zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Add SSLConfig object to IceServer."

Browse Source 
This reverts commit 4f085434b912060874d6697f17aaedd2adae7c49.

Reason for revert: breaks downstream projects.

Original change's description:
> Add SSLConfig object to IceServer.
> 
> This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
> with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
> tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.
> 
> Bug: webrtc:9662
> Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
> Reviewed-on: https://webrtc-review.googlesource.com/98762
> Commit-Queue: Diogo Real <diogor@google.com>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#24696}

TBR=steveanton@webrtc.org,sakal@webrtc.org,kwiberg@webrtc.org,kthelgason@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org,diogor@google.com

Change-Id: I1cb64b63fec688b4ac90c2fa368eaf0bc11046af
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: webrtc:9662
Reviewed-on: https://webrtc-review.googlesource.com/99880
Reviewed-by: Sergey Silkin <ssilkin@webrtc.org>
Commit-Queue: Sergey Silkin <ssilkin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24701}
This commit is contained in:
Sergey Silkin
2018-09-12 10:45:38 +00:00
committed by Commit Bot
parent 289e980708
commit 9c147ddc91
31 changed files with 182 additions and 1092 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
sdk/BUILD.gn
View File

@ -870,9 +870,6 @@ if (is_ios || is_mac) {
"objc/api/peerconnection/RTCRtpTransceiver.mm",
"objc/api/peerconnection/RTCSSLAdapter.h",
"objc/api/peerconnection/RTCSSLAdapter.mm",
"objc/api/peerconnection/RTCSSLConfig+Native.h",
"objc/api/peerconnection/RTCSSLConfig.h",
"objc/api/peerconnection/RTCSSLConfig.mm",
"objc/api/peerconnection/RTCSessionDescription+Private.h",
"objc/api/peerconnection/RTCSessionDescription.h",
"objc/api/peerconnection/RTCSessionDescription.mm",
@ -988,7 +985,6 @@ if (is_ios || is_mac) {
"objc/Framework/Headers/WebRTC/RTCRtpSender.h",
"objc/Framework/Headers/WebRTC/RTCRtpTransceiver.h",
"objc/Framework/Headers/WebRTC/RTCSSLAdapter.h",
"objc/Framework/Headers/WebRTC/RTCSSLConfig.h",
"objc/Framework/Headers/WebRTC/RTCSessionDescription.h",
"objc/Framework/Headers/WebRTC/RTCTracing.h",
"objc/Framework/Headers/WebRTC/RTCVideoCapturer.h",

4
sdk/android/BUILD.gn
View File

@ -306,7 +306,6 @@ if (is_android) {
"api/org/webrtc/RtpSender.java",
"api/org/webrtc/RtpTransceiver.java",
"api/org/webrtc/SSLCertificateVerifier.java",
"api/org/webrtc/SslConfig.java",
"api/org/webrtc/SdpObserver.java",
"api/org/webrtc/SessionDescription.java",
"api/org/webrtc/StatsObserver.java",
@ -649,8 +648,6 @@ if (is_android) {
"src/jni/pc/sessiondescription.h",
"src/jni/pc/sslcertificateverifierwrapper.cc",
"src/jni/pc/sslcertificateverifierwrapper.h",
"src/jni/pc/sslconfig.cc",
"src/jni/pc/sslconfig.h",
"src/jni/pc/statsobserver.cc",
"src/jni/pc/statsobserver.h",
"src/jni/pc/turncustomizer.cc",
@ -1196,7 +1193,6 @@ if (is_android) {
"api/org/webrtc/SSLCertificateVerifier.java",
"api/org/webrtc/SdpObserver.java",
"api/org/webrtc/SessionDescription.java",
"api/org/webrtc/SslConfig.java",
"api/org/webrtc/StatsObserver.java",
"api/org/webrtc/StatsReport.java",
"api/org/webrtc/TurnCustomizer.java",

