Chromium Code Reviews Chromium Code Reviews
Issue 1269843005:
Added DtlsCertificate, a ref counted object owning an SSLIdentity (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| Index: talk/app/webrtc/webrtcsessiondescriptionfactory.cc |
| diff --git a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc |
| index 1909b0ed78dfe2c6cd5c6c82481d7560ca935ceb..c628f25112068458221d1d027790e6e928639baf 100644 |
| --- a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc |
| +++ b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc |
| @@ -27,7 +27,7 @@ |
| #include "talk/app/webrtc/webrtcsessiondescriptionfactory.h" |
| -#include "talk/app/webrtc/dtlsidentitystore.h" |
| +#include "talk/app/webrtc/dtlsidentityservice.h" |
| #include "talk/app/webrtc/jsep.h" |
| #include "talk/app/webrtc/jsepsessiondescription.h" |
| #include "talk/app/webrtc/mediaconstraintsinterface.h" |
| @@ -68,7 +68,7 @@ static bool ValidStreams(const MediaSessionOptions::Streams& streams) { |
| enum { |
| MSG_CREATE_SESSIONDESCRIPTION_SUCCESS, |
| MSG_CREATE_SESSIONDESCRIPTION_FAILED, |
| - MSG_GENERATE_IDENTITY, |
| + MSG_USE_CONSTRUCTOR_CERTIFICATE |
| }; |
| struct CreateSessionDescriptionMsg : public rtc::MessageData { |
| @@ -97,14 +97,14 @@ void WebRtcIdentityRequestObserver::OnSuccess( |
| rtc::kPemTypeRsaPrivateKey, |
| reinterpret_cast<const unsigned char*>(der_private_key.data()), |
| der_private_key.length()); |
| - rtc::SSLIdentity* identity = |
| - rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert); |
| - SignalIdentityReady(identity); |
| + rtc::scoped_ptr<rtc::SSLIdentity> identity( |
| + rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert)); |
| + SignalCertificateReady(DtlsCertificate::Create(identity.Pass())); |
| } |
| void WebRtcIdentityRequestObserver::OnSuccessWithIdentityObj( |
| rtc::scoped_ptr<rtc::SSLIdentity> identity) { |
| - SignalIdentityReady(identity.release()); |
| + SignalCertificateReady(DtlsCertificate::Create(identity.Pass())); |
| } |
| // static |
| @@ -128,14 +128,17 @@ void WebRtcSessionDescriptionFactory::CopyCandidatesFromSessionDescription( |
| WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( |
| rtc::Thread* signaling_thread, |
| + rtc::Thread* worker_thread, |
| cricket::ChannelManager* channel_manager, |
| MediaStreamSignaling* mediastream_signaling, |
| DTLSIdentityServiceInterface* dtls_identity_service, |
| + rtc::scoped_refptr<DtlsCertificate> certificate, |
| WebRtcSession* session, |
| const std::string& session_id, |
| cricket::DataChannelType dct, |
| bool dtls_enabled) |
| : signaling_thread_(signaling_thread), |
| + worker_thread_(worker_thread), |
| mediastream_signaling_(mediastream_signaling), |
| session_desc_factory_(channel_manager, &transport_desc_factory_), |
| // RFC 4566 suggested a Network Time Protocol (NTP) format timestamp |
| @@ -144,10 +147,11 @@ WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( |
| // |kInitSessionVersion|. |
| session_version_(kInitSessionVersion), |
| identity_service_(dtls_identity_service), |
| + certificate_(certificate), |
| session_(session), |
| session_id_(session_id), |
| data_channel_type_(dct), |
| - identity_request_state_(IDENTITY_NOT_NEEDED) { |
| + certificate_request_state_(CERTIFICATE_NOT_NEEDED) { |
| transport_desc_factory_.set_protocol(cricket::ICEPROTO_RFC5245); |
| session_desc_factory_.set_add_legacy_streams(false); |
| // SRTP-SDES is disabled if DTLS is on. |
| @@ -157,30 +161,44 @@ WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory( |
| return; |
| } |
| - if (identity_service_.get()) { |
| + certificate_request_state_ = CERTIFICATE_WAITING; |
| + if (certificate_.get()) { |
| + LOG(LS_VERBOSE) << "DTLS-SRTP enabled; using DTLS certificate."; |
| + // We already have a certificate but we wait to do SetCertificate; if we do |
| + // it in the constructor then the caller has not had a chance to connect to |
| + // SignalCertificateReady. |
| + signaling_thread_->Post(this, MSG_USE_CONSTRUCTOR_CERTIFICATE, NULL); |
|
Henrik Grunell WebRTC
2015/08/06 14:06:52
As discussed, pass the certificate here.
