zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Add SSLConfig object to IceServer."

Browse Source 
This reverts commit 4f085434b912060874d6697f17aaedd2adae7c49.

Reason for revert: breaks downstream projects.

Original change's description:
> Add SSLConfig object to IceServer.
> 
> This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
> with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
> tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.
> 
> Bug: webrtc:9662
> Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
> Reviewed-on: https://webrtc-review.googlesource.com/98762
> Commit-Queue: Diogo Real <diogor@google.com>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#24696}

TBR=steveanton@webrtc.org,sakal@webrtc.org,kwiberg@webrtc.org,kthelgason@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org,diogor@google.com

Change-Id: I1cb64b63fec688b4ac90c2fa368eaf0bc11046af
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: webrtc:9662
Reviewed-on: https://webrtc-review.googlesource.com/99880
Reviewed-by: Sergey Silkin <ssilkin@webrtc.org>
Commit-Queue: Sergey Silkin <ssilkin@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24701}
This commit is contained in:
Sergey Silkin
2018-09-12 10:45:38 +00:00
committed by Commit Bot
parent 289e980708
commit 9c147ddc91
31 changed files with 182 additions and 1092 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
sdk/objc/api/peerconnection/RTCIceServer.h
View File

@ -11,7 +11,11 @@
#import <Foundation/Foundation.h>
#import "RTCMacros.h"
#import "RTCSSLConfig.h"
typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
RTCTlsCertPolicySecure,
RTCTlsCertPolicyInsecureNoCheck
};
NS_ASSUME_NONNULL_BEGIN
@ -28,8 +32,7 @@ RTC_EXPORT
@property(nonatomic, readonly, nullable) NSString *credential;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
TLS certificate policy to use if this RTCIceServer object is a TURN server.
* TLS certificate policy to use if this RTCIceServer object is a TURN server.
*/
@property(nonatomic, readonly) RTCTlsCertPolicy tlsCertPolicy;
@ -40,24 +43,15 @@ RTC_EXPORT
*/
@property(nonatomic, readonly, nullable) NSString *hostname;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List of protocols to be used in the TLS ALPN extension.
This field will be ignored if also set in RTCSSLConfig.
*/
/** List of protocols to be used in the TLS ALPN extension. */
@property(nonatomic, readonly) NSArray<NSString *> *tlsAlpnProtocols;
/**
Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
This field will be ignored if also set in RTCSSLConfig.
*/
@property(nonatomic, readonly) NSArray<NSString *> *tlsEllipticCurves;
/** SSL configuration options for any SSL/TLS connections to this IceServer. */
@property(nonatomic, readonly) RTCSSLConfig *sslConfig;
- (nonnull instancetype)init NS_UNAVAILABLE;
/** Convenience initializer for a server with no authentication (e.g. STUN). */
@ -112,17 +106,8 @@ RTC_EXPORT
tlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy
hostname:(nullable NSString *)hostname
tlsAlpnProtocols:(nullable NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves;
/**
* Initialize an RTCIceServer with its associated URLs, optional
* username, optional credential, hostname and SSL config.
*/
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
username:(nullable NSString *)username
credential:(nullable NSString *)credential
hostname:(nullable NSString *)hostname
sslConfig:(RTCSSLConfig *)sslConfig NS_DESIGNATED_INITIALIZER;
tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves
NS_DESIGNATED_INITIALIZER;
@end

