Revert of Replacing DtlsIdentityStoreInterface with RTCCertificateGeneratorInterface. (patchset #2 id:20001 of https://codereview.webrtc.org/2013523002/ )
Reason for revert:
There are more CreatePeerConnection calls than I anticipated/had found in Chromium, like remoting/protocol/webrtc_transport.cc. Reverting due to broken Chromium FYI bots.
Original issue's description:
> Replacing DtlsIdentityStoreInterface with RTCCertificateGeneratorInterface.
>
> The store was used in WebRtcSessionDescriptionFactory to generate certificates,
> now a generator is used instead (new API). PeerConnection[Factory][Interface],
> and WebRtcSession are updated to pass generators all the way down to the
> WebRtcSessionDescriptionFactory instead of stores.
>
> The webrtc implementation of a generator, RTCCertificateGenerator, is used as
> the default generator (peerconnectionfactory.cc:189) instead of the webrtc
> implementation of a store, DtlsIdentityStoreImpl.
> The generator is fully parameterized and does not generate RSA-1024 unless you
> ask for it (which makes sense not to do beforehand since ECDSA is now default).
> The store was not fully parameterized (known filed bug).
>
> The "top" layer, PeerConnectionFactoryInterface::CreatePeerConnection, is
> updated to take a generator instead of a store. But as to not break Chromium,
> the old function signature taking a store is kept. It is implemented to invoke
> the generator version by wrapping the store in an
> RTCCertificateGeneratorStoreWrapper. As soon as Chromium is updated to use the
> new function signature we can remove the old CreatePeerConnection.
> Due to having multiple CreatePeerConnection signatures, some calling places
> are updated to resolve the ambiguity introduced.
>
> BUG=webrtc:5707, webrtc:5708
> R=phoglund@webrtc.org, tommi@webrtc.org
> TBR=tkchin@webrc.org
>
> Committed: https://chromium.googlesource.com/external/webrtc/+/400781a2091d09a725b32c6953247036b22478e8
TBR=tkchin@webrtc.org,tommi@webrtc.org,phoglund@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:5707, webrtc:5708
Review-Url: https://codereview.webrtc.org/2020633002
Cr-Commit-Position: refs/heads/master@{#12948}
diff --git a/talk/app/webrtc/objc/RTCPeerConnection.mm b/talk/app/webrtc/objc/RTCPeerConnection.mm
index 6ec7edc..da092c8 100644
--- a/talk/app/webrtc/objc/RTCPeerConnection.mm
+++ b/talk/app/webrtc/objc/RTCPeerConnection.mm
@@ -279,11 +279,7 @@
config.servers = iceServers;
_observer.reset(new webrtc::RTCPeerConnectionObserver(self));
_peerConnection = factory->CreatePeerConnection(
- config,
- constraints,
- nullptr,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
- _observer.get());
+ config, constraints, nullptr, nullptr, _observer.get());
_localStreams = [[NSMutableArray alloc] init];
}
return self;
@@ -297,12 +293,7 @@
if (self = [super init]) {
_observer.reset(new webrtc::RTCPeerConnectionObserver(self));
_peerConnection =
- factory->CreatePeerConnection(
- config,
- constraints,
- nullptr,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
- _observer.get());
+ factory->CreatePeerConnection(config, constraints, nullptr, nullptr, _observer.get());
_localStreams = [[NSMutableArray alloc] init];
_delegate = delegate;
}
diff --git a/webrtc/api/java/jni/peerconnection_jni.cc b/webrtc/api/java/jni/peerconnection_jni.cc
index af9b548..a075805 100644
--- a/webrtc/api/java/jni/peerconnection_jni.cc
+++ b/webrtc/api/java/jni/peerconnection_jni.cc
@@ -1603,11 +1603,7 @@
PCOJava* observer = reinterpret_cast<PCOJava*>(observer_p);
observer->SetConstraints(new ConstraintsWrapper(jni, j_constraints));
rtc::scoped_refptr<PeerConnectionInterface> pc(f->CreatePeerConnection(
- rtc_config,
- observer->constraints(),
- nullptr,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
- observer));
+ rtc_config, observer->constraints(), NULL, NULL, observer));
return (jlong)pc.release();
}
diff --git a/webrtc/api/peerconnection.cc b/webrtc/api/peerconnection.cc
index 6ffe1b9..581159f 100644
--- a/webrtc/api/peerconnection.cc
+++ b/webrtc/api/peerconnection.cc
@@ -566,7 +566,7 @@
bool PeerConnection::Initialize(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
PeerConnectionObserver* observer) {
TRACE_EVENT0("webrtc", "PeerConnection::Initialize");
RTC_DCHECK(observer != nullptr);
@@ -594,7 +594,7 @@
stats_.reset(new StatsCollector(this));
// Initialize the WebRtcSession. It creates transport channels etc.
