Revert "Add SSLConfig object to IceServer."

This reverts commit 4f085434b912060874d6697f17aaedd2adae7c49. Reason for revert: breaks downstream projects. Original change's description: > Add SSLConfig object to IceServer. > > This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020, > with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and > tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility. > > Bug: webrtc:9662 > Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5 > Reviewed-on: https://webrtc-review.googlesource.com/98762 > Commit-Queue: Diogo Real <diogor@google.com> > Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> > Reviewed-by: Kári Helgason <kthelgason@webrtc.org> > Reviewed-by: Steve Anton <steveanton@webrtc.org> > Reviewed-by: Qingsi Wang <qingsi@webrtc.org> > Cr-Commit-Position: refs/heads/master@{#24696} TBR=steveanton@webrtc.org,sakal@webrtc.org,kwiberg@webrtc.org,kthelgason@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org,diogor@google.com Change-Id: I1cb64b63fec688b4ac90c2fa368eaf0bc11046af No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: webrtc:9662 Reviewed-on: https://webrtc-review.googlesource.com/99880 Reviewed-by: Sergey Silkin <ssilkin@webrtc.org> Commit-Queue: Sergey Silkin <ssilkin@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24701}
2018-09-12 10:45:38 +00:00
parent 289e980708
commit 9c147ddc91
31 changed files with 182 additions and 1092 deletions
--- a/sdk/android/BUILD.gn
+++ b/sdk/android/BUILD.gn
@ -306,7 +306,6 @@ if (is_android) {
      "api/org/webrtc/RtpSender.java",
      "api/org/webrtc/RtpTransceiver.java",
      "api/org/webrtc/SSLCertificateVerifier.java",
-      "api/org/webrtc/SslConfig.java",
      "api/org/webrtc/SdpObserver.java",
      "api/org/webrtc/SessionDescription.java",
      "api/org/webrtc/StatsObserver.java",
@ -649,8 +648,6 @@ if (is_android) {
      "src/jni/pc/sessiondescription.h",
      "src/jni/pc/sslcertificateverifierwrapper.cc",
      "src/jni/pc/sslcertificateverifierwrapper.h",
-      "src/jni/pc/sslconfig.cc",
-      "src/jni/pc/sslconfig.h",
      "src/jni/pc/statsobserver.cc",
      "src/jni/pc/statsobserver.h",
      "src/jni/pc/turncustomizer.cc",
@ -1196,7 +1193,6 @@ if (is_android) {
      "api/org/webrtc/SSLCertificateVerifier.java",
      "api/org/webrtc/SdpObserver.java",
      "api/org/webrtc/SessionDescription.java",
-      "api/org/webrtc/SslConfig.java",
      "api/org/webrtc/StatsObserver.java",
      "api/org/webrtc/StatsReport.java",
      "api/org/webrtc/TurnCustomizer.java",
--- a/sdk/android/api/org/webrtc/PeerConnection.java
+++ b/sdk/android/api/org/webrtc/PeerConnection.java
@ -50,7 +50,6 @@ public class PeerConnection {
    }
  }

-  // TODO(diogor, webrtc:9673): Remove TlsCertPolicy. It's deprecated, in favor of SslConfig.
  /** Tracks PeerConnectionInterface::TlsCertPolicy */
  public enum TlsCertPolicy {
    TLS_CERT_POLICY_SECURE,
@ -127,9 +126,7 @@ public class PeerConnection {
    public final List<String> urls;
    public final String username;
    public final String password;
-    // TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
-    // This field will be ignored if tlsCertPolicy is also set in SslConfig.
-    @Deprecated public final TlsCertPolicy tlsCertPolicy;
+    public final TlsCertPolicy tlsCertPolicy;

    // If the URIs in |urls| only contain IP addresses, this field can be used
    // to indicate the hostname, which may be necessary for TLS (using the SNI
@ -137,18 +134,12 @@ public class PeerConnection {
    // necessary.
    public final String hostname;