82
sdk/objc/api/peerconnection/RTCIceServer.mm
View File

@ -9,7 +9,6 @@
*/
#import "RTCIceServer+Private.h"
#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@ -22,7 +21,6 @@
@synthesize hostname = _hostname;
@synthesize tlsAlpnProtocols = _tlsAlpnProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
@synthesize sslConfig = _sslConfig;
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings {
return [self initWithURLStrings:urlStrings
@ -85,50 +83,28 @@
hostname:(NSString *)hostname
tlsAlpnProtocols:(NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(NSArray<NSString *> *)tlsEllipticCurves {
RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] init];
sslConfig.tlsCertPolicy = tlsCertPolicy;
sslConfig.tlsALPNProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
sslConfig.tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
return [self initWithURLStrings:urlStrings
username:username
credential:credential
hostname:hostname
sslConfig:sslConfig];
}
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
username:(NSString *)username
credential:(NSString *)credential
hostname:(NSString *)hostname
sslConfig:(RTCSSLConfig *)sslConfig {
NSParameterAssert(urlStrings.count);
if (self = [super init]) {
_urlStrings = [[NSArray alloc] initWithArray:urlStrings copyItems:YES];
_username = [username copy];
_credential = [credential copy];
_tlsCertPolicy = tlsCertPolicy;
_hostname = [hostname copy];
_sslConfig = sslConfig;
// TODO(diogor, webrtc:9673): Remove these duplicate assignments.
_tlsCertPolicy = sslConfig.tlsCertPolicy;
if (sslConfig.tlsALPNProtocols) {
_tlsAlpnProtocols = [[NSArray alloc] initWithArray:sslConfig.tlsALPNProtocols copyItems:YES];
}
if (sslConfig.tlsEllipticCurves) {
_tlsEllipticCurves =
[[NSArray alloc] initWithArray:sslConfig.tlsEllipticCurves copyItems:YES];
}
_tlsAlpnProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
_tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
}
return self;
}
- (NSString *)description {
return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@",
return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@\n%@\n%@",
_urlStrings,
_username,
_credential,
[self stringForTlsCertPolicy:_tlsCertPolicy],
_hostname,
_sslConfig];
_tlsAlpnProtocols,
_tlsEllipticCurves];
}
#pragma mark - Private
@ -173,8 +149,6 @@
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck;
break;
}
iceServer.ssl_config = [_sslConfig nativeConfig];
return iceServer;
}
@ -188,38 +162,34 @@
NSString *username = [NSString stringForStdString:nativeServer.username];
NSString *credential = [NSString stringForStdString:nativeServer.password];
NSString *hostname = [NSString stringForStdString:nativeServer.hostname];
RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] initWithNativeConfig:nativeServer.ssl_config];
if (!nativeServer.ssl_config.tls_alpn_protocols.has_value() &&
!nativeServer.tls_alpn_protocols.empty()) {
NSMutableArray *tlsALPNProtocols =
[NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
for (auto const &proto : nativeServer.tls_alpn_protocols) {
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
}
sslConfig.tlsALPNProtocols = tlsALPNProtocols;
NSMutableArray *tlsAlpnProtocols =
[NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
for (auto const &proto : nativeServer.tls_alpn_protocols) {
[tlsAlpnProtocols addObject:[NSString stringForStdString:proto]];
}
if (!nativeServer.ssl_config.tls_elliptic_curves.has_value() &&
!nativeServer.tls_elliptic_curves.empty()) {
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
for (auto const &curve : nativeServer.tls_elliptic_curves) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
sslConfig.tlsEllipticCurves = tlsEllipticCurves;
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
for (auto const &curve : nativeServer.tls_elliptic_curves) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
RTCTlsCertPolicy tlsCertPolicy;
if (nativeServer.tls_cert_policy ==
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
sslConfig.tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
switch (nativeServer.tls_cert_policy) {
case webrtc::PeerConnectionInterface::kTlsCertPolicySecure:
tlsCertPolicy = RTCTlsCertPolicySecure;
break;
case webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck:
tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
break;
}
self = [self initWithURLStrings:urls
username:username
credential:credential
tlsCertPolicy:tlsCertPolicy
hostname:hostname
sslConfig:sslConfig];
tlsAlpnProtocols:tlsAlpnProtocols
tlsEllipticCurves:tlsEllipticCurves];
return self;
}

27
sdk/objc/api/peerconnection/RTCSSLConfig+Native.h
View File

@ -1,27 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "RTCSSLConfig.h"
#include "api/peerconnectioninterface.h"
#include "rtc_base/ssladapter.h"
NS_ASSUME_NONNULL_BEGIN
@interface RTCSSLConfig (Native)
- (rtc::SSLConfig)nativeConfig;
/** Initialize an RTCSSLConfig from a native SSLConfig. */
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config;
@end
NS_ASSUME_NONNULL_END

56
sdk/objc/api/peerconnection/RTCSSLConfig.h
View File

@ -1,56 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import <Foundation/Foundation.h>
#import <WebRTC/RTCMacros.h>
typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
RTCTlsCertPolicySecure,
RTCTlsCertPolicyInsecureNoCheck
};
NS_ASSUME_NONNULL_BEGIN
RTC_EXPORT
@interface RTCSSLConfig : NSObject
/** Indicates whether to enable OCSP stapling in TLS. */
@property(nonatomic) BOOL enableOCSPStapling;
/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
@property(nonatomic) BOOL enableSignedCertTimestamp;
/** Indicates whether to enable the TLS Channel ID extension. */
@property(nonatomic) BOOL enableTlsChannelId;
/** Indicates whether to enable the TLS GREASE extension. */
@property(nonatomic) BOOL enableGrease;
/** Indicates how to process TURN server certificates */
@property(nonatomic) RTCTlsCertPolicy tlsCertPolicy;
/** Highest supported SSL version, as defined in the supported_versions TLS extension. */
@property(nonatomic, nullable) NSNumber *maxSSLVersion;
/** List of protocols to be used in the TLS ALPN extension. */
@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsALPNProtocols;
/**
List of elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
*/
@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsEllipticCurves;
- (instancetype)init;
@end
NS_ASSUME_NONNULL_END