- if (!session_->Initialize(factory_->options(), std::move(cert_generator),
+ if (!session_->Initialize(factory_->options(), std::move(dtls_identity_store),
configuration)) {
return false;
}
diff --git a/webrtc/api/peerconnection.h b/webrtc/api/peerconnection.h
index a683e8d..cf9e3b9 100644
--- a/webrtc/api/peerconnection.h
+++ b/webrtc/api/peerconnection.h
@@ -16,6 +16,7 @@
#include <memory>
#include <vector>
+#include "webrtc/api/dtlsidentitystore.h"
#include "webrtc/api/peerconnectionfactory.h"
#include "webrtc/api/peerconnectioninterface.h"
#include "webrtc/api/rtpreceiverinterface.h"
@@ -69,7 +70,7 @@
bool Initialize(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
PeerConnectionObserver* observer);
rtc::scoped_refptr<StreamCollectionInterface> local_streams() override;
diff --git a/webrtc/api/peerconnectionfactory.cc b/webrtc/api/peerconnectionfactory.cc
index 9a58452..a91589a 100644
--- a/webrtc/api/peerconnectionfactory.cc
+++ b/webrtc/api/peerconnectionfactory.cc
@@ -36,27 +36,25 @@
namespace {
-// Passes down the calls to |cert_generator_|. See usage in
-// |CreatePeerConnection|.
-class RTCCertificateGeneratorWrapper
- : public rtc::RTCCertificateGeneratorInterface {
+// Passes down the calls to |store_|. See usage in CreatePeerConnection.
+class DtlsIdentityStoreWrapper : public DtlsIdentityStoreInterface {
public:
- RTCCertificateGeneratorWrapper(
- const rtc::scoped_refptr<RefCountedRTCCertificateGenerator>& cert_gen)
- : cert_generator_(cert_gen) {
- RTC_DCHECK(cert_generator_);
+ DtlsIdentityStoreWrapper(
+ const rtc::scoped_refptr<RefCountedDtlsIdentityStore>& store)
+ : store_(store) {
+ RTC_DCHECK(store_);
}
- void GenerateCertificateAsync(
+ void RequestIdentity(
const rtc::KeyParams& key_params,
const rtc::Optional<uint64_t>& expires_ms,
- const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>& callback)
- override {
- cert_generator_->GenerateCertificateAsync(key_params, expires_ms, callback);
+ const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
+ observer) override {
+ store_->RequestIdentity(key_params, expires_ms, observer);
}
private:
- rtc::scoped_refptr<RefCountedRTCCertificateGenerator> cert_generator_;
+ rtc::scoped_refptr<RefCountedDtlsIdentityStore> store_;
};
} // anonymous namespace
@@ -143,9 +141,9 @@
channel_manager_.reset(nullptr);
// Make sure |worker_thread_| and |signaling_thread_| outlive
- // |cert_generator_|, |default_socket_factory_| and
+ // |dtls_identity_store_|, |default_socket_factory_| and
// |default_network_manager_|.
