Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 : /* vim: set ts=2 et sw=2 tw=80: */
3 : /* This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 : * You can obtain one at http://mozilla.org/MPL/2.0/. */
6 : #ifndef dtls_identity_h__
7 : #define dtls_identity_h__
8 :
9 : #include <string>
10 :
11 : #include "m_cpp_utils.h"
12 : #include "mozilla/Move.h"
13 : #include "mozilla/RefPtr.h"
14 : #include "nsISupportsImpl.h"
15 : #include "ScopedNSSTypes.h"
16 : #include "sslt.h"
17 :
18 : // All code in this module requires NSS to be live.
19 : // Callers must initialize NSS and implement the nsNSSShutdownObject
20 : // protocol.
21 : namespace mozilla {
22 :
23 : class DtlsIdentity final {
24 : public:
25 : // This constructor takes ownership of privkey and cert.
26 0 : DtlsIdentity(UniqueSECKEYPrivateKey privkey,
27 : UniqueCERTCertificate cert,
28 : SSLKEAType authType)
29 0 : : private_key_(Move(privkey)), cert_(Move(cert)), auth_type_(authType) {}
30 :
31 : // This is only for use in tests, or for external linkage. It makes a (bad)
32 : // instance of this class.
33 : static RefPtr<DtlsIdentity> Generate();
34 :
35 : // These don't create copies or transfer ownership. If you want these to live
36 : // on, make a copy.
37 0 : const UniqueCERTCertificate& cert() const { return cert_; }
38 0 : const UniqueSECKEYPrivateKey& privkey() const { return private_key_; }
39 : // Note: this uses SSLKEAType because that is what the libssl API requires.
40 : // This is a giant confusing mess, but libssl indexes certificates based on a
41 : // key exchange type, not authentication type (as you might have reasonably
42 : // expected).
43 0 : SSLKEAType auth_type() const { return auth_type_; }
44 :
45 : nsresult ComputeFingerprint(const std::string algorithm,
46 : uint8_t *digest,
47 : size_t size,
48 : size_t *digest_length) const;
49 : static nsresult ComputeFingerprint(const UniqueCERTCertificate& cert,
50 : const std::string algorithm,
51 : uint8_t *digest,
52 : size_t size,
53 : size_t *digest_length);
54 :
55 : static const std::string DEFAULT_HASH_ALGORITHM;
56 : enum {
57 : HASH_ALGORITHM_MAX_LENGTH = 64
58 : };
59 :
60 0 : NS_INLINE_DECL_THREADSAFE_REFCOUNTING(DtlsIdentity)
61 :
62 : private:
63 0 : ~DtlsIdentity() {}
64 : DISALLOW_COPY_ASSIGN(DtlsIdentity);
65 :
66 : UniqueSECKEYPrivateKey private_key_;
67 : UniqueCERTCertificate cert_;
68 : SSLKEAType auth_type_;
69 : };
70 : } // close namespace
71 : #endif
|
