zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SSLConfig object to IceServer.

Browse Source 
This is being added to allow greater configurability to TLS connections.
tlsAlpnProtocols, tlsEllipticCurves and tlsCertPolicy will be removed from IceServer in a
follow-up CL.

Bug: webrtc:9662
Change-Id: I33cb804b02c26c662ed2a28c76f9a9dc2df40f36
Reviewed-on: https://webrtc-review.googlesource.com/96020
Commit-Queue: Diogo Real <diogor@google.com>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24559}
This commit is contained in:
Diogo Real
2018-09-04 14:42:03 -07:00
committed by Commit Bot
parent ee82de28d6
commit 7f1ffcccce
28 changed files with 986 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
sdk/BUILD.gn
View File

@ -865,6 +865,9 @@ if (is_ios || is_mac) {
"objc/api/peerconnection/RTCRtpTransceiver.mm",
"objc/api/peerconnection/RTCSSLAdapter.h",
"objc/api/peerconnection/RTCSSLAdapter.mm",
"objc/api/peerconnection/RTCSSLConfig+Native.h",
"objc/api/peerconnection/RTCSSLConfig.h",
"objc/api/peerconnection/RTCSSLConfig.mm",
"objc/api/peerconnection/RTCSessionDescription+Private.h",
"objc/api/peerconnection/RTCSessionDescription.h",
"objc/api/peerconnection/RTCSessionDescription.mm",