- cert_generator_ = nullptr;
+ dtls_identity_store_ = nullptr;
default_socket_factory_ = nullptr;
default_network_manager_ = nullptr;
@@ -186,8 +184,8 @@
return false;
}
- cert_generator_ =
- new RefCountedRTCCertificateGenerator(signaling_thread_, network_thread_);
+ dtls_identity_store_ =
+ new RefCountedDtlsIdentityStore(signaling_thread_, network_thread_);
return true;
}
@@ -257,7 +255,7 @@
const PeerConnectionInterface::RTCConfiguration& configuration_in,
const MediaConstraintsInterface* constraints,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
PeerConnectionObserver* observer) {
RTC_DCHECK(signaling_thread_->IsCurrent());
@@ -266,23 +264,23 @@
CopyConstraintsIntoRtcConfiguration(constraints, &configuration);
return CreatePeerConnection(configuration, std::move(allocator),
- std::move(cert_generator), observer);
+ std::move(dtls_identity_store), observer);
}
rtc::scoped_refptr<PeerConnectionInterface>
PeerConnectionFactory::CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
PeerConnectionObserver* observer) {
RTC_DCHECK(signaling_thread_->IsCurrent());
- if (!cert_generator.get()) {
- // Because |pc|->Initialize takes ownership of the generator we need a new
+ if (!dtls_identity_store.get()) {
+ // Because |pc|->Initialize takes ownership of the store we need a new
// wrapper object that can be deleted without deleting the underlying
- // |cert_generator_|, protecting it from being deleted multiple times.
- cert_generator.reset(
- new RTCCertificateGeneratorWrapper(cert_generator_));
+ // |dtls_identity_store_|, protecting it from being deleted multiple times.
+ dtls_identity_store.reset(
+ new DtlsIdentityStoreWrapper(dtls_identity_store_));
}
if (!allocator) {
@@ -297,7 +295,7 @@
new rtc::RefCountedObject<PeerConnection>(this));
if (!pc->Initialize(configuration, std::move(allocator),
- std::move(cert_generator), observer)) {
+ std::move(dtls_identity_store), observer)) {
return nullptr;
}
return PeerConnectionProxy::Create(signaling_thread(), pc);
diff --git a/webrtc/api/peerconnectionfactory.h b/webrtc/api/peerconnectionfactory.h
index 66561ad..21165cf 100644
--- a/webrtc/api/peerconnectionfactory.h
+++ b/webrtc/api/peerconnectionfactory.h
@@ -14,12 +14,12 @@
#include <memory>
#include <string>
+#include "webrtc/api/dtlsidentitystore.h"
#include "webrtc/api/mediacontroller.h"
#include "webrtc/api/mediastreaminterface.h"
#include "webrtc/api/peerconnectioninterface.h"
#include "webrtc/base/scoped_ref_ptr.h"
#include "webrtc/base/thread.h"
-#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/pc/channelmanager.h"
namespace rtc {
@@ -29,8 +29,8 @@
namespace webrtc {
-typedef rtc::RefCountedObject<rtc::RTCCertificateGenerator>
- RefCountedRTCCertificateGenerator;
+typedef rtc::RefCountedObject<DtlsIdentityStoreImpl>
+ RefCountedDtlsIdentityStore;
class PeerConnectionFactory : public PeerConnectionFactoryInterface {
public:
@@ -43,13 +43,13 @@
const PeerConnectionInterface::RTCConfiguration& configuration,
const MediaConstraintsInterface* constraints,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
PeerConnectionObserver* observer) override;
virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
PeerConnectionObserver* observer) override;
bool Initialize();
@@ -129,7 +129,7 @@
std::unique_ptr<rtc::BasicNetworkManager> default_network_manager_;
std::unique_ptr<rtc::BasicPacketSocketFactory> default_socket_factory_;
- rtc::scoped_refptr<RefCountedRTCCertificateGenerator> cert_generator_;
+ rtc::scoped_refptr<RefCountedDtlsIdentityStore> dtls_identity_store_;
};
} // namespace webrtc
diff --git a/webrtc/api/peerconnectionfactoryproxy.h b/webrtc/api/peerconnectionfactoryproxy.h
index f0dea42..c357de9 100644
--- a/webrtc/api/peerconnectionfactoryproxy.h
+++ b/webrtc/api/peerconnectionfactoryproxy.h
@@ -29,7 +29,7 @@
const PeerConnectionInterface::RTCConfiguration& a1,
const MediaConstraintsInterface* a2,
std::unique_ptr<cricket::PortAllocator> a3,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> a4,
+ std::unique_ptr<DtlsIdentityStoreInterface> a4,
PeerConnectionObserver* a5) override {
return signaling_thread_
->Invoke<rtc::scoped_refptr<PeerConnectionInterface>>(
@@ -39,7 +39,7 @@
rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& a1,
std::unique_ptr<cricket::PortAllocator> a3,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> a4,
+ std::unique_ptr<DtlsIdentityStoreInterface> a4,
PeerConnectionObserver* a5) override {
return signaling_thread_
->Invoke<rtc::scoped_refptr<PeerConnectionInterface>>(
@@ -77,10 +77,10 @@
