zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

JNI+mm: Generate certificate if non-default key type is specified.

Browse Source 
By comparing key type with KT_DEFAULT we remove the implicit assumption that
the default is RSA.

Removing the assumptions about what the default is is necessary for a
follow-up CL that will change the default.

BUG=webrtc:5795, webrtc:5707
R=hta@webrtc.org, magjed@webrtc.org, tommi@webrtc.org
TBR=tkchin@webrtc.org

Review URL: https://codereview.webrtc.org/1965313002 .

Cr-Commit-Position: refs/heads/master@{#12722}
This commit is contained in:
Henrik Boström
2016-05-13 13:50:38 +02:00
parent d0dc66e0ea
commit e06c2ddbde
6 changed files with 69 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webrtc/api/java/jni/peerconnection_jni.cc
View File

@ -64,6 +64,7 @@
#include "webrtc/base/logsinks.h"
#include "webrtc/base/messagequeue.h"
#include "webrtc/base/networkmonitor.h"
#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/stringutils.h"
#include "webrtc/media/base/videocapturer.h"
@ -1565,20 +1566,17 @@ JOW(jlong, PeerConnectionFactory_nativeCreatePeerConnection)(
"Lorg/webrtc/PeerConnection$KeyType;");
jobject j_key_type = GetObjectField(jni, j_rtc_config, j_key_type_id);
// Create ECDSA certificate.
if (JavaKeyTypeToNativeType(jni, j_key_type) == rtc::KT_ECDSA) {
std::unique_ptr<rtc::SSLIdentity> ssl_identity(
rtc::SSLIdentity::Generate(webrtc::kIdentityName, rtc::KT_ECDSA));
if (ssl_identity.get()) {
rtc_config.certificates.push_back(
rtc::RTCCertificate::Create(std::move(ssl_identity)));
LOG(LS_INFO) << "ECDSA certificate created.";
} else {
// Failing to create certificate should not abort peer connection
// creation. Instead default encryption (currently RSA) will be used.
LOG(LS_WARNING) <<
"Failed to generate SSLIdentity. Default encryption will be used.";
// Generate non-default certificate.
rtc::KeyType key_type = JavaKeyTypeToNativeType(jni, j_key_type);
if (key_type != rtc::KT_DEFAULT) {
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
rtc::RTCCertificateGenerator::GenerateCertificate(
rtc::KeyParams(key_type), rtc::Optional<uint64_t>());
if (!certificate) {
LOG(LS_ERROR) << "Failed to generate certificate. KeyType: " << key_type;
return 0;
}
rtc_config.certificates.push_back(certificate);
}
PCOJava* observer = reinterpret_cast<PCOJava*>(observer_p);

3
webrtc/base/sslidentity.h
View File

@ -117,9 +117,6 @@ class SSLCertChain {
// KT_DEFAULT is currently an alias for KT_RSA. This is likely to change.
// KT_LAST is intended for vector declarations and loops over all key types;
// it does not represent any key type in itself.
// TODO(hbos,torbjorng): Don't change KT_DEFAULT without first updating
// PeerConnectionFactory_nativeCreatePeerConnection's certificate generation
// code.
enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_RSA };
static const int kRsaDefaultModSize = 1024;

2
webrtc/sdk/objc/Framework/Classes/RTCConfiguration+Private.h
View File

@ -21,7 +21,7 @@ NS_ASSUME_NONNULL_BEGIN
* needed to pass to the underlying C++ APIs.
*/
@property(nonatomic, readonly)
webrtc::PeerConnectionInterface::RTCConfiguration nativeConfiguration;
webrtc::PeerConnectionInterface::RTCConfiguration* nativeConfiguration;
+ (webrtc::PeerConnectionInterface::IceTransportsType)
nativeTransportsTypeForTransportPolicy:(RTCIceTransportPolicy)policy;

