Replacing DtlsIdentityStoreInterface with RTCCertificateGeneratorInterface.
The store was used in WebRtcSessionDescriptionFactory to generate certificates,
now a generator is used instead (new API). PeerConnection[Factory][Interface],
and WebRtcSession are updated to pass generators all the way down to the
WebRtcSessionDescriptionFactory instead of stores.
The webrtc implementation of a generator, RTCCertificateGenerator, is used as
the default generator (peerconnectionfactory.cc:189) instead of the webrtc
implementation of a store, DtlsIdentityStoreImpl.
The generator is fully parameterized and does not generate RSA-1024 unless you
ask for it (which makes sense not to do beforehand since ECDSA is now default).
The store was not fully parameterized (known filed bug).
The "top" layer, PeerConnectionFactoryInterface::CreatePeerConnection, is
updated to take a generator instead of a store. But as to not break Chromium,
the old function signature taking a store is kept. It is implemented to invoke
the generator version by wrapping the store in an
RTCCertificateGeneratorStoreWrapper. As soon as Chromium is updated to use the
new function signature we can remove the old CreatePeerConnection.
Due to having multiple CreatePeerConnection signatures, some calling places
are updated to resolve the ambiguity introduced.
BUG=webrtc:5707, webrtc:5708
R=phoglund@webrtc.org, tommi@webrtc.org
TBR=tkchin@webrc.org
Review URL: https://codereview.webrtc.org/2013523002 .
Cr-Original-Commit-Position: refs/heads/master@{#12947}
Cr-Mirrored-From: https://chromium.googlesource.com/external/webrtc
Cr-Mirrored-Commit: 400781a2091d09a725b32c6953247036b22478e8
diff --git a/api/java/jni/peerconnection_jni.cc b/api/java/jni/peerconnection_jni.cc
index a075805..af9b548 100644
--- a/api/java/jni/peerconnection_jni.cc
+++ b/api/java/jni/peerconnection_jni.cc
@@ -1603,7 +1603,11 @@
PCOJava* observer = reinterpret_cast<PCOJava*>(observer_p);
observer->SetConstraints(new ConstraintsWrapper(jni, j_constraints));
rtc::scoped_refptr<PeerConnectionInterface> pc(f->CreatePeerConnection(
- rtc_config, observer->constraints(), NULL, NULL, observer));
+ rtc_config,
+ observer->constraints(),
+ nullptr,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
+ observer));
return (jlong)pc.release();
}
diff --git a/api/peerconnection.cc b/api/peerconnection.cc
index 581159f..6ffe1b9 100644
--- a/api/peerconnection.cc
+++ b/api/peerconnection.cc
@@ -566,7 +566,7 @@
bool PeerConnection::Initialize(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) {
TRACE_EVENT0("webrtc", "PeerConnection::Initialize");
RTC_DCHECK(observer != nullptr);
@@ -594,7 +594,7 @@
stats_.reset(new StatsCollector(this));
// Initialize the WebRtcSession. It creates transport channels etc.
- if (!session_->Initialize(factory_->options(), std::move(dtls_identity_store),
+ if (!session_->Initialize(factory_->options(), std::move(cert_generator),
configuration)) {
return false;
}
diff --git a/api/peerconnection.h b/api/peerconnection.h
index cf9e3b9..a683e8d 100644
--- a/api/peerconnection.h
+++ b/api/peerconnection.h
@@ -16,7 +16,6 @@
#include <memory>
#include <vector>
-#include "webrtc/api/dtlsidentitystore.h"
#include "webrtc/api/peerconnectionfactory.h"
#include "webrtc/api/peerconnectioninterface.h"
#include "webrtc/api/rtpreceiverinterface.h"
@@ -70,7 +69,7 @@
bool Initialize(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer);
rtc::scoped_refptr<StreamCollectionInterface> local_streams() override;
diff --git a/api/peerconnectionfactory.cc b/api/peerconnectionfactory.cc
index a91589a..9a58452 100644
--- a/api/peerconnectionfactory.cc
+++ b/api/peerconnectionfactory.cc
@@ -36,25 +36,27 @@
namespace {
-// Passes down the calls to |store_|. See usage in CreatePeerConnection.
