Revert "Add SSLConfig object to IceServer."
This reverts commit 7f1ffcccce563a086da037334aec2d4faa723edb.
Reason for revert: Speculative revert
Original change's description:
> Add SSLConfig object to IceServer.
>
> This is being added to allow greater configurability to TLS connections.
> tlsAlpnProtocols, tlsEllipticCurves and tlsCertPolicy will be removed from IceServer in a
> follow-up CL.
>
> Bug: webrtc:9662
> Change-Id: I33cb804b02c26c662ed2a28c76f9a9dc2df40f36
> Reviewed-on: https://webrtc-review.googlesource.com/96020
> Commit-Queue: Diogo Real <diogor@google.com>
> Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> Reviewed-by: Benjamin Wright <benwright@webrtc.org>
> Reviewed-by: Steve Anton <steveanton@webrtc.org>
> Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
> Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#24559}
TBR=steveanton@webrtc.org,sakal@webrtc.org,kthelgason@webrtc.org,juberti@webrtc.org,emadomara@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org,diogor@google.com
Change-Id: Iae9fc68b77f743876bda36fc2a04f6d791aae8e2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: webrtc:9662
Reviewed-on: https://webrtc-review.googlesource.com/98000
Reviewed-by: Ying Wang <yinwa@webrtc.org>
Commit-Queue: Ying Wang <yinwa@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24563}diff --git a/sdk/BUILD.gn b/sdk/BUILD.gn
index 191e082..8a58a20 100644
--- a/sdk/BUILD.gn
+++ b/sdk/BUILD.gn
@@ -865,9 +865,6 @@
"objc/api/peerconnection/RTCRtpTransceiver.mm",
"objc/api/peerconnection/RTCSSLAdapter.h",
"objc/api/peerconnection/RTCSSLAdapter.mm",
- "objc/api/peerconnection/RTCSSLConfig+Native.h",
- "objc/api/peerconnection/RTCSSLConfig.h",
- "objc/api/peerconnection/RTCSSLConfig.mm",
"objc/api/peerconnection/RTCSessionDescription+Private.h",
"objc/api/peerconnection/RTCSessionDescription.h",
"objc/api/peerconnection/RTCSessionDescription.mm",
diff --git a/sdk/android/api/org/webrtc/PeerConnection.java b/sdk/android/api/org/webrtc/PeerConnection.java
index d2a61e0..2f9adcf 100644
--- a/sdk/android/api/org/webrtc/PeerConnection.java
+++ b/sdk/android/api/org/webrtc/PeerConnection.java
@@ -71,180 +71,6 @@
}
}
- /**
- * Java version of PeerConnectionInterface::SSLConfig.
- *
- * Contains the configuration of any SSL/TLS connections that are initiated by
- * our client.
- */
- public static class SslConfig {
- /** Indicates whether to enable OCSP stapling in TLS. */
- public final boolean enableOcspStapling;
- /** Indicates whether to enable the signed certificate timestamp extension in TLS. */
- public final boolean enableSignedCertTimestamp;
- /** Indicates whether to enable the TLS Channel ID extension. */
- public final boolean enableTlsChannelId;
- /** Indicates whether to enable the TLS GREASE extension. */
- public final boolean enableGrease;
-
- /** Indicates how to process TURN server certificates */
- public final TlsCertPolicy tlsCertPolicy;
-
- /**
- * Highest supported SSL version, as defined in the supported_versions TLS extension.
- * If null, the default OpenSSL/BoringSSL max version will be used.
- */
- @Nullable public final Integer maxSslVersion;
-
- /**
- * List of protocols to be used in the TLS ALPN extension.
- * If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
- */
- @Nullable public final List<String> tlsAlpnProtocols;
-
- /**
- * List of elliptic curves to be used in the TLS elliptic curves extension.
- * Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
- * If null, the default list of OpenSSL/BoringSSL curves will be used.
