Expose RTCSSLCertificateVerifier from iOS SDK.
Bug: webrtc:11710
Change-Id: I825c6350a71b2ff180520f8643cbd4d6febdc883
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254821
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Yura Yaroshevich <yura.yaroshevich@gmail.com>
Cr-Commit-Position: refs/heads/main@{#36284}
diff --git a/sdk/BUILD.gn b/sdk/BUILD.gn
index a8e246d..729a222 100644
--- a/sdk/BUILD.gn
+++ b/sdk/BUILD.gn
@@ -101,6 +101,7 @@
"objc/base/RTCMacros.h",
"objc/base/RTCMutableI420Buffer.h",
"objc/base/RTCMutableYUVPlanarBuffer.h",
+ "objc/base/RTCSSLCertificateVerifier.h",
"objc/base/RTCVideoCapturer.h",
"objc/base/RTCVideoCapturer.m",
"objc/base/RTCVideoCodecInfo.h",
@@ -1233,6 +1234,7 @@
"objc/base/RTCMacros.h",
"objc/base/RTCMutableI420Buffer.h",
"objc/base/RTCMutableYUVPlanarBuffer.h",
+ "objc/base/RTCSSLCertificateVerifier.h",
"objc/base/RTCVideoCapturer.h",
"objc/base/RTCVideoCodecInfo.h",
"objc/base/RTCVideoDecoder.h",
@@ -1429,6 +1431,7 @@
"objc/base/RTCMacros.h",
"objc/base/RTCMutableI420Buffer.h",
"objc/base/RTCMutableYUVPlanarBuffer.h",
+ "objc/base/RTCSSLCertificateVerifier.h",
"objc/base/RTCVideoCapturer.h",
"objc/base/RTCVideoCodecInfo.h",
"objc/base/RTCVideoDecoder.h",
@@ -1528,6 +1531,8 @@
sources = [
"objc/native/api/network_monitor_factory.h",
"objc/native/api/network_monitor_factory.mm",
+ "objc/native/api/ssl_certificate_verifier.h",
+ "objc/native/api/ssl_certificate_verifier.mm",
"objc/native/api/video_capturer.h",
"objc/native/api/video_capturer.mm",
"objc/native/api/video_decoder_factory.h",
diff --git a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h
index 43ee420..00f2ef7 100644
--- a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h
+++ b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h
@@ -68,6 +68,8 @@
};
} // namespace webrtc
+@protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier);
@interface RTC_OBJC_TYPE (RTCPeerConnection)
()
@@ -83,11 +85,12 @@
/** Initialize an RTCPeerConnection with a configuration, constraints, and
* delegate.
*/
-- (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
- configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
- constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
- delegate:
- (nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+- (nullable instancetype)
+ initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
+ configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+ constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+ certificateVerifier:(nullable id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+ delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
/** Initialize an RTCPeerConnection with a configuration, constraints,
* delegate and PeerConnectionDependencies.
diff --git a/sdk/objc/api/peerconnection/RTCPeerConnection.mm b/sdk/objc/api/peerconnection/RTCPeerConnection.mm
index 7db986c..203fa4a 100644
--- a/sdk/objc/api/peerconnection/RTCPeerConnection.mm
+++ b/sdk/objc/api/peerconnection/RTCPeerConnection.mm
@@ -34,6 +34,7 @@
#include "api/set_remote_description_observer_interface.h"
#include "rtc_base/checks.h"
#include "rtc_base/numerics/safe_conversions.h"
+#include "sdk/objc/native/api/ssl_certificate_verifier.h"
NSString *const kRTCPeerConnectionErrorDomain = @"org.webrtc.RTC_OBJC_TYPE(RTCPeerConnection)";
int const kRTCPeerConnnectionSessionDescriptionError = -1;
@@ -336,10 +337,15 @@
- (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+ certificateVerifier:
+ (nullable id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
delegate:(id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate {
NSParameterAssert(factory);
std::unique_ptr<webrtc::PeerConnectionDependencies> dependencies =
std::make_unique<webrtc::PeerConnectionDependencies>(nullptr);
+ if (certificateVerifier != nil) {
+ dependencies->tls_cert_verifier = webrtc::ObjCToNativeCertificateVerifier(certificateVerifier);
+ }
return [self initWithDependencies:factory
configuration:configuration
constraints:constraints
diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h
index 7891352..88aac99 100644
--- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h
+++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h
@@ -29,6 +29,8 @@
(RTCVideoDecoderFactory);
@protocol RTC_OBJC_TYPE
(RTCVideoEncoderFactory);
+@protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier);
RTC_OBJC_EXPORT
