
|
|
|
|
2019-01-29 17:56:19 +03:00
|
|
|
nsresult ComputeFingerprint(DtlsDigest* digest) const;
|
|
|
|
|
static nsresult ComputeFingerprint(const UniqueCERTCertificate& cert,
|
|
|
|
|
DtlsDigest* digest);
|
2015-07-06 20:40:04 +03:00
|
|
|
|
2014-11-20 03:16:29 +03:00
|
|
|
static const std::string DEFAULT_HASH_ALGORITHM;
|
|
|
|
|
enum { HASH_ALGORITHM_MAX_LENGTH = 64 };
|
2012-10-03 00:04:58 +04:00
|
|
|
|
|
|
|
|
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity)
|
|
|
|
|
|
2015-07-06 20:40:04 +03:00
|
|
|
private:
|
2016-10-20 03:29:58 +03:00
|
|
|
~DtlsIdentity() {}
|
2012-10-03 00:04:58 +04:00
|
|
|
DISALLOW_COPY_ASSIGN(DtlsIdentity);
|
|
|
|
|
|
2016-12-21 17:09:10 +03:00
|
|
|
UniqueSECKEYPrivateKey private_key_;
|
2016-10-20 03:29:58 +03:00
|
|
|
UniqueCERTCertificate cert_;
|
2015-07-06 20:40:04 +03:00
|
|
|
SSLKEAType auth_type_;
|
2012-10-03 00:04:58 +04:00
|
|
|
};
|
|
|
|
|
} // namespace mozilla
|
|
|
|
|
#endif
|