-    // TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
    // List of protocols to be used in the TLS ALPN extension.
-    @Deprecated public final List<String> tlsAlpnProtocols;
+    public final List<String> tlsAlpnProtocols;

-    // TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
    // List of elliptic curves to be used in the TLS elliptic curves extension.
    // Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
-    // This field will be ignored if tlsEllipticCurves is also set in SslConfig.
-    @Deprecated public final List<String> tlsEllipticCurves;
-
-    // SSL configuration options for any SSL/TLS connections to this IceServer.
-    public final SslConfig sslConfig;
+    public final List<String> tlsEllipticCurves;

    /** Convenience constructor for STUN servers. */
    @Deprecated
@ -170,12 +161,12 @@ public class PeerConnection {
    public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
        String hostname) {
      this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
-          null, SslConfig.builder().createSslConfig());
+          null);
    }

    private IceServer(String uri, List<String> urls, String username, String password,
        TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
-        List<String> tlsEllipticCurves, SslConfig sslConfig) {
+        List<String> tlsEllipticCurves) {
      if (uri == null || urls == null || urls.isEmpty()) {
        throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
      }
@ -201,13 +192,12 @@ public class PeerConnection {
      this.hostname = hostname;
      this.tlsAlpnProtocols = tlsAlpnProtocols;
      this.tlsEllipticCurves = tlsEllipticCurves;
-      this.sslConfig = sslConfig;
    }

    @Override
    public String toString() {
      return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
-          + "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
+          + "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
    }

    public static Builder builder(String uri) {
@ -226,7 +216,6 @@ public class PeerConnection {
      private String hostname = "";
      private List<String> tlsAlpnProtocols;
      private List<String> tlsEllipticCurves;
-      private SslConfig sslConfig = SslConfig.builder().createSslConfig();

      private Builder(List<String> urls) {
        if (urls == null || urls.isEmpty()) {
@ -245,7 +234,6 @@ public class PeerConnection {
        return this;
      }

-      @Deprecated
      public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
        this.tlsCertPolicy = tlsCertPolicy;
        return this;
@ -256,26 +244,19 @@ public class PeerConnection {
        return this;
      }

-      @Deprecated
      public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
        this.tlsAlpnProtocols = tlsAlpnProtocols;
        return this;
      }

-      @Deprecated
      public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
        this.tlsEllipticCurves = tlsEllipticCurves;
        return this;
      }

-      public Builder setSslConfig(SslConfig sslConfig) {
-        this.sslConfig = sslConfig;
-        return this;
-      }
-
      public IceServer createIceServer() {
        return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
-            tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
+            tlsAlpnProtocols, tlsEllipticCurves);
      }
    }

@ -317,11 +298,6 @@ public class PeerConnection {
    List<String> getTlsEllipticCurves() {
      return tlsEllipticCurves;
    }
-
-    @CalledByNative("IceServer")
-    SslConfig getSslConfig() {
-      return sslConfig;
-    }
  }