hbos
2015/08/10 15:10:18
Acknowledged.
|
| + } else { |
| + // No certificate provided, time to generate a new certificate. |
| + |
| + // Create observer and connect callback functions. |
|
Henrik Grunell WebRTC
2015/08/06 14:06:52
Remove this comment, its clear from the code what
hbos
2015/08/10 15:10:18
Acknowledged.
|
| identity_request_observer_ = |
| new rtc::RefCountedObject<WebRtcIdentityRequestObserver>(); |
| - |
| identity_request_observer_->SignalRequestFailed.connect( |
| this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed); |
| - identity_request_observer_->SignalIdentityReady.connect( |
| - this, &WebRtcSessionDescriptionFactory::SetIdentity); |
| - |
| - if (identity_service_->RequestIdentity( |
| - DtlsIdentityStore::kIdentityName, |
| - DtlsIdentityStore::kIdentityName, |
| - identity_request_observer_)) { |
| - LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sent DTLS identity request."; |
| - identity_request_state_ = IDENTITY_WAITING; |
| + identity_request_observer_->SignalCertificateReady.connect( |
| + this, &WebRtcSessionDescriptionFactory::SetCertificate); |
| + |
| + // If an |identity_service_| was not provided we default to using |
| + // DtlsIdentityStore and DtlsIdentityService. |
| + if (!identity_service_.get()) { |
| + identity_store_.reset( |
| + new DtlsIdentityStore(signaling_thread_, worker_thread_)); |
| + identity_service_.reset(new DtlsIdentityService(identity_store_.get())); |
| + } |
| + |
| + // Request identity. This happens asynchronously, so the caller will have a |
| + // chance to connect to SignalCertificateReady. |
| + if (identity_service_->RequestIdentity(DtlsIdentityStore::kIdentityName, |
| + DtlsIdentityStore::kIdentityName, |
| + identity_request_observer_)) { |
| + LOG(LS_VERBOSE) << "DTLS-SRTP enabled but no certificate supplied, sent " |
| + << "DTLS identity request."; |
| } else { |
| - LOG(LS_ERROR) << "Failed to send DTLS identity request."; |
| - identity_request_state_ = IDENTITY_FAILED; |
| + certificate_request_state_ = CERTIFICATE_FAILED; |
| + LOG(LS_VERBOSE) << "DTLS-SRTP enabled but no certificate supplied, " |
| + << "FAILED to send DTLS identity request."; |
| } |
| - } else { |
| - identity_request_state_ = IDENTITY_WAITING; |
| - // Do not generate the identity in the constructor since the caller has |
| - // not got a chance to connect to SignalIdentityReady. |
| - signaling_thread_->Post(this, MSG_GENERATE_IDENTITY, NULL); |
| } |
| } |
| @@ -206,7 +224,7 @@ void WebRtcSessionDescriptionFactory::CreateOffer( |
| cricket::MediaSessionOptions session_options; |
| std::string error = "CreateOffer"; |
| - if (identity_request_state_ == IDENTITY_FAILED) { |
| + if (certificate_request_state_ == CERTIFICATE_FAILED) { |
| error += kFailedDueToIdentityFailed; |
| LOG(LS_ERROR) << error; |
| PostCreateSessionDescriptionFailed(observer, error); |
| @@ -235,11 +253,11 @@ void WebRtcSessionDescriptionFactory::CreateOffer( |
| CreateSessionDescriptionRequest request( |
| CreateSessionDescriptionRequest::kOffer, observer, session_options); |
| - if (identity_request_state_ == IDENTITY_WAITING) { |