55
webrtc/sdk/objc/Framework/Classes/RTCConfiguration.mm
View File

@ -15,6 +15,7 @@
#import "RTCIceServer+Private.h"
#import "WebRTC/RTCLogging.h"
#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/base/sslidentity.h"
@implementation RTCConfiguration
@ -74,39 +75,43 @@
#pragma mark - Private
- (webrtc::PeerConnectionInterface::RTCConfiguration)nativeConfiguration {
webrtc::PeerConnectionInterface::RTCConfiguration nativeConfig;
- (webrtc::PeerConnectionInterface::RTCConfiguration*)nativeConfiguration {
std::unique_ptr<webrtc::PeerConnectionInterface::RTCConfiguration>
nativeConfig(new webrtc::PeerConnectionInterface::RTCConfiguration());
for (RTCIceServer *iceServer in _iceServers) {
nativeConfig.servers.push_back(iceServer.nativeServer);
nativeConfig->servers.push_back(iceServer.nativeServer);
}
nativeConfig.type =
nativeConfig->type =
[[self class] nativeTransportsTypeForTransportPolicy:_iceTransportPolicy];
nativeConfig.bundle_policy =
nativeConfig->bundle_policy =
[[self class] nativeBundlePolicyForPolicy:_bundlePolicy];
nativeConfig.rtcp_mux_policy =
nativeConfig->rtcp_mux_policy =
[[self class] nativeRtcpMuxPolicyForPolicy:_rtcpMuxPolicy];
nativeConfig.tcp_candidate_policy =
nativeConfig->tcp_candidate_policy =
[[self class] nativeTcpCandidatePolicyForPolicy:_tcpCandidatePolicy];
nativeConfig.continual_gathering_policy = [[self class]
nativeConfig->continual_gathering_policy = [[self class]
nativeContinualGatheringPolicyForPolicy:_continualGatheringPolicy];
nativeConfig.audio_jitter_buffer_max_packets = _audioJitterBufferMaxPackets;
nativeConfig.ice_connection_receiving_timeout =
nativeConfig->audio_jitter_buffer_max_packets = _audioJitterBufferMaxPackets;
nativeConfig->ice_connection_receiving_timeout =
_iceConnectionReceivingTimeout;
nativeConfig.ice_backup_candidate_pair_ping_interval =
nativeConfig->ice_backup_candidate_pair_ping_interval =
_iceBackupCandidatePairPingInterval;
if (_keyType == RTCEncryptionKeyTypeECDSA) {
std::unique_ptr<rtc::SSLIdentity> identity(
rtc::SSLIdentity::Generate(webrtc::kIdentityName, rtc::KT_ECDSA));
if (identity) {
nativeConfig.certificates.push_back(
rtc::RTCCertificate::Create(std::move(identity)));
} else {
RTCLogWarning(@"Failed to generate ECDSA identity. RSA will be used.");
rtc::KeyType keyType =
[[self class] nativeEncryptionKeyTypeForKeyType:_keyType];
// Generate non-default certificate.
if (keyType != rtc::KT_DEFAULT) {
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
rtc::RTCCertificateGenerator::GenerateCertificate(
rtc::KeyParams(keyType), rtc::Optional<uint64_t>());
if (!certificate) {
RTCLogWarning(@"Failed to generate certificate.");
return nullptr;
}
nativeConfig->certificates.push_back(certificate);
}
return nativeConfig;
return nativeConfig.release();
}
+ (webrtc::PeerConnectionInterface::IceTransportsType)
@ -224,6 +229,16 @@
}
}
+ (rtc::KeyType)nativeEncryptionKeyTypeForKeyType:
(RTCEncryptionKeyType)keyType {
switch (keyType) {
case RTCEncryptionKeyTypeRSA:
return rtc::KT_RSA;
case RTCEncryptionKeyTypeECDSA:
return rtc::KT_ECDSA;
}
}
+ (RTCTcpCandidatePolicy)tcpCandidatePolicyForNativePolicy:
(webrtc::PeerConnectionInterface::TcpCandidatePolicy)nativePolicy {
switch (nativePolicy) {

