Chromium Code Reviews Chromium Code Reviews
Issue 1269843005:
Added DtlsCertificate, a ref counted object owning an SSLIdentity (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2012 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 12 matching lines...) Expand all Loading... | |
| 23 class PortAllocator; | 23 class PortAllocator; |
| 24 | 24 |
| 25 // Base should be a descendant of cricket::Transport | 25 // Base should be a descendant of cricket::Transport |
| 26 template<class Base> | 26 template<class Base> |
| 27 class DtlsTransport : public Base { | 27 class DtlsTransport : public Base { |
| 28 public: | 28 public: |
| 29 DtlsTransport(rtc::Thread* signaling_thread, | 29 DtlsTransport(rtc::Thread* signaling_thread, |
| 30 rtc::Thread* worker_thread, | 30 rtc::Thread* worker_thread, |
| 31 const std::string& content_name, | 31 const std::string& content_name, |
| 32 PortAllocator* allocator, | 32 PortAllocator* allocator, |
| 33 rtc::SSLIdentity* identity) | 33 const rtc::scoped_refptr<webrtc::DtlsCertificate>& certificate) |
| 34 : Base(signaling_thread, worker_thread, content_name, allocator), | 34 : Base(signaling_thread, worker_thread, content_name, allocator), |
| 35 identity_(identity), | 35 certificate_(certificate), |
| 36 secure_role_(rtc::SSL_CLIENT), | 36 secure_role_(rtc::SSL_CLIENT), |
| 37 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) { | 37 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10) { |
| 38 } | 38 } |
| 39 | 39 |
| 40 ~DtlsTransport() { | 40 ~DtlsTransport() { |
| 41 Base::DestroyAllChannels(); | 41 Base::DestroyAllChannels(); |
| 42 } | 42 } |
| 43 virtual void SetIdentity_w(rtc::SSLIdentity* identity) { | 43 void SetCertificate_w( |
| 44 identity_ = identity; | 44 const rtc::scoped_refptr<webrtc::DtlsCertificate>& certificate) override { |
| 45 certificate_ = certificate; | |
|
tommi (sloooow) - chröme
2015/08/18 14:49:35
would be good to have thread checks for methods th
| |
| 45 } | 46 } |
| 46 virtual bool GetIdentity_w(rtc::SSLIdentity** identity) { | 47 bool GetCertificate_w( |
| 47 if (!identity_) | 48 rtc::scoped_refptr<webrtc::DtlsCertificate>* certificate) override { |
| 49 if (!certificate_.get()) | |
| 48 return false; | 50 return false; |
| 49 | 51 |
| 50 *identity = identity_->GetReference(); | 52 *certificate = certificate_; |
| 51 return true; | 53 return true; |
| 52 } | 54 } |
| 53 | 55 |
| 54 virtual bool SetSslMaxProtocolVersion_w(rtc::SSLProtocolVersion version) { | 56 virtual bool SetSslMaxProtocolVersion_w(rtc::SSLProtocolVersion version) { |
| 55 ssl_max_version_ = version; | 57 ssl_max_version_ = version; |
| 56 return true; | 58 return true; |
| 57 } | 59 } |
| 58 | 60 |
| 59 virtual bool ApplyLocalTransportDescription_w(TransportChannelImpl* channel, | 61 virtual bool ApplyLocalTransportDescription_w(TransportChannelImpl* channel, |
| 60 std::string* error_desc) { | 62 std::string* error_desc) { |
| 61 rtc::SSLFingerprint* local_fp = | 63 rtc::SSLFingerprint* local_fp = |
| 62 Base::local_description()->identity_fingerprint.get(); | 64 Base::local_description()->identity_fingerprint.get(); |
| 63 | 65 |
| 64 if (local_fp) { | 66 if (local_fp) { |
| 65 // Sanity check local fingerprint. | 67 // Sanity check local fingerprint. |
| 66 if (identity_) { | 68 if (certificate_.get()) { |
| 67 rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp( | 69 rtc::scoped_ptr<rtc::SSLFingerprint> local_fp_tmp( |
| 68 rtc::SSLFingerprint::Create(local_fp->algorithm, | 70 rtc::SSLFingerprint::Create(local_fp->algorithm, |
