dtlsidentity.h (3533B)
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this file, 5 * You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 #ifndef dtls_identity_h__ 7 #define dtls_identity_h__ 8 9 #include <utility> 10 #include <vector> 11 12 #include "ScopedNSSTypes.h" 13 #include "m_cpp_utils.h" 14 #include "mozilla/RefPtr.h" 15 #include "nsISupportsImpl.h" 16 #include "nsString.h" 17 #include "nsTArray.h" 18 #include "sslt.h" 19 20 // All code in this module requires NSS to be live. 21 // Callers must initialize NSS and implement the nsNSSShutdownObject 22 // protocol. 23 namespace mozilla { 24 25 class DtlsDigest { 26 public: 27 const static size_t kMaxDtlsDigestLength = HASH_LENGTH_MAX; 28 DtlsDigest() = default; 29 explicit DtlsDigest(const nsACString& algorithm) : algorithm_(algorithm) {} 30 31 DtlsDigest(const nsACString& algorithm, const std::vector<uint8_t>& value) 32 : algorithm_(algorithm), value_(value) { 33 MOZ_ASSERT(value.size() <= kMaxDtlsDigestLength); 34 } 35 ~DtlsDigest() = default; 36 37 bool operator!=(const DtlsDigest& rhs) const { return !operator==(rhs); } 38 39 bool operator==(const DtlsDigest& rhs) const { 40 if (algorithm_ != rhs.algorithm_) { 41 return false; 42 } 43 44 return value_ == rhs.value_; 45 } 46 47 nsCString algorithm_; 48 std::vector<uint8_t> value_; 49 }; 50 51 typedef std::vector<DtlsDigest> DtlsDigestList; 52 53 class DtlsIdentity final { 54 public: 55 // This constructor takes ownership of privkey and cert. 56 DtlsIdentity(UniqueSECKEYPrivateKey privkey, UniqueCERTCertificate cert, 57 SSLKEAType authType) 58 : private_key_(std::move(privkey)), 59 cert_(std::move(cert)), 60 auth_type_(authType) {} 61 62 // Allows serialization/deserialization; cannot write IPC serialization code 63 // directly for DtlsIdentity, since IPC-able types need to be constructable 64 // on the stack. 65 nsresult Serialize(nsTArray<uint8_t>* aKeyDer, nsTArray<uint8_t>* aCertDer); 66 static RefPtr<DtlsIdentity> Deserialize(const nsTArray<uint8_t>& aKeyDer, 67 const nsTArray<uint8_t>& aCertDer, 68 SSLKEAType authType); 69 70 // This is only for use in tests, or for external linkage. It makes a (bad) 71 // instance of this class. 72 static RefPtr<DtlsIdentity> Generate(); 73 74 // These don't create copies or transfer ownership. If you want these to live 75 // on, make a copy. 76 const UniqueCERTCertificate& cert() const { return cert_; } 77 const UniqueSECKEYPrivateKey& privkey() const { return private_key_; } 78 // Note: this uses SSLKEAType because that is what the libssl API requires. 79 // This is a giant confusing mess, but libssl indexes certificates based on a 80 // key exchange type, not authentication type (as you might have reasonably 81 // expected). 82 SSLKEAType auth_type() const { return auth_type_; } 83 84 nsresult ComputeFingerprint(DtlsDigest* digest) const; 85 static nsresult ComputeFingerprint(const UniqueCERTCertificate& cert, 86 DtlsDigest* digest); 87 88 static constexpr nsLiteralCString DEFAULT_HASH_ALGORITHM = "sha-256"_ns; 89 enum { HASH_ALGORITHM_MAX_LENGTH = 64 }; 90 91 NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity) 92 93 private: 94 ~DtlsIdentity() = default; 95 DISALLOW_COPY_ASSIGN(DtlsIdentity); 96 97 UniqueSECKEYPrivateKey private_key_; 98 UniqueCERTCertificate cert_; 99 SSLKEAType auth_type_; 100 }; 101 } // namespace mozilla 102 #endif