OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 11 #ifndef WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
12 #define WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 12 #define WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
13 | 13 |
| 14 #include "webrtc/base/checks.h" |
14 #include "webrtc/p2p/base/dtlstransportchannel.h" | 15 #include "webrtc/p2p/base/dtlstransportchannel.h" |
15 #include "webrtc/p2p/base/transport.h" | 16 #include "webrtc/p2p/base/transport.h" |
16 | 17 |
17 namespace rtc { | 18 namespace rtc { |
18 class SSLIdentity; | 19 class SSLIdentity; |
19 } | 20 } |
20 | 21 |
21 namespace cricket { | 22 namespace cricket { |
22 | 23 |
23 class PortAllocator; | 24 class PortAllocator; |
24 | 25 |
25 // Base should be a descendant of cricket::Transport and have a constructor | 26 // Base should be a descendant of cricket::Transport |
26 // that takes a transport name and PortAllocator. | 27 // TODO(hbos): Add appropriate RTC_DCHECK thread checks to all methods. |
27 // | |
28 // Everything in this class should be called on the worker thread. | |
29 template<class Base> | 28 template<class Base> |
30 class DtlsTransport : public Base { | 29 class DtlsTransport : public Base { |
31 public: | 30 public: |
32 DtlsTransport(const std::string& name, | 31 DtlsTransport(rtc::Thread* signaling_thread, |
| 32 rtc::Thread* worker_thread, |
| 33 const std::string& content_name, |
33 PortAllocator* allocator, | 34 PortAllocator* allocator, |
34 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) | 35 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) |
35 : Base(name, allocator), | 36 : Base(signaling_thread, worker_thread, content_name, allocator), |
36 certificate_(certificate), | 37 certificate_(certificate), |
37 secure_role_(rtc::SSL_CLIENT), | 38 secure_role_(rtc::SSL_CLIENT), |
38 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) {} | 39 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) { |
| 40 } |
39 | 41 |
40 ~DtlsTransport() { | 42 ~DtlsTransport() { |
41 Base::DestroyAllChannels(); | 43 Base::DestroyAllChannels(); |
42 } | 44 } |
43 | 45 void SetCertificate_w( |
44 void SetLocalCertificate( | |
45 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override { | 46 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override { |
| 47 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
46 certificate_ = certificate; | 48 certificate_ = certificate; |
47 } | 49 } |
48 bool GetLocalCertificate( | 50 bool GetCertificate_w( |
49 rtc::scoped_refptr<rtc::RTCCertificate>* certificate) override { | 51 rtc::scoped_refptr<rtc::RTCCertificate>* certificate) override { |
| 52 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
50 if (!certificate_) | 53 if (!certificate_) |
51 return false; | 54 return false; |
52 | 55 |
53 *certificate = certificate_; | 56 *certificate = certificate_; |
54 return true; | 57 return true; |
55 } | 58 } |
56 | 59 |
57 bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion version) override { | 60 bool SetSslMaxProtocolVersion_w(rtc::SSLProtocolVersion version) override { |
| 61 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
58 ssl_max_version_ = version; | 62 ssl_max_version_ = version; |
59 return true; | 63 return true; |
60 } | 64 } |
61 | 65 |
62 bool ApplyLocalTransportDescription(TransportChannelImpl* channel, | 66 bool ApplyLocalTransportDescription_w(TransportChannelImpl* channel, |
63 std::string* error_desc) override { | 67 std::string* error_desc) override { |
| 68 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
64 rtc::SSLFingerprint* local_fp = | 69 rtc::SSLFingerprint* local_fp = |
65 Base::local_description()->identity_fingerprint.get(); | 70 Base::local_description()->identity_fingerprint.get(); |
66 | 71 |
