| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| 11 #ifndef WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 11 #ifndef WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
| 12 #define WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 12 #define WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
| 13 | 13 |
| 14 #include "webrtc/base/checks.h" |
| 14 #include "webrtc/p2p/base/dtlstransportchannel.h" | 15 #include "webrtc/p2p/base/dtlstransportchannel.h" |
| 15 #include "webrtc/p2p/base/transport.h" | 16 #include "webrtc/p2p/base/transport.h" |
| 16 | 17 |
| 17 namespace rtc { | 18 namespace rtc { |
| 18 class SSLIdentity; | 19 class SSLIdentity; |
| 19 } | 20 } |
| 20 | 21 |
| 21 namespace cricket { | 22 namespace cricket { |
| 22 | 23 |
| 23 class PortAllocator; | 24 class PortAllocator; |
| 24 | 25 |
| 25 // Base should be a descendant of cricket::Transport | 26 // Base should be a descendant of cricket::Transport |
| 27 // TODO(hbos): Add appropriate DCHECK thread checks to all methods. |
| 26 template<class Base> | 28 template<class Base> |
| 27 class DtlsTransport : public Base { | 29 class DtlsTransport : public Base { |
| 28 public: | 30 public: |
| 29 DtlsTransport(rtc::Thread* signaling_thread, | 31 DtlsTransport(rtc::Thread* signaling_thread, |
| 30 rtc::Thread* worker_thread, | 32 rtc::Thread* worker_thread, |
| 31 const std::string& content_name, | 33 const std::string& content_name, |
| 32 PortAllocator* allocator, | 34 PortAllocator* allocator, |
| 33 rtc::SSLIdentity* identity) | 35 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) |
| 34 : Base(signaling_thread, worker_thread, content_name, allocator), | 36 : Base(signaling_thread, worker_thread, content_name, allocator), |
| 35 identity_(identity), | 37 certificate_(certificate), |
| 36 secure_role_(rtc::SSL_CLIENT), | 38 secure_role_(rtc::SSL_CLIENT), |
| 37 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) { | 39 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) { |
| 38 } | 40 } |
| 39 | 41 |
| 40 ~DtlsTransport() { | 42 ~DtlsTransport() { |
| 41 Base::DestroyAllChannels(); | 43 Base::DestroyAllChannels(); |
| 42 } | 44 } |
| 43 virtual void SetIdentity_w(rtc::SSLIdentity* identity) { | 45 void SetCertificate_w( |
| 44 identity_ = identity; | 46 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override { |
| 47 DCHECK(Base::worker_thread()->IsCurrent()); |
| 48 certificate_ = certificate; |
| 45 } | 49 } |
| 46 virtual bool GetIdentity_w(rtc::SSLIdentity** identity) { | 50 bool GetCertificate_w( |
| 47 if (!identity_) | 51 rtc::scoped_refptr<rtc::RTCCertificate>* certificate) override { |
| 52 DCHECK(Base::worker_thread()->IsCurrent()); |
| 53 if (!certificate_) |
| 48 return false; | 54 return false; |
| 49 | 55 |
| 50 *identity = identity_->GetReference(); | 56 *certificate = certificate_; |
| 51 return true; | 57 return true; |
| 52 } | 58 } |
| 53 | 59 |
| 54 virtual bool SetSslMaxProtocolVersion_w(rtc::SSLProtocolVersion version) { | 60 virtual bool SetSslMaxProtocolVersion_w(rtc::SSLProtocolVersion version) { |
| 61 DCHECK(Base::worker_thread()->IsCurrent()); |
| 55 ssl_max_version_ = version; | 62 ssl_max_version_ = version; |
| 56 return true; | 63 return true; |
| 57 } | 64 } |
| 58 | 65 |
| 59 virtual bool ApplyLocalTransportDescription_w(TransportChannelImpl* channel, | 66 virtual bool ApplyLocalTransportDescription_w(TransportChannelImpl* channel, |
| 60 std::string* error_desc) { | 67 std::string* error_desc) { |
| 68 DCHECK(Base::worker_thread()->IsCurrent()); |
| 61 rtc::SSLFingerprint* local_fp = | 69 rtc::SSLFingerprint* local_fp = |