const PeerConnectionInterface::RTCConfiguration& a1,
const MediaConstraintsInterface* a2,
cricket::PortAllocator* a3,
- rtc::RTCCertificateGeneratorInterface* a4,
+ DtlsIdentityStoreInterface* a4,
PeerConnectionObserver* a5) {
std::unique_ptr<cricket::PortAllocator> ptr_a3(a3);
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> ptr_a4(a4);
+ std::unique_ptr<DtlsIdentityStoreInterface> ptr_a4(a4);
return c_->CreatePeerConnection(a1, a2, std::move(ptr_a3),
std::move(ptr_a4), a5);
}
@@ -88,10 +88,10 @@
rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection_ot(
const PeerConnectionInterface::RTCConfiguration& a1,
cricket::PortAllocator* a3,
- rtc::RTCCertificateGeneratorInterface* a4,
+ DtlsIdentityStoreInterface* a4,
PeerConnectionObserver* a5) {
std::unique_ptr<cricket::PortAllocator> ptr_a3(a3);
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> ptr_a4(a4);
+ std::unique_ptr<DtlsIdentityStoreInterface> ptr_a4(a4);
return c_->CreatePeerConnection(a1, std::move(ptr_a3), std::move(ptr_a4),
a5);
}
diff --git a/webrtc/api/peerconnectioninterface.h b/webrtc/api/peerconnectioninterface.h
index caa6b31..4fa9bf2 100644
--- a/webrtc/api/peerconnectioninterface.h
+++ b/webrtc/api/peerconnectioninterface.h
@@ -68,7 +68,6 @@
#include "webrtc/base/fileutils.h"
#include "webrtc/base/network.h"
#include "webrtc/base/rtccertificate.h"
-#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/base/socketaddress.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/media/base/mediachannel.h"
@@ -581,48 +580,14 @@
const PeerConnectionInterface::RTCConfiguration& configuration,
const MediaConstraintsInterface* constraints,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
- PeerConnectionObserver* observer) = 0;
- // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
- // as Chromium stops using this version. See bugs.webrtc.org/5707,
- // bugs.webrtc.org/5708.
- rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
- const PeerConnectionInterface::RTCConfiguration& configuration,
- const MediaConstraintsInterface* constraints,
- std::unique_ptr<cricket::PortAllocator> allocator,
std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
- PeerConnectionObserver* observer) {
- return CreatePeerConnection(
- configuration,
- constraints,
- std::move(allocator),
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
- dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
- std::move(dtls_identity_store)) : nullptr),
- observer);
- }
+ PeerConnectionObserver* observer) = 0;
virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
- PeerConnectionObserver* observer) = 0;
- // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
- // as Chromium stops using this version. See bugs.webrtc.org/5707,
- // bugs.webrtc.org/5708.
- rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
- const PeerConnectionInterface::RTCConfiguration& configuration,
- std::unique_ptr<cricket::PortAllocator> allocator,
std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
- PeerConnectionObserver* observer) {
- return CreatePeerConnection(
- configuration,
- std::move(allocator),
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
- dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
- std::move(dtls_identity_store)) : nullptr),
- observer);
- }
+ PeerConnectionObserver* observer) = 0;
virtual rtc::scoped_refptr<MediaStreamInterface>
CreateLocalMediaStream(const std::string& label) = 0;
diff --git a/webrtc/api/peerconnectioninterface_unittest.cc b/webrtc/api/peerconnectioninterface_unittest.cc
index 8ced9a7..d2f0ad1 100644
--- a/webrtc/api/peerconnectioninterface_unittest.cc
+++ b/webrtc/api/peerconnectioninterface_unittest.cc
@@ -616,12 +616,8 @@
config.servers.push_back(server);
scoped_refptr<PeerConnectionInterface> pc;
- pc = pc_factory_->CreatePeerConnection(
- config,
- nullptr,
- nullptr,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
- &observer_);
+ pc = pc_factory_->CreatePeerConnection(config, nullptr, nullptr, nullptr,
+ &observer_);
EXPECT_EQ(nullptr, pc);
}
diff --git a/webrtc/api/webrtcsession.cc b/webrtc/api/webrtcsession.cc
index 0699308..24eb593 100644
--- a/webrtc/api/webrtcsession.cc
+++ b/webrtc/api/webrtcsession.cc
@@ -512,7 +512,7 @@
bool WebRtcSession::Initialize(
const PeerConnectionFactoryInterface::Options& options,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
bundle_policy_ = rtc_configuration.bundle_policy;
rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
@@ -533,7 +533,7 @@
dtls_enabled_ = false;
} else {
// Enable DTLS by default if we have an identity store or a certificate.