67 if (local_fp) { | 72 if (local_fp) { |
68 // Sanity check local fingerprint. | 73 // Sanity check local fingerprint. |
69 if (certificate_) { | 74 if (certificate_) { |
70 rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp( | 75 rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp( |
71 rtc::SSLFingerprint::Create(local_fp->algorithm, | 76 rtc::SSLFingerprint::Create(local_fp->algorithm, |
72 certificate_->identity())); | 77 certificate_->identity())); |
73 ASSERT(local_fp_tmp.get() != NULL); | 78 ASSERT(local_fp_tmp.get() != NULL); |
(...skipping 12 matching lines...) Expand all Loading... |
86 } else { | 91 } else { |
87 certificate_ = nullptr; | 92 certificate_ = nullptr; |
88 } | 93 } |
89 | 94 |
90 if (!channel->SetLocalCertificate(certificate_)) { | 95 if (!channel->SetLocalCertificate(certificate_)) { |
91 return BadTransportDescription("Failed to set local identity.", | 96 return BadTransportDescription("Failed to set local identity.", |
92 error_desc); | 97 error_desc); |
93 } | 98 } |
94 | 99 |
95 // Apply the description in the base class. | 100 // Apply the description in the base class. |
96 return Base::ApplyLocalTransportDescription(channel, error_desc); | 101 return Base::ApplyLocalTransportDescription_w(channel, error_desc); |
97 } | 102 } |
98 | 103 |
99 bool NegotiateTransportDescription(ContentAction local_role, | 104 bool NegotiateTransportDescription_w(ContentAction local_role, |
100 std::string* error_desc) override { | 105 std::string* error_desc) override { |
| 106 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
101 if (!Base::local_description() || !Base::remote_description()) { | 107 if (!Base::local_description() || !Base::remote_description()) { |
102 const std::string msg = "Local and Remote description must be set before " | 108 const std::string msg = "Local and Remote description must be set before " |
103 "transport descriptions are negotiated"; | 109 "transport descriptions are negotiated"; |
104 return BadTransportDescription(msg, error_desc); | 110 return BadTransportDescription(msg, error_desc); |
105 } | 111 } |
106 | 112 |
107 rtc::SSLFingerprint* local_fp = | 113 rtc::SSLFingerprint* local_fp = |
108 Base::local_description()->identity_fingerprint.get(); | 114 Base::local_description()->identity_fingerprint.get(); |
109 rtc::SSLFingerprint* remote_fp = | 115 rtc::SSLFingerprint* remote_fp = |
110 Base::remote_description()->identity_fingerprint.get(); | 116 Base::remote_description()->identity_fingerprint.get(); |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
187 return BadTransportDescription( | 193 return BadTransportDescription( |
188 "Local fingerprint supplied when caller didn't offer DTLS.", | 194 "Local fingerprint supplied when caller didn't offer DTLS.", |
189 error_desc); | 195 error_desc); |
190 } else { | 196 } else { |
191 // We are not doing DTLS | 197 // We are not doing DTLS |
192 remote_fingerprint_.reset(new rtc::SSLFingerprint( | 198 remote_fingerprint_.reset(new rtc::SSLFingerprint( |
193 "", NULL, 0)); | 199 "", NULL, 0)); |
194 } | 200 } |
195 | 201 |
196 // Now run the negotiation for the base class. | 202 // Now run the negotiation for the base class. |
197 return Base::NegotiateTransportDescription(local_role, error_desc); | 203 return Base::NegotiateTransportDescription_w(local_role, error_desc); |
198 } | 204 } |
199 | 205 |
200 DtlsTransportChannelWrapper* CreateTransportChannel(int component) override { | 206 DtlsTransportChannelWrapper* CreateTransportChannel(int component) override { |
201 DtlsTransportChannelWrapper* channel = new DtlsTransportChannelWrapper( | 207 DtlsTransportChannelWrapper* channel = new DtlsTransportChannelWrapper( |
202 this, Base::CreateTransportChannel(component)); | 208 this, Base::CreateTransportChannel(component)); |
