1/*
2 * Copyright 2015 The WebRTC Project Authors. All rights reserved.
3 *
4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree.
9 */
10
11#ifndef RTC_BASE_RTCCERTIFICATE_H_
12#define RTC_BASE_RTCCERTIFICATE_H_
13
14#include <stdint.h>
15#include <memory>
16#include <string>
17
18#include "rtc_base/refcount.h"
19#include "rtc_base/scoped_ref_ptr.h"
20
21namespace rtc {
22
23class SSLCertChain;
24class SSLCertificate;
25class SSLIdentity;
26
27// This class contains PEM strings of an RTCCertificate's private key and
28// certificate and acts as a text representation of RTCCertificate. Certificates
29// can be serialized and deserialized to and from this format, which allows for
30// cloning and storing of certificates to disk. The PEM format is that of
31// |SSLIdentity::PrivateKeyToPEMString| and |SSLCertificate::ToPEMString|, e.g.
32// the string representations used by OpenSSL.
33class RTCCertificatePEM {
34 public:
35 RTCCertificatePEM(const std::string& private_key,
36 const std::string& certificate)
37 : private_key_(private_key), certificate_(certificate) {}
38
39 const std::string& private_key() const { return private_key_; }
40 const std::string& certificate() const { return certificate_; }
41
42 private:
43 std::string private_key_;
44 std::string certificate_;
45};
46
47// A thin abstraction layer between "lower level crypto stuff" like
48// SSLCertificate and WebRTC usage. Takes ownership of some lower level objects,
49// reference counting protects these from premature destruction.
50class RTCCertificate : public RefCountInterface {
51 public:
52 // Takes ownership of |identity|.
53 static scoped_refptr<RTCCertificate> Create(
54 std::unique_ptr<SSLIdentity> identity);
55
56 // Returns the expiration time in ms relative to epoch, 1970-01-01T00:00:00Z.
57 uint64_t Expires() const;
58 // Checks if the certificate has expired, where |now| is expressed in ms
59 // relative to epoch, 1970-01-01T00:00:00Z.
60 bool HasExpired(uint64_t now) const;
61
62 const SSLCertificate& GetSSLCertificate() const;
63 const SSLCertChain& GetSSLCertificateChain() const;
64
65 // Deprecated: TODO(benwright) - Remove once chromium is updated.
66 const SSLCertificate& ssl_certificate() const;
67
68 // TODO(hbos): If possible, remove once RTCCertificate and its
69 // GetSSLCertificate() is used in all relevant places. Should not pass around
70 // raw SSLIdentity* for the sake of accessing SSLIdentity::certificate().
71 // However, some places might need SSLIdentity* for its public/private key...
72 SSLIdentity* identity() const { return identity_.get(); }
73
74 // To/from PEM, a text representation of the RTCCertificate.
75 RTCCertificatePEM ToPEM() const;
76 // Can return nullptr if the certificate is invalid.
77 static scoped_refptr<RTCCertificate> FromPEM(const RTCCertificatePEM& pem);
78 bool operator==(const RTCCertificate& certificate) const;
79 bool operator!=(const RTCCertificate& certificate) const;
80
81 protected:
82 explicit RTCCertificate(SSLIdentity* identity);
83 ~RTCCertificate() override;
84
85 private:
86 // The SSLIdentity is the owner of the SSLCertificate. To protect our
87 // GetSSLCertificate() we take ownership of |identity_|.
88 std::unique_ptr<SSLIdentity> identity_;
89};
90
91} // namespace rtc
92
93#endif // RTC_BASE_RTCCERTIFICATE_H_
94