diff --git a/talk/app/webrtc/objc/RTCPeerConnection.mm b/talk/app/webrtc/objc/RTCPeerConnection.mm index 6ec7edcdc9..da092c8026 100644 --- a/talk/app/webrtc/objc/RTCPeerConnection.mm +++ b/talk/app/webrtc/objc/RTCPeerConnection.mm @@ -279,11 +279,7 @@ class RTCStatsObserver : public StatsObserver { config.servers = iceServers; _observer.reset(new webrtc::RTCPeerConnectionObserver(self)); _peerConnection = factory->CreatePeerConnection( - config, - constraints, - nullptr, - std::unique_ptr(), - _observer.get()); + config, constraints, nullptr, nullptr, _observer.get()); _localStreams = [[NSMutableArray alloc] init]; } return self; @@ -297,12 +293,7 @@ class RTCStatsObserver : public StatsObserver { if (self = [super init]) { _observer.reset(new webrtc::RTCPeerConnectionObserver(self)); _peerConnection = - factory->CreatePeerConnection( - config, - constraints, - nullptr, - std::unique_ptr(), - _observer.get()); + factory->CreatePeerConnection(config, constraints, nullptr, nullptr, _observer.get()); _localStreams = [[NSMutableArray alloc] init]; _delegate = delegate; } diff --git a/webrtc/api/java/jni/peerconnection_jni.cc b/webrtc/api/java/jni/peerconnection_jni.cc index af9b548d23..a07580544f 100644 --- a/webrtc/api/java/jni/peerconnection_jni.cc +++ b/webrtc/api/java/jni/peerconnection_jni.cc @@ -1603,11 +1603,7 @@ JOW(jlong, PeerConnectionFactory_nativeCreatePeerConnection)( PCOJava* observer = reinterpret_cast(observer_p); observer->SetConstraints(new ConstraintsWrapper(jni, j_constraints)); rtc::scoped_refptr pc(f->CreatePeerConnection( - rtc_config, - observer->constraints(), - nullptr, - std::unique_ptr(), - observer)); + rtc_config, observer->constraints(), NULL, NULL, observer)); return (jlong)pc.release(); } diff --git a/webrtc/api/peerconnection.cc b/webrtc/api/peerconnection.cc index 6ffe1b9a6a..581159f13a 100644 --- a/webrtc/api/peerconnection.cc +++ b/webrtc/api/peerconnection.cc @@ -566,7 +566,7 @@ PeerConnection::~PeerConnection() { bool PeerConnection::Initialize( const PeerConnectionInterface::RTCConfiguration& configuration, std::unique_ptr allocator, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, PeerConnectionObserver* observer) { TRACE_EVENT0("webrtc", "PeerConnection::Initialize"); RTC_DCHECK(observer != nullptr); @@ -594,7 +594,7 @@ bool PeerConnection::Initialize( stats_.reset(new StatsCollector(this)); // Initialize the WebRtcSession. It creates transport channels etc. - if (!session_->Initialize(factory_->options(), std::move(cert_generator), + if (!session_->Initialize(factory_->options(), std::move(dtls_identity_store), configuration)) { return false; } diff --git a/webrtc/api/peerconnection.h b/webrtc/api/peerconnection.h index a683e8d685..cf9e3b9338 100644 --- a/webrtc/api/peerconnection.h +++ b/webrtc/api/peerconnection.h @@ -16,6 +16,7 @@ #include #include +#include "webrtc/api/dtlsidentitystore.h" #include "webrtc/api/peerconnectionfactory.h" #include "webrtc/api/peerconnectioninterface.h" #include "webrtc/api/rtpreceiverinterface.h" @@ -69,7 +70,7 @@ class PeerConnection : public PeerConnectionInterface, bool Initialize( const PeerConnectionInterface::RTCConfiguration& configuration, std::unique_ptr allocator, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, PeerConnectionObserver* observer); rtc::scoped_refptr local_streams() override; diff --git a/webrtc/api/peerconnectionfactory.cc b/webrtc/api/peerconnectionfactory.cc index 9a58452d2d..a91589a98a 100644 --- a/webrtc/api/peerconnectionfactory.cc +++ b/webrtc/api/peerconnectionfactory.cc @@ -36,27 +36,25 @@ namespace webrtc { namespace { -// Passes down the calls to |cert_generator_|. See usage in -// |CreatePeerConnection|. -class RTCCertificateGeneratorWrapper - : public rtc::RTCCertificateGeneratorInterface { +// Passes down the calls to |store_|. See usage in CreatePeerConnection. +class DtlsIdentityStoreWrapper : public DtlsIdentityStoreInterface { public: - RTCCertificateGeneratorWrapper( - const rtc::scoped_refptr& cert_gen) - : cert_generator_(cert_gen) { - RTC_DCHECK(cert_generator_); + DtlsIdentityStoreWrapper( + const rtc::scoped_refptr& store) + : store_(store) { + RTC_DCHECK(store_); } - void GenerateCertificateAsync( + void RequestIdentity( const rtc::KeyParams& key_params, const rtc::Optional& expires_ms, - const rtc::scoped_refptr& callback) - override { - cert_generator_->GenerateCertificateAsync(key_params, expires_ms, callback); + const rtc::scoped_refptr& + observer) override { + store_->RequestIdentity(key_params, expires_ms, observer); } private: - rtc::scoped_refptr cert_generator_; + rtc::scoped_refptr store_; }; } // anonymous namespace @@ -143,9 +141,9 @@ PeerConnectionFactory::~PeerConnectionFactory() { channel_manager_.reset(nullptr); // Make sure |worker_thread_| and |signaling_thread_| outlive - // |cert_generator_|, |default_socket_factory_| and + // |dtls_identity_store_|, |default_socket_factory_| and // |default_network_manager_|. - cert_generator_ = nullptr; + dtls_identity_store_ = nullptr; default_socket_factory_ = nullptr; default_network_manager_ = nullptr; @@ -186,8 +184,8 @@ bool PeerConnectionFactory::Initialize() { return false; } - cert_generator_ = - new RefCountedRTCCertificateGenerator(signaling_thread_, network_thread_); + dtls_identity_store_ = + new RefCountedDtlsIdentityStore(signaling_thread_, network_thread_); return true; } @@ -257,7 +255,7 @@ PeerConnectionFactory::CreatePeerConnection( const PeerConnectionInterface::RTCConfiguration& configuration_in, const MediaConstraintsInterface* constraints, std::unique_ptr allocator, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, PeerConnectionObserver* observer) { RTC_DCHECK(signaling_thread_->IsCurrent()); @@ -266,23 +264,23 @@ PeerConnectionFactory::CreatePeerConnection( CopyConstraintsIntoRtcConfiguration(constraints, &configuration); return CreatePeerConnection(configuration, std::move(allocator), - std::move(cert_generator), observer); + std::move(dtls_identity_store), observer); } rtc::scoped_refptr PeerConnectionFactory::CreatePeerConnection( const PeerConnectionInterface::RTCConfiguration& configuration, std::unique_ptr allocator, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, PeerConnectionObserver* observer) { RTC_DCHECK(signaling_thread_->IsCurrent()); - if (!cert_generator.get()) { - // Because |pc|->Initialize takes ownership of the generator we need a new + if (!dtls_identity_store.get()) { + // Because |pc|->Initialize takes ownership of the store we need a new // wrapper object that can be deleted without deleting the underlying - // |cert_generator_|, protecting it from being deleted multiple times. - cert_generator.reset( - new RTCCertificateGeneratorWrapper(cert_generator_)); + // |dtls_identity_store_|, protecting it from being deleted multiple times. + dtls_identity_store.reset( + new DtlsIdentityStoreWrapper(dtls_identity_store_)); } if (!allocator) { @@ -297,7 +295,7 @@ PeerConnectionFactory::CreatePeerConnection( new rtc::RefCountedObject(this)); if (!pc->Initialize(configuration, std::move(allocator), - std::move(cert_generator), observer)) { + std::move(dtls_identity_store), observer)) { return nullptr; } return PeerConnectionProxy::Create(signaling_thread(), pc); diff --git a/webrtc/api/peerconnectionfactory.h b/webrtc/api/peerconnectionfactory.h index 66561ad9d3..21165cf3d2 100644 --- a/webrtc/api/peerconnectionfactory.h +++ b/webrtc/api/peerconnectionfactory.h @@ -14,12 +14,12 @@ #include #include +#include "webrtc/api/dtlsidentitystore.h" #include "webrtc/api/mediacontroller.h" #include "webrtc/api/mediastreaminterface.h" #include "webrtc/api/peerconnectioninterface.h" #include "webrtc/base/scoped_ref_ptr.h" #include "webrtc/base/thread.h" -#include "webrtc/base/rtccertificategenerator.h" #include "webrtc/pc/channelmanager.h" namespace rtc { @@ -29,8 +29,8 @@ class BasicPacketSocketFactory; namespace webrtc { -typedef rtc::RefCountedObject - RefCountedRTCCertificateGenerator; +typedef rtc::RefCountedObject + RefCountedDtlsIdentityStore; class PeerConnectionFactory : public PeerConnectionFactoryInterface { public: @@ -43,13 +43,13 @@ class PeerConnectionFactory : public PeerConnectionFactoryInterface { const PeerConnectionInterface::RTCConfiguration& configuration, const MediaConstraintsInterface* constraints, std::unique_ptr allocator, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, PeerConnectionObserver* observer) override; virtual rtc::scoped_refptr CreatePeerConnection( const PeerConnectionInterface::RTCConfiguration& configuration, std::unique_ptr allocator, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, PeerConnectionObserver* observer) override; bool Initialize(); @@ -129,7 +129,7 @@ class PeerConnectionFactory : public PeerConnectionFactoryInterface { std::unique_ptr default_network_manager_; std::unique_ptr default_socket_factory_; - rtc::scoped_refptr cert_generator_; + rtc::scoped_refptr dtls_identity_store_; }; } // namespace webrtc diff --git a/webrtc/api/peerconnectionfactoryproxy.h b/webrtc/api/peerconnectionfactoryproxy.h index f0dea42258..c357de9b32 100644 --- a/webrtc/api/peerconnectionfactoryproxy.h +++ b/webrtc/api/peerconnectionfactoryproxy.h @@ -29,7 +29,7 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory) const PeerConnectionInterface::RTCConfiguration& a1, const MediaConstraintsInterface* a2, std::unique_ptr a3, - std::unique_ptr a4, + std::unique_ptr a4, PeerConnectionObserver* a5) override { return signaling_thread_ ->Invoke>( @@ -39,7 +39,7 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory) rtc::scoped_refptr CreatePeerConnection( const PeerConnectionInterface::RTCConfiguration& a1, std::unique_ptr a3, - std::unique_ptr a4, + std::unique_ptr a4, PeerConnectionObserver* a5) override { return signaling_thread_ ->Invoke>( @@ -77,10 +77,10 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory) const PeerConnectionInterface::RTCConfiguration& a1, const MediaConstraintsInterface* a2, cricket::PortAllocator* a3, - rtc::RTCCertificateGeneratorInterface* a4, + DtlsIdentityStoreInterface* a4, PeerConnectionObserver* a5) { std::unique_ptr ptr_a3(a3); - std::unique_ptr ptr_a4(a4); + std::unique_ptr ptr_a4(a4); return c_->CreatePeerConnection(a1, a2, std::move(ptr_a3), std::move(ptr_a4), a5); } @@ -88,10 +88,10 @@ BEGIN_SIGNALING_PROXY_MAP(PeerConnectionFactory) rtc::scoped_refptr CreatePeerConnection_ot( const PeerConnectionInterface::RTCConfiguration& a1, cricket::PortAllocator* a3, - rtc::RTCCertificateGeneratorInterface* a4, + DtlsIdentityStoreInterface* a4, PeerConnectionObserver* a5) { std::unique_ptr ptr_a3(a3); - std::unique_ptr ptr_a4(a4); + std::unique_ptr ptr_a4(a4); return c_->CreatePeerConnection(a1, std::move(ptr_a3), std::move(ptr_a4), a5); } diff --git a/webrtc/api/peerconnectioninterface.h b/webrtc/api/peerconnectioninterface.h index caa6b31b73..4fa9bf2408 100644 --- a/webrtc/api/peerconnectioninterface.h +++ b/webrtc/api/peerconnectioninterface.h @@ -68,7 +68,6 @@ #include "webrtc/base/fileutils.h" #include "webrtc/base/network.h" #include "webrtc/base/rtccertificate.h" -#include "webrtc/base/rtccertificategenerator.h" #include "webrtc/base/socketaddress.h" #include "webrtc/base/sslstreamadapter.h" #include "webrtc/media/base/mediachannel.h" @@ -578,51 +577,17 @@ class PeerConnectionFactoryInterface : public rtc::RefCountInterface { virtual void SetOptions(const Options& options) = 0; virtual rtc::scoped_refptr CreatePeerConnection( - const PeerConnectionInterface::RTCConfiguration& configuration, - const MediaConstraintsInterface* constraints, - std::unique_ptr allocator, - std::unique_ptr cert_generator, - PeerConnectionObserver* observer) = 0; - // TODO(hbos): To be removed in favor of the |cert_generator| version as soon - // as Chromium stops using this version. See bugs.webrtc.org/5707, - // bugs.webrtc.org/5708. - rtc::scoped_refptr CreatePeerConnection( const PeerConnectionInterface::RTCConfiguration& configuration, const MediaConstraintsInterface* constraints, std::unique_ptr allocator, std::unique_ptr dtls_identity_store, - PeerConnectionObserver* observer) { - return CreatePeerConnection( - configuration, - constraints, - std::move(allocator), - std::unique_ptr( - dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper( - std::move(dtls_identity_store)) : nullptr), - observer); - } + PeerConnectionObserver* observer) = 0; virtual rtc::scoped_refptr CreatePeerConnection( - const PeerConnectionInterface::RTCConfiguration& configuration, - std::unique_ptr allocator, - std::unique_ptr cert_generator, - PeerConnectionObserver* observer) = 0; - // TODO(hbos): To be removed in favor of the |cert_generator| version as soon - // as Chromium stops using this version. See bugs.webrtc.org/5707, - // bugs.webrtc.org/5708. - rtc::scoped_refptr CreatePeerConnection( const PeerConnectionInterface::RTCConfiguration& configuration, std::unique_ptr allocator, std::unique_ptr dtls_identity_store, - PeerConnectionObserver* observer) { - return CreatePeerConnection( - configuration, - std::move(allocator), - std::unique_ptr( - dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper( - std::move(dtls_identity_store)) : nullptr), - observer); - } + PeerConnectionObserver* observer) = 0; virtual rtc::scoped_refptr CreateLocalMediaStream(const std::string& label) = 0; diff --git a/webrtc/api/peerconnectioninterface_unittest.cc b/webrtc/api/peerconnectioninterface_unittest.cc index 8ced9a7841..d2f0ad1c56 100644 --- a/webrtc/api/peerconnectioninterface_unittest.cc +++ b/webrtc/api/peerconnectioninterface_unittest.cc @@ -616,12 +616,8 @@ class PeerConnectionInterfaceTest : public testing::Test { config.servers.push_back(server); scoped_refptr pc; - pc = pc_factory_->CreatePeerConnection( - config, - nullptr, - nullptr, - std::unique_ptr(), - &observer_); + pc = pc_factory_->CreatePeerConnection(config, nullptr, nullptr, nullptr, + &observer_); EXPECT_EQ(nullptr, pc); } diff --git a/webrtc/api/webrtcsession.cc b/webrtc/api/webrtcsession.cc index 0699308554..24eb593638 100644 --- a/webrtc/api/webrtcsession.cc +++ b/webrtc/api/webrtcsession.cc @@ -512,7 +512,7 @@ WebRtcSession::~WebRtcSession() { bool WebRtcSession::Initialize( const PeerConnectionFactoryInterface::Options& options, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, const PeerConnectionInterface::RTCConfiguration& rtc_configuration) { bundle_policy_ = rtc_configuration.bundle_policy; rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy; @@ -533,7 +533,7 @@ bool WebRtcSession::Initialize( dtls_enabled_ = false; } else { // Enable DTLS by default if we have an identity store or a certificate. - dtls_enabled_ = (cert_generator || certificate); + dtls_enabled_ = (dtls_identity_store || certificate); // |rtc_configuration| can override the default |dtls_enabled_| value. if (rtc_configuration.enable_dtls_srtp) { dtls_enabled_ = *(rtc_configuration.enable_dtls_srtp); @@ -566,18 +566,19 @@ bool WebRtcSession::Initialize( if (!dtls_enabled_) { // Construct with DTLS disabled. webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory( - signaling_thread(), channel_manager_, this, id(), - std::unique_ptr())); + signaling_thread(), channel_manager_, this, id())); } else { // Construct with DTLS enabled. if (!certificate) { + // Use the |dtls_identity_store| to generate a certificate. + RTC_DCHECK(dtls_identity_store); webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory( - signaling_thread(), channel_manager_, this, id(), - std::move(cert_generator))); + signaling_thread(), channel_manager_, std::move(dtls_identity_store), + this, id())); } else { // Use the already generated