Revert "Add SSLConfig object to IceServer."
This reverts commit 7f1ffcccce563a086da037334aec2d4faa723edb. Reason for revert: Speculative revert Original change's description: > Add SSLConfig object to IceServer. > > This is being added to allow greater configurability to TLS connections. > tlsAlpnProtocols, tlsEllipticCurves and tlsCertPolicy will be removed from IceServer in a > follow-up CL. > > Bug: webrtc:9662 > Change-Id: I33cb804b02c26c662ed2a28c76f9a9dc2df40f36 > Reviewed-on: https://webrtc-review.googlesource.com/96020 > Commit-Queue: Diogo Real <diogor@google.com> > Reviewed-by: Qingsi Wang <qingsi@webrtc.org> > Reviewed-by: Benjamin Wright <benwright@webrtc.org> > Reviewed-by: Steve Anton <steveanton@webrtc.org> > Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> > Reviewed-by: Kári Helgason <kthelgason@webrtc.org> > Cr-Commit-Position: refs/heads/master@{#24559} TBR=steveanton@webrtc.org,sakal@webrtc.org,kthelgason@webrtc.org,juberti@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org,diogor@google.com Change-Id: Iae9fc68b77f743876bda36fc2a04f6d791aae8e2 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: webrtc:9662 Reviewed-on: https://webrtc-review.googlesource.com/98000 Reviewed-by: Ying Wang <yinwa@webrtc.org> Commit-Queue: Ying Wang <yinwa@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24563}
This commit is contained in:
Ying Wang
@ -71,180 +71,6 @@ public class PeerConnection {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Java version of PeerConnectionInterface::SSLConfig.
|
||||
*
|
||||
* Contains the configuration of any SSL/TLS connections that are initiated by
|
||||
* our client.
|
||||
*/
|
||||
public static class SslConfig {
|
||||
/** Indicates whether to enable OCSP stapling in TLS. */
|
||||
public final boolean enableOcspStapling;
|
||||
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
|
||||
public final boolean enableSignedCertTimestamp;
|
||||
/** Indicates whether to enable the TLS Channel ID extension. */
|
||||
public final boolean enableTlsChannelId;
|
||||
/** Indicates whether to enable the TLS GREASE extension. */
|
||||
public final boolean enableGrease;
|
||||
|
||||
/** Indicates how to process TURN server certificates */
|
||||
public final TlsCertPolicy tlsCertPolicy;
|
||||
|
||||
/**
|
||||
* Highest supported SSL version, as defined in the supported_versions TLS extension.
|
||||
* If null, the default OpenSSL/BoringSSL max version will be used.
|
||||
*/
|
||||
@Nullable public final Integer maxSslVersion;
|
||||
|
||||
/**
|
||||
* List of protocols to be used in the TLS ALPN extension.
|
||||
* If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
|
||||
*/
|
||||
@Nullable public final List<String> tlsAlpnProtocols;
|
||||
|
||||
/**
|
||||
* List of elliptic curves to be used in the TLS elliptic curves extension.
|
||||
* Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
|
||||
* If null, the default list of OpenSSL/BoringSSL curves will be used.
|
||||
*/
|
||||
@Nullable public final List<String> tlsEllipticCurves;
|
||||
|
||||
private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
|
||||
boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
|
||||
Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
|
||||
this.enableOcspStapling = enableOcspStapling;
|
||||
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
|
||||
this.enableTlsChannelId = enableTlsChannelId;
|
||||
this.enableGrease = enableGrease;
|
||||
this.tlsCertPolicy = tlsCertPolicy;
|
||||
this.maxSslVersion = maxSslVersion;
|
||||
if (tlsAlpnProtocols != null) {
|
||||
this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
|
||||
} else {
|
||||
this.tlsAlpnProtocols = null;
|
||||
}
|
||||
if (tlsEllipticCurves != null) {
|
||||
this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
|
||||
} else {
|
||||
this.tlsEllipticCurves = null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
|
||||
+ enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
|
||||
+ "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
|
||||
+ "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
|
||||
+ "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
|
||||
}
|
||||
|
||||
public static Builder builder() {
|
||||
return new Builder();
|
||||
}
|
||||