211
sdk/android/api/org/webrtc/PeerConnection.java
View File

@ -71,6 +71,180 @@ public class PeerConnection {
}
}
/**
* Java version of PeerConnectionInterface::SSLConfig.
*
* Contains the configuration of any SSL/TLS connections that are initiated by
* our client.
*/
public static class SslConfig {
/** Indicates whether to enable OCSP stapling in TLS. */
public final boolean enableOcspStapling;
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
public final boolean enableSignedCertTimestamp;
/** Indicates whether to enable the TLS Channel ID extension. */
public final boolean enableTlsChannelId;
/** Indicates whether to enable the TLS GREASE extension. */
public final boolean enableGrease;
/** Indicates how to process TURN server certificates */
public final TlsCertPolicy tlsCertPolicy;
/**
* Highest supported SSL version, as defined in the supported_versions TLS extension.
* If null, the default OpenSSL/BoringSSL max version will be used.
*/
@Nullable public final Integer maxSslVersion;
/**
* List of protocols to be used in the TLS ALPN extension.
* If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
*/
@Nullable public final List<String> tlsAlpnProtocols;
/**
* List of elliptic curves to be used in the TLS elliptic curves extension.
* Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
* If null, the default list of OpenSSL/BoringSSL curves will be used.
*/
@Nullable public final List<String> tlsEllipticCurves;
private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
this.enableOcspStapling = enableOcspStapling;
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
this.enableTlsChannelId = enableTlsChannelId;
this.enableGrease = enableGrease;
this.tlsCertPolicy = tlsCertPolicy;
this.maxSslVersion = maxSslVersion;
if (tlsAlpnProtocols != null) {
this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
} else {
this.tlsAlpnProtocols = null;
}
if (tlsEllipticCurves != null) {
this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
} else {
this.tlsEllipticCurves = null;
}
}
@Override
public String toString() {
return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
+ enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
+ "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
+ "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
+ "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
}
public static Builder builder() {
return new Builder();
}
public static class Builder {
private boolean enableOcspStapling = true;
private boolean enableSignedCertTimestamp = true;
private boolean enableTlsChannelId = false;
private boolean enableGrease = false;
private TlsCertPolicy tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
@Nullable private Integer maxSslVersion = null;
@Nullable private List<String> tlsAlpnProtocols = null;
@Nullable private List<String> tlsEllipticCurves = null;
private Builder() {}
public Builder setEnableOcspStapling(boolean enableOcspStapling) {
this.enableOcspStapling = enableOcspStapling;
return this;
}
public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
return this;
}
public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
this.enableTlsChannelId = enableTlsChannelId;
return this;
}
public Builder setEnableGrease(boolean enableGrease) {
this.enableGrease = enableGrease;
return this;
}
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
}
public Builder setMaxSslVersion(int maxSslVersion) {
this.maxSslVersion = maxSslVersion;
return this;
}
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
public SslConfig createSslConfig() {
return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
}
}
@CalledByNative("SslConfig")
boolean getEnableOcspStapling() {
return enableOcspStapling;
}
@CalledByNative("SslConfig")
boolean getEnableSignedCertTimestamp() {
return enableSignedCertTimestamp;
}
@CalledByNative("SslConfig")
boolean getEnableTlsChannelId() {
return enableTlsChannelId;
}
@CalledByNative("SslConfig")
boolean getEnableGrease() {
return enableGrease;
}
@CalledByNative("SslConfig")
TlsCertPolicy getTlsCertPolicy() {
return tlsCertPolicy;
}
@Nullable
@CalledByNative("SslConfig")
Integer getMaxSslVersion() {
return maxSslVersion;
}
@Nullable
@CalledByNative("SslConfig")
List<String> getTlsAlpnProtocols() {
return tlsAlpnProtocols;
}
@Nullable
@CalledByNative("SslConfig")
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
}
/** Java version of PeerConnectionObserver. */
public static interface Observer {
/** Triggered when the SignalingState changes. */
@ -126,7 +300,9 @@ public class PeerConnection {
public final List<String> urls;
public final String username;
public final String password;
public final TlsCertPolicy tlsCertPolicy;
// TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
// This field will be ignored if tlsCertPolicy is also set in SslConfig.
@Deprecated public final TlsCertPolicy tlsCertPolicy;
// If the URIs in |urls| only contain IP addresses, this field can be used
// to indicate the hostname, which may be necessary for TLS (using the SNI
@ -134,12 +310,18 @@ public class PeerConnection {
// necessary.
public final String hostname;
// TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
// List of protocols to be used in the TLS ALPN extension.
public final List<String> tlsAlpnProtocols;
@Deprecated public final List<String> tlsAlpnProtocols;
// TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
// List of elliptic curves to be used in the TLS elliptic curves extension.
// Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
public final List<String> tlsEllipticCurves;
// This field will be ignored if tlsEllipticCurves is also set in SslConfig.
@Deprecated public final List<String> tlsEllipticCurves;
// SSL configuration options for any SSL/TLS connections to this IceServer.
public final SslConfig sslConfig;
/** Convenience constructor for STUN servers. */
@Deprecated
@ -161,12 +343,12 @@ public class PeerConnection {
public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
String hostname) {
this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
null);
null, SslConfig.builder().createSslConfig());
}
private IceServer(String uri, List<String> urls, String username, String password,
TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
List<String> tlsEllipticCurves) {
List<String> tlsEllipticCurves, SslConfig sslConfig) {
if (uri == null || urls == null || urls.isEmpty()) {
throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
}
@ -192,12 +374,13 @@ public class PeerConnection {
this.hostname = hostname;
this.tlsAlpnProtocols = tlsAlpnProtocols;
this.tlsEllipticCurves = tlsEllipticCurves;
this.sslConfig = sslConfig;
}
@Override
public String toString() {
return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
}
public static Builder builder(String uri) {
@ -216,6 +399,7 @@ public class PeerConnection {
private String hostname = "";
private List<String> tlsAlpnProtocols;
private List<String> tlsEllipticCurves;
private SslConfig sslConfig = SslConfig.builder().createSslConfig();
private Builder(List<String> urls) {
if (urls == null || urls.isEmpty()) {
@ -234,6 +418,7 @@ public class PeerConnection {
return this;
}
@Deprecated
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
@ -244,19 +429,26 @@ public class PeerConnection {
return this;
}
@Deprecated
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
@Deprecated
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
public Builder setSslConfig(SslConfig sslConfig) {
this.sslConfig = sslConfig;
return this;
}
public IceServer createIceServer() {
return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
tlsAlpnProtocols, tlsEllipticCurves);
tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
}
}
@ -298,6 +490,11 @@ public class PeerConnection {
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
@CalledByNative("IceServer")
SslConfig getSslConfig() {
return sslConfig;
}
}
/** Java version of PeerConnectionInterface.IceTransportsType */