38
sdk/android/api/org/webrtc/PeerConnection.java
View File

@ -50,7 +50,6 @@ public class PeerConnection {
}
}
// TODO(diogor, webrtc:9673): Remove TlsCertPolicy. It's deprecated, in favor of SslConfig.
/** Tracks PeerConnectionInterface::TlsCertPolicy */
public enum TlsCertPolicy {
TLS_CERT_POLICY_SECURE,
@ -127,9 +126,7 @@ public class PeerConnection {
public final List<String> urls;
public final String username;
public final String password;
// TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
// This field will be ignored if tlsCertPolicy is also set in SslConfig.
@Deprecated public final TlsCertPolicy tlsCertPolicy;
public final TlsCertPolicy tlsCertPolicy;
// If the URIs in |urls| only contain IP addresses, this field can be used
// to indicate the hostname, which may be necessary for TLS (using the SNI
@ -137,18 +134,12 @@ public class PeerConnection {
// necessary.
public final String hostname;
// TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
// List of protocols to be used in the TLS ALPN extension.
@Deprecated public final List<String> tlsAlpnProtocols;
public final List<String> tlsAlpnProtocols;
// TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
// List of elliptic curves to be used in the TLS elliptic curves extension.
// Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
// This field will be ignored if tlsEllipticCurves is also set in SslConfig.
@Deprecated public final List<String> tlsEllipticCurves;
// SSL configuration options for any SSL/TLS connections to this IceServer.
public final SslConfig sslConfig;
public final List<String> tlsEllipticCurves;
/** Convenience constructor for STUN servers. */
@Deprecated
@ -170,12 +161,12 @@ public class PeerConnection {
public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
String hostname) {
this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
null, SslConfig.builder().createSslConfig());
null);
}
private IceServer(String uri, List<String> urls, String username, String password,
TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
List<String> tlsEllipticCurves, SslConfig sslConfig) {
List<String> tlsEllipticCurves) {
if (uri == null || urls == null || urls.isEmpty()) {
throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
}
@ -201,13 +192,12 @@ public class PeerConnection {
this.hostname = hostname;
this.tlsAlpnProtocols = tlsAlpnProtocols;
this.tlsEllipticCurves = tlsEllipticCurves;
this.sslConfig = sslConfig;
}
@Override
public String toString() {
return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
}
public static Builder builder(String uri) {
@ -226,7 +216,6 @@ public class PeerConnection {
private String hostname = "";
private List<String> tlsAlpnProtocols;
private List<String> tlsEllipticCurves;
private SslConfig sslConfig = SslConfig.builder().createSslConfig();
private Builder(List<String> urls) {
if (urls == null || urls.isEmpty()) {
@ -245,7 +234,6 @@ public class PeerConnection {
return this;
}
@Deprecated
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
@ -256,26 +244,19 @@ public class PeerConnection {
return this;
}
@Deprecated
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
@Deprecated
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
public Builder setSslConfig(SslConfig sslConfig) {
this.sslConfig = sslConfig;
return this;
}
public IceServer createIceServer() {
return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
tlsAlpnProtocols, tlsEllipticCurves);
}
}
@ -317,11 +298,6 @@ public class PeerConnection {
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
@CalledByNative("IceServer")
SslConfig getSslConfig() {
return sslConfig;
}
}
/** Java version of PeerConnectionInterface.IceTransportsType */