203 channel->SetSslMaxProtocolVersion(ssl_max_version_); | 209 channel->SetSslMaxProtocolVersion(ssl_max_version_); |
204 return channel; | 210 return channel; |
205 } | 211 } |
206 | 212 |
207 void DestroyTransportChannel(TransportChannelImpl* channel) override { | 213 void DestroyTransportChannel(TransportChannelImpl* channel) override { |
208 // Kind of ugly, but this lets us do the exact inverse of the create. | 214 // Kind of ugly, but this lets us do the exact inverse of the create. |
209 DtlsTransportChannelWrapper* dtls_channel = | 215 DtlsTransportChannelWrapper* dtls_channel = |
210 static_cast<DtlsTransportChannelWrapper*>(channel); | 216 static_cast<DtlsTransportChannelWrapper*>(channel); |
211 TransportChannelImpl* base_channel = dtls_channel->channel(); | 217 TransportChannelImpl* base_channel = dtls_channel->channel(); |
212 delete dtls_channel; | 218 delete dtls_channel; |
213 Base::DestroyTransportChannel(base_channel); | 219 Base::DestroyTransportChannel(base_channel); |
214 } | 220 } |
215 | 221 |
216 bool GetSslRole(rtc::SSLRole* ssl_role) const override { | 222 bool GetSslRole_w(rtc::SSLRole* ssl_role) const override { |
| 223 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
217 ASSERT(ssl_role != NULL); | 224 ASSERT(ssl_role != NULL); |
218 *ssl_role = secure_role_; | 225 *ssl_role = secure_role_; |
219 return true; | 226 return true; |
220 } | 227 } |
221 | 228 |
222 private: | 229 private: |
223 bool ApplyNegotiatedTransportDescription(TransportChannelImpl* channel, | 230 bool ApplyNegotiatedTransportDescription_w( |
224 std::string* error_desc) override { | 231 TransportChannelImpl* channel, |
| 232 std::string* error_desc) override { |
| 233 RTC_DCHECK(Base::worker_thread()->IsCurrent()); |
225 // Set ssl role. Role must be set before fingerprint is applied, which | 234 // Set ssl role. Role must be set before fingerprint is applied, which |
226 // initiates DTLS setup. | 235 // initiates DTLS setup. |
227 if (!channel->SetSslRole(secure_role_)) { | 236 if (!channel->SetSslRole(secure_role_)) { |
228 return BadTransportDescription("Failed to set ssl role for the channel.", | 237 return BadTransportDescription("Failed to set ssl role for the channel.", |
229 error_desc); | 238 error_desc); |
230 } | 239 } |
231 // Apply remote fingerprint. | 240 // Apply remote fingerprint. |
232 if (!channel->SetRemoteFingerprint( | 241 if (!channel->SetRemoteFingerprint( |
233 remote_fingerprint_->algorithm, | 242 remote_fingerprint_->algorithm, |
234 reinterpret_cast<const uint8*>(remote_fingerprint_->digest.data()), | 243 reinterpret_cast<const uint8*>(remote_fingerprint_->digest.data()), |
235 remote_fingerprint_->digest.size())) { | 244 remote_fingerprint_->digest.size())) { |
236 return BadTransportDescription("Failed to apply remote fingerprint.", | 245 return BadTransportDescription("Failed to apply remote fingerprint.", |
237 error_desc); | 246 error_desc); |
238 } | 247 } |
239 return Base::ApplyNegotiatedTransportDescription(channel, error_desc); | 248 return Base::ApplyNegotiatedTransportDescription_w(channel, error_desc); |
240 } | 249 } |
241 | 250 |
242 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; | 251 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; |
243 rtc::SSLRole secure_role_; | 252 rtc::SSLRole secure_role_; |
244 rtc::SSLProtocolVersion ssl_max_version_; | 253 rtc::SSLProtocolVersion ssl_max_version_; |
245 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_; | 254 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_; |
246 }; | 255 }; |
247 | 256 |
248 } // namespace cricket | 257 } // namespace cricket |
249 | 258 |
250 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 259 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
OLD | NEW |