zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Add SSLConfig object to IceServer."

Browse Source 
This reverts commit 4f085434b912060874d6697f17aaedd2adae7c49.

Reason for revert: breaks downstream projects.

Original change's description:
> Add SSLConfig object to IceServer.
> 
> This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
> with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
> tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.
> 
> Bug: webrtc:9662
> Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
> Reviewed-on: https://webrtc-review.googlesource.com/98762
> Commit-Queue: Diogo Real <diogor@google.com>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#24696}

TBR=steveanton@webrtc.org,sakal@webrtc.org,kwiberg@webrtc.org,kthelgason@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org,diogor@google.com

Change-Id: I1cb64b63fec688b4ac90c2fa368eaf0bc11046af
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: webrtc:9662
Reviewed-on: https://webrtc-review.googlesource.com/99880
Reviewed-by: Sergey Silkin <ssilkin@webrtc.org>
Commit-Queue: Sergey Silkin <ssilkin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24701}
This commit is contained in:
Sergey Silkin
2018-09-12 10:45:38 +00:00
committed by Commit Bot
parent 289e980708
commit 9c147ddc91
31 changed files with 182 additions and 1092 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
sdk/android/api/org/webrtc/PeerConnection.java
View File

@ -50,7 +50,6 @@ public class PeerConnection {
}
}
// TODO(diogor, webrtc:9673): Remove TlsCertPolicy. It's deprecated, in favor of SslConfig.
/** Tracks PeerConnectionInterface::TlsCertPolicy */
public enum TlsCertPolicy {
TLS_CERT_POLICY_SECURE,
@ -127,9 +126,7 @@ public class PeerConnection {
public final List<String> urls;
public final String username;
public final String password;
// TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
// This field will be ignored if tlsCertPolicy is also set in SslConfig.
@Deprecated public final TlsCertPolicy tlsCertPolicy;
public final TlsCertPolicy tlsCertPolicy;
// If the URIs in |urls| only contain IP addresses, this field can be used
// to indicate the hostname, which may be necessary for TLS (using the SNI
@ -137,18 +134,12 @@ public class PeerConnection {
// necessary.
public final String hostname;
// TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
// List of protocols to be used in the TLS ALPN extension.
@Deprecated public final List<String> tlsAlpnProtocols;
public final List<String> tlsAlpnProtocols;
// TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
// List of elliptic curves to be used in the TLS elliptic curves extension.
// Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
// This field will be ignored if tlsEllipticCurves is also set in SslConfig.
@Deprecated public final List<String> tlsEllipticCurves;
// SSL configuration options for any SSL/TLS connections to this IceServer.
public final SslConfig sslConfig;
public final List<String> tlsEllipticCurves;
/** Convenience constructor for STUN servers. */
@Deprecated
@ -170,12 +161,12 @@ public class PeerConnection {
public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
String hostname) {
this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
null, SslConfig.builder().createSslConfig());
null);
}
private IceServer(String uri, List<String> urls, String username, String password,
TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
List<String> tlsEllipticCurves, SslConfig sslConfig) {
List<String> tlsEllipticCurves) {
if (uri == null || urls == null || urls.isEmpty()) {
throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
}
@ -201,13 +192,12 @@ public class PeerConnection {
this.hostname = hostname;
this.tlsAlpnProtocols = tlsAlpnProtocols;
this.tlsEllipticCurves = tlsEllipticCurves;
this.sslConfig = sslConfig;
}
@Override
public String toString() {
return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
+ "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
}
public static Builder builder(String uri) {
@ -226,7 +216,6 @@ public class PeerConnection {
private String hostname = "";
private List<String> tlsAlpnProtocols;
private List<String> tlsEllipticCurves;
private SslConfig sslConfig = SslConfig.builder().createSslConfig();
private Builder(List<String> urls) {
if (urls == null || urls.isEmpty()) {
@ -245,7 +234,6 @@ public class PeerConnection {
return this;
}
@Deprecated
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
@ -256,26 +244,19 @@ public class PeerConnection {
return this;
}
@Deprecated
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
@Deprecated
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
public Builder setSslConfig(SslConfig sslConfig) {
this.sslConfig = sslConfig;
return this;
}
public IceServer createIceServer() {
return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
tlsAlpnProtocols, tlsEllipticCurves);
}
}
@ -317,11 +298,6 @@ public class PeerConnection {
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
@CalledByNative("IceServer")
SslConfig getSslConfig() {
return sslConfig;
}
}
/** Java version of PeerConnectionInterface.IceTransportsType */