| + if (certificate_request_state_ == CERTIFICATE_WAITING) { |
| create_session_description_requests_.push(request); |
| } else { |
| - ASSERT(identity_request_state_ == IDENTITY_SUCCEEDED || |
| - identity_request_state_ == IDENTITY_NOT_NEEDED); |
| + ASSERT(certificate_request_state_ == CERTIFICATE_SUCCEEDED || |
| + certificate_request_state_ == CERTIFICATE_NOT_NEEDED); |
| InternalCreateOffer(request); |
| } |
| } |
| @@ -248,7 +266,7 @@ void WebRtcSessionDescriptionFactory::CreateAnswer( |
| CreateSessionDescriptionObserver* observer, |
| const MediaConstraintsInterface* constraints) { |
| std::string error = "CreateAnswer"; |
| - if (identity_request_state_ == IDENTITY_FAILED) { |
| + if (certificate_request_state_ == CERTIFICATE_FAILED) { |
| error += kFailedDueToIdentityFailed; |
| LOG(LS_ERROR) << error; |
| PostCreateSessionDescriptionFailed(observer, error); |
| @@ -290,11 +308,11 @@ void WebRtcSessionDescriptionFactory::CreateAnswer( |
| CreateSessionDescriptionRequest request( |
| CreateSessionDescriptionRequest::kAnswer, observer, options); |
| - if (identity_request_state_ == IDENTITY_WAITING) { |
| + if (certificate_request_state_ == CERTIFICATE_WAITING) { |
| create_session_description_requests_.push(request); |
| } else { |
| - ASSERT(identity_request_state_ == IDENTITY_SUCCEEDED || |
| - identity_request_state_ == IDENTITY_NOT_NEEDED); |
| + ASSERT(certificate_request_state_ == CERTIFICATE_SUCCEEDED || |
| + certificate_request_state_ == CERTIFICATE_NOT_NEEDED); |
| InternalCreateAnswer(request); |
| } |
| } |
| @@ -324,9 +342,10 @@ void WebRtcSessionDescriptionFactory::OnMessage(rtc::Message* msg) { |
| delete param; |
| break; |
| } |
| - case MSG_GENERATE_IDENTITY: { |
| - LOG(LS_INFO) << "Generating identity."; |
| - SetIdentity(rtc::SSLIdentity::Generate(DtlsIdentityStore::kIdentityName)); |
| + case MSG_USE_CONSTRUCTOR_CERTIFICATE: { |
| + LOG(LS_INFO) << "Using certificate supplied to constructor."; |
| + DCHECK(certificate_.get()); |
| + SetCertificate(certificate_); |
| break; |
| } |
| default: |
| @@ -447,19 +466,22 @@ void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) { |
| ASSERT(signaling_thread_->IsCurrent()); |
| LOG(LS_ERROR) << "Async identity request failed: error = " << error; |
| - identity_request_state_ = IDENTITY_FAILED; |
| + certificate_request_state_ = CERTIFICATE_FAILED; |
| FailPendingRequests(kFailedDueToIdentityFailed); |
| } |
| -void WebRtcSessionDescriptionFactory::SetIdentity( |
| - rtc::SSLIdentity* identity) { |
| +void WebRtcSessionDescriptionFactory::SetCertificate( |
| + rtc::scoped_refptr<DtlsCertificate> certificate) { |
| LOG(LS_VERBOSE) << "Setting new identity"; |
| - identity_request_state_ = IDENTITY_SUCCEEDED; |
| - SignalIdentityReady(identity); |
| + certificate_ = certificate; |
| + DCHECK(certificate_.get()); |
| + |
| + certificate_request_state_ = CERTIFICATE_SUCCEEDED; |
| + SignalCertificateReady(certificate_); |
| - transport_desc_factory_.set_identity(identity); |
| + transport_desc_factory_.set_identity(certificate->identity()); |
| transport_desc_factory_.set_secure(cricket::SEC_ENABLED); |
| while (!create_session_description_requests_.empty()) { |