- dtls_enabled_ = (cert_generator || certificate);
+ dtls_enabled_ = (dtls_identity_store || certificate);
// |rtc_configuration| can override the default |dtls_enabled_| value.
if (rtc_configuration.enable_dtls_srtp) {
dtls_enabled_ = *(rtc_configuration.enable_dtls_srtp);
@@ -566,18 +566,19 @@
if (!dtls_enabled_) {
// Construct with DTLS disabled.
webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
- signaling_thread(), channel_manager_, this, id(),
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>()));
+ signaling_thread(), channel_manager_, this, id()));
} else {
// Construct with DTLS enabled.
if (!certificate) {
+ // Use the |dtls_identity_store| to generate a certificate.
+ RTC_DCHECK(dtls_identity_store);
webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
- signaling_thread(), channel_manager_, this, id(),
- std::move(cert_generator)));
+ signaling_thread(), channel_manager_, std::move(dtls_identity_store),
+ this, id()));
} else {
// Use the already generated certificate.
webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
- signaling_thread(), channel_manager_, this, id(), certificate));
+ signaling_thread(), channel_manager_, certificate, this, id()));
}
}
diff --git a/webrtc/api/webrtcsession.h b/webrtc/api/webrtcsession.h
index dd47229..98217bf 100644
--- a/webrtc/api/webrtcsession.h
+++ b/webrtc/api/webrtcsession.h
@@ -153,7 +153,7 @@
bool Initialize(
const PeerConnectionFactoryInterface::Options& options,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
const PeerConnectionInterface::RTCConfiguration& rtc_configuration);
// Deletes the voice, video and data channel and changes the session state
// to STATE_CLOSED.
diff --git a/webrtc/api/webrtcsession_unittest.cc b/webrtc/api/webrtcsession_unittest.cc
index 571e199..4207c24 100644
--- a/webrtc/api/webrtcsession_unittest.cc
+++ b/webrtc/api/webrtcsession_unittest.cc
@@ -397,10 +397,7 @@
EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew,
observer_.ice_gathering_state_);
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
- dtls_identity_store ? new webrtc::RTCCertificateGeneratorStoreWrapper(
- std::move(dtls_identity_store)) : nullptr);
- EXPECT_TRUE(session_->Initialize(options_, std::move(cert_generator),
+ EXPECT_TRUE(session_->Initialize(options_, std::move(dtls_identity_store),
configuration_));
session_->set_metrics_observer(metrics_observer_);
}
diff --git a/webrtc/api/webrtcsessiondescriptionfactory.cc b/webrtc/api/webrtcsessiondescriptionfactory.cc
index 08392e5..e88262f 100644
--- a/webrtc/api/webrtcsessiondescriptionfactory.cc
+++ b/webrtc/api/webrtcsessiondescriptionfactory.cc
@@ -12,6 +12,7 @@
#include <utility>
+#include "webrtc/api/dtlsidentitystore.h"
#include "webrtc/api/jsep.h"
#include "webrtc/api/jsepsessiondescription.h"
#include "webrtc/api/mediaconstraintsinterface.h"
@@ -67,13 +68,28 @@
};
} // namespace
-void WebRtcCertificateGeneratorCallback::OnFailure() {
- SignalRequestFailed();
+void WebRtcIdentityRequestObserver::OnFailure(int error) {
+ SignalRequestFailed(error);
}
-void WebRtcCertificateGeneratorCallback::OnSuccess(
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
- SignalCertificateReady(certificate);
+void WebRtcIdentityRequestObserver::OnSuccess(
+ const std::string& der_cert, const std::string& der_private_key) {
+ std::string pem_cert = rtc::SSLIdentity::DerToPem(
+ rtc::kPemTypeCertificate,
+ reinterpret_cast<const unsigned char*>(der_cert.data()),
+ der_cert.length());
+ std::string pem_key = rtc::SSLIdentity::DerToPem(
+ rtc::kPemTypeRsaPrivateKey,
+ reinterpret_cast<const unsigned char*>(der_private_key.data()),
+ der_private_key.length());
+ std::unique_ptr<rtc::SSLIdentity> identity(
+ rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert));
+ SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity)));
+}
+
+void WebRtcIdentityRequestObserver::OnSuccess(
+ std::unique_ptr<rtc::SSLIdentity> identity) {
+ SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity)));
}