  /** Java version of PeerConnectionInterface.IceTransportsType */
--- a/sdk/android/api/org/webrtc/SslConfig.java
+++ b/sdk/android/api/org/webrtc/SslConfig.java
@ -1,204 +0,0 @@
-/*
- *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
- *
- *  Use of this source code is governed by a BSD-style license
- *  that can be found in the LICENSE file in the root of the source
- *  tree. An additional intellectual property rights grant can be found
- *  in the file PATENTS.  All contributing project authors may
- *  be found in the AUTHORS file in the root of the source tree.
- */
-
-package org.webrtc;
-
-import java.util.Collections;
-import java.util.List;
-import javax.annotation.Nullable;
-
-/**
- * Java version of rtc::SSLConfig.
- *
- * Contains the configuration of any SSL/TLS connections that are initiated by
- * our client.
- */
-public class SslConfig {
-  /** Tracks rtc::TlsCertPolicy */
-  public enum TlsCertPolicy {
-    TLS_CERT_POLICY_SECURE,
-    TLS_CERT_POLICY_INSECURE_NO_CHECK,
-  }
-
-  /** Indicates whether to enable OCSP stapling in TLS. */
-  public final boolean enableOcspStapling;
-  /** Indicates whether to enable the signed certificate timestamp extension in TLS. */
-  public final boolean enableSignedCertTimestamp;
-  /** Indicates whether to enable the TLS Channel ID extension. */
-  public final boolean enableTlsChannelId;
-  /** Indicates whether to enable the TLS GREASE extension. */
-  public final boolean enableGrease;
-
-  /** Indicates how to process TURN server certificates */
-  public final TlsCertPolicy tlsCertPolicy;
-
-  /**
-   * Highest supported SSL version, as defined in the supported_versions TLS extension.
-   * If null, the default OpenSSL/BoringSSL max version will be used.
-   */
-  @Nullable public final Integer maxSslVersion;
-
-  /**
-   * List of protocols to be used in the TLS ALPN extension.
-   * If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
-   */
-  @Nullable public final List<String> tlsAlpnProtocols;
-
-  /**
-   * List of elliptic curves to be used in the TLS elliptic curves extension.
-   * Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
-   * If null, the default list of OpenSSL/BoringSSL curves will be used.
-   */
-  @Nullable public final List<String> tlsEllipticCurves;
-
-  private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
-      boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
-      Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
-    this.enableOcspStapling = enableOcspStapling;
-    this.enableSignedCertTimestamp = enableSignedCertTimestamp;
-    this.enableTlsChannelId = enableTlsChannelId;
-    this.enableGrease = enableGrease;
-    this.tlsCertPolicy = tlsCertPolicy;
-    this.maxSslVersion = maxSslVersion;
-    if (tlsAlpnProtocols != null) {
-      this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
-    } else {
-      this.tlsAlpnProtocols = null;
-    }
-    if (tlsEllipticCurves != null) {
-      this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
-    } else {
-      this.tlsEllipticCurves = null;
-    }
-  }
-
-  @Override
-  public String toString() {
-    return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
-        + enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
-        + "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
-        + "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