15
sdk/android/src/jni/pc/icecandidate.cc
View File

@ -207,6 +207,21 @@ PeerConnectionInterface::TlsCertPolicy JavaToNativeTlsCertPolicy(
return PeerConnectionInterface::kTlsCertPolicySecure;
}
rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
JNIEnv* jni,
const JavaRef<jobject>& j_ssl_config_tls_cert_policy) {
std::string enum_name = GetJavaEnumName(jni, j_ssl_config_tls_cert_policy);
if (enum_name == "TLS_CERT_POLICY_SECURE")
return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
if (enum_name == "TLS_CERT_POLICY_INSECURE_NO_CHECK")
return rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
RTC_CHECK(false) << "Unexpected TlsCertPolicy enum_name " << enum_name;
return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
}
absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
JNIEnv* jni,
const JavaRef<jobject>& j_network_preference) {

5
sdk/android/src/jni/pc/icecandidate.h
View File

@ -18,6 +18,7 @@
#include "api/jsepicecandidate.h"
#include "api/peerconnectioninterface.h"
#include "api/rtpparameters.h"
#include "rtc_base/ssladapter.h"
#include "rtc_base/sslidentity.h"
#include "sdk/android/src/jni/jni_helpers.h"
@ -75,6 +76,10 @@ PeerConnectionInterface::TlsCertPolicy JavaToNativeTlsCertPolicy(
JNIEnv* jni,
const JavaRef<jobject>& j_ice_server_tls_cert_policy);
rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
JNIEnv* jni,
const JavaRef<jobject>& j_ssl_config_tls_cert_policy);
absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
JNIEnv* jni,
const JavaRef<jobject>& j_network_preference);

