WebRTC uses DTLS in two ways:
The W3C WebRTC API represents this as the DtlsTransport.
The DTLS handshake happens after the ICE transport becomes writable and has found a valid pair. It results in a set of keys being derived for DTLS-SRTP as well as a fingerprint of the remote certificate which is compared to the one given in the SDP a=fingerprint:
line.
This documentation provides an overview of how DTLS is implemented, i.e how the following classes interact.
The webrtc::DtlsTransport
class is a wrapper around the cricket::DtlsTransportInternal
and allows registering observers implementing the webrtc::DtlsTransportObserverInterface. The [
webrtc::DtlsTransportObserverInterface](https://source.chromium.org/chromium/chromium/src/+/master:third_party/webrtc/api/dtls_transport_interface.h;l=76;drc=34437d5660a80393d631657329ef74c6538be25a) will provide updates to the observers, passing around a snapshot of the transports state such as the connection state, the remote certificate(s) and the SRTP ciphers as [
DtlsTransportInformation`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/webrtc/api/dtls_transport_interface.h;l=41;drc=34437d5660a80393d631657329ef74c6538be25a).
##cricket::DtlsTransportInternal The cricket::DtlsTransportInternal
class is an interface. Its implementation is cricket::DtlsTransport
. The cricket::DtlsTransport
sends and receives network packets via an ICE transport. It also demultiplexes DTLS packets and SRTP packets according to the scheme described in RFC 5764.
The webrtc::DtlsSrtpTransport
class is responsŃ–ble for extracting the SRTP keys after the DTLS handshake as well as protection and unprotection of SRTP packets via its cricket::SrtpSession
.