| 62 Base::local_description()->identity_fingerprint.get(); | 70 Base::local_description()->identity_fingerprint.get(); |
| 63 | 71 |
| 64 if (local_fp) { | 72 if (local_fp) { |
| 65 // Sanity check local fingerprint. | 73 // Sanity check local fingerprint. |
| 66 if (identity_) { | 74 if (certificate_) { |
| 67 rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp( | 75 rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp( |
| 68 rtc::SSLFingerprint::Create(local_fp->algorithm, | 76 rtc::SSLFingerprint::Create(local_fp->algorithm, |
| 69 identity_)); | 77 certificate_->identity())); |
| 70 ASSERT(local_fp_tmp.get() != NULL); | 78 ASSERT(local_fp_tmp.get() != NULL); |
| 71 if (!(*local_fp_tmp == *local_fp)) { | 79 if (!(*local_fp_tmp == *local_fp)) { |
| 72 std::ostringstream desc; | 80 std::ostringstream desc; |
| 73 desc << "Local fingerprint does not match identity. Expected: "; | 81 desc << "Local fingerprint does not match identity. Expected: "; |
| 74 desc << local_fp_tmp->ToString(); | 82 desc << local_fp_tmp->ToString(); |
| 75 desc << " Got: " << local_fp->ToString(); | 83 desc << " Got: " << local_fp->ToString(); |
| 76 return BadTransportDescription(desc.str(), error_desc); | 84 return BadTransportDescription(desc.str(), error_desc); |
| 77 } | 85 } |
| 78 } else { | 86 } else { |
| 79 return BadTransportDescription( | 87 return BadTransportDescription( |
| 80 "Local fingerprint provided but no identity available.", | 88 "Local fingerprint provided but no identity available.", |
| 81 error_desc); | 89 error_desc); |
| 82 } | 90 } |
| 83 } else { | 91 } else { |
| 84 identity_ = NULL; | 92 certificate_ = nullptr; |
| 85 } | 93 } |
| 86 | 94 |
| 87 if (!channel->SetLocalIdentity(identity_)) { | 95 // TODO(hbos): SetLocalCertificate |
| 96 if (!channel->SetLocalIdentity( |
| 97 certificate_ ? certificate_->identity() : nullptr)) { |
| 88 return BadTransportDescription("Failed to set local identity.", | 98 return BadTransportDescription("Failed to set local identity.", |
| 89 error_desc); | 99 error_desc); |
| 90 } | 100 } |
| 91 | 101 |
| 92 // Apply the description in the base class. | 102 // Apply the description in the base class. |
| 93 return Base::ApplyLocalTransportDescription_w(channel, error_desc); | 103 return Base::ApplyLocalTransportDescription_w(channel, error_desc); |
| 94 } | 104 } |
| 95 | 105 |
| 96 virtual bool NegotiateTransportDescription_w(ContentAction local_role, | 106 virtual bool NegotiateTransportDescription_w(ContentAction local_role, |
| 97 std::string* error_desc) { | 107 std::string* error_desc) { |
| 108 DCHECK(Base::worker_thread()->IsCurrent()); |
| 98 if (!Base::local_description() || !Base::remote_description()) { | 109 if (!Base::local_description() || !Base::remote_description()) { |
| 99 const std::string msg = "Local and Remote description must be set before " | 110 const std::string msg = "Local and Remote description must be set before " |
| 100 "transport descriptions are negotiated"; | 111 "transport descriptions are negotiated"; |
| 101 return BadTransportDescription(msg, error_desc); | 112 return BadTransportDescription(msg, error_desc); |
| 102 } | 113 } |
| 103 | 114 |
| 104 rtc::SSLFingerprint* local_fp = | 115 rtc::SSLFingerprint* local_fp = |
| 105 Base::local_description()->identity_fingerprint.get(); | 116 Base::local_description()->identity_fingerprint.get(); |
| 106 rtc::SSLFingerprint* remote_fp = | 117 rtc::SSLFingerprint* remote_fp = |
| 107 Base::remote_description()->identity_fingerprint.get(); | 118 Base::remote_description()->identity_fingerprint.get(); |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 204 virtual void DestroyTransportChannel(TransportChannelImpl* channel) { | 215 virtual void DestroyTransportChannel(TransportChannelImpl* channel) { |