42
sdk/android/src/jni/pc/peerconnection.cc
View File

@ -40,6 +40,7 @@
#include "api/rtptransceiverinterface.h"
#include "rtc_base/checks.h"
#include "rtc_base/logging.h"
#include "rtc_base/ssladapter.h"
#include "sdk/android/generated_peerconnection_jni/jni/PeerConnection_jni.h"
#include "sdk/android/native_api/jni/java_types.h"
#include "sdk/android/src/jni/jni_helpers.h"
@ -66,6 +67,44 @@ PeerConnectionInterface* ExtractNativePC(JNIEnv* jni,
->pc();
}
rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* jni,
const JavaRef<jobject>& j_ssl_config) {
rtc::SSLConfig ssl_config;
ssl_config.enable_ocsp_stapling =
Java_SslConfig_getEnableOcspStapling(jni, j_ssl_config);
ssl_config.enable_signed_cert_timestamp =
Java_SslConfig_getEnableSignedCertTimestamp(jni, j_ssl_config);
ssl_config.enable_tls_channel_id =
Java_SslConfig_getEnableTlsChannelId(jni, j_ssl_config);
ssl_config.enable_grease = Java_SslConfig_getEnableGrease(jni, j_ssl_config);
ScopedJavaLocalRef<jobject> j_ssl_config_max_ssl_version =
Java_SslConfig_getMaxSslVersion(jni, j_ssl_config);
ssl_config.max_ssl_version =
JavaToNativeOptionalInt(jni, j_ssl_config_max_ssl_version);
ScopedJavaLocalRef<jobject> j_ssl_config_tls_cert_policy =
Java_SslConfig_getTlsCertPolicy(jni, j_ssl_config);
ssl_config.tls_cert_policy =
JavaToNativeRtcTlsCertPolicy(jni, j_ssl_config_tls_cert_policy);
ScopedJavaLocalRef<jobject> j_ssl_config_tls_alpn_protocols =
Java_SslConfig_getTlsAlpnProtocols(jni, j_ssl_config);
if (!IsNull(jni, j_ssl_config_tls_alpn_protocols)) {
ssl_config.tls_alpn_protocols =
JavaListToNativeVector<std::string, jstring>(
jni, j_ssl_config_tls_alpn_protocols, &JavaToNativeString);
}
ScopedJavaLocalRef<jobject> j_ssl_config_tls_elliptic_curves =
Java_SslConfig_getTlsEllipticCurves(jni, j_ssl_config);
if (!IsNull(jni, j_ssl_config_tls_elliptic_curves)) {
ssl_config.tls_elliptic_curves =
JavaListToNativeVector<std::string, jstring>(
jni, j_ssl_config_tls_elliptic_curves, &JavaToNativeString);
}
return ssl_config;
}
PeerConnectionInterface::IceServers JavaToNativeIceServers(
JNIEnv* jni,
const JavaRef<jobject>& j_ice_servers) {
@ -87,6 +126,8 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
Java_IceServer_getTlsAlpnProtocols(jni, j_ice_server);
ScopedJavaLocalRef<jobject> tls_elliptic_curves =
Java_IceServer_getTlsEllipticCurves(jni, j_ice_server);
ScopedJavaLocalRef<jobject> ssl_config =
Java_IceServer_getSslConfig(jni, j_ice_server);
PeerConnectionInterface::IceServer server;
server.urls = JavaListToNativeVector<std::string, jstring>(
jni, urls, &JavaToNativeString);
@ -98,6 +139,7 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
jni, tls_alpn_protocols, &JavaToNativeString);
server.tls_elliptic_curves = JavaListToNativeVector<std::string, jstring>(
jni, tls_elliptic_curves, &JavaToNativeString);
server.ssl_config = JavaToNativeSslConfig(jni, ssl_config);
ice_servers.push_back(server);
}
return ice_servers;

33
sdk/objc/api/peerconnection/RTCIceServer.h
View File

@ -11,11 +11,7 @@
#import <Foundation/Foundation.h>
#import "RTCMacros.h"
typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
RTCTlsCertPolicySecure,
RTCTlsCertPolicyInsecureNoCheck
};
#import "RTCSSLConfig.h"
NS_ASSUME_NONNULL_BEGIN
@ -32,7 +28,8 @@ RTC_EXPORT
@property(nonatomic, readonly, nullable) NSString *credential;
/**
* TLS certificate policy to use if this RTCIceServer object is a TURN server.
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
TLS certificate policy to use if this RTCIceServer object is a TURN server.
*/
@property(nonatomic, readonly) RTCTlsCertPolicy tlsCertPolicy;
@ -43,15 +40,24 @@ RTC_EXPORT
*/
@property(nonatomic, readonly, nullable) NSString *hostname;
/** List of protocols to be used in the TLS ALPN extension. */
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List of protocols to be used in the TLS ALPN extension.
This field will be ignored if also set in RTCSSLConfig.
*/
@property(nonatomic, readonly) NSArray<NSString *> *tlsAlpnProtocols;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
This field will be ignored if also set in RTCSSLConfig.
*/
@property(nonatomic, readonly) NSArray<NSString *> *tlsEllipticCurves;
/** SSL configuration options for any SSL/TLS connections to this IceServer. */
@property(nonatomic, readonly) RTCSSLConfig *sslConfig;
- (nonnull instancetype)init NS_UNAVAILABLE;
/** Convenience initializer for a server with no authentication (e.g. STUN). */
@ -106,8 +112,17 @@ RTC_EXPORT
tlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy
hostname:(nullable NSString *)hostname
tlsAlpnProtocols:(nullable NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves
NS_DESIGNATED_INITIALIZER;
tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves;
/**
* Initialize an RTCIceServer with its associated URLs, optional
* username, optional credential, hostname and SSL config.
*/
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
username:(nullable NSString *)username
credential:(nullable NSString *)credential
hostname:(nullable NSString *)hostname
sslConfig:(RTCSSLConfig *)sslConfig NS_DESIGNATED_INITIALIZER;
@end