-class DtlsIdentityStoreWrapper : public DtlsIdentityStoreInterface {
+// Passes down the calls to |cert_generator_|. See usage in
+// |CreatePeerConnection|.
+class RTCCertificateGeneratorWrapper
+ : public rtc::RTCCertificateGeneratorInterface {
public:
- DtlsIdentityStoreWrapper(
- const rtc::scoped_refptr<RefCountedDtlsIdentityStore>& store)
- : store_(store) {
- RTC_DCHECK(store_);
+ RTCCertificateGeneratorWrapper(
+ const rtc::scoped_refptr<RefCountedRTCCertificateGenerator>& cert_gen)
+ : cert_generator_(cert_gen) {
+ RTC_DCHECK(cert_generator_);
}
- void RequestIdentity(
+ void GenerateCertificateAsync(
const rtc::KeyParams& key_params,
const rtc::Optional<uint64_t>& expires_ms,
- const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
- observer) override {
- store_->RequestIdentity(key_params, expires_ms, observer);
+ const rtc::scoped_refptr<rtc::RTCCertificateGeneratorCallback>& callback)
+ override {
+ cert_generator_->GenerateCertificateAsync(key_params, expires_ms, callback);
}
private:
- rtc::scoped_refptr<RefCountedDtlsIdentityStore> store_;
+ rtc::scoped_refptr<RefCountedRTCCertificateGenerator> cert_generator_;
};
} // anonymous namespace
@@ -141,9 +143,9 @@
channel_manager_.reset(nullptr);
// Make sure |worker_thread_| and |signaling_thread_| outlive
- // |dtls_identity_store_|, |default_socket_factory_| and
+ // |cert_generator_|, |default_socket_factory_| and
// |default_network_manager_|.
- dtls_identity_store_ = nullptr;
+ cert_generator_ = nullptr;
default_socket_factory_ = nullptr;
default_network_manager_ = nullptr;
@@ -184,8 +186,8 @@
return false;
}
- dtls_identity_store_ =
- new RefCountedDtlsIdentityStore(signaling_thread_, network_thread_);
+ cert_generator_ =
+ new RefCountedRTCCertificateGenerator(signaling_thread_, network_thread_);
return true;
}
@@ -255,7 +257,7 @@
const PeerConnectionInterface::RTCConfiguration& configuration_in,
const MediaConstraintsInterface* constraints,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) {
RTC_DCHECK(signaling_thread_->IsCurrent());
@@ -264,23 +266,23 @@
CopyConstraintsIntoRtcConfiguration(constraints, &configuration);
return CreatePeerConnection(configuration, std::move(allocator),
- std::move(dtls_identity_store), observer);
+ std::move(cert_generator), observer);
}
rtc::scoped_refptr<PeerConnectionInterface>
PeerConnectionFactory::CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) {
RTC_DCHECK(signaling_thread_->IsCurrent());
- if (!dtls_identity_store.get()) {
- // Because |pc|->Initialize takes ownership of the store we need a new
+ if (!cert_generator.get()) {
+ // Because |pc|->Initialize takes ownership of the generator we need a new
// wrapper object that can be deleted without deleting the underlying
- // |dtls_identity_store_|, protecting it from being deleted multiple times.
- dtls_identity_store.reset(
- new DtlsIdentityStoreWrapper(dtls_identity_store_));
+ // |cert_generator_|, protecting it from being deleted multiple times.
