summaryrefslogtreecommitdiffstats
path: root/dom/media/webrtc/transport/dtlsidentity.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--dom/media/webrtc/transport/dtlsidentity.h101
1 files changed, 101 insertions, 0 deletions
diff --git a/dom/media/webrtc/transport/dtlsidentity.h b/dom/media/webrtc/transport/dtlsidentity.h
new file mode 100644
index 0000000000..b4f7686618
--- /dev/null
+++ b/dom/media/webrtc/transport/dtlsidentity.h
@@ -0,0 +1,101 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef dtls_identity_h__
+#define dtls_identity_h__
+
+#include <string>
+#include <utility>
+#include <vector>
+
+#include "ScopedNSSTypes.h"
+#include "m_cpp_utils.h"
+#include "mozilla/RefPtr.h"
+#include "nsISupportsImpl.h"
+#include "nsTArray.h"
+#include "sslt.h"
+
+// All code in this module requires NSS to be live.
+// Callers must initialize NSS and implement the nsNSSShutdownObject
+// protocol.
+namespace mozilla {
+
+class DtlsDigest {
+ public:
+ const static size_t kMaxDtlsDigestLength = HASH_LENGTH_MAX;
+ DtlsDigest() = default;
+ explicit DtlsDigest(const std::string& algorithm) : algorithm_(algorithm) {}
+ DtlsDigest(const std::string& algorithm, const std::vector<uint8_t>& value)
+ : algorithm_(algorithm), value_(value) {
+ MOZ_ASSERT(value.size() <= kMaxDtlsDigestLength);
+ }
+ ~DtlsDigest() = default;
+
+ bool operator!=(const DtlsDigest& rhs) const { return !operator==(rhs); }
+
+ bool operator==(const DtlsDigest& rhs) const {
+ if (algorithm_ != rhs.algorithm_) {
+ return false;
+ }
+
+ return value_ == rhs.value_;
+ }
+
+ std::string algorithm_;
+ std::vector<uint8_t> value_;
+};
+
+typedef std::vector<DtlsDigest> DtlsDigestList;
+
+class DtlsIdentity final {
+ public:
+ // This constructor takes ownership of privkey and cert.
+ DtlsIdentity(UniqueSECKEYPrivateKey privkey, UniqueCERTCertificate cert,
+ SSLKEAType authType)
+ : private_key_(std::move(privkey)),
+ cert_(std::move(cert)),
+ auth_type_(authType) {}
+
+ // Allows serialization/deserialization; cannot write IPC serialization code
+ // directly for DtlsIdentity, since IPC-able types need to be constructable
+ // on the stack.
+ nsresult Serialize(nsTArray<uint8_t>* aKeyDer, nsTArray<uint8_t>* aCertDer);
+ static RefPtr<DtlsIdentity> Deserialize(const nsTArray<uint8_t>& aKeyDer,
+ const nsTArray<uint8_t>& aCertDer,
+ SSLKEAType authType);
+
+ // This is only for use in tests, or for external linkage. It makes a (bad)
+ // instance of this class.
+ static RefPtr<DtlsIdentity> Generate();
+
+ // These don't create copies or transfer ownership. If you want these to live
+ // on, make a copy.
+ const UniqueCERTCertificate& cert() const { return cert_; }
+ const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
+ // Note: this uses SSLKEAType because that is what the libssl API requires.
+ // This is a giant confusing mess, but libssl indexes certificates based on a
+ // key exchange type, not authentication type (as you might have reasonably
+ // expected).
+ SSLKEAType auth_type() const { return auth_type_; }
+
+ nsresult ComputeFingerprint(DtlsDigest* digest) const;
+ static nsresult ComputeFingerprint(const UniqueCERTCertificate& cert,
+ DtlsDigest* digest);
+
+ static const std::string DEFAULT_HASH_ALGORITHM;
+ enum { HASH_ALGORITHM_MAX_LENGTH = 64 };
+
+ NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity)
+
+ private:
+ ~DtlsIdentity() = default;
+ DISALLOW_COPY_ASSIGN(DtlsIdentity);
+
+ UniqueSECKEYPrivateKey private_key_;
+ UniqueCERTCertificate cert_;
+ SSLKEAType auth_type_;
+};
+} // namespace mozilla
+#endif