76
sdk/objc/api/peerconnection/RTCIceServer.mm
View File

@ -9,6 +9,7 @@
*/
#import "RTCIceServer+Private.h"
#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@ -21,6 +22,7 @@
@synthesize hostname = _hostname;
@synthesize tlsAlpnProtocols = _tlsAlpnProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
@synthesize sslConfig = _sslConfig;
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings {
return [self initWithURLStrings:urlStrings
@ -83,28 +85,40 @@
hostname:(NSString *)hostname
tlsAlpnProtocols:(NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(NSArray<NSString *> *)tlsEllipticCurves {
RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] init];
sslConfig.tlsCertPolicy = tlsCertPolicy;
sslConfig.tlsALPNProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
sslConfig.tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
return [self initWithURLStrings:urlStrings
username:username
credential:credential
hostname:hostname
sslConfig:sslConfig];
}
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
username:(NSString *)username
credential:(NSString *)credential
hostname:(NSString *)hostname
sslConfig:(RTCSSLConfig *)sslConfig {
NSParameterAssert(urlStrings.count);
if (self = [super init]) {
_urlStrings = [[NSArray alloc] initWithArray:urlStrings copyItems:YES];
_username = [username copy];
_credential = [credential copy];
_tlsCertPolicy = tlsCertPolicy;
_hostname = [hostname copy];
_tlsAlpnProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
_tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
_sslConfig = sslConfig;
}
return self;
}
- (NSString *)description {
return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@\n%@\n%@",
return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@",
_urlStrings,
_username,
_credential,
[self stringForTlsCertPolicy:_tlsCertPolicy],
_hostname,
_tlsAlpnProtocols,
_tlsEllipticCurves];
_sslConfig];
}
#pragma mark - Private
@ -149,6 +163,8 @@
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck;
break;
}
iceServer.ssl_config = [_sslConfig nativeConfig];
return iceServer;
}
@ -162,34 +178,38 @@
NSString *username = [NSString stringForStdString:nativeServer.username];
NSString *credential = [NSString stringForStdString:nativeServer.password];
NSString *hostname = [NSString stringForStdString:nativeServer.hostname];
NSMutableArray *tlsAlpnProtocols =
[NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
for (auto const &proto : nativeServer.tls_alpn_protocols) {
[tlsAlpnProtocols addObject:[NSString stringForStdString:proto]];
}
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
for (auto const &curve : nativeServer.tls_elliptic_curves) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
RTCTlsCertPolicy tlsCertPolicy;
RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] initWithNativeConfig:nativeServer.ssl_config];
switch (nativeServer.tls_cert_policy) {
case webrtc::PeerConnectionInterface::kTlsCertPolicySecure:
tlsCertPolicy = RTCTlsCertPolicySecure;
break;
case webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck:
tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
break;
if (!nativeServer.ssl_config.tls_alpn_protocols.has_value() &&
!nativeServer.tls_alpn_protocols.empty()) {
NSMutableArray *tlsALPNProtocols =
[NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
for (auto const &proto : nativeServer.tls_alpn_protocols) {
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
}
sslConfig.tlsALPNProtocols = tlsALPNProtocols;
}
if (!nativeServer.ssl_config.tls_elliptic_curves.has_value() &&
!nativeServer.tls_elliptic_curves.empty()) {
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
for (auto const &curve : nativeServer.tls_elliptic_curves) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
sslConfig.tlsEllipticCurves = tlsEllipticCurves;
}
if (nativeServer.tls_cert_policy ==
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
sslConfig.tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
}
self = [self initWithURLStrings:urls
username:username
credential:credential
tlsCertPolicy:tlsCertPolicy
hostname:hostname
tlsAlpnProtocols:tlsAlpnProtocols
tlsEllipticCurves:tlsEllipticCurves];
sslConfig:sslConfig];
return self;
}