certificate. webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory( - signaling_thread(), channel_manager_, this, id(), certificate)); + signaling_thread(), channel_manager_, certificate, this, id())); } } diff --git a/webrtc/api/webrtcsession.h b/webrtc/api/webrtcsession.h index dd47229a61..98217bff26 100644 --- a/webrtc/api/webrtcsession.h +++ b/webrtc/api/webrtcsession.h @@ -153,7 +153,7 @@ class WebRtcSession : public AudioProviderInterface, bool Initialize( const PeerConnectionFactoryInterface::Options& options, - std::unique_ptr cert_generator, + std::unique_ptr dtls_identity_store, const PeerConnectionInterface::RTCConfiguration& rtc_configuration); // Deletes the voice, video and data channel and changes the session state // to STATE_CLOSED. diff --git a/webrtc/api/webrtcsession_unittest.cc b/webrtc/api/webrtcsession_unittest.cc index 571e1994f4..4207c24234 100644 --- a/webrtc/api/webrtcsession_unittest.cc +++ b/webrtc/api/webrtcsession_unittest.cc @@ -397,10 +397,7 @@ class WebRtcSessionTest EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew, observer_.ice_gathering_state_); - std::unique_ptr cert_generator( - dtls_identity_store ? new webrtc::RTCCertificateGeneratorStoreWrapper( - std::move(dtls_identity_store)) : nullptr); - EXPECT_TRUE(session_->Initialize(options_, std::move(cert_generator), + EXPECT_TRUE(session_->Initialize(options_, std::move(dtls_identity_store), configuration_)); session_->set_metrics_observer(metrics_observer_); } diff --git a/webrtc/api/webrtcsessiondescriptionfactory.cc b/webrtc/api/webrtcsessiondescriptionfactory.cc index 08392e5ff3..e88262fbdc 100644 --- a/webrtc/api/webrtcsessiondescriptionfactory.cc +++ b/webrtc/api/webrtcsessiondescriptionfactory.cc @@ -12,6 +12,7 @@ #include +#include "webrtc/api/dtlsidentitystore.h" #include "webrtc/api/jsep.h" #include "webrtc/api/jsepsessiondescription.h" #include "webrtc/api/mediaconstraintsinterface.h" @@ -67,13 +68,28 @@ struct CreateSessionDescriptionMsg : public rtc::MessageData { }; } // namespace -void WebRtcCertificateGeneratorCallback::OnFailure() { - SignalRequestFailed(); +void WebRtcIdentityRequestObserver::OnFailure(int error) { + SignalRequestFailed(error); } -void WebRtcCertificateGeneratorCallback::OnSuccess( - const rtc::scoped_refptr& certificate) { - SignalCertificateReady(certificate); +void WebRtcIdentityRequestObserver::OnSuccess( + const std::string& der_cert, const std::string& der_private_key) { + std::string pem_cert = rtc::SSLIdentity::DerToPem( + rtc::kPemTypeCertificate, + reinterpret_cast(der_cert.data()), + der_cert.length()); + std::string pem_key = rtc::SSLIdentity::DerToPem( + rtc::kPemTypeRsaPrivateKey, + reinterpret_cast(der_private_key.data()), + der_private_key.length()); + std::unique_ptr identity( + rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert)); + SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity))); +} + +void WebRtcIdentityRequestObserver::OnSuccess( + std::unique_ptr identity) { + SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity))); } // static @@ -111,10 +127,12 @@ void WebRtcSessionDescriptionFactory::CopyCandidatesFromSessionDescription( WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( rtc::Thread* signaling_thread, cricket::ChannelManager* channel_manager, + std::unique_ptr dtls_identity_store, + const rtc::scoped_refptr& + identity_request_observer, WebRtcSession* session, const std::string& session_id, - std::unique_ptr cert_generator, - const rtc::scoped_refptr& certificate) + bool dtls_enabled) : signaling_thread_(signaling_thread), session_desc_factory_(channel_manager, &transport_desc_factory_), // RFC 4566 suggested a Network Time Protocol (NTP) format timestamp @@ -122,81 +140,89 @@ WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( // to just use a random number as session id and start version from // |kInitSessionVersion|. session_version_(kInitSessionVersion), - cert_generator_(std::move(cert_generator)), + dtls_identity_store_(std::move(dtls_identity_store)), + identity_request_observer_(identity_request_observer), session_(session), session_id_(session_id), certificate_request_state_(CERTIFICATE_NOT_NEEDED) { - RTC_DCHECK(signaling_thread_); session_desc_factory_.set_add_legacy_streams(false); - bool dtls_enabled = cert_generator_ || certificate; // SRTP-SDES is disabled if DTLS is on. SetSdesPolicy(dtls_enabled ? cricket::SEC_DISABLED : cricket::SEC_REQUIRED); - if (!dtls_enabled) { - LOG(LS_VERBOSE) << "DTLS-SRTP disabled."; - return; - } - - if (certificate) { - // Use |certificate|. - certificate_request_state_ = CERTIFICATE_WAITING; - - LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter."; - // We already have a certificate but we wait to do |SetIdentity|; if we do - // it in the constructor then the caller has not had a chance to connect to - // |SignalCertificateReady|. - signaling_thread_->Post( - this, MSG_USE_CONSTRUCTOR_CERTIFICATE, - new rtc::ScopedRefMessageData(certificate)); - } else { - // Generate certificate. - certificate_request_state_ = CERTIFICATE_WAITING; - - rtc::scoped_refptr callback( - new rtc::RefCountedObject()); - callback->SignalRequestFailed.connect( - this, &WebRtcSessionDescriptionFactory::OnCertificateRequestFailed); - callback->SignalCertificateReady.connect( - this, &WebRtcSessionDescriptionFactory::SetCertificate); - - rtc::KeyParams key_params = rtc::KeyParams(); - LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key " - << "type: " << key_params.type() << ")."; - - // Request certificate. This happens asynchronously, so that the caller gets - // a chance to connect to |SignalCertificateReady|. - cert_generator_->GenerateCertificateAsync( - key_params, rtc::Optional(), callback); - } } WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( rtc::Thread* signaling_thread, cricket::ChannelManager* channel_manager, WebRtcSession* session, - const std::string& session_id, - std::unique_ptr cert_generator) + const std::string& session_id) + : WebRtcSessionDescriptionFactory(signaling_thread, + channel_manager, + nullptr, + nullptr, + session, + session_id, + false) { + LOG(LS_VERBOSE) << "DTLS-SRTP disabled."; +} + +WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( + rtc::Thread* signaling_thread, + cricket::ChannelManager* channel_manager, + std::unique_ptr dtls_identity_store, + WebRtcSession* session, + const std::string& session_id) : WebRtcSessionDescriptionFactory( signaling_thread, channel_manager, + std::move(dtls_identity_store), + new rtc::RefCountedObject(), session, session_id, - std::move(cert_generator), - nullptr) { + true) { + RTC_DCHECK(dtls_identity_store_); + + certificate_request_state_ = CERTIFICATE_WAITING; + + identity_request_observer_->SignalRequestFailed.connect( + this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed); + identity_request_observer_->SignalCertificateReady.connect( + this, &WebRtcSessionDescriptionFactory::SetCertificate); + + rtc::KeyParams key_params = rtc::KeyParams(); + LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key " + << "type: " << key_params.type() << ")."; + + // Request identity. This happens asynchronously, so the caller will have a + // chance to connect to SignalIdentityReady. + dtls_identity_store_->RequestIdentity(key_params, + rtc::Optional(), + identity_request_observer_); } WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( rtc::Thread* signaling_thread, cricket::ChannelManager* channel_manager, + const rtc::scoped_refptr& certificate, WebRtcSession* session, - const std::string& session_id, - const rtc::scoped_refptr& certificate) + const std::string& session_id) : WebRtcSessionDescriptionFactory(signaling_thread, channel_manager, + nullptr, + nullptr, session, session_id, - nullptr, - certificate) { + true) { RTC_DCHECK(certificate); + + certificate_request_state_ = CERTIFICATE_WAITING; + + LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter."; + // We already have a certificate but we wait to do SetIdentity; if we do + // it in the constructor then the caller has not had a chance to connect to + // SignalIdentityReady. + signaling_thread_->Post( + this, MSG_USE_CONSTRUCTOR_CERTIFICATE, + new rtc::ScopedRefMessageData(certificate)); } WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() { @@ -462,10 +488,10 @@ void WebRtcSessionDescriptionFactory::PostCreateSessionDescriptionSucceeded( signaling_thread_->Post(this, MSG_CREATE_SESSIONDESCRIPTION_SUCCESS, msg); } -void WebRtcSessionDescriptionFactory::OnCertificateRequestFailed() { +void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) { ASSERT(signaling_thread_->IsCurrent()); - LOG(LS_ERROR) << "Asynchronous certificate generation request failed."; + LOG(LS_ERROR) << "Async identity request failed: error = " << error; certificate_request_state_ = CERTIFICATE_FAILED; FailPendingRequests(kFailedDueToIdentityFailed); @@ -474,7 +500,7 @@ void WebRtcSessionDescriptionFactory::OnCertificateRequestFailed() { void WebRtcSessionDescriptionFactory::SetCertificate( const rtc::scoped_refptr& certificate) { RTC_DCHECK(certificate); - LOG(LS_VERBOSE) << "Setting new certificate."; + LOG(LS_VERBOSE) << "Setting new certificate"; certificate_request_state_ = CERTIFICATE_SUCCEEDED; SignalCertificateReady(certificate); diff --git a/webrtc/api/webrtcsessiondescriptionfactory.h b/webrtc/api/webrtcsessiondescriptionfactory.h index c0c45b6ee5..17e2ddd3b0 100644 --- a/webrtc/api/webrtcsessiondescriptionfactory.h +++ b/webrtc/api/webrtcsessiondescriptionfactory.h @@ -18,7 +18,6 @@ #include "webrtc/base/constructormagic.h" #include "webrtc/base/messagehandler.h" #include "webrtc/base/rtccertificate.h" -#include "webrtc/base/rtccertificategenerator.h" #include "webrtc/p2p/base/transportdescriptionfactory.h" #include "webrtc/pc/mediasession.h" @@ -33,17 +32,17 @@ class MediaConstraintsInterface; class SessionDescriptionInterface; class WebRtcSession; -// DTLS certificate request callback class. -class WebRtcCertificateGeneratorCallback - : public rtc::RTCCertificateGeneratorCallback, - public sigslot::has_slots<> { +// DTLS identity request callback class. +class WebRtcIdentityRequestObserver : public DtlsIdentityRequestObserver, + public sigslot::has_slots<> { public: - // |rtc::RTCCertificateGeneratorCallback| overrides. - void OnSuccess( - const rtc::scoped_refptr& certificate) override; - void OnFailure() override; + // DtlsIdentityRequestObserver overrides. + void OnFailure(int error) override; + void OnSuccess(const std::string& der_cert, + const std::string& der_private_key) override; + void OnSuccess(std::unique_ptr identity) override; - sigslot::signal0<> SignalRequestFailed; + sigslot::signal1 SignalRequestFailed; sigslot::signal1&> SignalCertificateReady; }; @@ -67,29 +66,37 @@ struct CreateSessionDescriptionRequest { cricket::MediaSessionOptions options; }; -// This class is used to create offer/answer session description. Certificates -// for WebRtcSession/DTLS are either supplied at construction or generated -// asynchronously. It queues the create offer/answer request until the -// certificate generation has completed, i.e. when OnCertificateRequestFailed or -// OnCertificateReady is called. +// This class is used to create offer/answer session description with regards to +// the async DTLS identity generation for WebRtcSession. +// It queues the create offer/answer request until the DTLS identity +// request has completed, i.e. when OnIdentityRequestFailed or OnIdentityReady +// is called. class WebRtcSessionDescriptionFactory : public rtc::MessageHandler, public sigslot::has_slots<> { public: - // If |certificate_generator| is not null, DTLS is enabled and a default - // certificate is generated asynchronously; otherwise DTLS is disabled. + // Construct with DTLS