- */
- @Nullable public final List<String> tlsEllipticCurves;
-
- private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
- boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
- Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
- this.enableOcspStapling = enableOcspStapling;
- this.enableSignedCertTimestamp = enableSignedCertTimestamp;
- this.enableTlsChannelId = enableTlsChannelId;
- this.enableGrease = enableGrease;
- this.tlsCertPolicy = tlsCertPolicy;
- this.maxSslVersion = maxSslVersion;
- if (tlsAlpnProtocols != null) {
- this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
- } else {
- this.tlsAlpnProtocols = null;
- }
- if (tlsEllipticCurves != null) {
- this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
- } else {
- this.tlsEllipticCurves = null;
- }
- }
-
- @Override
- public String toString() {
- return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
- + enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
- + "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
- + "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
- + "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
- }
-
- public static Builder builder() {
- return new Builder();
- }
-
- public static class Builder {
- private boolean enableOcspStapling = true;
- private boolean enableSignedCertTimestamp = true;
- private boolean enableTlsChannelId = false;
- private boolean enableGrease = false;
- private TlsCertPolicy tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
- @Nullable private Integer maxSslVersion = null;
- @Nullable private List<String> tlsAlpnProtocols = null;
- @Nullable private List<String> tlsEllipticCurves = null;
-
- private Builder() {}
-
- public Builder setEnableOcspStapling(boolean enableOcspStapling) {
- this.enableOcspStapling = enableOcspStapling;
- return this;
- }
-
- public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
- this.enableSignedCertTimestamp = enableSignedCertTimestamp;
- return this;
- }
-
- public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
- this.enableTlsChannelId = enableTlsChannelId;
- return this;
- }
-
- public Builder setEnableGrease(boolean enableGrease) {
- this.enableGrease = enableGrease;
- return this;
- }
-
- public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
- this.tlsCertPolicy = tlsCertPolicy;
- return this;
- }
-
- public Builder setMaxSslVersion(int maxSslVersion) {
- this.maxSslVersion = maxSslVersion;
- return this;
- }
-
- public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
- this.tlsAlpnProtocols = tlsAlpnProtocols;
- return this;
- }
-
- public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
- this.tlsEllipticCurves = tlsEllipticCurves;
- return this;
- }
-
- public SslConfig createSslConfig() {
- return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
- enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
- }
- }
-
- @CalledByNative("SslConfig")
- boolean getEnableOcspStapling() {
- return enableOcspStapling;
- }
-
- @CalledByNative("SslConfig")
- boolean getEnableSignedCertTimestamp() {
- return enableSignedCertTimestamp;
- }
-
- @CalledByNative("SslConfig")
- boolean getEnableTlsChannelId() {
- return enableTlsChannelId;
- }
-
- @CalledByNative("SslConfig")
- boolean getEnableGrease() {
- return enableGrease;
- }
-
- @CalledByNative("SslConfig")
- TlsCertPolicy getTlsCertPolicy() {
- return tlsCertPolicy;
- }
-
- @Nullable
- @CalledByNative("SslConfig")
- Integer getMaxSslVersion() {
- return maxSslVersion;
- }
-
- @Nullable
- @CalledByNative("SslConfig")
- List<String> getTlsAlpnProtocols() {
- return tlsAlpnProtocols;
- }
-
- @Nullable
- @CalledByNative("SslConfig")
- List<String> getTlsEllipticCurves() {
- return tlsEllipticCurves;
- }
- }
-
/** Java version of PeerConnectionObserver. */
public static interface Observer {
/** Triggered when the SignalingState changes. */
@@ -300,9 +126,7 @@
public final List<String> urls;
public final String username;
public final String password;
- // TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
- // This field will be ignored if tlsCertPolicy is also set in SslConfig.
- @Deprecated public final TlsCertPolicy tlsCertPolicy;
+ public final TlsCertPolicy tlsCertPolicy;
// If the URIs in |urls| only contain IP addresses, this field can be used
// to indicate the hostname, which may be necessary for TLS (using the SNI
@@ -310,18 +134,12 @@
// necessary.
public final String hostname;
- // TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
// List of protocols to be used in the TLS ALPN extension.
- @Deprecated public final List<String> tlsAlpnProtocols;
+ public final List<String> tlsAlpnProtocols;
- // TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
// List of elliptic curves to be used in the TLS elliptic curves extension.
// Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
- // This field will be ignored if tlsEllipticCurves is also set in SslConfig.
- @Deprecated public final List<String> tlsEllipticCurves;
-
- // SSL configuration options for any SSL/TLS connections to this IceServer.
