
This is being added to allow greater configurability to TLS connections. tlsAlpnProtocols, tlsEllipticCurves and tlsCertPolicy will be removed from IceServer in a follow-up CL. Bug: webrtc:9662 Change-Id: I33cb804b02c26c662ed2a28c76f9a9dc2df40f36 Reviewed-on: https://webrtc-review.googlesource.com/96020 Commit-Queue: Diogo Real <diogor@google.com> Reviewed-by: Qingsi Wang <qingsi@webrtc.org> Reviewed-by: Benjamin Wright <benwright@webrtc.org> Reviewed-by: Steve Anton <steveanton@webrtc.org> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org> Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Cr-Commit-Position: refs/heads/master@{#24559}
135 lines
4.7 KiB
Plaintext
135 lines
4.7 KiB
Plaintext
/*
|
|
* Copyright 2018 The WebRTC project authors. All Rights Reserved.
|
|
*
|
|
* Use of this source code is governed by a BSD-style license
|
|
* that can be found in the LICENSE file in the root of the source
|
|
* tree. An additional intellectual property rights grant can be found
|
|
* in the file PATENTS. All contributing project authors may
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
*/
|
|
|
|
#import "RTCSSLConfig+Native.h"
|
|
|
|
#import "helpers/NSString+StdString.h"
|
|
|
|
@implementation RTCSSLConfig
|
|
|
|
@synthesize enableOCSPStapling = _enableOCSPStapling;
|
|
@synthesize enableSignedCertTimestamp = _enableSignedCertTimestamp;
|
|
@synthesize enableTlsChannelId = _enableTlsChannelId;
|
|
@synthesize enableGrease = _enableGrease;
|
|
@synthesize tlsCertPolicy = _tlsCertPolicy;
|
|
@synthesize maxSSLVersion = _maxSSLVersion;
|
|
@synthesize tlsALPNProtocols = _tlsALPNProtocols;
|
|
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
|
|
|
|
- (instancetype)init {
|
|
// Copy defaults
|
|
rtc::SSLConfig config;
|
|
return [self initWithNativeConfig:config];
|
|
}
|
|
|
|
- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config {
|
|
if (self = [super init]) {
|
|
_enableOCSPStapling = config.enable_ocsp_stapling;
|
|
_enableSignedCertTimestamp = config.enable_signed_cert_timestamp;
|
|
_enableTlsChannelId = config.enable_tls_channel_id;
|
|
_enableGrease = config.enable_grease;
|
|
|
|
switch (config.tls_cert_policy) {
|
|
case rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE:
|
|
_tlsCertPolicy = RTCTlsCertPolicySecure;
|
|
break;
|
|
case rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK:
|
|
_tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
|
|
break;
|
|
}
|
|
|
|
if (config.max_ssl_version) {
|
|
_maxSSLVersion = [NSNumber numberWithInt:*config.max_ssl_version];
|
|
}
|
|
if (config.tls_alpn_protocols) {
|
|
NSMutableArray *tlsALPNProtocols =
|
|
[NSMutableArray arrayWithCapacity:config.tls_alpn_protocols.value().size()];
|
|
for (auto const &proto : config.tls_alpn_protocols.value()) {
|
|
[tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
|
|
}
|
|
_tlsALPNProtocols = tlsALPNProtocols;
|
|
}
|
|
if (config.tls_elliptic_curves) {
|
|
NSMutableArray *tlsEllipticCurves =
|
|
[NSMutableArray arrayWithCapacity:config.tls_elliptic_curves.value().size()];
|
|
for (auto const &curve : config.tls_elliptic_curves.value()) {
|
|
[tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
|
|
}
|
|
_tlsEllipticCurves = tlsEllipticCurves;
|
|
}
|
|
}
|
|
return self;
|
|
}
|
|
|
|
- (NSString *)description {
|
|
return [NSString stringWithFormat:@"RTCSSLConfig:\n%d\n%d\n%d\n%d\n%@\n%@\n%@\n%@",
|
|
_enableOCSPStapling,
|
|
_enableSignedCertTimestamp,
|
|
_enableTlsChannelId,
|
|
_enableGrease,
|
|
[self stringForTlsCertPolicy:_tlsCertPolicy],
|
|
_maxSSLVersion,
|
|
_tlsALPNProtocols,
|
|
_tlsEllipticCurves];
|
|
}
|
|
|
|
#pragma mark - Private
|
|
|
|
- (NSString *)stringForTlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy {
|
|
switch (tlsCertPolicy) {
|
|
case RTCTlsCertPolicySecure:
|
|
return @"RTCTlsCertPolicySecure";
|
|
case RTCTlsCertPolicyInsecureNoCheck:
|
|
return @"RTCTlsCertPolicyInsecureNoCheck";
|
|
}
|
|
}
|
|
|
|
- (rtc::SSLConfig)nativeConfig {
|
|
__block rtc::SSLConfig sslConfig;
|
|
|
|
sslConfig.enable_ocsp_stapling = _enableOCSPStapling;
|
|
sslConfig.enable_signed_cert_timestamp = _enableSignedCertTimestamp;
|
|
sslConfig.enable_tls_channel_id = _enableTlsChannelId;
|
|
sslConfig.enable_grease = _enableGrease;
|
|
|
|
switch (_tlsCertPolicy) {
|
|
case RTCTlsCertPolicySecure:
|
|
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
|
|
break;
|
|
case RTCTlsCertPolicyInsecureNoCheck:
|
|
sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
|
|
break;
|
|
}
|
|
|
|
if (_maxSSLVersion != nil) {
|
|
sslConfig.max_ssl_version = absl::optional<int>(_maxSSLVersion.intValue);
|
|
}
|
|
|
|
if (_tlsALPNProtocols != nil) {
|
|
__block std::vector<std::string> alpn_protocols;
|
|
[_tlsALPNProtocols enumerateObjectsUsingBlock:^(NSString *proto, NSUInteger idx, BOOL *stop) {
|
|
alpn_protocols.push_back(proto.stdString);
|
|
}];
|
|
sslConfig.tls_alpn_protocols = absl::optional<std::vector<std::string>>(alpn_protocols);
|
|
}
|
|
|
|
if (_tlsEllipticCurves != nil) {
|
|
__block std::vector<std::string> elliptic_curves;
|
|
[_tlsEllipticCurves enumerateObjectsUsingBlock:^(NSString *curve, NSUInteger idx, BOOL *stop) {
|
|
elliptic_curves.push_back(curve.stdString);
|
|
}];
|
|
sslConfig.tls_elliptic_curves = absl::optional<std::vector<std::string>>(elliptic_curves);
|
|
}
|
|
|
|
return sslConfig;
|
|
}
|
|
|
|
@end
|