204
sdk/android/api/org/webrtc/SslConfig.java
View File

@ -1,204 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
package org.webrtc;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
/**
* Java version of rtc::SSLConfig.
*
* Contains the configuration of any SSL/TLS connections that are initiated by
* our client.
*/
public class SslConfig {
/** Tracks rtc::TlsCertPolicy */
public enum TlsCertPolicy {
TLS_CERT_POLICY_SECURE,
TLS_CERT_POLICY_INSECURE_NO_CHECK,
}
/** Indicates whether to enable OCSP stapling in TLS. */
public final boolean enableOcspStapling;
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
public final boolean enableSignedCertTimestamp;
/** Indicates whether to enable the TLS Channel ID extension. */
public final boolean enableTlsChannelId;
/** Indicates whether to enable the TLS GREASE extension. */
public final boolean enableGrease;
/** Indicates how to process TURN server certificates */
public final TlsCertPolicy tlsCertPolicy;
/**
* Highest supported SSL version, as defined in the supported_versions TLS extension.
* If null, the default OpenSSL/BoringSSL max version will be used.
*/
@Nullable public final Integer maxSslVersion;
/**
* List of protocols to be used in the TLS ALPN extension.
* If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
*/
@Nullable public final List<String> tlsAlpnProtocols;
/**
* List of elliptic curves to be used in the TLS elliptic curves extension.
* Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
* If null, the default list of OpenSSL/BoringSSL curves will be used.
*/
@Nullable public final List<String> tlsEllipticCurves;
private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
this.enableOcspStapling = enableOcspStapling;
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
this.enableTlsChannelId = enableTlsChannelId;
this.enableGrease = enableGrease;
this.tlsCertPolicy = tlsCertPolicy;
this.maxSslVersion = maxSslVersion;
if (tlsAlpnProtocols != null) {
this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
} else {
this.tlsAlpnProtocols = null;
}
if (tlsEllipticCurves != null) {
this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
} else {
this.tlsEllipticCurves = null;
}
}
@Override
public String toString() {
return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
+ enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
+ "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
+ "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
+ "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
}
public static Builder builder() {
return new Builder();
}
public static class Builder {
private boolean enableOcspStapling;
private boolean enableSignedCertTimestamp;
private boolean enableTlsChannelId;
private boolean enableGrease;
private TlsCertPolicy tlsCertPolicy;
@Nullable private Integer maxSslVersion;
@Nullable private List<String> tlsAlpnProtocols;
@Nullable private List<String> tlsEllipticCurves;
private Builder() {
this.enableOcspStapling = true;
this.enableSignedCertTimestamp = true;
this.enableTlsChannelId = false;
this.enableGrease = false;
this.tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
this.maxSslVersion = null;
this.tlsAlpnProtocols = null;
this.tlsEllipticCurves = null;
}
public Builder setEnableOcspStapling(boolean enableOcspStapling) {
this.enableOcspStapling = enableOcspStapling;
return this;
}
public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
return this;
}
public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
this.enableTlsChannelId = enableTlsChannelId;
return this;
}
public Builder setEnableGrease(boolean enableGrease) {
this.enableGrease = enableGrease;
return this;
}
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
}
public Builder setMaxSslVersion(int maxSslVersion) {
this.maxSslVersion = maxSslVersion;
return this;
}
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
public SslConfig createSslConfig() {
return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
}
}
@CalledByNative
boolean getEnableOcspStapling() {
return enableOcspStapling;
}
@CalledByNative
boolean getEnableSignedCertTimestamp() {
return enableSignedCertTimestamp;
}
@CalledByNative
boolean getEnableTlsChannelId() {
return enableTlsChannelId;
}
@CalledByNative
boolean getEnableGrease() {
return enableGrease;
}
@CalledByNative
TlsCertPolicy getTlsCertPolicy() {
return tlsCertPolicy;
}
@Nullable
@CalledByNative
Integer getMaxSslVersion() {
return maxSslVersion;
}
@Nullable
@CalledByNative
List<String> getTlsAlpnProtocols() {
return tlsAlpnProtocols;
}
@Nullable
@CalledByNative
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
}