+ cert_generator.reset(
+ new RTCCertificateGeneratorWrapper(cert_generator_));
}
if (!allocator) {
@@ -295,7 +297,7 @@
new rtc::RefCountedObject<PeerConnection>(this));
if (!pc->Initialize(configuration, std::move(allocator),
- std::move(dtls_identity_store), observer)) {
+ std::move(cert_generator), observer)) {
return nullptr;
}
return PeerConnectionProxy::Create(signaling_thread(), pc);
diff --git a/api/peerconnectionfactory.h b/api/peerconnectionfactory.h
index 21165cf..66561ad 100644
--- a/api/peerconnectionfactory.h
+++ b/api/peerconnectionfactory.h
@@ -14,12 +14,12 @@
#include <memory>
#include <string>
-#include "webrtc/api/dtlsidentitystore.h"
#include "webrtc/api/mediacontroller.h"
#include "webrtc/api/mediastreaminterface.h"
#include "webrtc/api/peerconnectioninterface.h"
#include "webrtc/base/scoped_ref_ptr.h"
#include "webrtc/base/thread.h"
+#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/pc/channelmanager.h"
namespace rtc {
@@ -29,8 +29,8 @@
namespace webrtc {
-typedef rtc::RefCountedObject<DtlsIdentityStoreImpl>
- RefCountedDtlsIdentityStore;
+typedef rtc::RefCountedObject<rtc::RTCCertificateGenerator>
+ RefCountedRTCCertificateGenerator;
class PeerConnectionFactory : public PeerConnectionFactoryInterface {
public:
@@ -43,13 +43,13 @@
const PeerConnectionInterface::RTCConfiguration& configuration,
const MediaConstraintsInterface* constraints,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) override;
virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) override;
bool Initialize();
@@ -129,7 +129,7 @@
std::unique_ptr<rtc::BasicNetworkManager> default_network_manager_;
std::unique_ptr<rtc::BasicPacketSocketFactory> default_socket_factory_;
- rtc::scoped_refptr<RefCountedDtlsIdentityStore> dtls_identity_store_;
+ rtc::scoped_refptr<RefCountedRTCCertificateGenerator> cert_generator_;
};
} // namespace webrtc
diff --git a/api/peerconnectionfactoryproxy.h b/api/peerconnectionfactoryproxy.h
index c357de9..f0dea42 100644
--- a/api/peerconnectionfactoryproxy.h
+++ b/api/peerconnectionfactoryproxy.h
@@ -29,7 +29,7 @@
const PeerConnectionInterface::RTCConfiguration& a1,
const MediaConstraintsInterface* a2,
std::unique_ptr<cricket::PortAllocator> a3,
- std::unique_ptr<DtlsIdentityStoreInterface> a4,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> a4,
PeerConnectionObserver* a5) override {
return signaling_thread_
->Invoke<rtc::scoped_refptr<PeerConnectionInterface>>(
@@ -39,7 +39,7 @@
rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& a1,
std::unique_ptr<cricket::PortAllocator> a3,
- std::unique_ptr<DtlsIdentityStoreInterface> a4,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> a4,
PeerConnectionObserver* a5) override {
return signaling_thread_
->Invoke<rtc::scoped_refptr<PeerConnectionInterface>>(
@@ -77,10 +77,10 @@
const PeerConnectionInterface::RTCConfiguration& a1,
const MediaConstraintsInterface* a2,
cricket::PortAllocator* a3,
- DtlsIdentityStoreInterface* a4,
+ rtc::RTCCertificateGeneratorInterface* a4,
PeerConnectionObserver* a5) {
std::unique_ptr<cricket::PortAllocator> ptr_a3(a3);
- std::unique_ptr<DtlsIdentityStoreInterface> ptr_a4(a4);
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> ptr_a4(a4);
return c_->CreatePeerConnection(a1, a2, std::move(ptr_a3),
std::move(ptr_a4), a5);
}
@@ -88,10 +88,10 @@
rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection_ot(
const PeerConnectionInterface::RTCConfiguration& a1,
cricket::PortAllocator* a3,
- DtlsIdentityStoreInterface* a4,
+ rtc::RTCCertificateGeneratorInterface* a4,
PeerConnectionObserver* a5) {
std::unique_ptr<cricket::PortAllocator> ptr_a3(a3);
- std::unique_ptr<DtlsIdentityStoreInterface> ptr_a4(a4);
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> ptr_a4(a4);
return c_->CreatePeerConnection(a1, std::move(ptr_a3), std::move(ptr_a4),
a5);
}
diff --git a/api/peerconnectioninterface.h b/api/peerconnectioninterface.h
index 4fa9bf2..caa6b31 100644
--- a/api/peerconnectioninterface.h
+++ b/api/peerconnectioninterface.h
@@ -68,6 +68,7 @@
#include "webrtc/base/fileutils.h"
#include "webrtc/base/network.h"
#include "webrtc/base/rtccertificate.h"
+#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/base/socketaddress.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/media/base/mediachannel.h"
@@ -580,14 +581,48 @@
const PeerConnectionInterface::RTCConfiguration& configuration,
const MediaConstraintsInterface* constraints,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) = 0;
+ // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
+ // as Chromium stops using this version. See bugs.webrtc.org/5707,
+ // bugs.webrtc.org/5708.
+ rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
+ const PeerConnectionInterface::RTCConfiguration& configuration,
+ const MediaConstraintsInterface* constraints,
+ std::unique_ptr<cricket::PortAllocator> allocator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ PeerConnectionObserver* observer) {
+ return CreatePeerConnection(
+ configuration,
+ constraints,
+ std::move(allocator),
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
+ dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
+ std::move(dtls_identity_store)) : nullptr),
+ observer);
+ }
virtual rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
const PeerConnectionInterface::RTCConfiguration& configuration,
std::unique_ptr<cricket::PortAllocator> allocator,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
PeerConnectionObserver* observer) = 0;
+ // TODO(hbos): To be removed in favor of the |cert_generator| version as soon
+ // as Chromium stops using this version. See bugs.webrtc.org/5707,
+ // bugs.webrtc.org/5708.
+ rtc::scoped_refptr<PeerConnectionInterface> CreatePeerConnection(
+ const PeerConnectionInterface::RTCConfiguration& configuration,
+ std::unique_ptr<cricket::PortAllocator> allocator,
+ std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ PeerConnectionObserver* observer) {
+ return CreatePeerConnection(
+ configuration,
+ std::move(allocator),
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(
+ dtls_identity_store ? new RTCCertificateGeneratorStoreWrapper(
+ std::move(dtls_identity_store)) : nullptr),
+ observer);
+ }
virtual rtc::scoped_refptr<MediaStreamInterface>
CreateLocalMediaStream(const std::string& label) = 0;
diff --git a/api/peerconnectioninterface_unittest.cc b/api/peerconnectioninterface_unittest.cc
index d2f0ad1..8ced9a7 100644
--- a/api/peerconnectioninterface_unittest.cc
+++ b/api/peerconnectioninterface_unittest.cc
@@ -616,8 +616,12 @@
config.servers.push_back(server);
scoped_refptr<PeerConnectionInterface> pc;
- pc = pc_factory_->CreatePeerConnection(config, nullptr, nullptr, nullptr,
- &observer_);
+ pc = pc_factory_->CreatePeerConnection(
+ config,
+ nullptr,
+ nullptr,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
+ &observer_);
EXPECT_EQ(nullptr, pc);
}
diff --git a/api/webrtcsession.cc b/api/webrtcsession.cc
index 24eb593..0699308 100644
--- a/api/webrtcsession.cc
+++ b/api/webrtcsession.cc
@@ -512,7 +512,7 @@
bool WebRtcSession::Initialize(
const PeerConnectionFactoryInterface::Options& options,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
bundle_policy_ = rtc_configuration.bundle_policy;
rtcp_mux_policy_ = rtc_configuration.rtcp_mux_policy;
@@ -533,7 +533,7 @@
dtls_enabled_ = false;
} else {
// Enable DTLS by default if we have an identity store or a certificate.
- dtls_enabled_ = (dtls_identity_store || certificate);
+ dtls_enabled_ = (cert_generator || certificate);
// |rtc_configuration| can override the default |dtls_enabled_| value.
if (rtc_configuration.enable_dtls_srtp) {
dtls_enabled_ = *(rtc_configuration.enable_dtls_srtp);
@@ -566,19 +566,18 @@
if (!dtls_enabled_) {
// Construct with DTLS disabled.
webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
- signaling_thread(), channel_manager_, this, id()));
+ signaling_thread(), channel_manager_, this, id(),
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>()));
} else {
// Construct with DTLS enabled.
if (!certificate) {
- // Use the |dtls_identity_store| to generate a certificate.