disabled. + WebRtcSessionDescriptionFactory(rtc::Thread* signaling_thread, + cricket::ChannelManager* channel_manager, + WebRtcSession* session, + const std::string& session_id); + + // Construct with DTLS enabled using the specified |dtls_identity_store| to + // generate a certificate. WebRtcSessionDescriptionFactory( rtc::Thread* signaling_thread, cricket::ChannelManager* channel_manager, + std::unique_ptr dtls_identity_store, WebRtcSession* session, - const std::string& session_id, - std::unique_ptr cert_generator); - // Construct with DTLS enabled using the specified |certificate|. + const std::string& session_id); + + // Construct with DTLS enabled using the specified (already generated) + // |certificate|. WebRtcSessionDescriptionFactory( rtc::Thread* signaling_thread, cricket::ChannelManager* channel_manager, + const rtc::scoped_refptr& certificate, WebRtcSession* session, - const std::string& session_id, - const rtc::scoped_refptr& certificate); + const std::string& session_id); virtual ~WebRtcSessionDescriptionFactory(); static void CopyCandidatesFromSessionDescription( @@ -123,15 +130,15 @@ class WebRtcSessionDescriptionFactory : public rtc::MessageHandler, CERTIFICATE_FAILED, }; - // If |certificate_generator| or |certificate| is not null DTLS is enabled, - // otherwise DTLS is disabled. WebRtcSessionDescriptionFactory( rtc::Thread* signaling_thread, cricket::ChannelManager* channel_manager, + std::unique_ptr dtls_identity_store, + const rtc::scoped_refptr& + identity_request_observer, WebRtcSession* session, const std::string& session_id, - std::unique_ptr cert_generator, - const rtc::scoped_refptr& certificate); + bool dtls_enabled); // MessageHandler implementation. virtual void OnMessage(rtc::Message* msg); @@ -147,7 +154,7 @@ class WebRtcSessionDescriptionFactory : public rtc::MessageHandler, CreateSessionDescriptionObserver* observer, SessionDescriptionInterface* description); - void OnCertificateRequestFailed(); + void OnIdentityRequestFailed(int error); void SetCertificate( const rtc::scoped_refptr& certificate); @@ -157,7 +164,9 @@ class WebRtcSessionDescriptionFactory : public rtc::MessageHandler, cricket::TransportDescriptionFactory transport_desc_factory_; cricket::MediaSessionDescriptionFactory session_desc_factory_; uint64_t session_version_; - const std::unique_ptr cert_generator_; + const std::unique_ptr dtls_identity_store_; + const rtc::scoped_refptr + identity_request_observer_; // TODO(jiayl): remove the dependency on session once bug 2264 is fixed. WebRtcSession* const session_; const std::string session_id_; diff --git a/webrtc/examples/peerconnection/client/conductor.cc b/webrtc/examples/peerconnection/client/conductor.cc index 423c35ff83..8ec6ed9c10 100644 --- a/webrtc/examples/peerconnection/client/conductor.cc +++ b/webrtc/examples/peerconnection/client/conductor.cc @@ -129,11 +129,7 @@ bool Conductor::CreatePeerConnection(bool dtls) { } peer_connection_ = peer_connection_factory_->CreatePeerConnection( - config, - &constraints, - nullptr, - std::unique_ptr(), - this); + config, &constraints, NULL, NULL, this); return peer_connection_.get() != NULL; } diff --git a/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm b/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm index 6ccf54edaf..3fcc652e69 100644 --- a/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm +++ b/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm @@ -226,12 +226,11 @@ void PeerConnectionDelegateAdapter::OnIceCandidatesRemoved( std::unique_ptr nativeConstraints = constraints.nativeConstraints; _peerConnection = - factory.nativeFactory->CreatePeerConnection( - *config, - nativeConstraints.get(), - nullptr, - std::unique_ptr(), - _observer.get()); + factory.nativeFactory->CreatePeerConnection(*config, + nativeConstraints.get(), + nullptr, + nullptr, + _observer.get()); _localStreams = [[NSMutableArray alloc] init]; _delegate = delegate; }