4
sdk/android/src/jni/pc/peerconnection.cc
View File

@ -51,7 +51,6 @@
#include "sdk/android/src/jni/pc/rtpsender.h"
#include "sdk/android/src/jni/pc/sdpobserver.h"
#include "sdk/android/src/jni/pc/sessiondescription.h"
#include "sdk/android/src/jni/pc/sslconfig.h"
#include "sdk/android/src/jni/pc/statsobserver.h"
#include "sdk/android/src/jni/pc/turncustomizer.h"
@ -88,8 +87,6 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
Java_IceServer_getTlsAlpnProtocols(jni, j_ice_server);
ScopedJavaLocalRef<jobject> tls_elliptic_curves =
Java_IceServer_getTlsEllipticCurves(jni, j_ice_server);
ScopedJavaLocalRef<jobject> ssl_config =
Java_IceServer_getSslConfig(jni, j_ice_server);
PeerConnectionInterface::IceServer server;
server.urls = JavaListToNativeVector<std::string, jstring>(
jni, urls, &JavaToNativeString);
@ -101,7 +98,6 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
jni, tls_alpn_protocols, &JavaToNativeString);
server.tls_elliptic_curves = JavaListToNativeVector<std::string, jstring>(
jni, tls_elliptic_curves, &JavaToNativeString);
server.ssl_config = JavaToNativeSslConfig(jni, ssl_config);
ice_servers.push_back(server);
}
return ice_servers;

78
sdk/android/src/jni/pc/sslconfig.cc
View File

@ -1,78 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#include "sdk/android/src/jni/pc/sslconfig.h"
#include <string>
#include "rtc_base/ssladapter.h"
#include "sdk/android/generated_peerconnection_jni/jni/SslConfig_jni.h"
#include "sdk/android/native_api/jni/java_types.h"
#include "sdk/android/src/jni/jni_helpers.h"
namespace webrtc {
namespace jni {
rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
JNIEnv* jni,
const JavaRef<jobject>& j_ssl_config_tls_cert_policy) {
std::string enum_name = GetJavaEnumName(jni, j_ssl_config_tls_cert_policy);
if (enum_name == "TLS_CERT_POLICY_SECURE")
return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
if (enum_name == "TLS_CERT_POLICY_INSECURE_NO_CHECK")
return rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
RTC_NOTREACHED();
return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
}
rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* jni,
const JavaRef<jobject>& j_ssl_config) {
rtc::SSLConfig ssl_config;
ssl_config.enable_ocsp_stapling =
Java_SslConfig_getEnableOcspStapling(jni, j_ssl_config);
ssl_config.enable_signed_cert_timestamp =
Java_SslConfig_getEnableSignedCertTimestamp(jni, j_ssl_config);
ssl_config.enable_tls_channel_id =
Java_SslConfig_getEnableTlsChannelId(jni, j_ssl_config);
ssl_config.enable_grease = Java_SslConfig_getEnableGrease(jni, j_ssl_config);
ScopedJavaLocalRef<jobject> j_ssl_config_max_ssl_version =
Java_SslConfig_getMaxSslVersion(jni, j_ssl_config);
ssl_config.max_ssl_version =
JavaToNativeOptionalInt(jni, j_ssl_config_max_ssl_version);
ScopedJavaLocalRef<jobject> j_ssl_config_tls_cert_policy =
Java_SslConfig_getTlsCertPolicy(jni, j_ssl_config);
ssl_config.tls_cert_policy =
JavaToNativeRtcTlsCertPolicy(jni, j_ssl_config_tls_cert_policy);
ScopedJavaLocalRef<jobject> j_ssl_config_tls_alpn_protocols =
Java_SslConfig_getTlsAlpnProtocols(jni, j_ssl_config);
if (!IsNull(jni, j_ssl_config_tls_alpn_protocols)) {
ssl_config.tls_alpn_protocols =
JavaListToNativeVector<std::string, jstring>(
jni, j_ssl_config_tls_alpn_protocols, &JavaToNativeString);
}
ScopedJavaLocalRef<jobject> j_ssl_config_tls_elliptic_curves =
Java_SslConfig_getTlsEllipticCurves(jni, j_ssl_config);
if (!IsNull(jni, j_ssl_config_tls_elliptic_curves)) {
ssl_config.tls_elliptic_curves =
JavaListToNativeVector<std::string, jstring>(
jni, j_ssl_config_tls_elliptic_curves, &JavaToNativeString);
}
return ssl_config;
}
} // namespace jni
} // namespace webrtc

