/* * Copyright 2020 The WebRTC Project Authors. All rights reserved. * * Use of this source code is governed by a BSD-style license * that can be found in the LICENSE file in the root of the source * tree. An additional intellectual property rights grant can be found * in the file PATENTS. All contributing project authors may * be found in the AUTHORS file in the root of the source tree. */ #include "rtc_base/boringssl_certificate.h" #include "absl/strings/string_view.h" #if defined(WEBRTC_WIN) // Must be included first before openssl headers. #include "rtc_base/win32.h" // NOLINT #endif // WEBRTC_WIN #include <openssl/asn1.h> #include <openssl/bytestring.h> #include <openssl/digest.h> #include <openssl/evp.h> #include <openssl/mem.h> #include <openssl/pool.h> #include <openssl/rand.h> #include <time.h> #include <cstring> #include <memory> #include <utility> #include <vector> #include "rtc_base/checks.h" #include "rtc_base/crypto_random.h" #include "rtc_base/logging.h" #include "rtc_base/message_digest.h" #include "rtc_base/openssl_digest.h" #include "rtc_base/openssl_key_pair.h" #include "rtc_base/openssl_utility.h" namespace rtc { namespace { // List of OIDs of signature algorithms accepted by WebRTC. // Taken from openssl/nid.h. static const uint8_t kMD5WithRSA[] = …; static const uint8_t kMD5WithRSAEncryption[] = …; static const uint8_t kECDSAWithSHA1[] = …; static const uint8_t kDSAWithSHA1[] = …; static const uint8_t kDSAWithSHA1_2[] = …; static const uint8_t kSHA1WithRSA[] = …; static const uint8_t kSHA1WithRSAEncryption[] = …; static const uint8_t kECDSAWithSHA224[] = …; static const uint8_t kSHA224WithRSAEncryption[] = …; static const uint8_t kDSAWithSHA224[] = …; static const uint8_t kECDSAWithSHA256[] = …; static const uint8_t kSHA256WithRSAEncryption[] = …; static const uint8_t kDSAWithSHA256[] = …; static const uint8_t kECDSAWithSHA384[] = …; static const uint8_t kSHA384WithRSAEncryption[] = …; static const uint8_t kECDSAWithSHA512[] = …; static const uint8_t kSHA512WithRSAEncryption[] = …; #if !defined(NDEBUG) // Print a certificate to the log, for debugging. static void PrintCert(BoringSSLCertificate* cert) { … } #endif bool AddSHA256SignatureAlgorithm(CBB* cbb, KeyType key_type) { … } // Adds an X.509 Common Name to `cbb`. bool AddCommonName(CBB* cbb, absl::string_view common_name) { … } bool AddTime(CBB* cbb, time_t time) { … } // Generate a self-signed certificate, with the public key from the // given key pair. Caller is responsible for freeing the returned object. static bssl::UniquePtr<CRYPTO_BUFFER> MakeCertificate( EVP_PKEY* pkey, const SSLIdentityParams& params) { … } } // namespace BoringSSLCertificate::BoringSSLCertificate( bssl::UniquePtr<CRYPTO_BUFFER> cert_buffer) : … { … } std::unique_ptr<BoringSSLCertificate> BoringSSLCertificate::Generate( OpenSSLKeyPair* key_pair, const SSLIdentityParams& params) { … } std::unique_ptr<BoringSSLCertificate> BoringSSLCertificate::FromPEMString( absl::string_view pem_string) { … } #define OID_MATCHES(oid, oid_other) … bool BoringSSLCertificate::GetSignatureDigestAlgorithm( std::string* algorithm) const { … } bool BoringSSLCertificate::ComputeDigest(absl::string_view algorithm, unsigned char* digest, size_t size, size_t* length) const { … } bool BoringSSLCertificate::ComputeDigest(const CRYPTO_BUFFER* cert_buffer, absl::string_view algorithm, unsigned char* digest, size_t size, size_t* length) { … } BoringSSLCertificate::~BoringSSLCertificate() { … } std::unique_ptr<SSLCertificate> BoringSSLCertificate::Clone() const { … } std::string BoringSSLCertificate::ToPEMString() const { … } void BoringSSLCertificate::ToDER(Buffer* der_buffer) const { … } bool BoringSSLCertificate::operator==(const BoringSSLCertificate& other) const { … } bool BoringSSLCertificate::operator!=(const BoringSSLCertificate& other) const { … } int64_t BoringSSLCertificate::CertificateExpirationTime() const { … } } // namespace rtc
Codebase Browser
chromium