// static
@@ -111,10 +127,12 @@
WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
+ identity_request_observer,
WebRtcSession* session,
const std::string& session_id,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
+ bool dtls_enabled)
: signaling_thread_(signaling_thread),
session_desc_factory_(channel_manager, &transport_desc_factory_),
// RFC 4566 suggested a Network Time Protocol (NTP) format timestamp
@@ -122,81 +140,89 @@
// to just use a random number as session id and start version from
// |kInitSessionVersion|.
session_version_(kInitSessionVersion),
- cert_generator_(std::move(cert_generator)),
+ dtls_identity_store_(std::move(dtls_identity_store)),
+ identity_request_observer_(identity_request_observer),
session_(session),
session_id_(session_id),
certificate_request_state_(CERTIFICATE_NOT_NEEDED) {
- RTC_DCHECK(signaling_thread_);
session_desc_factory_.set_add_legacy_streams(false);
- bool dtls_enabled = cert_generator_ || certificate;
// SRTP-SDES is disabled if DTLS is on.
SetSdesPolicy(dtls_enabled ? cricket::SEC_DISABLED : cricket::SEC_REQUIRED);
- if (!dtls_enabled) {
- LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
- return;
- }
-
- if (certificate) {
- // Use |certificate|.
- certificate_request_state_ = CERTIFICATE_WAITING;
-
- LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
- // We already have a certificate but we wait to do |SetIdentity|; if we do
- // it in the constructor then the caller has not had a chance to connect to
- // |SignalCertificateReady|.
- signaling_thread_->Post(
- this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
- new rtc::ScopedRefMessageData<rtc::RTCCertificate>(certificate));
- } else {
- // Generate certificate.
- certificate_request_state_ = CERTIFICATE_WAITING;
-
- rtc::scoped_refptr<WebRtcCertificateGeneratorCallback> callback(
- new rtc::RefCountedObject<WebRtcCertificateGeneratorCallback>());
- callback->SignalRequestFailed.connect(
- this, &WebRtcSessionDescriptionFactory::OnCertificateRequestFailed);
- callback->SignalCertificateReady.connect(
- this, &WebRtcSessionDescriptionFactory::SetCertificate);
-
- rtc::KeyParams key_params = rtc::KeyParams();
- LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
- << "type: " << key_params.type() << ").";
-
- // Request certificate. This happens asynchronously, so that the caller gets
- // a chance to connect to |SignalCertificateReady|.
- cert_generator_->GenerateCertificateAsync(
- key_params, rtc::Optional<uint64_t>(), callback);
- }
}
WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
WebRtcSession* session,
- const std::string& session_id,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator)
+ const std::string& session_id)
+ : WebRtcSessionDescriptionFactory(signaling_thread,
+ channel_manager,
+ nullptr,
+ nullptr,
+ session,
+ session_id,
+ false) {
+ LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
+}
+
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+ rtc::Thread* signaling_thread,
+ cricket::ChannelManager* channel_manager,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ WebRtcSession* session,
+ const std::string& session_id)
: WebRtcSessionDescriptionFactory(
signaling_thread,
channel_manager,
+ std::move(dtls_identity_store),
+ new rtc::RefCountedObject<WebRtcIdentityRequestObserver>(),
session,
session_id,
- std::move(cert_generator),
- nullptr) {
+ true) {
+ RTC_DCHECK(dtls_identity_store_);
+
+ certificate_request_state_ = CERTIFICATE_WAITING;
+
+ identity_request_observer_->SignalRequestFailed.connect(
+ this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
+ identity_request_observer_->SignalCertificateReady.connect(
+ this, &WebRtcSessionDescriptionFactory::SetCertificate);
+
+ rtc::KeyParams key_params = rtc::KeyParams();
+ LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
+ << "type: " << key_params.type() << ").";
+
+ // Request identity. This happens asynchronously, so the caller will have a
+ // chance to connect to SignalIdentityReady.