@interface RTC_OBJC_TYPE (RTCPeerConnectionFactory) : NSObject
@@ -82,6 +84,13 @@
constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *)
+ peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+ constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+ certificateVerifier:
+ (id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+ delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+
/** Set the options to be used for subsequently created RTCPeerConnections */
- (void)setOptions:(nonnull RTC_OBJC_TYPE(RTCPeerConnectionFactoryOptions) *)options;
diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm
index 63ba934..f7a1755 100644
--- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm
+++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm
@@ -27,6 +27,7 @@
#import "helpers/NSString+StdString.h"
#include "rtc_base/checks.h"
#include "sdk/objc/native/api/network_monitor_factory.h"
+#include "sdk/objc/native/api/ssl_certificate_verifier.h"
#include "system_wrappers/include/field_trial.h"
#ifndef HAVE_NO_MEDIA
@@ -272,6 +273,21 @@
return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self
configuration:configuration
constraints:constraints
+ certificateVerifier:nil
+ delegate:delegate];
+}
+
+- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *)
+ peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+ constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+ certificateVerifier:
+ (id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+ delegate:
+ (nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate {
+ return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self
+ configuration:configuration
+ constraints:constraints
+ certificateVerifier:certificateVerifier
delegate:delegate];
}
diff --git a/sdk/objc/base/RTCSSLCertificateVerifier.h b/sdk/objc/base/RTCSSLCertificateVerifier.h
new file mode 100644
index 0000000..53da0cc
--- /dev/null
+++ b/sdk/objc/base/RTCSSLCertificateVerifier.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import <Foundation/Foundation.h>
+
+#import "RTCMacros.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+RTC_OBJC_EXPORT @protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier)<NSObject>
+
+ /** The certificate to verify */
+ - (BOOL)verify : (NSData *)derCertificate;
+
+@end
+
+NS_ASSUME_NONNULL_END
diff --git a/sdk/objc/native/api/ssl_certificate_verifier.h b/sdk/objc/native/api/ssl_certificate_verifier.h
new file mode 100644
index 0000000..35ab1be
--- /dev/null
+++ b/sdk/objc/native/api/ssl_certificate_verifier.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
+#define SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
+
+#include <memory>
+
+#import "RTCSSLCertificateVerifier.h"
+#include "rtc_base/ssl_certificate.h"
+
+namespace webrtc {
+
+std::unique_ptr<rtc::SSLCertificateVerifier> ObjCToNativeCertificateVerifier(
+ id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier);
+
+} // namespace webrtc
+
+#endif // SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
diff --git a/sdk/objc/native/api/ssl_certificate_verifier.mm b/sdk/objc/native/api/ssl_certificate_verifier.mm
new file mode 100644
index 0000000..4437402
--- /dev/null
+++ b/sdk/objc/native/api/ssl_certificate_verifier.mm
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import "ssl_certificate_verifier.h"
+
+#include "rtc_base/buffer.h"
+
+namespace {
+
+class SSLCertificateVerifierAdapter final : public rtc::SSLCertificateVerifier {
+ public:
+ SSLCertificateVerifierAdapter(
+ id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier)
+ : objc_certificate_verifier_(objc_certificate_verifier) {
+ RTC_DCHECK(objc_certificate_verifier_ != nil);
+ }
+
+ bool Verify(const rtc::SSLCertificate& certificate) override {
+ @autoreleasepool {
+ rtc::Buffer der_buffer;
+ certificate.ToDER(&der_buffer);
+ NSData* serialized_certificate = [[NSData alloc] initWithBytes:der_buffer.data()
+ length:der_buffer.size()];
+ return [objc_certificate_verifier_ verify:serialized_certificate];
+ }
+ }
+
+ private:
+ id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier_;
+};
+
+}
+
+namespace webrtc {
+
+std::unique_ptr<rtc::SSLCertificateVerifier> ObjCToNativeCertificateVerifier(
+ id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier) {
+ return std::make_unique<SSLCertificateVerifierAdapter>(objc_certificate_verifier);
+}
+
+} // namespace webrtc