| 69 identity_)); | 71 certificate_->identity())); |
| 70 ASSERT(local_fp_tmp.get() != NULL); | 72 ASSERT(local_fp_tmp.get() != NULL); |
| 71 if (!(*local_fp_tmp == *local_fp)) { | 73 if (!(*local_fp_tmp == *local_fp)) { |
| 72 std::ostringstream desc; | 74 std::ostringstream desc; |
| 73 desc << "Local fingerprint does not match identity. Expected: "; | 75 desc << "Local fingerprint does not match identity. Expected: "; |
| 74 desc << local_fp_tmp->ToString(); | 76 desc << local_fp_tmp->ToString(); |
| 75 desc << " Got: " << local_fp->ToString(); | 77 desc << " Got: " << local_fp->ToString(); |
| 76 return BadTransportDescription(desc.str(), error_desc); | 78 return BadTransportDescription(desc.str(), error_desc); |
| 77 } | 79 } |
| 78 } else { | 80 } else { |
| 79 return BadTransportDescription( | 81 return BadTransportDescription( |
| 80 "Local fingerprint provided but no identity available.", | 82 "Local fingerprint provided but no identity available.", |
| 81 error_desc); | 83 error_desc); |
| 82 } | 84 } |
| 83 } else { | 85 } else { |
| 84 identity_ = NULL; | 86 certificate_ = nullptr; |
| 85 } | 87 } |
| 86 | 88 |
| 87 if (!channel->SetLocalIdentity(identity_)) { | 89 if (!channel->SetLocalCertificate(certificate_)) { |
| 88 return BadTransportDescription("Failed to set local identity.", | 90 return BadTransportDescription("Failed to set local identity.", |
| 89 error_desc); | 91 error_desc); |
| 90 } | 92 } |
| 91 | 93 |
| 92 // Apply the description in the base class. | 94 // Apply the description in the base class. |
| 93 return Base::ApplyLocalTransportDescription_w(channel, error_desc); | 95 return Base::ApplyLocalTransportDescription_w(channel, error_desc); |
| 94 } | 96 } |
| 95 | 97 |
| 96 virtual bool NegotiateTransportDescription_w(ContentAction local_role, | 98 virtual bool NegotiateTransportDescription_w(ContentAction local_role, |
| 97 std::string* error_desc) { | 99 std::string* error_desc) { |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 230 if (!channel->SetRemoteFingerprint( | 232 if (!channel->SetRemoteFingerprint( |
| 231 remote_fingerprint_->algorithm, | 233 remote_fingerprint_->algorithm, |
| 232 reinterpret_cast<const uint8*>(remote_fingerprint_->digest.data()), | 234 reinterpret_cast<const uint8*>(remote_fingerprint_->digest.data()), |
| 233 remote_fingerprint_->digest.size())) { | 235 remote_fingerprint_->digest.size())) { |
| 234 return BadTransportDescription("Failed to apply remote fingerprint.", | 236 return BadTransportDescription("Failed to apply remote fingerprint.", |
| 235 error_desc); | 237 error_desc); |
| 236 } | 238 } |
| 237 return Base::ApplyNegotiatedTransportDescription_w(channel, error_desc); | 239 return Base::ApplyNegotiatedTransportDescription_w(channel, error_desc); |
| 238 } | 240 } |
| 239 | 241 |
| 240 rtc::SSLIdentity* identity_; | 242 rtc::scoped_refptr<webrtc::DtlsCertificate> certificate_; |
| 241 rtc::SSLRole secure_role_; | 243 rtc::SSLRole secure_role_; |
| 242 rtc::SSLProtocolVersion ssl_max_version_; | 244 rtc::SSLProtocolVersion ssl_max_version_; |
| 243 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_; | 245 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint_; |
| 244 }; | 246 }; |
| 245 | 247 |
| 246 } // namespace cricket | 248 } // namespace cricket |
| 247 | 249 |
| 248 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ | 250 #endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_ |
| OLD | NEW |