- RTC_DCHECK(dtls_identity_store);
webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
- signaling_thread(), channel_manager_, std::move(dtls_identity_store),
- this, id()));
+ signaling_thread(), channel_manager_, this, id(),
+ std::move(cert_generator)));
} else {
// Use the already generated certificate.
webrtc_session_desc_factory_.reset(new WebRtcSessionDescriptionFactory(
- signaling_thread(), channel_manager_, certificate, this, id()));
+ signaling_thread(), channel_manager_, this, id(), certificate));
}
}
diff --git a/api/webrtcsession.h b/api/webrtcsession.h
index 98217bf..dd47229 100644
--- a/api/webrtcsession.h
+++ b/api/webrtcsession.h
@@ -153,7 +153,7 @@
bool Initialize(
const PeerConnectionFactoryInterface::Options& options,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
const PeerConnectionInterface::RTCConfiguration& rtc_configuration);
// Deletes the voice, video and data channel and changes the session state
// to STATE_CLOSED.
diff --git a/api/webrtcsession_unittest.cc b/api/webrtcsession_unittest.cc
index 4207c24..571e199 100644
--- a/api/webrtcsession_unittest.cc
+++ b/api/webrtcsession_unittest.cc
@@ -397,7 +397,10 @@
EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew,
observer_.ice_gathering_state_);
- EXPECT_TRUE(session_->Initialize(options_, std::move(dtls_identity_store),
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
+ dtls_identity_store ? new webrtc::RTCCertificateGeneratorStoreWrapper(
+ std::move(dtls_identity_store)) : nullptr);
+ EXPECT_TRUE(session_->Initialize(options_, std::move(cert_generator),
configuration_));
session_->set_metrics_observer(metrics_observer_);
}
diff --git a/api/webrtcsessiondescriptionfactory.cc b/api/webrtcsessiondescriptionfactory.cc
index e88262f..08392e5 100644
--- a/api/webrtcsessiondescriptionfactory.cc
+++ b/api/webrtcsessiondescriptionfactory.cc
@@ -12,7 +12,6 @@
#include <utility>
-#include "webrtc/api/dtlsidentitystore.h"
#include "webrtc/api/jsep.h"
#include "webrtc/api/jsepsessiondescription.h"
#include "webrtc/api/mediaconstraintsinterface.h"
@@ -68,28 +67,13 @@
};
} // namespace
-void WebRtcIdentityRequestObserver::OnFailure(int error) {
- SignalRequestFailed(error);
+void WebRtcCertificateGeneratorCallback::OnFailure() {
+ SignalRequestFailed();
}
-void WebRtcIdentityRequestObserver::OnSuccess(
- const std::string& der_cert, const std::string& der_private_key) {
- std::string pem_cert = rtc::SSLIdentity::DerToPem(
- rtc::kPemTypeCertificate,
- reinterpret_cast<const unsigned char*>(der_cert.data()),
- der_cert.length());
- std::string pem_key = rtc::SSLIdentity::DerToPem(
- rtc::kPemTypeRsaPrivateKey,
- reinterpret_cast<const unsigned char*>(der_private_key.data()),
- der_private_key.length());
- std::unique_ptr<rtc::SSLIdentity> identity(
- rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert));
- SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity)));
-}
-
-void WebRtcIdentityRequestObserver::OnSuccess(
- std::unique_ptr<rtc::SSLIdentity> identity) {
- SignalCertificateReady(rtc::RTCCertificate::Create(std::move(identity)));
+void WebRtcCertificateGeneratorCallback::OnSuccess(
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
+ SignalCertificateReady(certificate);
}
// static
@@ -127,12 +111,10 @@
WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
- const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
- identity_request_observer,
WebRtcSession* session,
const std::string& session_id,
- bool dtls_enabled)
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
: signaling_thread_(signaling_thread),
session_desc_factory_(channel_manager, &transport_desc_factory_),
// RFC 4566 suggested a Network Time Protocol (NTP) format timestamp
@@ -140,89 +122,81 @@
// to just use a random number as session id and start version from
// |kInitSessionVersion|.
