1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_NSSSTREAMADAPTER_H_
#define WEBRTC_BASE_NSSSTREAMADAPTER_H_
#include <string>
#include <vector>
#include "nspr.h"
#include "nss.h"
#include "secmodt.h"
#include "webrtc/base/buffer.h"
#include "webrtc/base/criticalsection.h"
#include "webrtc/base/nssidentity.h"
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/sslstreamadapterhelper.h"
namespace rtc {
// Singleton
class NSSContext {
public:
explicit NSSContext(PK11SlotInfo* slot) : slot_(slot) {}
~NSSContext() {
}
static PK11SlotInfo *GetSlot() {
return Instance() ? Instance()->slot_: NULL;
}
static NSSContext *Instance();
static bool InitializeSSL(VerificationCallback callback);
static bool InitializeSSLThread();
static bool CleanupSSL();
private:
PK11SlotInfo *slot_; // The PKCS-11 slot
static GlobalLockPod lock; // To protect the global context
static NSSContext *global_nss_context; // The global context
};
class NSSStreamAdapter : public SSLStreamAdapterHelper {
public:
explicit NSSStreamAdapter(StreamInterface* stream);
~NSSStreamAdapter() override;
bool Init();
StreamResult Read(void* data,
size_t data_len,
size_t* read,
int* error) override;
StreamResult Write(const void* data,
size_t data_len,
size_t* written,
int* error) override;
void OnMessage(Message* msg) override;
bool GetSslCipher(std::string* cipher) override;
// Key Extractor interface
bool ExportKeyingMaterial(const std::string& label,
const uint8* context,
size_t context_len,
bool use_context,
uint8* result,
size_t result_len) override;
// DTLS-SRTP interface
bool SetDtlsSrtpCiphers(const std::vector<std::string>& ciphers) override;
bool GetDtlsSrtpCipher(std::string* cipher) override;
// Capabilities interfaces
static bool HaveDtls();
static bool HaveDtlsSrtp();
static bool HaveExporter();
static std::string GetDefaultSslCipher();
protected:
// Override SSLStreamAdapter
void OnEvent(StreamInterface* stream, int events, int err) override;
// Override SSLStreamAdapterHelper
int BeginSSL() override;
void Cleanup() override;
bool GetDigestLength(const std::string& algorithm, size_t* length) override;
private:
int ContinueSSL();
static SECStatus AuthCertificateHook(void *arg, PRFileDesc *fd,
PRBool checksig, PRBool isServer);
static SECStatus GetClientAuthDataHook(void *arg, PRFileDesc *fd,
CERTDistNames *caNames,
CERTCertificate **pRetCert,
SECKEYPrivateKey **pRetKey);
PRFileDesc *ssl_fd_; // NSS's SSL file descriptor
static bool initialized; // Was InitializeSSL() called?
bool cert_ok_; // Did we get and check a cert
std::vector<PRUint16> srtp_ciphers_; // SRTP cipher list
static PRDescIdentity nspr_layer_identity; // The NSPR layer identity
};
} // namespace rtc
#endif // WEBRTC_BASE_NSSSTREAMADAPTER_H_
|
