From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- dom/media/webrtc/transport/dtlsidentity.h | 102 ++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 dom/media/webrtc/transport/dtlsidentity.h (limited to 'dom/media/webrtc/transport/dtlsidentity.h') diff --git a/dom/media/webrtc/transport/dtlsidentity.h b/dom/media/webrtc/transport/dtlsidentity.h new file mode 100644 index 0000000000..a161a834d1 --- /dev/null +++ b/dom/media/webrtc/transport/dtlsidentity.h @@ -0,0 +1,102 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ +#ifndef dtls_identity_h__ +#define dtls_identity_h__ + +#include +#include + +#include "ScopedNSSTypes.h" +#include "m_cpp_utils.h" +#include "mozilla/RefPtr.h" +#include "nsISupportsImpl.h" +#include "nsString.h" +#include "nsTArray.h" +#include "sslt.h" + +// All code in this module requires NSS to be live. +// Callers must initialize NSS and implement the nsNSSShutdownObject +// protocol. +namespace mozilla { + +class DtlsDigest { + public: + const static size_t kMaxDtlsDigestLength = HASH_LENGTH_MAX; + DtlsDigest() = default; + explicit DtlsDigest(const nsACString& algorithm) : algorithm_(algorithm) {} + + DtlsDigest(const nsACString& algorithm, const std::vector& value) + : algorithm_(algorithm), value_(value) { + MOZ_ASSERT(value.size() <= kMaxDtlsDigestLength); + } + ~DtlsDigest() = default; + + bool operator!=(const DtlsDigest& rhs) const { return !operator==(rhs); } + + bool operator==(const DtlsDigest& rhs) const { + if (algorithm_ != rhs.algorithm_) { + return false; + } + + return value_ == rhs.value_; + } + + nsCString algorithm_; + std::vector value_; +}; + +typedef std::vector DtlsDigestList; + +class DtlsIdentity final { + public: + // This constructor takes ownership of privkey and cert. + DtlsIdentity(UniqueSECKEYPrivateKey privkey, UniqueCERTCertificate cert, + SSLKEAType authType) + : private_key_(std::move(privkey)), + cert_(std::move(cert)), + auth_type_(authType) {} + + // Allows serialization/deserialization; cannot write IPC serialization code + // directly for DtlsIdentity, since IPC-able types need to be constructable + // on the stack. + nsresult Serialize(nsTArray* aKeyDer, nsTArray* aCertDer); + static RefPtr Deserialize(const nsTArray& aKeyDer, + const nsTArray& aCertDer, + SSLKEAType authType); + + // This is only for use in tests, or for external linkage. It makes a (bad) + // instance of this class. + static RefPtr Generate(); + + // These don't create copies or transfer ownership. If you want these to live + // on, make a copy. + const UniqueCERTCertificate& cert() const { return cert_; } + const UniqueSECKEYPrivateKey& privkey() const { return private_key_; } + // Note: this uses SSLKEAType because that is what the libssl API requires. + // This is a giant confusing mess, but libssl indexes certificates based on a + // key exchange type, not authentication type (as you might have reasonably + // expected). + SSLKEAType auth_type() const { return auth_type_; } + + nsresult ComputeFingerprint(DtlsDigest* digest) const; + static nsresult ComputeFingerprint(const UniqueCERTCertificate& cert, + DtlsDigest* digest); + + static constexpr nsLiteralCString DEFAULT_HASH_ALGORITHM = "sha-256"_ns; + enum { HASH_ALGORITHM_MAX_LENGTH = 64 }; + + NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity) + + private: + ~DtlsIdentity() = default; + DISALLOW_COPY_ASSIGN(DtlsIdentity); + + UniqueSECKEYPrivateKey private_key_; + UniqueCERTCertificate cert_; + SSLKEAType auth_type_; +}; +} // namespace mozilla +#endif -- cgit v1.2.3