30
sdk/android/src/jni/pc/sslconfig.h
View File

@ -1,30 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef SDK_ANDROID_SRC_JNI_PC_SSLCONFIG_H_
#define SDK_ANDROID_SRC_JNI_PC_SSLCONFIG_H_
#include "api/peerconnectioninterface.h"
#include "sdk/android/native_api/jni/scoped_java_ref.h"
namespace webrtc {
namespace jni {
rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
JNIEnv* jni,
const JavaRef<jobject>& j_ssl_config_tls_cert_policy);
rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* env,
const JavaRef<jobject>& j_ssl_config);
} // namespace jni
} // namespace webrtc
#endif // SDK_ANDROID_SRC_JNI_PC_SSLCONFIG_H_

11
sdk/objc/Framework/Headers/WebRTC/RTCSSLConfig.h
View File

@ -1,11 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "api/peerconnection/RTCSSLConfig.h"

33
sdk/objc/api/peerconnection/RTCIceServer.h
View File

@ -11,7 +11,11 @@
#import <Foundation/Foundation.h>
#import "RTCMacros.h"
#import "RTCSSLConfig.h"
typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
RTCTlsCertPolicySecure,
RTCTlsCertPolicyInsecureNoCheck
};
NS_ASSUME_NONNULL_BEGIN
@ -28,8 +32,7 @@ RTC_EXPORT
@property(nonatomic, readonly, nullable) NSString *credential;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
TLS certificate policy to use if this RTCIceServer object is a TURN server.
* TLS certificate policy to use if this RTCIceServer object is a TURN server.
*/
@property(nonatomic, readonly) RTCTlsCertPolicy tlsCertPolicy;
@ -40,24 +43,15 @@ RTC_EXPORT
*/
@property(nonatomic, readonly, nullable) NSString *hostname;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List of protocols to be used in the TLS ALPN extension.
This field will be ignored if also set in RTCSSLConfig.
*/
/** List of protocols to be used in the TLS ALPN extension. */
@property(nonatomic, readonly) NSArray<NSString *> *tlsAlpnProtocols;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
This field will be ignored if also set in RTCSSLConfig.
*/
@property(nonatomic, readonly) NSArray<NSString *> *tlsEllipticCurves;
/** SSL configuration options for any SSL/TLS connections to this IceServer. */
@property(nonatomic, readonly) RTCSSLConfig *sslConfig;
- (nonnull instancetype)init NS_UNAVAILABLE;
/** Convenience initializer for a server with no authentication (e.g. STUN). */
@ -112,17 +106,8 @@ RTC_EXPORT
tlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy
hostname:(nullable NSString *)hostname
tlsAlpnProtocols:(nullable NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves;
/**
* Initialize an RTCIceServer with its associated URLs, optional
* username, optional credential, hostname and SSL config.
*/
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
username:(nullable NSString *)username
credential:(nullable NSString *)credential
hostname:(nullable NSString *)hostname
sslConfig:(RTCSSLConfig *)sslConfig NS_DESIGNATED_INITIALIZER;
tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves
NS_DESIGNATED_INITIALIZER;
@end