- public final SslConfig sslConfig;
+ public final List<String> tlsEllipticCurves;
/** Convenience constructor for STUN servers. */
@Deprecated
@@ -343,12 +161,12 @@
public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
String hostname) {
this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
- null, SslConfig.builder().createSslConfig());
+ null);
}
private IceServer(String uri, List<String> urls, String username, String password,
TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
- List<String> tlsEllipticCurves, SslConfig sslConfig) {
+ List<String> tlsEllipticCurves) {
if (uri == null || urls == null || urls.isEmpty()) {
throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
}
@@ -374,13 +192,12 @@
this.hostname = hostname;
this.tlsAlpnProtocols = tlsAlpnProtocols;
this.tlsEllipticCurves = tlsEllipticCurves;
- this.sslConfig = sslConfig;
}
@Override
public String toString() {
return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
- + "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
+ + "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
}
public static Builder builder(String uri) {
@@ -399,7 +216,6 @@
private String hostname = "";
private List<String> tlsAlpnProtocols;
private List<String> tlsEllipticCurves;
- private SslConfig sslConfig = SslConfig.builder().createSslConfig();
private Builder(List<String> urls) {
if (urls == null || urls.isEmpty()) {
@@ -418,7 +234,6 @@
return this;
}
- @Deprecated
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
@@ -429,26 +244,19 @@
return this;
}
- @Deprecated
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
- @Deprecated
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
- public Builder setSslConfig(SslConfig sslConfig) {
- this.sslConfig = sslConfig;
- return this;
- }
-
public IceServer createIceServer() {
return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
- tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
+ tlsAlpnProtocols, tlsEllipticCurves);
}
}
@@ -490,11 +298,6 @@
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
-
- @CalledByNative("IceServer")
- SslConfig getSslConfig() {
- return sslConfig;
- }
}
/** Java version of PeerConnectionInterface.IceTransportsType */
diff --git a/sdk/android/src/jni/pc/icecandidate.cc b/sdk/android/src/jni/pc/icecandidate.cc
index bb7e995..b9d66a4 100644
--- a/sdk/android/src/jni/pc/icecandidate.cc
+++ b/sdk/android/src/jni/pc/icecandidate.cc
@@ -207,21 +207,6 @@
return PeerConnectionInterface::kTlsCertPolicySecure;
}
-rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
- JNIEnv* jni,
- const JavaRef<jobject>& j_ssl_config_tls_cert_policy) {
- std::string enum_name = GetJavaEnumName(jni, j_ssl_config_tls_cert_policy);
-
- if (enum_name == "TLS_CERT_POLICY_SECURE")
- return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
-
- if (enum_name == "TLS_CERT_POLICY_INSECURE_NO_CHECK")
- return rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
-
- RTC_CHECK(false) << "Unexpected TlsCertPolicy enum_name " << enum_name;
- return rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
-}
-
absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
JNIEnv* jni,
const JavaRef<jobject>& j_network_preference) {
diff --git a/sdk/android/src/jni/pc/icecandidate.h b/sdk/android/src/jni/pc/icecandidate.h
index 38aa359..662b649 100644
--- a/sdk/android/src/jni/pc/icecandidate.h
+++ b/sdk/android/src/jni/pc/icecandidate.h
@@ -18,7 +18,6 @@
#include "api/jsepicecandidate.h"
#include "api/peerconnectioninterface.h"
#include "api/rtpparameters.h"
-#include "rtc_base/ssladapter.h"
#include "rtc_base/sslidentity.h"
#include "sdk/android/src/jni/jni_helpers.h"
@@ -76,10 +75,6 @@
JNIEnv* jni,
const JavaRef<jobject>& j_ice_server_tls_cert_policy);
-rtc::TlsCertPolicy JavaToNativeRtcTlsCertPolicy(
- JNIEnv* jni,
