1 /* 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 3 * 4 * Use of this source code is governed by a BSD-style license 5 * that can be found in the LICENSE file in the root of the source 6 * tree. An additional intellectual property rights grant can be found 7 * in the file PATENTS. All contributing project authors may 8 * be found in the AUTHORS file in the root of the source tree. 9 */ 10 11 #ifndef RTC_BASE_SSLADAPTER_H_ 12 #define RTC_BASE_SSLADAPTER_H_ 13 14 #include "rtc_base/asyncsocket.h" 15 #include "rtc_base/sslstreamadapter.h" 16 17 namespace rtc { 18 19 class SSLAdapter; 20 21 // Class for creating SSL adapters with shared state, e.g., a session cache, 22 // which allows clients to resume SSL sessions to previously-contacted hosts. 23 // Clients should create the factory using Create(), set up the factory as 24 // needed using SetMode, and then call CreateAdapter to create adapters when 25 // needed. 26 class SSLAdapterFactory { 27 public: ~SSLAdapterFactory()28 virtual ~SSLAdapterFactory() {} 29 // Specifies whether TLS or DTLS is to be used for the SSL adapters. 30 virtual void SetMode(SSLMode mode) = 0; 31 // Creates a new SSL adapter, but from a shared context. 32 virtual SSLAdapter* CreateAdapter(AsyncSocket* socket) = 0; 33 34 static SSLAdapterFactory* Create(); 35 }; 36 37 // Class that abstracts a client-to-server SSL session. It can be created 38 // standalone, via SSLAdapter::Create, or through a factory as described above, 39 // in which case it will share state with other SSLAdapters created from the 40 // same factory. 41 // After creation, call StartSSL to initiate the SSL handshake to the server. 42 class SSLAdapter : public AsyncSocketAdapter { 43 public: SSLAdapter(AsyncSocket * socket)44 explicit SSLAdapter(AsyncSocket* socket) : AsyncSocketAdapter(socket) {} 45 46 // Methods that control server certificate verification, used in unit tests. 47 // Do not call these methods in production code. 48 // TODO(juberti): Remove the opportunistic encryption mechanism in 49 // BasicPacketSocketFactory that uses this function. 50 virtual void SetIgnoreBadCert(bool ignore) = 0; 51 52 virtual void SetAlpnProtocols(const std::vector<std::string>& protos) = 0; 53 virtual void SetEllipticCurves(const std::vector<std::string>& curves) = 0; 54 55 // Do DTLS or TLS (default is TLS, if unspecified) 56 virtual void SetMode(SSLMode mode) = 0; 57 58 // Set the certificate this socket will present to incoming clients. 59 virtual void SetIdentity(SSLIdentity* identity) = 0; 60 61 // Choose whether the socket acts as a server socket or client socket. 62 virtual void SetRole(SSLRole role) = 0; 63 64 // StartSSL returns 0 if successful. 65 // If StartSSL is called while the socket is closed or connecting, the SSL 66 // negotiation will begin as soon as the socket connects. 67 // TODO(juberti): Remove |restartable|. 68 virtual int StartSSL(const char* hostname, bool restartable = false) = 0; 69 70 // When an SSLAdapterFactory is used, an SSLAdapter may be used to resume 71 // a previous SSL session, which results in an abbreviated handshake. 72 // This method, if called after SSL has been established for this adapter, 73 // indicates whether the current session is a resumption of a previous 74 // session. 75 virtual bool IsResumedSession() = 0; 76 77 // Create the default SSL adapter for this platform. On failure, returns null 78 // and deletes |socket|. Otherwise, the returned SSLAdapter takes ownership 79 // of |socket|. 80 static SSLAdapter* Create(AsyncSocket* socket); 81 }; 82 83 /////////////////////////////////////////////////////////////////////////////// 84 85 typedef bool (*VerificationCallback)(void* cert); 86 87 // Call this on the main thread, before using SSL. 88 // Call CleanupSSLThread when finished with SSL. 89 bool InitializeSSL(VerificationCallback callback = nullptr); 90 91 // Call to initialize additional threads. 92 bool InitializeSSLThread(); 93 94 // Call to cleanup additional threads, and also the main thread. 95 bool CleanupSSL(); 96 97 } // namespace rtc 98 99 #endif // RTC_BASE_SSLADAPTER_H_ 100