1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef dtls_identity_h__
#define dtls_identity_h__
#include <utility>
#include <vector>
#include "ScopedNSSTypes.h"
#include "m_cpp_utils.h"
#include "mozilla/RefPtr.h"
#include "nsISupportsImpl.h"
#include "nsString.h"
#include "nsTArray.h"
#include "sslt.h"
// All code in this module requires NSS to be live.
// Callers must initialize NSS and implement the nsNSSShutdownObject
// protocol.
namespace mozilla {
class DtlsDigest {
public:
const static size_t kMaxDtlsDigestLength = HASH_LENGTH_MAX;
DtlsDigest() = default;
explicit DtlsDigest(const nsACString& algorithm) : algorithm_(algorithm) {}
DtlsDigest(const nsACString& algorithm, const std::vector<uint8_t>& value)
: algorithm_(algorithm), value_(value) {
MOZ_ASSERT(value.size() <= kMaxDtlsDigestLength);
}
~DtlsDigest() = default;
bool operator!=(const DtlsDigest& rhs) const { return !operator==(rhs); }
bool operator==(const DtlsDigest& rhs) const {
if (algorithm_ != rhs.algorithm_) {
return false;
}
return value_ == rhs.value_;
}
nsCString algorithm_;
std::vector<uint8_t> value_;
};
typedef std::vector<DtlsDigest> DtlsDigestList;
class DtlsIdentity final {
public:
// This constructor takes ownership of privkey and cert.
DtlsIdentity(UniqueSECKEYPrivateKey privkey, UniqueCERTCertificate cert,
SSLKEAType authType)
: private_key_(std::move(privkey)),
cert_(std::move(cert)),
auth_type_(authType) {}
// Allows serialization/deserialization; cannot write IPC serialization code
// directly for DtlsIdentity, since IPC-able types need to be constructable
// on the stack.
nsresult Serialize(nsTArray<uint8_t>* aKeyDer, nsTArray<uint8_t>* aCertDer);
static RefPtr<DtlsIdentity> Deserialize(const nsTArray<uint8_t>& aKeyDer,
const nsTArray<uint8_t>& aCertDer,
SSLKEAType authType);
// This is only for use in tests, or for external linkage. It makes a (bad)
// instance of this class.
static RefPtr<DtlsIdentity> Generate();
// These don't create copies or transfer ownership. If you want these to live
// on, make a copy.
const UniqueCERTCertificate& cert() const { return cert_; }
const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
// Note: this uses SSLKEAType because that is what the libssl API requires.
// This is a giant confusing mess, but libssl indexes certificates based on a
// key exchange type, not authentication type (as you might have reasonably
// expected).
SSLKEAType auth_type() const { return auth_type_; }
nsresult ComputeFingerprint(DtlsDigest* digest) const;
static nsresult ComputeFingerprint(const UniqueCERTCertificate& cert,
DtlsDigest* digest);
static constexpr nsLiteralCString DEFAULT_HASH_ALGORITHM = "sha-256"_ns;
enum { HASH_ALGORITHM_MAX_LENGTH = 64 };
NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity)
private:
~DtlsIdentity() = default;
DISALLOW_COPY_ASSIGN(DtlsIdentity);
UniqueSECKEYPrivateKey private_key_;
UniqueCERTCertificate cert_;
SSLKEAType auth_type_;
};
} // namespace mozilla
#endif
|