204
sdk/android/api/org/webrtc/SslConfig.java
View File

@ -1,204 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
package org.webrtc;
import java.util.Collections;
import java.util.List;
import javax.annotation.Nullable;
/**
* Java version of rtc::SSLConfig.
*
* Contains the configuration of any SSL/TLS connections that are initiated by
* our client.
*/
public class SslConfig {
/** Tracks rtc::TlsCertPolicy */
public enum TlsCertPolicy {
TLS_CERT_POLICY_SECURE,
TLS_CERT_POLICY_INSECURE_NO_CHECK,
}
/** Indicates whether to enable OCSP stapling in TLS. */
public final boolean enableOcspStapling;
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
public final boolean enableSignedCertTimestamp;
/** Indicates whether to enable the TLS Channel ID extension. */
public final boolean enableTlsChannelId;
/** Indicates whether to enable the TLS GREASE extension. */
public final boolean enableGrease;
/** Indicates how to process TURN server certificates */
public final TlsCertPolicy tlsCertPolicy;
/**
* Highest supported SSL version, as defined in the supported_versions TLS extension.
* If null, the default OpenSSL/BoringSSL max version will be used.
*/
@Nullable public final Integer maxSslVersion;
/**
* List of protocols to be used in the TLS ALPN extension.
* If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
*/
@Nullable public final List<String> tlsAlpnProtocols;
/**
* List of elliptic curves to be used in the TLS elliptic curves extension.
* Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
* If null, the default list of OpenSSL/BoringSSL curves will be used.
*/
@Nullable public final List<String> tlsEllipticCurves;
private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
this.enableOcspStapling = enableOcspStapling;
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
this.enableTlsChannelId = enableTlsChannelId;
this.enableGrease = enableGrease;
this.tlsCertPolicy = tlsCertPolicy;
this.maxSslVersion = maxSslVersion;
if (tlsAlpnProtocols != null) {
this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
} else {
this.tlsAlpnProtocols = null;
}
if (tlsEllipticCurves != null) {
this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
} else {
this.tlsEllipticCurves = null;
}
}
@Override
public String toString() {
return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
+ enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
+ "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
+ "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
+ "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
}
public static Builder builder() {
return new Builder();
}
public static class Builder {
private boolean enableOcspStapling;
private boolean enableSignedCertTimestamp;
private boolean enableTlsChannelId;
private boolean enableGrease;
private TlsCertPolicy tlsCertPolicy;
@Nullable private Integer maxSslVersion;
@Nullable private List<String> tlsAlpnProtocols;
@Nullable private List<String> tlsEllipticCurves;
private Builder() {
this.enableOcspStapling = true;
this.enableSignedCertTimestamp = true;
this.enableTlsChannelId = false;
this.enableGrease = false;
this.tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
this.maxSslVersion = null;
this.tlsAlpnProtocols = null;
this.tlsEllipticCurves = null;
}
public Builder setEnableOcspStapling(boolean enableOcspStapling) {
this.enableOcspStapling = enableOcspStapling;
return this;
}
public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
this.enableSignedCertTimestamp = enableSignedCertTimestamp;
return this;
}
public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
this.enableTlsChannelId = enableTlsChannelId;
return this;
}
public Builder setEnableGrease(boolean enableGrease) {
this.enableGrease = enableGrease;
return this;
}
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
}
public Builder setMaxSslVersion(int maxSslVersion) {
this.maxSslVersion = maxSslVersion;
return this;
}
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
public SslConfig createSslConfig() {
return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
}
}
@CalledByNative
boolean getEnableOcspStapling() {
return enableOcspStapling;
}
@CalledByNative
boolean getEnableSignedCertTimestamp() {
return enableSignedCertTimestamp;
}
@CalledByNative
boolean getEnableTlsChannelId() {
return enableTlsChannelId;
}
@CalledByNative
boolean getEnableGrease() {
return enableGrease;
}
@CalledByNative
TlsCertPolicy getTlsCertPolicy() {
return tlsCertPolicy;
}
@Nullable
@CalledByNative
Integer getMaxSslVersion() {
return maxSslVersion;
}
@Nullable
@CalledByNative
List<String> getTlsAlpnProtocols() {
return tlsAlpnProtocols;
}
@Nullable
@CalledByNative
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
}