|
||||
public static class Builder {
|
||||
private boolean enableOcspStapling = true;
|
||||
private boolean enableSignedCertTimestamp = true;
|
||||
private boolean enableTlsChannelId = false;
|
||||
private boolean enableGrease = false;
|
||||
private TlsCertPolicy tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
|
||||
@Nullable private Integer maxSslVersion = null;
|
||||
@Nullable private List<String> tlsAlpnProtocols = null;
|
||||
@Nullable private List<String> tlsEllipticCurves = null;
|
||||
|
||||
private Builder() {}
|
||||
|
||||
public Builder setEnableOcspStapling(boolean enableOcspStapling) {
|
||||
this.enableOcspStapling = enableOcspStapling;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
|
||||
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
|
||||
this.enableTlsChannelId = enableTlsChannelId;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setEnableGrease(boolean enableGrease) {
|
||||
this.enableGrease = enableGrease;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
|
||||
this.tlsCertPolicy = tlsCertPolicy;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setMaxSslVersion(int maxSslVersion) {
|
||||
this.maxSslVersion = maxSslVersion;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
|
||||
this.tlsAlpnProtocols = tlsAlpnProtocols;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
|
||||
this.tlsEllipticCurves = tlsEllipticCurves;
|
||||
return this;
|
||||
}
|
||||
|
||||
public SslConfig createSslConfig() {
|
||||
return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
|
||||
enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
|
||||
}
|
||||
}
|
||||
|
||||
@CalledByNative("SslConfig")
|
||||
boolean getEnableOcspStapling() {
|
||||
return enableOcspStapling;
|
||||
}
|
||||
|
||||
@CalledByNative("SslConfig")
|
||||
boolean getEnableSignedCertTimestamp() {
|
||||
return enableSignedCertTimestamp;
|
||||
}
|
||||
|
||||
@CalledByNative("SslConfig")
|
||||
boolean getEnableTlsChannelId() {
|
||||
return enableTlsChannelId;
|
||||
}
|
||||
|
||||
@CalledByNative("SslConfig")
|
||||
boolean getEnableGrease() {
|
||||
return enableGrease;
|
||||
}
|
||||
|
||||
@CalledByNative("SslConfig")
|
||||
TlsCertPolicy getTlsCertPolicy() {
|
||||
return tlsCertPolicy;
|
||||
}
|
||||
|
||||
@Nullable
|
||||
@CalledByNative("SslConfig")
|
||||
Integer getMaxSslVersion() {
|
||||
return maxSslVersion;
|
||||
}
|
||||
|
||||
@Nullable
|
||||
@CalledByNative("SslConfig")
|
||||
List<String> getTlsAlpnProtocols() {
|
||||
return tlsAlpnProtocols;
|
||||
}
|
||||
|
||||
@Nullable
|
||||
@CalledByNative("SslConfig")
|
||||
List<String> getTlsEllipticCurves() {
|
||||
return tlsEllipticCurves;
|
||||
}
|
||||
}
|
||||
|
||||
/** Java version of PeerConnectionObserver. */
|
||||
public static interface Observer {
|
||||
/** Triggered when the SignalingState changes. */
|
||||
@ -300,9 +126,7 @@ public class PeerConnection {
|
||||
public final List<String> urls;
|
||||
public final String username;
|
||||
public final String password;
|
||||
// TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
|
||||
// This field will be ignored if tlsCertPolicy is also set in SslConfig.
|
||||
@Deprecated public final TlsCertPolicy tlsCertPolicy;
|
||||
public final TlsCertPolicy tlsCertPolicy;
|
||||
|
||||
// If the URIs in |urls| only contain IP addresses, this field can be used
|
||||
// to indicate the hostname, which may be necessary for TLS (using the SNI
|
||||
@ -310,18 +134,12 @@ public class PeerConnection {
|
||||
// necessary.
|
||||
public final String hostname;
|
||||
|
||||
// TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
|
||||
// List of protocols to be used in the TLS ALPN extension.
|
||||
@Deprecated public final List<String> tlsAlpnProtocols;
|
||||
public final List<String> tlsAlpnProtocols;
|
||||
|
||||
// TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
|
||||
// List of elliptic curves to be used in the TLS elliptic curves extension.
|
||||
// Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
|
||||
// This field will be ignored if tlsEllipticCurves is also set in SslConfig.
|
||||
@Deprecated public final List<String> tlsEllipticCurves;
|
||||
|
||||
// SSL configuration options for any SSL/TLS connections to this IceServer.
