RTCCertificateGeneratorInterface and RTCCertificateGeneratorStoreWrapper added.
This CL adds these classes but does not change any functonality or interface
yet. This is in preparation for future CLs. To be used for this:
https://codereview.webrtc.org/2000163002/
RTCCertificateGenerator is meant to replace DtlsIdentityStoreInterface and
implementations. In order to continue to support mocking and to help with the
transition, RTCCertificateGenerator gets an interface that it implements (just
like the store has both interface and impl).
PeerConnectionFactoryInterface::CreatePeerConnection will take an
RTCCertificateGeneratorInterface instead of DtlsIdentityStoreInterface. As to
not break Chromium, both versions of CreatePeerConnection need to exist for a
transition period. This will be done by wrapping a store into a generator
wrapper - RTCCertificateGeneratorStoreWrapper.
BUG=webrtc:5707, webrtc:5708
R=hta@webrtc.org, tommi@chromium.org, tommi@webrtc.org
Review URL: https://codereview.webrtc.org/2001103002 .
Cr-Commit-Position: refs/heads/master@{#12879}
diff --git a/webrtc/api/dtlsidentitystore.cc b/webrtc/api/dtlsidentitystore.cc
index bdccc10..3652e21 100644
--- a/webrtc/api/dtlsidentitystore.cc
+++ b/webrtc/api/dtlsidentitystore.cc
@@ -31,6 +31,50 @@
MSG_GENERATE_IDENTITY_RESULT
};
+// A |DtlsIdentityRequestObserver| that informs an
+// |RTCCertificateGeneratorCallback| of the result of an identity request. On
+// success, a certificate is created using the identity before passing it to
+// the callback.
+class RTCCertificateStoreCallbackObserver
+ : public webrtc::DtlsIdentityRequestObserver {
+ public:
+ RTCCertificateStoreCallbackObserver(
+ const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>& callback)
+ : callback_(callback) {}
+
+ private:
+ void OnFailure(int error) override {
+ LOG(LS_WARNING) << "DtlsIdentityRequestObserver failure code: " << error;
+ Callback(nullptr);
+ }
+ void OnSuccess(const std::string& der_cert,
+ const std::string& der_private_key) override {
+ std::string pem_cert = rtc::SSLIdentity::DerToPem(
+ rtc::kPemTypeCertificate,
+ reinterpret_cast<const unsigned char*>(der_cert.data()),
+ der_cert.length());
+ std::string pem_key = rtc::SSLIdentity::DerToPem(
+ rtc::kPemTypeRsaPrivateKey,
+ reinterpret_cast<const unsigned char*>(der_private_key.data()),
+ der_private_key.length());
+ std::unique_ptr<rtc::SSLIdentity> identity(
+ rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert));
+ OnSuccess(std::move(identity));
+ }
+ void OnSuccess(std::unique_ptr<rtc::SSLIdentity> identity) override {
+ Callback(rtc::RTCCertificate::Create(std::move(identity)));
+ }
+
+ void Callback(rtc::scoped_refptr<rtc::RTCCertificate> certificate) {
+ if (certificate)
+ callback_->OnSuccess(certificate);
+ else
+ callback_->OnFailure();
+ }
+
+ rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback> callback_;
+};
+
} // namespace
// This class runs on the worker thread to generate the identity. It's necessary
@@ -148,7 +192,7 @@
void DtlsIdentityStoreImpl::GenerateIdentity(
rtc::KeyType key_type,
- const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>& observer) {
+ const rtc::scoped_refptr<DtlsIdentityRequestObserver>& observer) {
RTC_DCHECK(signaling_thread_->IsCurrent());
// Enqueue observer to be informed when generation of |key_type| is completed.
@@ -228,4 +272,20 @@
}
}
+RTCCertificateGeneratorStoreWrapper::RTCCertificateGeneratorStoreWrapper(
+ std::unique_ptr<DtlsIdentityStoreInterface> store)
+ : store_(std::move(store)) {
+ RTC_DCHECK(store_);
+}
+
+void RTCCertificateGeneratorStoreWrapper::GenerateCertificateAsync(
+ const rtc::KeyParams& key_params,
+ const rtc::Optional<uint64_t>& expires_ms,
+ const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>& callback) {
+ store_->RequestIdentity(
+ key_params,
+ expires_ms,
+ new rtc::RefCountedObject<RTCCertificateStoreCallbackObserver>(callback));
+}
+
} // namespace webrtc
diff --git a/webrtc/api/dtlsidentitystore.h b/webrtc/api/dtlsidentitystore.h
index e25b795..3384341 100644
--- a/webrtc/api/dtlsidentitystore.h
+++ b/webrtc/api/dtlsidentitystore.h
@@ -20,6 +20,7 @@
#include "webrtc/base/messagequeue.h"
#include "webrtc/base/optional.h"
#include "webrtc/base/refcount.h"
+#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/base/scoped_ref_ptr.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/thread.h"
@@ -131,6 +132,27 @@
RequestInfo request_info_[rtc::KT_LAST];
};
+// Implements the |RTCCertificateGeneratorInterface| using the old |SSLIdentity|
+// generator API, |DtlsIdentityStoreInterface|. This will be used while
+// transitioning from store to generator, see bugs.webrtc.org/5707,
+// bugs.webrtc.org/5708. Once those bugs have been fixed, this will be removed.