-        + "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
-  }
-
-  public static Builder builder() {
-    return new Builder();
-  }
-
-  public static class Builder {
-    private boolean enableOcspStapling;
-    private boolean enableSignedCertTimestamp;
-    private boolean enableTlsChannelId;
-    private boolean enableGrease;
-    private TlsCertPolicy tlsCertPolicy;
-    @Nullable private Integer maxSslVersion;
-    @Nullable private List<String> tlsAlpnProtocols;
-    @Nullable private List<String> tlsEllipticCurves;
-
-    private Builder() {
-      this.enableOcspStapling = true;
-      this.enableSignedCertTimestamp = true;
-      this.enableTlsChannelId = false;
-      this.enableGrease = false;
-      this.tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
-      this.maxSslVersion = null;
-      this.tlsAlpnProtocols = null;
-      this.tlsEllipticCurves = null;
-    }
-
-    public Builder setEnableOcspStapling(boolean enableOcspStapling) {
-      this.enableOcspStapling = enableOcspStapling;
-      return this;
-    }
-
-    public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
-      this.enableSignedCertTimestamp = enableSignedCertTimestamp;
-      return this;
-    }
-
-    public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
-      this.enableTlsChannelId = enableTlsChannelId;
-      return this;
-    }
-
-    public Builder setEnableGrease(boolean enableGrease) {
-      this.enableGrease = enableGrease;
-      return this;
-    }
-
-    public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
-      this.tlsCertPolicy = tlsCertPolicy;
-      return this;
-    }
-
-    public Builder setMaxSslVersion(int maxSslVersion) {
-      this.maxSslVersion = maxSslVersion;
-      return this;
-    }
-
-    public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
-      this.tlsAlpnProtocols = tlsAlpnProtocols;
-      return this;
-    }
-
-    public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
-      this.tlsEllipticCurves = tlsEllipticCurves;
-      return this;
-    }
-
-    public SslConfig createSslConfig() {
-      return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
-          enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
-    }
-  }
-
-  @CalledByNative
-  boolean getEnableOcspStapling() {
-    return enableOcspStapling;
-  }
-
-  @CalledByNative
-  boolean getEnableSignedCertTimestamp() {
-    return enableSignedCertTimestamp;
-  }
-
-  @CalledByNative
-  boolean getEnableTlsChannelId() {
-    return enableTlsChannelId;
-  }
-
-  @CalledByNative
-  boolean getEnableGrease() {
-    return enableGrease;
-  }
-
-  @CalledByNative
-  TlsCertPolicy getTlsCertPolicy() {
-    return tlsCertPolicy;
-  }
-
-  @Nullable
-  @CalledByNative
-  Integer getMaxSslVersion() {
-    return maxSslVersion;
-  }
-
-  @Nullable
-  @CalledByNative
-  List<String> getTlsAlpnProtocols() {
-    return tlsAlpnProtocols;
-  }
-
-  @Nullable
-  @CalledByNative
-  List<String> getTlsEllipticCurves() {
-    return tlsEllipticCurves;
-  }
-}
--- a/sdk/android/src/jni/pc/peerconnection.cc
+++ b/sdk/android/src/jni/pc/peerconnection.cc
@ -51,7 +51,6 @@
 #include "sdk/android/src/jni/pc/rtpsender.h"
 #include "sdk/android/src/jni/pc/sdpobserver.h"
 #include "sdk/android/src/jni/pc/sessiondescription.h"
-#include "sdk/android/src/jni/pc/sslconfig.h"
 #include "sdk/android/src/jni/pc/statsobserver.h"
 #include "sdk/android/src/jni/pc/turncustomizer.h"

