Add SSLConfig object to IceServer.

This is being added to allow greater configurability to TLS connections. tlsAlpnProtocols, tlsEllipticCurves and tlsCertPolicy will be removed from IceServer in a follow-up CL. Bug: webrtc:9662 Change-Id: I33cb804b02c26c662ed2a28c76f9a9dc2df40f36 Reviewed-on: https://webrtc-review.googlesource.com/96020 Commit-Queue: Diogo Real <diogor@google.com> Reviewed-by: Qingsi Wang <qingsi@webrtc.org> Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24559}
2018-09-04 14:42:03 -07:00
parent ee82de28d6
commit 7f1ffcccce
28 changed files with 986 additions and 183 deletions
--- a/sdk/android/src/jni/pc/icecandidate.cc
+++ b/sdk/android/src/jni/pc/icecandidate.cc
@ -207,6 +207,21 @@ PeerConnectionInterface::TlsCertPolicy JavaToNativeTlsCertPolicy(
  return PeerConnectionInterface::kTlsCertPolicySecure;
 }

+rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
+    JNIEnv* jni,
+    const JavaRef<jobject>& j_ssl_config_tls_cert_policy) {
+  std::string enum_name = GetJavaEnumName(jni, j_ssl_config_tls_cert_policy);
+
+  if (enum_name == "TLS_CERT_POLICY_SECURE")
+    return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
+
+  if (enum_name == "TLS_CERT_POLICY_INSECURE_NO_CHECK")
+    return rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
+
+  RTC_CHECK(false) << "Unexpected TlsCertPolicy enum_name " << enum_name;
+  return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
+}
+
 absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
    JNIEnv* jni,
    const JavaRef<jobject>& j_network_preference) {
--- a/sdk/android/src/jni/pc/icecandidate.h
+++ b/sdk/android/src/jni/pc/icecandidate.h
@ -18,6 +18,7 @@
 #include "api/jsepicecandidate.h"
 #include "api/peerconnectioninterface.h"
 #include "api/rtpparameters.h"
+#include "rtc_base/ssladapter.h"
 #include "rtc_base/sslidentity.h"
 #include "sdk/android/src/jni/jni_helpers.h"

@ -75,6 +76,10 @@ PeerConnectionInterface::TlsCertPolicy JavaToNativeTlsCertPolicy(
    JNIEnv* jni,
    const JavaRef<jobject>& j_ice_server_tls_cert_policy);

+rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
+    JNIEnv* jni,
+    const JavaRef<jobject>& j_ssl_config_tls_cert_policy);
+
 absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
    JNIEnv* jni,
    const JavaRef<jobject>& j_network_preference);
--- a/sdk/android/src/jni/pc/peerconnection.cc
+++ b/sdk/android/src/jni/pc/peerconnection.cc
@ -40,6 +40,7 @@
 #include "api/rtptransceiverinterface.h"
 #include "rtc_base/checks.h"
 #include "rtc_base/logging.h"
+#include "rtc_base/ssladapter.h"
 #include "sdk/android/generated_peerconnection_jni/jni/PeerConnection_jni.h"
 #include "sdk/android/native_api/jni/java_types.h"
 #include "sdk/android/src/jni/jni_helpers.h"
@ -66,6 +67,44 @@ PeerConnectionInterface* ExtractNativePC(JNIEnv* jni,
      ->pc();
 }

+rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* jni,
+                                     const JavaRef<jobject>& j_ssl_config) {
+  rtc::SSLConfig ssl_config;
+  ssl_config.enable_ocsp_stapling =
+      Java_SslConfig_getEnableOcspStapling(jni, j_ssl_config);
+  ssl_config.enable_signed_cert_timestamp =
+      Java_SslConfig_getEnableSignedCertTimestamp(jni, j_ssl_config);
+  ssl_config.enable_tls_channel_id =
+      Java_SslConfig_getEnableTlsChannelId(jni, j_ssl_config);
+  ssl_config.enable_grease = Java_SslConfig_getEnableGrease(jni, j_ssl_config);
+
+  ScopedJavaLocalRef<jobject> j_ssl_config_max_ssl_version =
+      Java_SslConfig_getMaxSslVersion(jni, j_ssl_config);
+  ssl_config.max_ssl_version =
+      JavaToNativeOptionalInt(jni, j_ssl_config_max_ssl_version);
+
+  ScopedJavaLocalRef<jobject> j_ssl_config_tls_cert_policy =
+      Java_SslConfig_getTlsCertPolicy(jni, j_ssl_config);
+  ssl_config.tls_cert_policy =
+      JavaToNativeRtcTlsCertPolicy(jni, j_ssl_config_tls_cert_policy);
+
+  ScopedJavaLocalRef<jobject> j_ssl_config_tls_alpn_protocols =
+      Java_SslConfig_getTlsAlpnProtocols(jni, j_ssl_config);
+  if (!IsNull(jni, j_ssl_config_tls_alpn_protocols)) {
+    ssl_config.tls_alpn_protocols =
+        JavaListToNativeVector<std::string, jstring>(
+            jni, j_ssl_config_tls_alpn_protocols, &JavaToNativeString);
+  }
+  ScopedJavaLocalRef<jobject> j_ssl_config_tls_elliptic_curves =
+      Java_SslConfig_getTlsEllipticCurves(jni, j_ssl_config);
+  if (!IsNull(jni, j_ssl_config_tls_elliptic_curves)) {
+    ssl_config.tls_elliptic_curves =
+        JavaListToNativeVector<std::string, jstring>(
+            jni, j_ssl_config_tls_elliptic_curves, &JavaToNativeString);
+  }
+  return ssl_config;
+}
+
 PeerConnectionInterface::IceServers JavaToNativeIceServers(
    JNIEnv* jni,
    const JavaRef<jobject>& j_ice_servers) {
@ -87,6 +126,8 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
        Java_IceServer_getTlsAlpnProtocols(jni, j_ice_server);
    ScopedJavaLocalRef<jobject> tls_elliptic_curves =
        Java_IceServer_getTlsEllipticCurves(jni, j_ice_server);
+    ScopedJavaLocalRef<jobject> ssl_config =
+        Java_IceServer_getSslConfig(jni, j_ice_server);
    PeerConnectionInterface::IceServer server;
    server.urls = JavaListToNativeVector<std::string, jstring>(
        jni, urls, &JavaToNativeString);
@ -98,6 +139,7 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
        jni, tls_alpn_protocols, &JavaToNativeString);
    server.tls_elliptic_curves = JavaListToNativeVector<std::string, jstring>(
        jni, tls_elliptic_curves, &JavaToNativeString);
+    server.ssl_config = JavaToNativeSslConfig(jni, ssl_config);
    ice_servers.push_back(server);
  }
  return ice_servers;