82
sdk/objc/api/peerconnection/RTCIceServer.mm
View File

@ -9,7 +9,6 @@
*/
#import "RTCIceServer+Private.h"
#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@ -22,7 +21,6 @@
@synthesize hostname = _hostname;
@synthesize tlsAlpnProtocols = _tlsAlpnProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
@synthesize sslConfig = _sslConfig;
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings {
return [self initWithURLStrings:urlStrings
@ -85,50 +83,28 @@
hostname:(NSString *)hostname
tlsAlpnProtocols:(NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(NSArray<NSString *> *)tlsEllipticCurves {
RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] init];
sslConfig.tlsCertPolicy = tlsCertPolicy;
sslConfig.tlsALPNProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
sslConfig.tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
return [self initWithURLStrings:urlStrings
username:username
credential:credential
hostname:hostname
sslConfig:sslConfig];
}
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
username:(NSString *)username
credential:(NSString *)credential
hostname:(NSString *)hostname
sslConfig:(RTCSSLConfig *)sslConfig {
NSParameterAssert(urlStrings.count);
if (self = [super init]) {
_urlStrings = [[NSArray alloc] initWithArray:urlStrings copyItems:YES];
_username = [username copy];
_credential = [credential copy];
_tlsCertPolicy = tlsCertPolicy;
_hostname = [hostname copy];
_sslConfig = sslConfig;
// TODO(diogor, webrtc:9673): Remove these duplicate assignments.
_tlsCertPolicy = sslConfig.tlsCertPolicy;
if (sslConfig.tlsALPNProtocols) {
_tlsAlpnProtocols = [[NSArray alloc] initWithArray:sslConfig.tlsALPNProtocols copyItems:YES];
}
if (sslConfig.tlsEllipticCurves) {
_tlsEllipticCurves =
[[NSArray alloc] initWithArray:sslConfig.tlsEllipticCurves copyItems:YES];
}
_tlsAlpnProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
_tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
}
return self;
}
- (NSString *)description {
return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@",
return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@\n%@\n%@",
_urlStrings,
_username,
_credential,
[self stringForTlsCertPolicy:_tlsCertPolicy],
_hostname,
_sslConfig];
_tlsAlpnProtocols,
_tlsEllipticCurves];
}
#pragma mark - Private
@ -173,8 +149,6 @@
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck;
break;
}
iceServer.ssl_config = [_sslConfig nativeConfig];
return iceServer;
}
@ -188,38 +162,34 @@
NSString *username = [NSString stringForStdString:nativeServer.username];
NSString *credential = [NSString stringForStdString:nativeServer.password];
NSString *hostname = [NSString stringForStdString:nativeServer.hostname];
RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] initWithNativeConfig:nativeServer.ssl_config];
if (!nativeServer.ssl_config.tls_alpn_protocols.has_value() &&
!nativeServer.tls_alpn_protocols.empty()) {
NSMutableArray *tlsALPNProtocols =
[NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
for (auto const &proto : nativeServer.tls_alpn_protocols) {
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
}
sslConfig.tlsALPNProtocols = tlsALPNProtocols;
NSMutableArray *tlsAlpnProtocols =
[NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
for (auto const &proto : nativeServer.tls_alpn_protocols) {
[tlsAlpnProtocols addObject:[NSString stringForStdString:proto]];
}
if (!nativeServer.ssl_config.tls_elliptic_curves.has_value() &&
!nativeServer.tls_elliptic_curves.empty()) {
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
for (auto const &curve : nativeServer.tls_elliptic_curves) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
sslConfig.tlsEllipticCurves = tlsEllipticCurves;
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
for (auto const &curve : nativeServer.tls_elliptic_curves) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
RTCTlsCertPolicy tlsCertPolicy;
if (nativeServer.tls_cert_policy ==
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
sslConfig.tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
switch (nativeServer.tls_cert_policy) {
case webrtc::PeerConnectionInterface::kTlsCertPolicySecure:
tlsCertPolicy = RTCTlsCertPolicySecure;
break;
case webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck:
tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
break;
}
self = [self initWithURLStrings:urls
username:username
credential:credential
tlsCertPolicy:tlsCertPolicy
hostname:hostname
sslConfig:sslConfig];
tlsAlpnProtocols:tlsAlpnProtocols
tlsEllipticCurves:tlsEllipticCurves];
return self;
}

