1 files changed, 97 insertions, 0 deletions

diff --git a/third_party/libwebrtc/rtc_base/rtc_certificate.h b/third_party/libwebrtc/rtc_base/rtc_certificate.h
new file mode 100644
index 0000000000..67c5c29a89
--- /dev/null
+++ b/third_party/libwebrtc/rtc_base/rtc_certificate.h
@@ -0,0 +1,97 @@
+/*
+ *  Copyright 2015 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef RTC_BASE_RTC_CERTIFICATE_H_
+#define RTC_BASE_RTC_CERTIFICATE_H_
+
+#include <stdint.h>
+
+#include <memory>
+#include <string>
+
+#include "absl/base/attributes.h"
+#include "absl/strings/string_view.h"
+#include "api/ref_counted_base.h"
+#include "api/scoped_refptr.h"
+#include "rtc_base/system/rtc_export.h"
+
+namespace rtc {
+
+class SSLCertChain;
+class SSLCertificate;
+class SSLIdentity;
+
+// This class contains PEM strings of an RTCCertificate's private key and
+// certificate and acts as a text representation of RTCCertificate. Certificates
+// can be serialized and deserialized to and from this format, which allows for
+// cloning and storing of certificates to disk. The PEM format is that of
+// `SSLIdentity::PrivateKeyToPEMString` and `SSLCertificate::ToPEMString`, e.g.
+// the string representations used by OpenSSL.
+class RTCCertificatePEM {
+ public:
+  RTCCertificatePEM(absl::string_view private_key,
+                    absl::string_view certificate)
+      : private_key_(private_key), certificate_(certificate) {}
+
+  const std::string& private_key() const { return private_key_; }
+  const std::string& certificate() const { return certificate_; }
+
+ private:
+  std::string private_key_;
+  std::string certificate_;
+};
+
+// A thin abstraction layer between "lower level crypto stuff" like
+// SSLCertificate and WebRTC usage. Takes ownership of some lower level objects,
+// reference counting protects these from premature destruction.
+class RTC_EXPORT RTCCertificate final
+    : public RefCountedNonVirtual<RTCCertificate> {
+ public:
+  // Takes ownership of `identity`.
+  static scoped_refptr<RTCCertificate> Create(
+      std::unique_ptr<SSLIdentity> identity);
+
+  // Returns the expiration time in ms relative to epoch, 1970-01-01T00:00:00Z.
+  uint64_t Expires() const;
+  // Checks if the certificate has expired, where `now` is expressed in ms
+  // relative to epoch, 1970-01-01T00:00:00Z.
+  bool HasExpired(uint64_t now) const;
+
+  const SSLCertificate& GetSSLCertificate() const;
+  const SSLCertChain& GetSSLCertificateChain() const;
+
+  // TODO(hbos): If possible, remove once RTCCertificate and its
+  // GetSSLCertificate() is used in all relevant places. Should not pass around
+  // raw SSLIdentity* for the sake of accessing SSLIdentity::certificate().
+  // However, some places might need SSLIdentity* for its public/private key...
+  SSLIdentity* identity() const { return identity_.get(); }
+
+  // To/from PEM, a text representation of the RTCCertificate.
+  RTCCertificatePEM ToPEM() const;
+  // Can return nullptr if the certificate is invalid.
+  static scoped_refptr<RTCCertificate> FromPEM(const RTCCertificatePEM& pem);
+  bool operator==(const RTCCertificate& certificate) const;
+  bool operator!=(const RTCCertificate& certificate) const;
+
+ protected:
+  explicit RTCCertificate(SSLIdentity* identity);
+
+  friend class RefCountedNonVirtual<RTCCertificate>;
+  ~RTCCertificate();
+
+ private:
+  // The SSLIdentity is the owner of the SSLCertificate. To protect our
+  // GetSSLCertificate() we take ownership of `identity_`.
+  const std::unique_ptr<SSLIdentity> identity_;
+};
+
+}  // namespace rtc
+
+#endif  // RTC_BASE_RTC_CERTIFICATE_H_