Expose RTCSSLCertificateVerifier from iOS SDK.

Bug: webrtc:11710
Change-Id: I825c6350a71b2ff180520f8643cbd4d6febdc883
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254821
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Yura Yaroshevich <yura.yaroshevich@gmail.com>
Cr-Commit-Position: refs/heads/main@{#36284}

sdk/BUILD.gn

@@ -101,6 +101,7 @@ if (is_ios || is_mac) {
       "objc/base/RTCMacros.h",
       "objc/base/RTCMutableI420Buffer.h",
       "objc/base/RTCMutableYUVPlanarBuffer.h",
+      "objc/base/RTCSSLCertificateVerifier.h",
       "objc/base/RTCVideoCapturer.h",
       "objc/base/RTCVideoCapturer.m",
       "objc/base/RTCVideoCodecInfo.h",
@@ -1233,6 +1234,7 @@ if (is_ios || is_mac) {
           "objc/base/RTCMacros.h",
           "objc/base/RTCMutableI420Buffer.h",
           "objc/base/RTCMutableYUVPlanarBuffer.h",
+          "objc/base/RTCSSLCertificateVerifier.h",
           "objc/base/RTCVideoCapturer.h",
           "objc/base/RTCVideoCodecInfo.h",
           "objc/base/RTCVideoDecoder.h",
@@ -1429,6 +1431,7 @@ if (is_ios || is_mac) {
           "objc/base/RTCMacros.h",
           "objc/base/RTCMutableI420Buffer.h",
           "objc/base/RTCMutableYUVPlanarBuffer.h",
+          "objc/base/RTCSSLCertificateVerifier.h",
           "objc/base/RTCVideoCapturer.h",
           "objc/base/RTCVideoCodecInfo.h",
           "objc/base/RTCVideoDecoder.h",
@@ -1528,6 +1531,8 @@ if (is_ios || is_mac) {
       sources = [
         "objc/native/api/network_monitor_factory.h",
         "objc/native/api/network_monitor_factory.mm",
+        "objc/native/api/ssl_certificate_verifier.h",
+        "objc/native/api/ssl_certificate_verifier.mm",
         "objc/native/api/video_capturer.h",
         "objc/native/api/video_capturer.mm",
         "objc/native/api/video_decoder_factory.h",

sdk/objc/api/peerconnection/RTCPeerConnection+Private.h

@@ -68,6 +68,8 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver {
 };
 
 }  // namespace webrtc
+@protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier);
 
 @interface RTC_OBJC_TYPE (RTCPeerConnection)
 ()
@@ -83,11 +85,12 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver {
 /** Initialize an RTCPeerConnection with a configuration, constraints, and
  *  delegate.
  */
-- (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
+- (nullable instancetype)
-                           configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+        initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
-                             constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+          configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
-                                delegate:
+            constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
-                                    (nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+    certificateVerifier:(nullable id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+               delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
 
 /** Initialize an RTCPeerConnection with a configuration, constraints,
  *  delegate and PeerConnectionDependencies.

sdk/objc/api/peerconnection/RTCPeerConnection.mm

@@ -34,6 +34,7 @@
 #include "api/set_remote_description_observer_interface.h"
 #include "rtc_base/checks.h"
 #include "rtc_base/numerics/safe_conversions.h"
+#include "sdk/objc/native/api/ssl_certificate_verifier.h"
 
 NSString *const kRTCPeerConnectionErrorDomain = @"org.webrtc.RTC_OBJC_TYPE(RTCPeerConnection)";
 int const kRTCPeerConnnectionSessionDescriptionError = -1;
@@ -336,10 +337,15 @@ void PeerConnectionDelegateAdapter::OnRemoveTrack(
 - (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
                            configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
                              constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+                     certificateVerifier:
+                         (nullable id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
                                 delegate:(id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate {
   NSParameterAssert(factory);
   std::unique_ptr<webrtc::PeerConnectionDependencies> dependencies =
       std::make_unique<webrtc::PeerConnectionDependencies>(nullptr);
+  if (certificateVerifier != nil) {
+    dependencies->tls_cert_verifier = webrtc::ObjCToNativeCertificateVerifier(certificateVerifier);
+  }
   return [self initWithDependencies:factory
                       configuration:configuration
                         constraints:constraints

sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h

@@ -29,6 +29,8 @@ NS_ASSUME_NONNULL_BEGIN
 (RTCVideoDecoderFactory);
 @protocol RTC_OBJC_TYPE
 (RTCVideoEncoderFactory);
+@protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier);
 