27
sdk/objc/api/peerconnection/RTCSSLConfig+Native.h Normal file
View File

@ -0,0 +1,27 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "RTCSSLConfig.h"
#include "api/peerconnectioninterface.h"
#include "rtc_base/ssladapter.h"
NS_ASSUME_NONNULL_BEGIN
@interface RTCSSLConfig (Native)
- (rtc::SSLConfig)nativeConfig;
/** Initialize an RTCSSLConfig from a native SSLConfig. */
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config;
@end
NS_ASSUME_NONNULL_END

56
sdk/objc/api/peerconnection/RTCSSLConfig.h Normal file
View File

@ -0,0 +1,56 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import <Foundation/Foundation.h>
#import <WebRTC/RTCMacros.h>
typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
RTCTlsCertPolicySecure,
RTCTlsCertPolicyInsecureNoCheck
};
NS_ASSUME_NONNULL_BEGIN
RTC_EXPORT
@interface RTCSSLConfig : NSObject
/** Indicates whether to enable OCSP stapling in TLS. */
@property(nonatomic) BOOL enableOCSPStapling;
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
@property(nonatomic) BOOL enableSignedCertTimestamp;
/** Indicates whether to enable the TLS Channel ID extension. */
@property(nonatomic) BOOL enableTlsChannelId;
/** Indicates whether to enable the TLS GREASE extension. */
@property(nonatomic) BOOL enableGrease;
/** Indicates how to process TURN server certificates */
@property(nonatomic) RTCTlsCertPolicy tlsCertPolicy;
/** Highest supported SSL version, as defined in the supported_versions TLS extension. */
@property(nonatomic, nullable) NSNumber *maxSSLVersion;
/** List of protocols to be used in the TLS ALPN extension. */
@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsALPNProtocols;
/**
List of elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
*/
@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsEllipticCurves;
- (instancetype)init;
@end
NS_ASSUME_NONNULL_END