|
||||
public final SslConfig sslConfig;
|
||||
public final List<String> tlsEllipticCurves;
|
||||
|
||||
/** Convenience constructor for STUN servers. */
|
||||
@Deprecated
|
||||
@ -343,12 +161,12 @@ public class PeerConnection {
|
||||
public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
|
||||
String hostname) {
|
||||
this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
|
||||
null, SslConfig.builder().createSslConfig());
|
||||
null);
|
||||
}
|
||||
|
||||
private IceServer(String uri, List<String> urls, String username, String password,
|
||||
TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
|
||||
List<String> tlsEllipticCurves, SslConfig sslConfig) {
|
||||
List<String> tlsEllipticCurves) {
|
||||
if (uri == null || urls == null || urls.isEmpty()) {
|
||||
throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
|
||||
}
|
||||
@ -374,13 +192,12 @@ public class PeerConnection {
|
||||
this.hostname = hostname;
|
||||
this.tlsAlpnProtocols = tlsAlpnProtocols;
|
||||
this.tlsEllipticCurves = tlsEllipticCurves;
|
||||
this.sslConfig = sslConfig;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
|
||||
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
|
||||
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
|
||||
}
|
||||
|
||||
public static Builder builder(String uri) {
|
||||
@ -399,7 +216,6 @@ public class PeerConnection {
|
||||
private String hostname = "";
|
||||
private List<String> tlsAlpnProtocols;
|
||||
private List<String> tlsEllipticCurves;
|
||||
private SslConfig sslConfig = SslConfig.builder().createSslConfig();
|
||||
|
||||
private Builder(List<String> urls) {
|
||||
if (urls == null || urls.isEmpty()) {
|
||||
@ -418,7 +234,6 @@ public class PeerConnection {
|
||||
return this;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
|
||||
this.tlsCertPolicy = tlsCertPolicy;
|
||||
return this;
|
||||
@ -429,26 +244,19 @@ public class PeerConnection {
|
||||
return this;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
|
||||
this.tlsAlpnProtocols = tlsAlpnProtocols;
|
||||
return this;
|
||||
}
|
||||
|
||||
@Deprecated
|
||||
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
|
||||
this.tlsEllipticCurves = tlsEllipticCurves;
|
||||
return this;
|
||||
}
|
||||
|
||||
public Builder setSslConfig(SslConfig sslConfig) {
|
||||
this.sslConfig = sslConfig;
|
||||
return this;
|
||||
}
|
||||
|
||||
public IceServer createIceServer() {
|
||||
return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
|
||||
tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
|
||||
tlsAlpnProtocols, tlsEllipticCurves);
|
||||
}
|
||||
}
|
||||
|
||||
@ -490,11 +298,6 @@ public class PeerConnection {
|
||||
List<String> getTlsEllipticCurves() {
|
||||
return tlsEllipticCurves;
|
||||
}
|
||||
|
||||
@CalledByNative("IceServer")
|
||||
SslConfig getSslConfig() {
|
||||
return sslConfig;
|
||||
}
|
||||
}
|
||||
|
||||
/** Java version of PeerConnectionInterface.IceTransportsType */
|
||||
|
||||
@ -207,21 +207,6 @@ PeerConnectionInterface::TlsCertPolicy JavaToNativeTlsCertPolicy(
|
||||
return PeerConnectionInterface::kTlsCertPolicySecure;
|
||||
}
|
||||
|
||||
rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
|
||||
JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_ssl_config_tls_cert_policy) {
|
||||
std::string enum_name = GetJavaEnumName(jni, j_ssl_config_tls_cert_policy);
|
||||
|
||||
if (enum_name == "TLS_CERT_POLICY_SECURE")
|
||||
return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
|
||||
|
||||
if (enum_name == "TLS_CERT_POLICY_INSECURE_NO_CHECK")
|
||||
return rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
|
||||
|
||||
RTC_CHECK(false) << "Unexpected TlsCertPolicy enum_name " << enum_name;
|
||||
return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
|
||||
}
|
||||
|
||||
absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
|
||||
JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_network_preference) {
|
||||
|
||||
@ -18,7 +18,6 @@
|
||||
#include "api/jsepicecandidate.h"
|
||||
#include "api/peerconnectioninterface.h"