+ dtls_identity_store_->RequestIdentity(key_params,
+ rtc::Optional<uint64_t>(),
+ identity_request_observer_);
}
WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate,
WebRtcSession* session,
- const std::string& session_id,
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
+ const std::string& session_id)
: WebRtcSessionDescriptionFactory(signaling_thread,
channel_manager,
+ nullptr,
+ nullptr,
session,
session_id,
- nullptr,
- certificate) {
+ true) {
RTC_DCHECK(certificate);
+
+ certificate_request_state_ = CERTIFICATE_WAITING;
+
+ LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
+ // We already have a certificate but we wait to do SetIdentity; if we do
+ // it in the constructor then the caller has not had a chance to connect to
+ // SignalIdentityReady.
+ signaling_thread_->Post(
+ this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
+ new rtc::ScopedRefMessageData<rtc::RTCCertificate>(certificate));
}
WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() {
@@ -462,10 +488,10 @@
signaling_thread_->Post(this, MSG_CREATE_SESSIONDESCRIPTION_SUCCESS, msg);
}
-void WebRtcSessionDescriptionFactory::OnCertificateRequestFailed() {
+void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) {
ASSERT(signaling_thread_->IsCurrent());
- LOG(LS_ERROR) << "Asynchronous certificate generation request failed.";
+ LOG(LS_ERROR) << "Async identity request failed: error = " << error;
certificate_request_state_ = CERTIFICATE_FAILED;
FailPendingRequests(kFailedDueToIdentityFailed);
@@ -474,7 +500,7 @@
void WebRtcSessionDescriptionFactory::SetCertificate(
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
RTC_DCHECK(certificate);
- LOG(LS_VERBOSE) << "Setting new certificate.";
+ LOG(LS_VERBOSE) << "Setting new certificate";
certificate_request_state_ = CERTIFICATE_SUCCEEDED;
SignalCertificateReady(certificate);
diff --git a/webrtc/api/webrtcsessiondescriptionfactory.h b/webrtc/api/webrtcsessiondescriptionfactory.h
index c0c45b6..17e2ddd 100644
--- a/webrtc/api/webrtcsessiondescriptionfactory.h
+++ b/webrtc/api/webrtcsessiondescriptionfactory.h
@@ -18,7 +18,6 @@
#include "webrtc/base/constructormagic.h"
#include "webrtc/base/messagehandler.h"
#include "webrtc/base/rtccertificate.h"
-#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/p2p/base/transportdescriptionfactory.h"
#include "webrtc/pc/mediasession.h"
@@ -33,17 +32,17 @@
class SessionDescriptionInterface;
class WebRtcSession;
-// DTLS certificate request callback class.
-class WebRtcCertificateGeneratorCallback
- : public rtc::RTCCertificateGeneratorCallback,
- public sigslot::has_slots<> {
+// DTLS identity request callback class.
+class WebRtcIdentityRequestObserver : public DtlsIdentityRequestObserver,
+ public sigslot::has_slots<> {
public:
- // |rtc::RTCCertificateGeneratorCallback| overrides.
- void OnSuccess(
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override;
- void OnFailure() override;
+ // DtlsIdentityRequestObserver overrides.
+ void OnFailure(int error) override;
+ void OnSuccess(const std::string& der_cert,
+ const std::string& der_private_key) override;
+ void OnSuccess(std::unique_ptr<rtc::SSLIdentity> identity) override;
- sigslot::signal0<> SignalRequestFailed;
+ sigslot::signal1<int> SignalRequestFailed;
sigslot::signal1<const rtc::scoped_refptr<rtc::RTCCertificate>&>
SignalCertificateReady;
};
@@ -67,29 +66,37 @@
cricket::MediaSessionOptions options;
};
-// This class is used to create offer/answer session description. Certificates
-// for WebRtcSession/DTLS are either supplied at construction or generated
-// asynchronously. It queues the create offer/answer request until the
-// certificate generation has completed, i.e. when OnCertificateRequestFailed or
-// OnCertificateReady is called.