134
sdk/objc/api/peerconnection/RTCSSLConfig.mm Normal file
View File

@ -0,0 +1,134 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@implementation RTCSSLConfig
@synthesize enableOCSPStapling = _enableOCSPStapling;
@synthesize enableSignedCertTimestamp = _enableSignedCertTimestamp;
@synthesize enableTlsChannelId = _enableTlsChannelId;
@synthesize enableGrease = _enableGrease;
@synthesize tlsCertPolicy = _tlsCertPolicy;
@synthesize maxSSLVersion = _maxSSLVersion;
@synthesize tlsALPNProtocols = _tlsALPNProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
- (instancetype)init {
// Copy defaults
rtc::SSLConfig config;
return [self initWithNativeConfig:config];
}
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config {
if (self = [super init]) {
_enableOCSPStapling = config.enable_ocsp_stapling;
_enableSignedCertTimestamp = config.enable_signed_cert_timestamp;
_enableTlsChannelId = config.enable_tls_channel_id;
_enableGrease = config.enable_grease;
switch (config.tls_cert_policy) {
case rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE:
_tlsCertPolicy = RTCTlsCertPolicySecure;
break;
case rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK:
_tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
break;
}
if (config.max_ssl_version) {
_maxSSLVersion = [NSNumber numberWithInt:*config.max_ssl_version];
}
if (config.tls_alpn_protocols) {
NSMutableArray *tlsALPNProtocols =
[NSMutableArray arrayWithCapacity:config.tls_alpn_protocols.value().size()];
for (auto const &proto : config.tls_alpn_protocols.value()) {
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
}
_tlsALPNProtocols = tlsALPNProtocols;
}
if (config.tls_elliptic_curves) {
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:config.tls_elliptic_curves.value().size()];
for (auto const &curve : config.tls_elliptic_curves.value()) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
_tlsEllipticCurves = tlsEllipticCurves;
}
}
return self;
}
- (NSString *)description {
return [NSString stringWithFormat:@"RTCSSLConfig:\n%d\n%d\n%d\n%d\n%@\n%@\n%@\n%@",
_enableOCSPStapling,
_enableSignedCertTimestamp,
_enableTlsChannelId,
_enableGrease,
[self stringForTlsCertPolicy:_tlsCertPolicy],
_maxSSLVersion,
_tlsALPNProtocols,
_tlsEllipticCurves];
}
#pragma mark - Private
- (NSString *)stringForTlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy {
switch (tlsCertPolicy) {
case RTCTlsCertPolicySecure:
return @"RTCTlsCertPolicySecure";
case RTCTlsCertPolicyInsecureNoCheck:
return @"RTCTlsCertPolicyInsecureNoCheck";
}
}
- (rtc::SSLConfig)nativeConfig {
__block rtc::SSLConfig sslConfig;
sslConfig.enable_ocsp_stapling = _enableOCSPStapling;
sslConfig.enable_signed_cert_timestamp = _enableSignedCertTimestamp;
sslConfig.enable_tls_channel_id = _enableTlsChannelId;
sslConfig.enable_grease = _enableGrease;
switch (_tlsCertPolicy) {
case RTCTlsCertPolicySecure:
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
break;
case RTCTlsCertPolicyInsecureNoCheck:
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
break;
}
if (_maxSSLVersion != nil) {
sslConfig.max_ssl_version = absl::optional<int>(_maxSSLVersion.intValue);
}
if (_tlsALPNProtocols != nil) {
__block std::vector<std::string> alpn_protocols;
[_tlsALPNProtocols enumerateObjectsUsingBlock:^(NSString *proto, NSUInteger idx, BOOL *stop) {
alpn_protocols.push_back(proto.stdString);
}];
sslConfig.tls_alpn_protocols = absl::optional<std::vector<std::string>>(alpn_protocols);
}
if (_tlsEllipticCurves != nil) {
__block std::vector<std::string> elliptic_curves;
[_tlsEllipticCurves enumerateObjectsUsingBlock:^(NSString *curve, NSUInteger idx, BOOL *stop) {
elliptic_curves.push_back(curve.stdString);
}];
sslConfig.tls_elliptic_curves = absl::optional<std::vector<std::string>>(elliptic_curves);
}
return sslConfig;
}
@end

10
sdk/objc/unittests/RTCIceServerTest.mm
View File

@ -89,7 +89,7 @@
EXPECT_EQ("username", iceStruct.username);
EXPECT_EQ("credential", iceStruct.password);
EXPECT_EQ("hostname", iceStruct.hostname);
EXPECT_EQ(2u, iceStruct.tls_alpn_protocols.size());
EXPECT_EQ(2u, iceStruct.ssl_config.tls_alpn_protocols.value().size());
}
- (void)testTlsEllipticCurves {
@ -106,8 +106,8 @@
EXPECT_EQ("username", iceStruct.username);
EXPECT_EQ("credential", iceStruct.password);
EXPECT_EQ("hostname", iceStruct.hostname);
EXPECT_EQ(2u, iceStruct.tls_alpn_protocols.size());
EXPECT_EQ(2u, iceStruct.tls_elliptic_curves.size());
EXPECT_EQ(2u, iceStruct.ssl_config.tls_alpn_protocols.value().size());
EXPECT_EQ(2u, iceStruct.ssl_config.tls_elliptic_curves.value().size());
}
- (void)testInitFromNativeServer {
@ -129,8 +129,8 @@
EXPECT_EQ("username", [NSString stdStringForString:iceServer.username]);
EXPECT_EQ("password", [NSString stdStringForString:iceServer.credential]);
EXPECT_EQ("hostname", [NSString stdStringForString:iceServer.hostname]);
EXPECT_EQ(2u, iceServer.tlsAlpnProtocols.count);
EXPECT_EQ(2u, iceServer.tlsEllipticCurves.count);
EXPECT_EQ(2u, iceServer.sslConfig.tlsALPNProtocols.count);
EXPECT_EQ(2u, iceServer.sslConfig.tlsEllipticCurves.count);
}
@end