27
sdk/objc/api/peerconnection/RTCSSLConfig+Native.h
View File

@ -1,27 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "RTCSSLConfig.h"
#include "api/peerconnectioninterface.h"
#include "rtc_base/ssladapter.h"
NS_ASSUME_NONNULL_BEGIN
@interface RTCSSLConfig (Native)
- (rtc::SSLConfig)nativeConfig;
/** Initialize an RTCSSLConfig from a native SSLConfig. */
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config;
@end
NS_ASSUME_NONNULL_END

56
sdk/objc/api/peerconnection/RTCSSLConfig.h
View File

@ -1,56 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import <Foundation/Foundation.h>
#import <WebRTC/RTCMacros.h>
typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
RTCTlsCertPolicySecure,
RTCTlsCertPolicyInsecureNoCheck
};
NS_ASSUME_NONNULL_BEGIN
RTC_EXPORT
@interface RTCSSLConfig : NSObject
/** Indicates whether to enable OCSP stapling in TLS. */
@property(nonatomic) BOOL enableOCSPStapling;
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
@property(nonatomic) BOOL enableSignedCertTimestamp;
/** Indicates whether to enable the TLS Channel ID extension. */
@property(nonatomic) BOOL enableTlsChannelId;
/** Indicates whether to enable the TLS GREASE extension. */
@property(nonatomic) BOOL enableGrease;
/** Indicates how to process TURN server certificates */
@property(nonatomic) RTCTlsCertPolicy tlsCertPolicy;
/** Highest supported SSL version, as defined in the supported_versions TLS extension. */
@property(nonatomic, nullable) NSNumber *maxSSLVersion;
/** List of protocols to be used in the TLS ALPN extension. */
@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsALPNProtocols;
/**
List of elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
*/
@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsEllipticCurves;
- (instancetype)init;
@end
NS_ASSUME_NONNULL_END