| 205 // Kind of ugly, but this lets us do the exact inverse of the create. | 216 // Kind of ugly, but this lets us do the exact inverse of the create. |
| 206 DtlsTransportChannelWrapper* dtls_channel = | 217 DtlsTransportChannelWrapper* dtls_channel = |
| 207 static_cast<DtlsTransportChannelWrapper*>(channel); | 218 static_cast<DtlsTransportChannelWrapper*>(channel); |
| 208 TransportChannelImpl* base_channel = dtls_channel->channel(); | 219 TransportChannelImpl* base_channel = dtls_channel->channel(); |
| 209 delete dtls_channel; | 220 delete dtls_channel; |
| 210 Base::DestroyTransportChannel(base_channel); | 221 Base::DestroyTransportChannel(base_channel); |
| 211 } | 222 } |
| 212 | 223 |
| 213 virtual bool GetSslRole_w(rtc::SSLRole* ssl_role) const { | 224 virtual bool GetSslRole_w(rtc::SSLRole* ssl_role) const { |
| 225 DCHECK(Base::worker_thread()->IsCurrent()); |
| 214 ASSERT(ssl_role != NULL); | 226 ASSERT(ssl_role != NULL); |
| 215 *ssl_role = secure_role_; | 227 *ssl_role = secure_role_; |
| 216 return true; | 228 return true; |
| 217 } | 229 } |
| 218 | 230 |
| 219 private: | 231 private: |
| 220 virtual bool ApplyNegotiatedTransportDescription_w( | 232 virtual bool ApplyNegotiatedTransportDescription_w( |
| 221 TransportChannelImpl* channel, | 233 TransportChannelImpl* channel, |
| 222 std::string* error_desc) { | 234 std::string* error_desc) { |
| 235 DCHECK(Base::worker_thread()->IsCurrent()); |
| 223 // Set ssl role. Role must be set before fingerprint is applied, which | 236 // Set ssl role. Role must be set before fingerprint is applied, which |
| 224 // initiates DTLS setup. | 237 // initiates DTLS setup. |
| 225 if (!channel->SetSslRole(secure_role_)) { | 238 if (!channel->SetSslRole(secure_role_)) { |
| 226 return BadTransportDescription("Failed to set ssl role for the channel.", | 239 return BadTransportDescription("Failed to set ssl role for the channel.", |
| 227 error_desc); | 240 error_desc); |
| 228 } | 241 } |
| 229 // Apply remote fingerprint. | 242 // Apply remote fingerprint. |
| 230 if (!channel->SetRemoteFingerprint( | 243 if (!channel->SetRemoteFingerprint( |
| 231 remote_fingerprint_->algorithm, | 244 remote_fingerprint_->algorithm, |
| 232 reinterpret_cast<const uint8*>(remote_fingerprint_->digest.data()), | 245 reinterpret_cast<const uint8*>(remote_fingerprint_->digest.data()), |
| 233 remote_fingerprint_->digest.size())) { | 246 remote_fingerprint_->digest.size())) { |
| 234 return BadTransportDescription("Failed to apply remote fingerprint.", | 247 return BadTransportDescription("Failed to apply remote fingerprint.", |
| 235 error_desc); | 248 error_desc); |
| 236 } | 249 } |
| 237 return Base::ApplyNegotiatedTransportDescription_w(channel, error_desc); | 250 return Base::ApplyNegotiatedTransportDescription_w(channel, error_desc); |
| 238 } | 251 } |
| 239 | 252 |
| 240 rtc::SSLIdentity* identity_; | 253 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; |
| 241 rtc::SSLRole secure_role_; | 254 rtc::SSLRole secure_role_; |
| 242 rtc::SSLProtocolVersion ssl_max_version_; | 255 rtc::SSLProtocolVersion ssl_max_version_; |
| 243 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_; | 256 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_; |
| 244 }; | 257 }; |
| 245 | 258 |
| 246 } // namespace cricket | 259 } // namespace cricket |
| 247 | 260 |
| 248 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 261 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1312643004:
Replaces SSLIdentity* with scoped_refptr<RTCCertificate> in cricket::Transport layer. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master