Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(809)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/nssstreamadapter.cc

Issue 1269843005: Added DtlsCertificate, a ref counted object owning an SSLIdentity (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Merge with master Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« talk/app/webrtc/webrtcsessiondescriptionfactory.cc ('K') | « webrtc/base/base.gyp ('k') | webrtc/base/opensslstreamadapter.h » ('j') | webrtc/base/sslstreamadapter_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 472 matching lines...) Expand 10 before | Expand all | Expand 10 after
483 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, 483 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook,
484 this); 484 this);
485 if (rv != SECSuccess) { 485 if (rv != SECSuccess) {
486 Error("BeginSSL", -1, false); 486 Error("BeginSSL", -1, false);
487 return -1; 487 return -1;
488 } 488 }
489 } else { 489 } else {
490 LOG(LS_INFO) << "BeginSSL: as server"; 490 LOG(LS_INFO) << "BeginSSL: as server";
491 NSSIdentity *identity; 491 NSSIdentity *identity;
492 492
493 if (identity_.get()) { 493 if (dtlscertificate_.get()) {
494 identity = static_cast<NSSIdentity *>(identity_.get()); 494 identity = static_cast<NSSIdentity *>(dtlscertificate_->identity());
495 } else { 495 } else {
496 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; 496 LOG(LS_ERROR) << "Can't be an SSL server without an identity";
497 Error("BeginSSL", -1, false); 497 Error("BeginSSL", -1, false);
498 return -1; 498 return -1;
499 } 499 }
500 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), 500 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(),
501 identity->keypair()->privkey(), 501 identity->keypair()->privkey(),
502 identity->keypair()->ssl_kea_type()); 502 identity->keypair()->ssl_kea_type());
503 if (rv != SECSuccess) { 503 if (rv != SECSuccess) {
504 Error("BeginSSL", -1, false); 504 Error("BeginSSL", -1, false);
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after
655 void NSSStreamAdapter::Cleanup() { 655 void NSSStreamAdapter::Cleanup() {
656 if (state_ != SSL_ERROR) { 656 if (state_ != SSL_ERROR) {
657 state_ = SSL_CLOSED; 657 state_ = SSL_CLOSED;
658 } 658 }
659 659
660 if (ssl_fd_) { 660 if (ssl_fd_) {
661 PR_Close(ssl_fd_); 661 PR_Close(ssl_fd_);
662 ssl_fd_ = NULL; 662 ssl_fd_ = NULL;
663 } 663 }
664 664
665 identity_.reset(); 665 dtlscertificate_ = nullptr;
666 peer_certificate_.reset(); 666 peer_certificate_.reset();
667 667
668 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT); 668 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT);
669 } 669 }
670 670
671 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm, 671 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm,
672 size_t* length) { 672 size_t* length) {
673 return NSSCertificate::GetDigestLength(algorithm, length); 673 return NSSCertificate::GetDigestLength(algorithm, length);
674 } 674 }
675 675
(...skipping 233 matching lines...) Expand 10 before | Expand all | Expand 10 after
909 } 909 }
910 910
911 911
912 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd, 912 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd,
913 CERTDistNames *caNames, 913 CERTDistNames *caNames,
914 CERTCertificate **pRetCert, 914 CERTCertificate **pRetCert,
915 SECKEYPrivateKey **pRetKey) { 915 SECKEYPrivateKey **pRetKey) {
916 LOG(LS_INFO) << "Client cert requested"; 916 LOG(LS_INFO) << "Client cert requested";
917 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg); 917 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg);
918 918
919 if (!stream->identity_.get()) { 919 if (!stream->dtlscertificate_.get()) {
920 LOG(LS_ERROR) << "No identity available"; 920 LOG(LS_ERROR) << "No identity available";
921 return SECFailure; 921 return SECFailure;
922 } 922 }
923 923
924 NSSIdentity *identity = static_cast<NSSIdentity *>(stream->identity_.get()); 924 NSSIdentity *identity = static_cast<NSSIdentity *>(
925 stream->dtlscertificate_->identity());
925 // Destroyed internally by NSS 926 // Destroyed internally by NSS
926 *pRetCert = CERT_DupCertificate(identity->certificate().certificate()); 927 *pRetCert = CERT_DupCertificate(identity->certificate().certificate());
927 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey()); 928 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey());
928 929
929 return SECSuccess; 930 return SECSuccess;
930 } 931 }
931 932
932 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) { 933 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) {
933 ASSERT(state_ == SSL_CONNECTED); 934 ASSERT(state_ == SSL_CONNECTED);
934 if (state_ != SSL_CONNECTED) 935 if (state_ != SSL_CONNECTED)
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after
1118 return kDefaultSslEcCipher12; 1119 return kDefaultSslEcCipher12;
1119 } 1120 }
1120 } else { 1121 } else {
1121 return std::string(); 1122 return std::string();
1122 } 1123 }
1123 } 1124 }
1124 1125
1125 } // namespace rtc 1126 } // namespace rtc
1126 1127
1127 #endif // HAVE_NSS_SSL_H 1128 #endif // HAVE_NSS_SSL_H
OLDNEW
« talk/app/webrtc/webrtcsessiondescriptionfactory.cc ('K') | « webrtc/base/base.gyp ('k') | webrtc/base/opensslstreamadapter.h » ('j') | webrtc/base/sslstreamadapter_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698