- const JavaRef<jobject>& j_ssl_config_tls_cert_policy);
-
absl::optional<rtc::AdapterType> JavaToNativeNetworkPreference(
JNIEnv* jni,
const JavaRef<jobject>& j_network_preference);
diff --git a/sdk/android/src/jni/pc/peerconnection.cc b/sdk/android/src/jni/pc/peerconnection.cc
index ea631de..79da797 100644
--- a/sdk/android/src/jni/pc/peerconnection.cc
+++ b/sdk/android/src/jni/pc/peerconnection.cc
@@ -40,7 +40,6 @@
#include "api/rtptransceiverinterface.h"
#include "rtc_base/checks.h"
#include "rtc_base/logging.h"
-#include "rtc_base/ssladapter.h"
#include "sdk/android/generated_peerconnection_jni/jni/PeerConnection_jni.h"
#include "sdk/android/native_api/jni/java_types.h"
#include "sdk/android/src/jni/jni_helpers.h"
@@ -67,44 +66,6 @@
->pc();
}
-rtc::SSLConfig JavaToNativeSslConfig(JNIEnv* jni,
- const JavaRef<jobject>& j_ssl_config) {
- rtc::SSLConfig ssl_config;
- ssl_config.enable_ocsp_stapling =
- Java_SslConfig_getEnableOcspStapling(jni, j_ssl_config);
- ssl_config.enable_signed_cert_timestamp =
- Java_SslConfig_getEnableSignedCertTimestamp(jni, j_ssl_config);
- ssl_config.enable_tls_channel_id =
- Java_SslConfig_getEnableTlsChannelId(jni, j_ssl_config);
- ssl_config.enable_grease = Java_SslConfig_getEnableGrease(jni, j_ssl_config);
-
- ScopedJavaLocalRef<jobject> j_ssl_config_max_ssl_version =
- Java_SslConfig_getMaxSslVersion(jni, j_ssl_config);
- ssl_config.max_ssl_version =
- JavaToNativeOptionalInt(jni, j_ssl_config_max_ssl_version);
-
- ScopedJavaLocalRef<jobject> j_ssl_config_tls_cert_policy =
- Java_SslConfig_getTlsCertPolicy(jni, j_ssl_config);
- ssl_config.tls_cert_policy =
- JavaToNativeRtcTlsCertPolicy(jni, j_ssl_config_tls_cert_policy);
-
- ScopedJavaLocalRef<jobject> j_ssl_config_tls_alpn_protocols =
- Java_SslConfig_getTlsAlpnProtocols(jni, j_ssl_config);
- if (!IsNull(jni, j_ssl_config_tls_alpn_protocols)) {
- ssl_config.tls_alpn_protocols =
- JavaListToNativeVector<std::string, jstring>(
- jni, j_ssl_config_tls_alpn_protocols, &JavaToNativeString);
- }
- ScopedJavaLocalRef<jobject> j_ssl_config_tls_elliptic_curves =
- Java_SslConfig_getTlsEllipticCurves(jni, j_ssl_config);
- if (!IsNull(jni, j_ssl_config_tls_elliptic_curves)) {
- ssl_config.tls_elliptic_curves =
- JavaListToNativeVector<std::string, jstring>(
- jni, j_ssl_config_tls_elliptic_curves, &JavaToNativeString);
- }
- return ssl_config;
-}
-
PeerConnectionInterface::IceServers JavaToNativeIceServers(
JNIEnv* jni,
const JavaRef<jobject>& j_ice_servers) {
@@ -126,8 +87,6 @@
Java_IceServer_getTlsAlpnProtocols(jni, j_ice_server);
ScopedJavaLocalRef<jobject> tls_elliptic_curves =
Java_IceServer_getTlsEllipticCurves(jni, j_ice_server);
- ScopedJavaLocalRef<jobject> ssl_config =
- Java_IceServer_getSslConfig(jni, j_ice_server);
PeerConnectionInterface::IceServer server;
server.urls = JavaListToNativeVector<std::string, jstring>(
jni, urls, &JavaToNativeString);
@@ -139,7 +98,6 @@
jni, tls_alpn_protocols, &JavaToNativeString);
server.tls_elliptic_curves = JavaListToNativeVector<std::string, jstring>(
jni, tls_elliptic_curves, &JavaToNativeString);
- server.ssl_config = JavaToNativeSslConfig(jni, ssl_config);
ice_servers.push_back(server);
}
return ice_servers;
diff --git a/sdk/objc/api/peerconnection/RTCIceServer.h b/sdk/objc/api/peerconnection/RTCIceServer.h
index a9760c7..c2def04 100644
--- a/sdk/objc/api/peerconnection/RTCIceServer.h
+++ b/sdk/objc/api/peerconnection/RTCIceServer.h
@@ -11,7 +11,11 @@
#import <Foundation/Foundation.h>
#import "RTCMacros.h"
-#import "RTCSSLConfig.h"
+
+typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
+ RTCTlsCertPolicySecure,
+ RTCTlsCertPolicyInsecureNoCheck
+};
NS_ASSUME_NONNULL_BEGIN
@@ -28,8 +32,7 @@
@property(nonatomic, readonly, nullable) NSString *credential;
/**
- Deprecated. TODO(diogor, webrtc:9673): Remove from API.