session_version_(kInitSessionVersion),
- dtls_identity_store_(std::move(dtls_identity_store)),
- identity_request_observer_(identity_request_observer),
+ cert_generator_(std::move(cert_generator)),
session_(session),
session_id_(session_id),
certificate_request_state_(CERTIFICATE_NOT_NEEDED) {
+ RTC_DCHECK(signaling_thread_);
session_desc_factory_.set_add_legacy_streams(false);
+ bool dtls_enabled = cert_generator_ || certificate;
// SRTP-SDES is disabled if DTLS is on.
SetSdesPolicy(dtls_enabled ? cricket::SEC_DISABLED : cricket::SEC_REQUIRED);
+ if (!dtls_enabled) {
+ LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
+ return;
+ }
+
+ if (certificate) {
+ // Use |certificate|.
+ certificate_request_state_ = CERTIFICATE_WAITING;
+
+ LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
+ // We already have a certificate but we wait to do |SetIdentity|; if we do
+ // it in the constructor then the caller has not had a chance to connect to
+ // |SignalCertificateReady|.
+ signaling_thread_->Post(
+ this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
+ new rtc::ScopedRefMessageData<rtc::RTCCertificate>(certificate));
+ } else {
+ // Generate certificate.
+ certificate_request_state_ = CERTIFICATE_WAITING;
+
+ rtc::scoped_refptr<WebRtcCertificateGeneratorCallback> callback(
+ new rtc::RefCountedObject<WebRtcCertificateGeneratorCallback>());
+ callback->SignalRequestFailed.connect(
+ this, &WebRtcSessionDescriptionFactory::OnCertificateRequestFailed);
+ callback->SignalCertificateReady.connect(
+ this, &WebRtcSessionDescriptionFactory::SetCertificate);
+
+ rtc::KeyParams key_params = rtc::KeyParams();
+ LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
+ << "type: " << key_params.type() << ").";
+
+ // Request certificate. This happens asynchronously, so that the caller gets
+ // a chance to connect to |SignalCertificateReady|.
+ cert_generator_->GenerateCertificateAsync(
+ key_params, rtc::Optional<uint64_t>(), callback);
+ }
}
WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
WebRtcSession* session,
- const std::string& session_id)
- : WebRtcSessionDescriptionFactory(signaling_thread,
- channel_manager,
- nullptr,
- nullptr,
- session,
- session_id,
- false) {
- LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
-}
-
-WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
- rtc::Thread* signaling_thread,
- cricket::ChannelManager* channel_manager,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
- WebRtcSession* session,
- const std::string& session_id)
+ const std::string& session_id,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator)
: WebRtcSessionDescriptionFactory(
signaling_thread,
channel_manager,
- std::move(dtls_identity_store),
- new rtc::RefCountedObject<WebRtcIdentityRequestObserver>(),
session,
session_id,
- true) {
- RTC_DCHECK(dtls_identity_store_);
-
- certificate_request_state_ = CERTIFICATE_WAITING;
-
- identity_request_observer_->SignalRequestFailed.connect(
- this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
- identity_request_observer_->SignalCertificateReady.connect(
- this, &WebRtcSessionDescriptionFactory::SetCertificate);
-
- rtc::KeyParams key_params = rtc::KeyParams();
- LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
- << "type: " << key_params.type() << ").";
-
- // Request identity. This happens asynchronously, so the caller will have a
- // chance to connect to SignalIdentityReady.