134
sdk/objc/api/peerconnection/RTCSSLConfig.mm
View File

@ -1,134 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@implementation RTCSSLConfig
@synthesize enableOCSPStapling = _enableOCSPStapling;
@synthesize enableSignedCertTimestamp = _enableSignedCertTimestamp;
@synthesize enableTlsChannelId = _enableTlsChannelId;
@synthesize enableGrease = _enableGrease;
@synthesize tlsCertPolicy = _tlsCertPolicy;
@synthesize maxSSLVersion = _maxSSLVersion;
@synthesize tlsALPNProtocols = _tlsALPNProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
- (instancetype)init {
// Copy defaults
rtc::SSLConfig config;
return [self initWithNativeConfig:config];
}
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config {
if (self = [super init]) {
_enableOCSPStapling = config.enable_ocsp_stapling;
_enableSignedCertTimestamp = config.enable_signed_cert_timestamp;
_enableTlsChannelId = config.enable_tls_channel_id;
_enableGrease = config.enable_grease;
switch (config.tls_cert_policy) {
case rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE:
_tlsCertPolicy = RTCTlsCertPolicySecure;
break;
case rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK:
_tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
break;
}
if (config.max_ssl_version) {
_maxSSLVersion = [NSNumber numberWithInt:*config.max_ssl_version];
}
if (config.tls_alpn_protocols) {
NSMutableArray *tlsALPNProtocols =
[NSMutableArray arrayWithCapacity:config.tls_alpn_protocols.value().size()];
for (auto const &proto : config.tls_alpn_protocols.value()) {
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
}
_tlsALPNProtocols = tlsALPNProtocols;
}
if (config.tls_elliptic_curves) {
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:config.tls_elliptic_curves.value().size()];
for (auto const &curve : config.tls_elliptic_curves.value()) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
_tlsEllipticCurves = tlsEllipticCurves;
}
}
return self;
}
- (NSString *)description {
return [NSString stringWithFormat:@"RTCSSLConfig:\n%d\n%d\n%d\n%d\n%@\n%@\n%@\n%@",
_enableOCSPStapling,
_enableSignedCertTimestamp,
_enableTlsChannelId,
_enableGrease,
[self stringForTlsCertPolicy:_tlsCertPolicy],
_maxSSLVersion,
_tlsALPNProtocols,
_tlsEllipticCurves];
}
#pragma mark - Private
- (NSString *)stringForTlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy {
switch (tlsCertPolicy) {
case RTCTlsCertPolicySecure:
return @"RTCTlsCertPolicySecure";
case RTCTlsCertPolicyInsecureNoCheck:
return @"RTCTlsCertPolicyInsecureNoCheck";
}
}
- (rtc::SSLConfig)nativeConfig {
__block rtc::SSLConfig sslConfig;
sslConfig.enable_ocsp_stapling = _enableOCSPStapling;
sslConfig.enable_signed_cert_timestamp = _enableSignedCertTimestamp;
sslConfig.enable_tls_channel_id = _enableTlsChannelId;
sslConfig.enable_grease = _enableGrease;
switch (_tlsCertPolicy) {
case RTCTlsCertPolicySecure:
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
break;
case RTCTlsCertPolicyInsecureNoCheck:
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
break;
}
if (_maxSSLVersion != nil) {
sslConfig.max_ssl_version = absl::optional<int>(_maxSSLVersion.intValue);
}
if (_tlsALPNProtocols != nil) {
__block std::vector<std::string> alpn_protocols;
[_tlsALPNProtocols enumerateObjectsUsingBlock:^(NSString *proto, NSUInteger idx, BOOL *stop) {
alpn_protocols.push_back(proto.stdString);
}];
sslConfig.tls_alpn_protocols = absl::optional<std::vector<std::string>>(alpn_protocols);
}
if (_tlsEllipticCurves != nil) {
__block std::vector<std::string> elliptic_curves;
[_tlsEllipticCurves enumerateObjectsUsingBlock:^(NSString *curve, NSUInteger idx, BOOL *stop) {
elliptic_curves.push_back(curve.stdString);
}];
sslConfig.tls_elliptic_curves = absl::optional<std::vector<std::string>>(elliptic_curves);
}
return sslConfig;
}
@end

10
sdk/objc/unittests/RTCIceServerTest.mm
View File

@ -89,7 +89,7 @@
EXPECT_EQ("username", iceStruct.username);
EXPECT_EQ("credential", iceStruct.password);
EXPECT_EQ("hostname", iceStruct.hostname);
EXPECT_EQ(2u, iceStruct.ssl_config.tls_alpn_protocols.value().size());
EXPECT_EQ(2u, iceStruct.tls_alpn_protocols.size());
}
- (void)testTlsEllipticCurves {
@ -106,8 +106,8 @@
EXPECT_EQ("username", iceStruct.username);
EXPECT_EQ("credential", iceStruct.password);
EXPECT_EQ("hostname", iceStruct.hostname);
EXPECT_EQ(2u, iceStruct.ssl_config.tls_alpn_protocols.value().size());
EXPECT_EQ(2u, iceStruct.ssl_config.tls_elliptic_curves.value().size());
EXPECT_EQ(2u, iceStruct.tls_alpn_protocols.size());
EXPECT_EQ(2u, iceStruct.tls_elliptic_curves.size());
}
- (void)testInitFromNativeServer {
@ -129,8 +129,8 @@
EXPECT_EQ("username", [NSString stdStringForString:iceServer.username]);
EXPECT_EQ("password", [NSString stdStringForString:iceServer.credential]);
EXPECT_EQ("hostname", [NSString stdStringForString:iceServer.hostname]);
EXPECT_EQ(2u, iceServer.sslConfig.tlsALPNProtocols.count);
EXPECT_EQ(2u, iceServer.sslConfig.tlsEllipticCurves.count);
EXPECT_EQ(2u, iceServer.tlsAlpnProtocols.count);
EXPECT_EQ(2u, iceServer.tlsEllipticCurves.count);
}
@end