@ -88,8 +87,6 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
        Java_IceServer_getTlsAlpnProtocols(jni, j_ice_server);
    ScopedJavaLocalRef<jobject> tls_elliptic_curves =
        Java_IceServer_getTlsEllipticCurves(jni, j_ice_server);
-    ScopedJavaLocalRef<jobject> ssl_config =
-        Java_IceServer_getSslConfig(jni, j_ice_server);
    PeerConnectionInterface::IceServer server;
    server.urls = JavaListToNativeVector<std::string, jstring>(
        jni, urls, &JavaToNativeString);
@ -101,7 +98,6 @@ PeerConnectionInterface::IceServers JavaToNativeIceServers(
        jni, tls_alpn_protocols, &JavaToNativeString);
    server.tls_elliptic_curves = JavaListToNativeVector<std::string, jstring>(
        jni, tls_elliptic_curves, &JavaToNativeString);
-    server.ssl_config = JavaToNativeSslConfig(jni, ssl_config);
    ice_servers.push_back(server);
  }
  return ice_servers;
--- a/sdk/android/src/jni/pc/sslconfig.cc
+++ b/sdk/android/src/jni/pc/sslconfig.cc
@ -1,78 +0,0 @@
-
-/*
- *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
- *
- *  Use of this source code is governed by a BSD-style license
- *  that can be found in the LICENSE file in the root of the source
- *  tree. An additional intellectual property rights grant can be found
- *  in the file PATENTS.  All contributing project authors may
- *  be found in the AUTHORS file in the root of the source tree.
- */
-
-#include "sdk/android/src/jni/pc/sslconfig.h"
-
-#include <string>
-
-#include "rtc_base/ssladapter.h"
-#include "sdk/android/generated_peerconnection_jni/jni/SslConfig_jni.h"
-#include "sdk/android/native_api/jni/java_types.h"
-#include "sdk/android/src/jni/jni_helpers.h"
-
-namespace webrtc {
-namespace jni {
-
-rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
-    JNIEnv* jni,
-    const JavaRef<jobject>& j_ssl_config_tls_cert_policy) {
-  std::string enum_name = GetJavaEnumName(jni, j_ssl_config_tls_cert_policy);
-
-  if (enum_name == "TLS_CERT_POLICY_SECURE")
-    return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
-
-  if (enum_name == "TLS_CERT_POLICY_INSECURE_NO_CHECK")
-    return rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
-
-  RTC_NOTREACHED();
-  return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
-}
-
-rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* jni,
-                                     const JavaRef<jobject>& j_ssl_config) {
-  rtc::SSLConfig ssl_config;
-  ssl_config.enable_ocsp_stapling =
-      Java_SslConfig_getEnableOcspStapling(jni, j_ssl_config);
-  ssl_config.enable_signed_cert_timestamp =
-      Java_SslConfig_getEnableSignedCertTimestamp(jni, j_ssl_config);
-  ssl_config.enable_tls_channel_id =
-      Java_SslConfig_getEnableTlsChannelId(jni, j_ssl_config);
-  ssl_config.enable_grease = Java_SslConfig_getEnableGrease(jni, j_ssl_config);
-
-  ScopedJavaLocalRef<jobject> j_ssl_config_max_ssl_version =
-      Java_SslConfig_getMaxSslVersion(jni, j_ssl_config);
-  ssl_config.max_ssl_version =
-      JavaToNativeOptionalInt(jni, j_ssl_config_max_ssl_version);
-
-  ScopedJavaLocalRef<jobject> j_ssl_config_tls_cert_policy =
-      Java_SslConfig_getTlsCertPolicy(jni, j_ssl_config);
-  ssl_config.tls_cert_policy =
-      JavaToNativeRtcTlsCertPolicy(jni, j_ssl_config_tls_cert_policy);
-
-  ScopedJavaLocalRef<jobject> j_ssl_config_tls_alpn_protocols =
-      Java_SslConfig_getTlsAlpnProtocols(jni, j_ssl_config);
-  if (!IsNull(jni, j_ssl_config_tls_alpn_protocols)) {
-    ssl_config.tls_alpn_protocols =
-        JavaListToNativeVector<std::string, jstring>(
-            jni, j_ssl_config_tls_alpn_protocols, &JavaToNativeString);
-  }
-  ScopedJavaLocalRef<jobject> j_ssl_config_tls_elliptic_curves =
-      Java_SslConfig_getTlsEllipticCurves(jni, j_ssl_config);
-  if (!IsNull(jni, j_ssl_config_tls_elliptic_curves)) {
-    ssl_config.tls_elliptic_curves =
-        JavaListToNativeVector<std::string, jstring>(
-            jni, j_ssl_config_tls_elliptic_curves, &JavaToNativeString);
-  }
-  return ssl_config;
-}
-
-}  // namespace jni
-}  // namespace webrtc
--- a/sdk/android/src/jni/pc/sslconfig.h
+++ b/sdk/android/src/jni/pc/sslconfig.h
@ -1,30 +0,0 @@
-/*
- *  Copyright 2018 The WebRTC project authors. All Rights Reserved.
- *
- *  Use of this source code is governed by a BSD-style license
- *  that can be found in the LICENSE file in the root of the source
- *  tree. An additional intellectual property rights grant can be found
- *  in the file PATENTS.  All contributing project authors may
- *  be found in the AUTHORS file in the root of the source tree.
- */
-
-#ifndef SDK_ANDROID_SRC_JNI_PC_SSLCONFIG_H_
-#define SDK_ANDROID_SRC_JNI_PC_SSLCONFIG_H_
-
-#include "api/peerconnectioninterface.h"
-#include "sdk/android/native_api/jni/scoped_java_ref.h"
-
-namespace webrtc {
-namespace jni {
-
-rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
-    JNIEnv* jni,
-    const JavaRef<jobject>& j_ssl_config_tls_cert_policy);
-
-rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* env,
-                                     const JavaRef<jobject>& j_ssl_config);
-
-}  // namespace jni
-}  // namespace webrtc
-
-#endif  // SDK_ANDROID_SRC_JNI_PC_SSLCONFIG_H_