- dtls_identity_store_->RequestIdentity(key_params,
- rtc::Optional<uint64_t>(),
- identity_request_observer_);
+ std::move(cert_generator),
+ nullptr) {
}
WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate,
WebRtcSession* session,
- const std::string& session_id)
+ const std::string& session_id,
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
: WebRtcSessionDescriptionFactory(signaling_thread,
channel_manager,
- nullptr,
- nullptr,
session,
session_id,
- true) {
+ nullptr,
+ certificate) {
RTC_DCHECK(certificate);
-
- certificate_request_state_ = CERTIFICATE_WAITING;
-
- LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
- // We already have a certificate but we wait to do SetIdentity; if we do
- // it in the constructor then the caller has not had a chance to connect to
- // SignalIdentityReady.
- signaling_thread_->Post(
- this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
- new rtc::ScopedRefMessageData<rtc::RTCCertificate>(certificate));
}
WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() {
@@ -488,10 +462,10 @@
signaling_thread_->Post(this, MSG_CREATE_SESSIONDESCRIPTION_SUCCESS, msg);
}
-void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) {
+void WebRtcSessionDescriptionFactory::OnCertificateRequestFailed() {
ASSERT(signaling_thread_->IsCurrent());
- LOG(LS_ERROR) << "Async identity request failed: error = " << error;
+ LOG(LS_ERROR) << "Asynchronous certificate generation request failed.";
certificate_request_state_ = CERTIFICATE_FAILED;
FailPendingRequests(kFailedDueToIdentityFailed);
@@ -500,7 +474,7 @@
void WebRtcSessionDescriptionFactory::SetCertificate(
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
RTC_DCHECK(certificate);
- LOG(LS_VERBOSE) << "Setting new certificate";
+ LOG(LS_VERBOSE) << "Setting new certificate.";
certificate_request_state_ = CERTIFICATE_SUCCEEDED;
SignalCertificateReady(certificate);
diff --git a/api/webrtcsessiondescriptionfactory.h b/api/webrtcsessiondescriptionfactory.h
index 17e2ddd..c0c45b6 100644
--- a/api/webrtcsessiondescriptionfactory.h
+++ b/api/webrtcsessiondescriptionfactory.h
@@ -18,6 +18,7 @@
#include "webrtc/base/constructormagic.h"
#include "webrtc/base/messagehandler.h"
#include "webrtc/base/rtccertificate.h"
+#include "webrtc/base/rtccertificategenerator.h"
#include "webrtc/p2p/base/transportdescriptionfactory.h"
#include "webrtc/pc/mediasession.h"
@@ -32,17 +33,17 @@
class SessionDescriptionInterface;
class WebRtcSession;
-// DTLS identity request callback class.
-class WebRtcIdentityRequestObserver : public DtlsIdentityRequestObserver,
- public sigslot::has_slots<> {
+// DTLS certificate request callback class.
+class WebRtcCertificateGeneratorCallback
+ : public rtc::RTCCertificateGeneratorCallback,
+ public sigslot::has_slots<> {
public:
- // DtlsIdentityRequestObserver overrides.
- void OnFailure(int error) override;
- void OnSuccess(const std::string& der_cert,
- const std::string& der_private_key) override;
- void OnSuccess(std::unique_ptr<rtc::SSLIdentity> identity) override;
+ // |rtc::RTCCertificateGeneratorCallback| overrides.
+ void OnSuccess(
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override;
+ void OnFailure() override;
- sigslot::signal1<int> SignalRequestFailed;
+ sigslot::signal0<> SignalRequestFailed;
sigslot::signal1<const rtc::scoped_refptr<rtc::RTCCertificate>&>
SignalCertificateReady;
};
@@ -66,37 +67,29 @@
cricket::MediaSessionOptions options;
};
-// This class is used to create offer/answer session description with regards to
-// the async DTLS identity generation for WebRtcSession.
-// It queues the create offer/answer request until the DTLS identity
-// request has completed, i.e. when OnIdentityRequestFailed or OnIdentityReady
-// is called.
+// This class is used to create offer/answer session description. Certificates
+// for WebRtcSession/DTLS are either supplied at construction or generated
+// asynchronously. It queues the create offer/answer request until the
+// certificate generation has completed, i.e. when OnCertificateRequestFailed or
+// OnCertificateReady is called.
class WebRtcSessionDescriptionFactory : public rtc::MessageHandler,
public sigslot::has_slots<> {
public:
- // Construct with DTLS disabled.