14
webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm
View File

@ -197,14 +197,16 @@ void PeerConnectionDelegateAdapter::OnIceCandidate(
constraints:(RTCMediaConstraints *)constraints
delegate:(id<RTCPeerConnectionDelegate>)delegate {
NSParameterAssert(factory);
std::unique_ptr<webrtc::PeerConnectionInterface::RTCConfiguration> config(
configuration.nativeConfiguration);
if (!config)
return nullptr;
if (self = [super init]) {
_observer.reset(new webrtc::PeerConnectionDelegateAdapter(self));
webrtc::PeerConnectionInterface::RTCConfiguration config =
configuration.nativeConfiguration;
std::unique_ptr<webrtc::MediaConstraints> nativeConstraints =
constraints.nativeConstraints;
_peerConnection =
factory.nativeFactory->CreatePeerConnection(config,
factory.nativeFactory->CreatePeerConnection(*config,
nativeConstraints.get(),
nullptr,
nullptr,
@ -251,7 +253,11 @@ void PeerConnectionDelegateAdapter::OnIceCandidate(
}
- (BOOL)setConfiguration:(RTCConfiguration *)configuration {
return _peerConnection->SetConfiguration(configuration.nativeConfiguration);
std::unique_ptr<webrtc::PeerConnectionInterface::RTCConfiguration> config(
configuration.nativeConfiguration);
if (!config)
return false;
return _peerConnection->SetConfiguration(*config);
}
- (void)close {

24
webrtc/sdk/objc/Framework/UnitTests/RTCConfigurationTest.mm
View File

@ -44,26 +44,26 @@
config.continualGatheringPolicy =
RTCContinualGatheringPolicyGatherContinually;
webrtc::PeerConnectionInterface::RTCConfiguration nativeConfig =
config.nativeConfiguration;
EXPECT_EQ(1u, nativeConfig.servers.size());
std::unique_ptr<webrtc::PeerConnectionInterface::RTCConfiguration>
nativeConfig(config.nativeConfiguration);
EXPECT_EQ(1u, nativeConfig->servers.size());
webrtc::PeerConnectionInterface::IceServer nativeServer =
nativeConfig.servers.front();
nativeConfig->servers.front();
EXPECT_EQ(1u, nativeServer.urls.size());
EXPECT_EQ("stun:stun1.example.net", nativeServer.urls.front());
EXPECT_EQ(webrtc::PeerConnectionInterface::kRelay, nativeConfig.type);
EXPECT_EQ(webrtc::PeerConnectionInterface::kRelay, nativeConfig->type);
EXPECT_EQ(webrtc::PeerConnectionInterface::kBundlePolicyMaxBundle,
nativeConfig.bundle_policy);
nativeConfig->bundle_policy);
EXPECT_EQ(webrtc::PeerConnectionInterface::kRtcpMuxPolicyNegotiate,
nativeConfig.rtcp_mux_policy);
nativeConfig->rtcp_mux_policy);
EXPECT_EQ(webrtc::PeerConnectionInterface::kTcpCandidatePolicyDisabled,
nativeConfig.tcp_candidate_policy);
EXPECT_EQ(maxPackets, nativeConfig.audio_jitter_buffer_max_packets);
EXPECT_EQ(timeout, nativeConfig.ice_connection_receiving_timeout);
EXPECT_EQ(interval, nativeConfig.ice_backup_candidate_pair_ping_interval);
nativeConfig->tcp_candidate_policy);
EXPECT_EQ(maxPackets, nativeConfig->audio_jitter_buffer_max_packets);
EXPECT_EQ(timeout, nativeConfig->ice_connection_receiving_timeout);
EXPECT_EQ(interval, nativeConfig->ice_backup_candidate_pair_ping_interval);
EXPECT_EQ(webrtc::PeerConnectionInterface::GATHER_CONTINUALLY,
nativeConfig.continual_gathering_policy);
nativeConfig->continual_gathering_policy);
}
@end