+// This class is used to create offer/answer session description with regards to
+// the async DTLS identity generation for WebRtcSession.
+// It queues the create offer/answer request until the DTLS identity
+// request has completed, i.e. when OnIdentityRequestFailed or OnIdentityReady
+// is called.
class WebRtcSessionDescriptionFactory : public rtc::MessageHandler,
public sigslot::has_slots<> {
public:
- // If |certificate_generator| is not null, DTLS is enabled and a default
- // certificate is generated asynchronously; otherwise DTLS is disabled.
+ // Construct with DTLS disabled.
+ WebRtcSessionDescriptionFactory(rtc::Thread* signaling_thread,
+ cricket::ChannelManager* channel_manager,
+ WebRtcSession* session,
+ const std::string& session_id);
+
+ // Construct with DTLS enabled using the specified |dtls_identity_store| to
+ // generate a certificate.
WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
WebRtcSession* session,
- const std::string& session_id,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator);
- // Construct with DTLS enabled using the specified |certificate|.
+ const std::string& session_id);
+
+ // Construct with DTLS enabled using the specified (already generated)
+ // |certificate|.
WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate,
WebRtcSession* session,
- const std::string& session_id,
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
+ const std::string& session_id);
virtual ~WebRtcSessionDescriptionFactory();
static void CopyCandidatesFromSessionDescription(
@@ -123,15 +130,15 @@
CERTIFICATE_FAILED,
};
- // If |certificate_generator| or |certificate| is not null DTLS is enabled,
- // otherwise DTLS is disabled.
WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
+ identity_request_observer,
WebRtcSession* session,
const std::string& session_id,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
+ bool dtls_enabled);
// MessageHandler implementation.
virtual void OnMessage(rtc::Message* msg);
@@ -147,7 +154,7 @@
CreateSessionDescriptionObserver* observer,
SessionDescriptionInterface* description);
- void OnCertificateRequestFailed();
+ void OnIdentityRequestFailed(int error);
void SetCertificate(
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
@@ -157,7 +164,9 @@
cricket::TransportDescriptionFactory transport_desc_factory_;
cricket::MediaSessionDescriptionFactory session_desc_factory_;
uint64_t session_version_;
- const std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator_;
+ const std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store_;
+ const rtc::scoped_refptr<WebRtcIdentityRequestObserver>
+ identity_request_observer_;
// TODO(jiayl): remove the dependency on session once bug 2264 is fixed.
WebRtcSession* const session_;
const std::string session_id_;
diff --git a/webrtc/examples/peerconnection/client/conductor.cc b/webrtc/examples/peerconnection/client/conductor.cc
index 423c35f..8ec6ed9 100644
--- a/webrtc/examples/peerconnection/client/conductor.cc
+++ b/webrtc/examples/peerconnection/client/conductor.cc
@@ -129,11 +129,7 @@
}
peer_connection_ = peer_connection_factory_->CreatePeerConnection(
- config,
- &constraints,
- nullptr,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
- this);
+ config, &constraints, NULL, NULL, this);
return peer_connection_.get() != NULL;
}
diff --git a/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm b/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm
index 6ccf54e..3fcc652 100644
--- a/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm
+++ b/webrtc/sdk/objc/Framework/Classes/RTCPeerConnection.mm
@@ -226,12 +226,11 @@
std::unique_ptr<webrtc::MediaConstraints> nativeConstraints =
constraints.nativeConstraints;
_peerConnection =
- factory.nativeFactory->CreatePeerConnection(
- *config,
- nativeConstraints.get(),
- nullptr,
- std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
- _observer.get());
+ factory.nativeFactory->CreatePeerConnection(*config,
+ nativeConstraints.get(),
+ nullptr,
+ nullptr,
+ _observer.get());
_localStreams = [[NSMutableArray alloc] init];
_delegate = delegate;
}