134
sdk/objc/api/peerconnection/RTCSSLConfig.mm
View File

@ -1,134 +0,0 @@
/*
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@implementation RTCSSLConfig
@synthesize enableOCSPStapling = _enableOCSPStapling;
@synthesize enableSignedCertTimestamp = _enableSignedCertTimestamp;
@synthesize enableTlsChannelId = _enableTlsChannelId;
@synthesize enableGrease = _enableGrease;
@synthesize tlsCertPolicy = _tlsCertPolicy;
@synthesize maxSSLVersion = _maxSSLVersion;
@synthesize tlsALPNProtocols = _tlsALPNProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
- (instancetype)init {
// Copy defaults
rtc::SSLConfig config;
return [self initWithNativeConfig:config];
}
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config {
if (self = [super init]) {
_enableOCSPStapling = config.enable_ocsp_stapling;
_enableSignedCertTimestamp = config.enable_signed_cert_timestamp;
_enableTlsChannelId = config.enable_tls_channel_id;
_enableGrease = config.enable_grease;
switch (config.tls_cert_policy) {
case rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE:
_tlsCertPolicy = RTCTlsCertPolicySecure;
break;
case rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK:
_tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
break;
}
if (config.max_ssl_version) {
_maxSSLVersion = [NSNumber numberWithInt:*config.max_ssl_version];
}
if (config.tls_alpn_protocols) {
NSMutableArray *tlsALPNProtocols =
[NSMutableArray arrayWithCapacity:config.tls_alpn_protocols.value().size()];
for (auto const &proto : config.tls_alpn_protocols.value()) {
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
}
_tlsALPNProtocols = tlsALPNProtocols;
}
if (config.tls_elliptic_curves) {
NSMutableArray *tlsEllipticCurves =
[NSMutableArray arrayWithCapacity:config.tls_elliptic_curves.value().size()];
for (auto const &curve : config.tls_elliptic_curves.value()) {
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
_tlsEllipticCurves = tlsEllipticCurves;
}
}
return self;
}
- (NSString *)description {
return [NSString stringWithFormat:@"RTCSSLConfig:\n%d\n%d\n%d\n%d\n%@\n%@\n%@\n%@",
_enableOCSPStapling,
_enableSignedCertTimestamp,
_enableTlsChannelId,
_enableGrease,
[self stringForTlsCertPolicy:_tlsCertPolicy],
_maxSSLVersion,
_tlsALPNProtocols,
_tlsEllipticCurves];
}
#pragma mark - Private
- (NSString *)stringForTlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy {
switch (tlsCertPolicy) {
case RTCTlsCertPolicySecure:
return @"RTCTlsCertPolicySecure";
case RTCTlsCertPolicyInsecureNoCheck:
return @"RTCTlsCertPolicyInsecureNoCheck";
}
}
- (rtc::SSLConfig)nativeConfig {
__block rtc::SSLConfig sslConfig;
sslConfig.enable_ocsp_stapling = _enableOCSPStapling;
sslConfig.enable_signed_cert_timestamp = _enableSignedCertTimestamp;
sslConfig.enable_tls_channel_id = _enableTlsChannelId;
sslConfig.enable_grease = _enableGrease;
switch (_tlsCertPolicy) {
case RTCTlsCertPolicySecure:
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
break;
case RTCTlsCertPolicyInsecureNoCheck:
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
break;
}
if (_maxSSLVersion != nil) {
sslConfig.max_ssl_version = absl::optional<int>(_maxSSLVersion.intValue);
}
if (_tlsALPNProtocols != nil) {
__block std::vector<std::string> alpn_protocols;
[_tlsALPNProtocols enumerateObjectsUsingBlock:^(NSString *proto, NSUInteger idx, BOOL *stop) {
alpn_protocols.push_back(proto.stdString);
}];
sslConfig.tls_alpn_protocols = absl::optional<std::vector<std::string>>(alpn_protocols);
}
if (_tlsEllipticCurves != nil) {
__block std::vector<std::string> elliptic_curves;
[_tlsEllipticCurves enumerateObjectsUsingBlock:^(NSString *curve, NSUInteger idx, BOOL *stop) {
elliptic_curves.push_back(curve.stdString);
}];
sslConfig.tls_elliptic_curves = absl::optional<std::vector<std::string>>(elliptic_curves);
}
return sslConfig;
}
@end