|
||||
#include "api/rtpparameters.h"
|
||||
#include "rtc_base/ssladapter.h"
|
||||
#include "rtc_base/sslidentity.h"
|
||||
#include "sdk/android/src/jni/jni_helpers.h"
|
||||
|
||||
@ -76,10 +75,6 @@ PeerConnectionInterface::TlsCertPolicy JavaToNativeTlsCertPolicy(
|
||||
JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_ice_server_tls_cert_policy);
|
||||
|
||||
rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
|
||||
JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_ssl_config_tls_cert_policy);
|
||||
|
||||
absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
|
||||
JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_network_preference);
|
||||
|
||||
@ -40,7 +40,6 @@
|
||||
#include "api/rtptransceiverinterface.h"
|
||||
#include "rtc_base/checks.h"
|
||||
#include "rtc_base/logging.h"
|
||||
#include "rtc_base/ssladapter.h"
|
||||
#include "sdk/android/generated_peerconnection_jni/jni/PeerConnection_jni.h"
|
||||
#include "sdk/android/native_api/jni/java_types.h"
|
||||
#include "sdk/android/src/jni/jni_helpers.h"
|
||||
@ -67,44 +66,6 @@ PeerConnectionInterface* ExtractNativePC(JNIEnv* jni,
|
||||
->pc();
|
||||
}
|
||||
|
||||
rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_ssl_config) {
|
||||
rtc::SSLConfig ssl_config;
|
||||
ssl_config.enable_ocsp_stapling =
|
||||
Java_SslConfig_getEnableOcspStapling(jni, j_ssl_config);
|
||||
ssl_config.enable_signed_cert_timestamp =
|
||||
Java_SslConfig_getEnableSignedCertTimestamp(jni, j_ssl_config);
|
||||
ssl_config.enable_tls_channel_id =
|
||||
Java_SslConfig_getEnableTlsChannelId(jni, j_ssl_config);
|
||||
ssl_config.enable_grease = Java_SslConfig_getEnableGrease(jni, j_ssl_config);
|
||||
|
||||
ScopedJavaLocalRef<jobject> j_ssl_config_max_ssl_version =
|
||||
Java_SslConfig_getMaxSslVersion(jni, j_ssl_config);
|
||||
ssl_config.max_ssl_version =
|
||||
JavaToNativeOptionalInt(jni, j_ssl_config_max_ssl_version);
|
||||
|
||||
ScopedJavaLocalRef<jobject> j_ssl_config_tls_cert_policy =
|
||||
Java_SslConfig_getTlsCertPolicy(jni, j_ssl_config);
|
||||
ssl_config.tls_cert_policy =
|
||||
JavaToNativeRtcTlsCertPolicy(jni, j_ssl_config_tls_cert_policy);
|
||||
|
||||
ScopedJavaLocalRef<jobject> j_ssl_config_tls_alpn_protocols =
|
||||
Java_SslConfig_getTlsAlpnProtocols(jni, j_ssl_config);
|
||||
if (!IsNull(jni, j_ssl_config_tls_alpn_protocols)) {
|
||||
ssl_config.tls_alpn_protocols =
|
||||
JavaListToNativeVector<std::string, jstring>(
|
||||
jni, j_ssl_config_tls_alpn_protocols, &JavaToNativeString);
|
||||
}
|
||||
ScopedJavaLocalRef<jobject> j_ssl_config_tls_elliptic_curves =
|
||||
Java_SslConfig_getTlsEllipticCurves(jni, j_ssl_config);
|
||||
if (!IsNull(jni, j_ssl_config_tls_elliptic_curves)) {
|
||||
ssl_config.tls_elliptic_curves =
|
||||
JavaListToNativeVector<std::string, jstring>(
|
||||
jni, j_ssl_config_tls_elliptic_curves, &JavaToNativeString);
|
||||
}
|
||||
return ssl_config;
|
||||
}
|
||||
|
||||
PeerConnectionInterface::IceServers JavaToNativeIceServers(
|
||||
JNIEnv* jni,
|
||||
const JavaRef<jobject>& j_ice_servers) {
|
||||
@ -126,8 +87,6 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
|
||||
Java_IceServer_getTlsAlpnProtocols(jni, j_ice_server);
|
||||
ScopedJavaLocalRef<jobject> tls_elliptic_curves =
|
||||
Java_IceServer_getTlsEllipticCurves(jni, j_ice_server);
|
||||
ScopedJavaLocalRef<jobject> ssl_config =
|
||||
Java_IceServer_getSslConfig(jni, j_ice_server);
|
||||
PeerConnectionInterface::IceServer server;
|
||||
server.urls = JavaListToNativeVector<std::string, jstring>(
|
||||
jni, urls, &JavaToNativeString);
|
||||
@ -139,7 +98,6 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
|
||||
jni, tls_alpn_protocols, &JavaToNativeString);
|
||||
server.tls_elliptic_curves = JavaListToNativeVector<std::string, jstring>(
|
||||
jni, tls_elliptic_curves, &JavaToNativeString);
|
||||
server.ssl_config = JavaToNativeSslConfig(jni, ssl_config);
|
||||
ice_servers.push_back(server);
|
||||
}
|
||||
return ice_servers;
|
||||
|
||||
Reference in New Issue
Block a user