- WebRtcSessionDescriptionFactory(rtc::Thread* signaling_thread,
- cricket::ChannelManager* channel_manager,
- WebRtcSession* session,
- const std::string& session_id);
-
- // Construct with DTLS enabled using the specified |dtls_identity_store| to
- // generate a certificate.
+ // If |certificate_generator| is not null, DTLS is enabled and a default
+ // certificate is generated asynchronously; otherwise DTLS is disabled.
WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
WebRtcSession* session,
- const std::string& session_id);
-
- // Construct with DTLS enabled using the specified (already generated)
- // |certificate|.
+ const std::string& session_id,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator);
+ // Construct with DTLS enabled using the specified |certificate|.
WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
- const rtc::scoped_refptr<rtc::RTCCertificate>& certificate,
WebRtcSession* session,
- const std::string& session_id);
+ const std::string& session_id,
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
virtual ~WebRtcSessionDescriptionFactory();
static void CopyCandidatesFromSessionDescription(
@@ -130,15 +123,15 @@
CERTIFICATE_FAILED,
};
+ // If |certificate_generator| or |certificate| is not null DTLS is enabled,
+ // otherwise DTLS is disabled.
WebRtcSessionDescriptionFactory(
rtc::Thread* signaling_thread,
cricket::ChannelManager* channel_manager,
- std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
- const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
- identity_request_observer,
WebRtcSession* session,
const std::string& session_id,
- bool dtls_enabled);
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator,
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
// MessageHandler implementation.
virtual void OnMessage(rtc::Message* msg);
@@ -154,7 +147,7 @@
CreateSessionDescriptionObserver* observer,
SessionDescriptionInterface* description);
- void OnIdentityRequestFailed(int error);
+ void OnCertificateRequestFailed();
void SetCertificate(
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate);
@@ -164,9 +157,7 @@
cricket::TransportDescriptionFactory transport_desc_factory_;
cricket::MediaSessionDescriptionFactory session_desc_factory_;
uint64_t session_version_;
- const std::unique_ptr<DtlsIdentityStoreInterface> dtls_identity_store_;
- const rtc::scoped_refptr<WebRtcIdentityRequestObserver>
- identity_request_observer_;
+ const std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator_;
// TODO(jiayl): remove the dependency on session once bug 2264 is fixed.
WebRtcSession* const session_;
const std::string session_id_;
diff --git a/examples/peerconnection/client/conductor.cc b/examples/peerconnection/client/conductor.cc
index 8ec6ed9..423c35f 100644
--- a/examples/peerconnection/client/conductor.cc
+++ b/examples/peerconnection/client/conductor.cc
@@ -129,7 +129,11 @@
}
peer_connection_ = peer_connection_factory_->CreatePeerConnection(
- config, &constraints, NULL, NULL, this);
+ config,
+ &constraints,
+ nullptr,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
+ this);
return peer_connection_.get() != NULL;
}
diff --git a/sdk/objc/Framework/Classes/RTCPeerConnection.mm b/sdk/objc/Framework/Classes/RTCPeerConnection.mm
index 3fcc652..6ccf54e 100644
--- a/sdk/objc/Framework/Classes/RTCPeerConnection.mm
+++ b/sdk/objc/Framework/Classes/RTCPeerConnection.mm
@@ -226,11 +226,12 @@
std::unique_ptr<webrtc::MediaConstraints> nativeConstraints =
constraints.nativeConstraints;
_peerConnection =
- factory.nativeFactory->CreatePeerConnection(*config,
- nativeConstraints.get(),
- nullptr,
- nullptr,
- _observer.get());
+ factory.nativeFactory->CreatePeerConnection(
+ *config,
+ nativeConstraints.get(),
+ nullptr,
+ std::unique_ptr<rtc::RTCCertificateGeneratorInterface>(),
+ _observer.get());
_localStreams = [[NSMutableArray alloc] init];
_delegate = delegate;
}
