Adds SSLCertificateVerifier to the Java API.

The native API supports setting an SSLCertificateVerifier that can be used to provide a custom certificate verifier for incoming SSL certificates. This change provides this functionality to the Java API so that a Java implementation can also be provided. It is expected this will only be used in specialized circumstances and most users will not hit this code path. Bug: webrtc:9541 Change-Id: Id3c75b8f288333b53edc2959bac533e3ec614978 Reviewed-on: https://webrtc-review.googlesource.com/89500 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24057}
2018-07-20 15:08:03 -07:00
parent 2ffed6d65c
commit 8cf30401eb
7 changed files with 174 additions and 18 deletions
--- a/sdk/android/api/org/webrtc/PeerConnectionDependencies.java
+++ b/sdk/android/api/org/webrtc/PeerConnectionDependencies.java
@ -20,18 +20,27 @@ import javax.annotation.Nullable;
 */
 public final class PeerConnectionDependencies {
  // Mandatory dependencies.
-  private PeerConnection.Observer observer;
+  private final PeerConnection.Observer observer;
+
+  // Optional fields.
+  private final SSLCertificateVerifier sslCertificateVerifier;

  public static class Builder {
    private PeerConnection.Observer observer;
+    private SSLCertificateVerifier sslCertificateVerifier;

    private Builder(PeerConnection.Observer observer) {
      this.observer = observer;
    }

+    public Builder setSSLCertificateVerifier(SSLCertificateVerifier sslCertificateVerifier) {
+      this.sslCertificateVerifier = sslCertificateVerifier;
+      return this;
+    }
+
    // Observer is a required dependency and so is forced in the construction of the object.
    public PeerConnectionDependencies createPeerConnectionDependencies() {
-      return new PeerConnectionDependencies(observer);
+      return new PeerConnectionDependencies(observer, sslCertificateVerifier);
    }
  }

@ -43,7 +52,14 @@ public final class PeerConnectionDependencies {
    return observer;
  }

-  private PeerConnectionDependencies(PeerConnection.Observer observer) {
+  @Nullable
+  SSLCertificateVerifier getSSLCertificateVerifier() {
+    return sslCertificateVerifier;
+  }
+
+  private PeerConnectionDependencies(
+      PeerConnection.Observer observer, SSLCertificateVerifier sslCertificateVerifier) {
    this.observer = observer;
+    this.sslCertificateVerifier = sslCertificateVerifier;
  }
 }
--- a/sdk/android/api/org/webrtc/PeerConnectionFactory.java
+++ b/sdk/android/api/org/webrtc/PeerConnectionFactory.java
@ -328,6 +328,25 @@ public class PeerConnectionFactory {
    this.nativeFactory = nativeFactory;
  }

+  /**
+   * Internal helper function to pass the parameters down into the native JNI bridge.
+   */
+  @Nullable
+  PeerConnection createPeerConnectionInternal(PeerConnection.RTCConfiguration rtcConfig,
+      MediaConstraints constraints, PeerConnection.Observer observer,
+      SSLCertificateVerifier sslCertificateVerifier) {
+    long nativeObserver = PeerConnection.createNativePeerConnectionObserver(observer);
+    if (nativeObserver == 0) {
+      return null;
+    }
+    long nativePeerConnection = nativeCreatePeerConnection(
+        nativeFactory, rtcConfig, constraints, nativeObserver, sslCertificateVerifier);
+    if (nativePeerConnection == 0) {
+      return null;
+    }
+    return new PeerConnection(nativePeerConnection);
+  }
+
  /**
   * Deprecated. PeerConnection constraints are deprecated. Supply values in rtcConfig struct
   * instead and use the method without constraints in the signature.
@ -336,16 +355,8 @@ public class PeerConnectionFactory {
  @Deprecated
  public PeerConnection createPeerConnection(PeerConnection.RTCConfiguration rtcConfig,
      MediaConstraints constraints, PeerConnection.Observer observer) {
-    long nativeObserver = PeerConnection.createNativePeerConnectionObserver(observer);
-    if (nativeObserver == 0) {
-      return null;
-    }
-    long nativePeerConnection =
-        nativeCreatePeerConnection(nativeFactory, rtcConfig, constraints, nativeObserver);
-    if (nativePeerConnection == 0) {
-      return null;
-    }
-    return new PeerConnection(nativePeerConnection);
+    return createPeerConnectionInternal(
+        rtcConfig, constraints, observer, /* sslCertificateVerifier= */ null);
  }

  /**
@ -376,7 +387,8 @@ public class PeerConnectionFactory {
  @Nullable
  public PeerConnection createPeerConnection(
      PeerConnection.RTCConfiguration rtcConfig, PeerConnectionDependencies dependencies) {
-    return createPeerConnection(rtcConfig, null /* constraints */, dependencies.getObserver());
+    return createPeerConnectionInternal(rtcConfig, null /* constraints */,
+        dependencies.getObserver(), dependencies.getSSLCertificateVerifier());
  }

  public MediaStream createLocalMediaStream(String label) {
@ -514,7 +526,8 @@ public class PeerConnectionFactory {
      VideoDecoderFactory decoderFactory, long nativeAudioProcessor,
      long nativeFecControllerFactory);
  private static native long nativeCreatePeerConnection(long factory,
-      PeerConnection.RTCConfiguration rtcConfig, MediaConstraints constraints, long nativeObserver);
+      PeerConnection.RTCConfiguration rtcConfig, MediaConstraints constraints, long nativeObserver,
+      SSLCertificateVerifier sslCertificateVerifier);
  private static native long nativeCreateLocalMediaStream(long factory, String label);
  private static native long nativeCreateVideoSource(long factory, boolean is_screencast);
  private static native long nativeCreateVideoTrack(
--- a/sdk/android/api/org/webrtc/SSLCertificateVerifier.java
+++ b/sdk/android/api/org/webrtc/SSLCertificateVerifier.java
@ -0,0 +1,27 @@
+/*
+ *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+package org.webrtc;
+
+/**
+ * The SSLCertificateVerifier interface allows API users to provide custom
+ * logic to verify certificates.
+ */
+public interface SSLCertificateVerifier {
+  /**
+   * Implementations of verify allow applications to provide custom logic for
+   * verifying certificates. This is not required by default and should be used
+   * with care.
+   *
+   * @param certificate A byte array containing a DER encoded X509 certificate.
+   * @return True if the certificate is verified and trusted else false.
+   */
+  @CalledByNative boolean verify(byte[] certificate);
+}