blob: a28dba4deaeb72508a5f2abb6b7ad01a2845c65d [file] [log] [blame]
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
#include <string>
#include <vector>
#include "webrtc/base/buffer.h"
#include "webrtc/base/stream.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/sslstreamadapter.h"
namespace rtc {
// SSLStreamAdapterHelper : A stream adapter which implements much
// of the logic that is common between the known implementations
// (NSS and OpenSSL)
class SSLStreamAdapterHelper : public SSLStreamAdapter {
explicit SSLStreamAdapterHelper(StreamInterface* stream);
~SSLStreamAdapterHelper() override;
// Overrides of SSLStreamAdapter
void SetIdentity(SSLIdentity* identity) override;
void SetServerRole(SSLRole role = SSL_SERVER) override;
void SetMode(SSLMode mode) override;
void SetMaxProtocolVersion(SSLProtocolVersion version) override;
int StartSSLWithServer(const char* server_name) override;
int StartSSLWithPeer() override;
bool SetPeerCertificateDigest(const std::string& digest_alg,
const unsigned char* digest_val,
size_t digest_len) override;
bool GetPeerCertificate(SSLCertificate** cert) const override;
StreamState GetState() const override;
void Close() override;
// Internal helper methods
// The following method returns 0 on success and a negative
// error code on failure. The error code may be either -1 or
// from the impl on some other error cases, so it can't really be
// interpreted unfortunately.
// Perform SSL negotiation steps.
int ContinueSSL();
// Error handler helper. signal is given as true for errors in
// asynchronous contexts (when an error code was not returned
// through some other method), and in that case an SE_CLOSE event is
// raised on the stream with the specified error.
// A 0 error means a graceful close, otherwise there is not really enough
// context to interpret the error code.
virtual void Error(const char* context, int err, bool signal);
// Must be implemented by descendents
virtual int BeginSSL() = 0;
virtual void Cleanup() = 0;
virtual bool GetDigestLength(const std::string& algorithm,
size_t* length) = 0;
enum SSLState {
// Before calling one of the StartSSL methods, data flows
// in clear text.
SSL_WAIT, // waiting for the stream to open to start SSL negotiation
SSL_CONNECTING, // SSL negotiation in progress
SSL_CONNECTED, // SSL stream successfully established
SSL_ERROR, // some SSL error occurred, stream is closed
SSL_CLOSED // Clean close
// MSG_MAX is the maximum generic stream message number.
enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 };
SSLState state_;
SSLRole role_;
int ssl_error_code_; // valid when state_ == SSL_ERROR
// Our key and certificate, mostly useful in peer-to-peer mode.
scoped_ptr<SSLIdentity> identity_;
// in traditional mode, the server name that the server's certificate
// must specify. Empty in peer-to-peer mode.
std::string ssl_server_name_;
// The peer's certificate. Only used for GetPeerCertificate.
scoped_ptr<SSLCertificate> peer_certificate_;
// The digest of the certificate that the peer must present.
Buffer peer_certificate_digest_value_;
std::string peer_certificate_digest_algorithm_;
// Do DTLS or not
SSLMode ssl_mode_;
// Maximum allowed protocol version.
SSLProtocolVersion ssl_max_version_;
// Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT,
// depending on whether the underlying stream is already open or
// not. Returns 0 on success and a negative value on error.
int StartSSL();
} // namespace rtc