Adds SSLCertificateVerifier to the Java API.

The native API supports setting an SSLCertificateVerifier that can be used to provide a custom certificate verifier for incoming SSL certificates. This change provides this functionality to the Java API so that a Java implementation can also be provided. It is expected this will only be used in specialized circumstances and most users will not hit this code path. Bug: webrtc:9541 Change-Id: Id3c75b8f288333b53edc2959bac533e3ec614978 Reviewed-on: https://webrtc-review.googlesource.com/89500 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24057}
2018-07-20 15:08:03 -07:00
parent 2ffed6d65c
commit 8cf30401eb
7 changed files with 174 additions and 18 deletions
--- a/sdk/android/src/jni/pc/peerconnectionfactory.cc
+++ b/sdk/android/src/jni/pc/peerconnectionfactory.cc
@ -34,6 +34,7 @@
 #include "sdk/android/src/jni/pc/media.h"
 #include "sdk/android/src/jni/pc/ownedfactoryandthreads.h"
 #include "sdk/android/src/jni/pc/peerconnection.h"
+#include "sdk/android/src/jni/pc/sslcertificateverifierwrapper.h"
 #include "sdk/android/src/jni/pc/video.h"
 #include "system_wrappers/include/field_trial.h"
 // Adding 'nogncheck' to disable the gn include headers check.
@ -374,7 +375,8 @@ static jlong JNI_PeerConnectionFactory_CreatePeerConnection(
    jlong factory,
    const JavaParamRef<jobject>& j_rtc_config,
    const JavaParamRef<jobject>& j_constraints,
-    jlong observer_p) {
+    jlong observer_p,
+    const JavaParamRef<jobject>& j_sslCertificateVerifier) {
  rtc::scoped_refptr<PeerConnectionFactoryInterface> f(
      reinterpret_cast<PeerConnectionFactoryInterface*>(
          factoryFromJava(factory)));
@ -404,8 +406,17 @@ static jlong JNI_PeerConnectionFactory_CreatePeerConnection(
    constraints = JavaToNativeMediaConstraints(jni, j_constraints);
    CopyConstraintsIntoRtcConfiguration(constraints.get(), &rtc_config);
  }
-  rtc::scoped_refptr<PeerConnectionInterface> pc(
-      f->CreatePeerConnection(rtc_config, nullptr, nullptr, observer.get()));
+
+  PeerConnectionDependencies peer_connection_dependencies(observer.get());
+  if (!j_sslCertificateVerifier.is_null()) {
+    peer_connection_dependencies.tls_cert_verifier =
+        absl::make_unique<SSLCertificateVerifierWrapper>(
+            jni, j_sslCertificateVerifier);
+  }
+
+  rtc::scoped_refptr<PeerConnectionInterface> pc(f->CreatePeerConnection(
+      rtc_config, std::move(peer_connection_dependencies)));
+
  return jlongFromPointer(
      new OwnedPeerConnection(pc, std::move(observer), std::move(constraints)));
 }
--- a/sdk/android/src/jni/pc/sslcertificateverifierwrapper.cc
+++ b/sdk/android/src/jni/pc/sslcertificateverifierwrapper.cc
@ -0,0 +1,44 @@
+/*
+ *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#include "sdk/android/src/jni/pc/sslcertificateverifierwrapper.h"
+#include "sdk/android/generated_peerconnection_jni/jni/SSLCertificateVerifier_jni.h"
+#include "sdk/android/native_api/jni/class_loader.h"
+#include "sdk/android/native_api/jni/java_types.h"
+
+namespace webrtc {
+namespace jni {
+
+SSLCertificateVerifierWrapper::SSLCertificateVerifierWrapper(
+    JNIEnv* jni,
+    const JavaRef<jobject>& ssl_certificate_verifier)
+    : ssl_certificate_verifier_(jni, ssl_certificate_verifier) {}
+
+SSLCertificateVerifierWrapper::~SSLCertificateVerifierWrapper() = default;
+
+bool SSLCertificateVerifierWrapper::Verify(
+    const rtc::SSLCertificate& certificate) {
+  JNIEnv* jni = AttachCurrentThreadIfNeeded();
+
+  // Serialize the der encoding of the cert into a jbyteArray
+  rtc::Buffer cert_der_buffer;
+  certificate.ToDER(&cert_der_buffer);
+  ScopedJavaLocalRef<jbyteArray> jni_buffer(
+      jni, jni->NewByteArray(cert_der_buffer.size()));
+  jni->SetByteArrayRegion(
+      jni_buffer.obj(), 0, cert_der_buffer.size(),
+      reinterpret_cast<const jbyte*>(cert_der_buffer.data()));
+
+  return Java_SSLCertificateVerifier_verify(jni, ssl_certificate_verifier_,
+                                            jni_buffer);
+}
+
+}  // namespace jni
+}  // namespace webrtc
--- a/sdk/android/src/jni/pc/sslcertificateverifierwrapper.h
+++ b/sdk/android/src/jni/pc/sslcertificateverifierwrapper.h
@ -0,0 +1,41 @@
+/*
+ *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef SDK_ANDROID_SRC_JNI_PC_SSLCERTIFICATEVERIFIERWRAPPER_H_
+#define SDK_ANDROID_SRC_JNI_PC_SSLCERTIFICATEVERIFIERWRAPPER_H_
+
+#include <jni.h>
+#include <vector>
+
+#include "rtc_base/sslcertificate.h"
+#include "sdk/android/src/jni/jni_helpers.h"
+
+namespace webrtc {
+namespace jni {
+
+// Wrapper for Java SSLCertifiacteVerifier class. Delegates method calls through
+// JNI and wraps the encoder inside SSLCertificateVerifierWrapper.
+class SSLCertificateVerifierWrapper : public rtc::SSLCertificateVerifier {
+ public:
+  SSLCertificateVerifierWrapper(
+      JNIEnv* jni,
+      const JavaRef<jobject>& ssl_certificate_verifier);
+  ~SSLCertificateVerifierWrapper() override;
+
+  bool Verify(const rtc::SSLCertificate& certificate) override;
+
+ private:
+  const ScopedJavaGlobalRef<jobject> ssl_certificate_verifier_;
+};
+
+}  // namespace jni
+}  // namespace webrtc
+
+#endif  // SDK_ANDROID_SRC_JNI_PC_SSLCERTIFICATEVERIFIERWRAPPER_H_