 RTC_OBJC_EXPORT
 @interface RTC_OBJC_TYPE (RTCPeerConnectionFactory) : NSObject
@@ -82,6 +84,13 @@ RTC_OBJC_EXPORT
                         constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
                            delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
 
+- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *)
+    peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+                        constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+                certificateVerifier:
+                    (id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+                           delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+
 /** Set the options to be used for subsequently created RTCPeerConnections */
 - (void)setOptions:(nonnull RTC_OBJC_TYPE(RTCPeerConnectionFactoryOptions) *)options;
 

sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm

@@ -27,6 +27,7 @@
 #import "helpers/NSString+StdString.h"
 #include "rtc_base/checks.h"
 #include "sdk/objc/native/api/network_monitor_factory.h"
+#include "sdk/objc/native/api/ssl_certificate_verifier.h"
 #include "system_wrappers/include/field_trial.h"
 
 #ifndef HAVE_NO_MEDIA
@@ -272,6 +273,21 @@
   return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self
                                                      configuration:configuration
                                                        constraints:constraints
+                                               certificateVerifier:nil
+                                                          delegate:delegate];
+}
+
+- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *)
+    peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+                        constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+                certificateVerifier:
+                    (id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+                           delegate:
+                               (nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate {
+  return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self
+                                                     configuration:configuration
+                                                       constraints:constraints
+                                               certificateVerifier:certificateVerifier
                                                           delegate:delegate];
 }
 

sdk/objc/base/RTCSSLCertificateVerifier.h

@@ -0,0 +1,25 @@
+/*
+ *  Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import <Foundation/Foundation.h>
+
+#import "RTCMacros.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+RTC_OBJC_EXPORT @protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier)<NSObject>
+
+    /** The certificate to verify */
+    - (BOOL)verify : (NSData *)derCertificate;
+
+@end
+
+NS_ASSUME_NONNULL_END

sdk/objc/native/api/ssl_certificate_verifier.h

@@ -0,0 +1,26 @@
+/*
+ *  Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
+#define SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
+
+#include <memory>
+
+#import "RTCSSLCertificateVerifier.h"
+#include "rtc_base/ssl_certificate.h"
+
+namespace webrtc {
+
+std::unique_ptr<rtc::SSLCertificateVerifier> ObjCToNativeCertificateVerifier(
+    id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier);
+
+}  // namespace webrtc
+
+#endif  // SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_

sdk/objc/native/api/ssl_certificate_verifier.mm

@@ -0,0 +1,48 @@
+/*
+ *  Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import "ssl_certificate_verifier.h"
+
+#include "rtc_base/buffer.h"
+
+namespace {
+
+class SSLCertificateVerifierAdapter final : public rtc::SSLCertificateVerifier {
+ public:
+  SSLCertificateVerifierAdapter(
+      id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier)
+      : objc_certificate_verifier_(objc_certificate_verifier) {
+    RTC_DCHECK(objc_certificate_verifier_ != nil);
+  }
+
+  bool Verify(const rtc::SSLCertificate& certificate) override {
+    @autoreleasepool {
+      rtc::Buffer der_buffer;
+      certificate.ToDER(&der_buffer);
+      NSData* serialized_certificate = [[NSData alloc] initWithBytes:der_buffer.data()
+                                                              length:der_buffer.size()];
+      return [objc_certificate_verifier_ verify:serialized_certificate];
+    }
+  }
+
+ private:
+  id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier_;
+};
+
+}
+
+namespace webrtc {
+
+std::unique_ptr<rtc::SSLCertificateVerifier> ObjCToNativeCertificateVerifier(
+    id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier) {
+  return std::make_unique<SSLCertificateVerifierAdapter>(objc_certificate_verifier);
+}
+
+}  // namespace webrtc