+class RTCCertificateGeneratorStoreWrapper
+ : public rtc::RTCCertificateGeneratorInterface {
+ public:
+ RTCCertificateGeneratorStoreWrapper(
+ std::unique_ptr<DtlsIdentityStoreInterface> store);
+
+ // |RTCCertificateGeneratorInterface| overrides.
+ void GenerateCertificateAsync(
+ const rtc::KeyParams& key_params,
+ const rtc::Optional<uint64_t>& expires_ms,
+ const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>& callback)
+ override;
+
+ private:
+ const std::unique_ptr<DtlsIdentityStoreInterface> store_;
+};
+
} // namespace webrtc
#endif // WEBRTC_API_DTLSIDENTITYSTORE_H_
diff --git a/webrtc/base/rtccertificategenerator.h b/webrtc/base/rtccertificategenerator.h
index 08fe671..c131d69 100644
--- a/webrtc/base/rtccertificategenerator.h
+++ b/webrtc/base/rtccertificategenerator.h
@@ -20,6 +20,7 @@
namespace rtc {
+// See |RTCCertificateGeneratorInterface::GenerateCertificateAsync|.
class RTCCertificateGeneratorCallback : public RefCountInterface {
public:
virtual void OnSuccess(
@@ -31,10 +32,27 @@
};
// Generates |RTCCertificate|s.
+// See |RTCCertificateGenerator| for the WebRTC repo's implementation.
+class RTCCertificateGeneratorInterface {
+ public:
+ virtual ~RTCCertificateGeneratorInterface() {}
+
+ // Generates a certificate asynchronously on the worker thread.
+ // Must be called on the signaling thread. The |callback| is invoked with the
+ // result on the signaling thread. |exipres_ms| optionally specifies for how
+ // long we want the certificate to be valid, but the implementation may choose
+ // its own restrictions on the expiration time.
+ virtual void GenerateCertificateAsync(
+ const KeyParams& key_params,
+ const Optional<uint64_t>& expires_ms,
+ const scoped_refptr<RTCCertificateGeneratorCallback>& callback) = 0;
+};
+
+// Standard implementation of |RTCCertificateGeneratorInterface|.
// The static function |GenerateCertificate| generates a certificate on the
// current thread. The |RTCCertificateGenerator| instance generates certificates
// asynchronously on the worker thread with |GenerateCertificateAsync|.
-class RTCCertificateGenerator {
+class RTCCertificateGenerator : public RTCCertificateGeneratorInterface {
public:
// Generates a certificate on the current thread. Returns null on failure.
// If |expires_ms| is specified, the certificate will expire in approximately
@@ -46,18 +64,17 @@
const Optional<uint64_t>& expires_ms);
RTCCertificateGenerator(Thread* signaling_thread, Thread* worker_thread);
+ ~RTCCertificateGenerator() override {}
- // Generates a certificate asynchronously on the worker thread.
- // Must be called on the signaling thread. The |callback| is invoked with the
- // result on the signaling thread. If |expires_ms| is specified, the
- // certificate will expire in approximately that many milliseconds from now.
- // |expires_ms| is limited to a year, a larger value than that is clamped down
- // to a year. If |expires_ms| is not specified, a default expiration time is
- // used.
+ // |RTCCertificateGeneratorInterface| overrides.
+ // If |expires_ms| is specified, the certificate will expire in approximately
+ // that many milliseconds from now. |expires_ms| is limited to a year, a
+ // larger value than that is clamped down to a year. If |expires_ms| is not
+ // specified, a default expiration time is used.
void GenerateCertificateAsync(
const KeyParams& key_params,
const Optional<uint64_t>& expires_ms,
- const scoped_refptr<RTCCertificateGeneratorCallback>& callback);
+ const scoped_refptr<RTCCertificateGeneratorCallback>& callback) override;
private:
Thread* const signaling_thread_;