- TLS certificate policy to use if this RTCIceServer object is a TURN server.
+ * TLS certificate policy to use if this RTCIceServer object is a TURN server.
*/
@property(nonatomic, readonly) RTCTlsCertPolicy tlsCertPolicy;
@@ -40,24 +43,15 @@
*/
@property(nonatomic, readonly, nullable) NSString *hostname;
-/**
- Deprecated. TODO(diogor, webrtc:9673): Remove from API.
- List of protocols to be used in the TLS ALPN extension.
- This field will be ignored if also set in RTCSSLConfig.
- */
+/** List of protocols to be used in the TLS ALPN extension. */
@property(nonatomic, readonly) NSArray<NSString *> *tlsAlpnProtocols;
/**
- Deprecated. TODO(diogor, webrtc:9673): Remove from API.
List elliptic curves to be used in the TLS elliptic curves extension.
Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
- This field will be ignored if also set in RTCSSLConfig.
*/
@property(nonatomic, readonly) NSArray<NSString *> *tlsEllipticCurves;
-/** SSL configuration options for any SSL/TLS connections to this IceServer. */
-@property(nonatomic, readonly) RTCSSLConfig *sslConfig;
-
- (nonnull instancetype)init NS_UNAVAILABLE;
/** Convenience initializer for a server with no authentication (e.g. STUN). */
@@ -112,17 +106,8 @@
tlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy
hostname:(nullable NSString *)hostname
tlsAlpnProtocols:(nullable NSArray<NSString *> *)tlsAlpnProtocols
- tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves;
-
-/**
- * Initialize an RTCIceServer with its associated URLs, optional
- * username, optional credential, hostname and SSL config.
- */
-- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
- username:(nullable NSString *)username
- credential:(nullable NSString *)credential
- hostname:(nullable NSString *)hostname
- sslConfig:(RTCSSLConfig *)sslConfig NS_DESIGNATED_INITIALIZER;
+ tlsEllipticCurves:(nullable NSArray<NSString *> *)tlsEllipticCurves
+ NS_DESIGNATED_INITIALIZER;
@end
diff --git a/sdk/objc/api/peerconnection/RTCIceServer.mm b/sdk/objc/api/peerconnection/RTCIceServer.mm
index 1e0d170..2138e4c 100644
--- a/sdk/objc/api/peerconnection/RTCIceServer.mm
+++ b/sdk/objc/api/peerconnection/RTCIceServer.mm
@@ -9,7 +9,6 @@
*/
#import "RTCIceServer+Private.h"
-#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@@ -22,7 +21,6 @@
@synthesize hostname = _hostname;
@synthesize tlsAlpnProtocols = _tlsAlpnProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
-@synthesize sslConfig = _sslConfig;
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings {
return [self initWithURLStrings:urlStrings
@@ -85,40 +83,28 @@
hostname:(NSString *)hostname
tlsAlpnProtocols:(NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(NSArray<NSString *> *)tlsEllipticCurves {
- RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] init];
- sslConfig.tlsCertPolicy = tlsCertPolicy;
- sslConfig.tlsALPNProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
- sslConfig.tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
- return [self initWithURLStrings:urlStrings
- username:username
- credential:credential
- hostname:hostname
- sslConfig:sslConfig];
-}
-
-- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
- username:(NSString *)username
- credential:(NSString *)credential
- hostname:(NSString *)hostname
- sslConfig:(RTCSSLConfig *)sslConfig {
NSParameterAssert(urlStrings.count);
if (self = [super init]) {
_urlStrings = [[NSArray alloc] initWithArray:urlStrings copyItems:YES];
_username = [username copy];
_credential = [credential copy];
+ _tlsCertPolicy = tlsCertPolicy;
_hostname = [hostname copy];
- _sslConfig = sslConfig;
+ _tlsAlpnProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
+ _tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
}
return self;
}
- (NSString *)description {
- return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@",
+ return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@\n%@\n%@",
_urlStrings,
_username,
_credential,
+ [self stringForTlsCertPolicy:_tlsCertPolicy],
_hostname,
- _sslConfig];
+ _tlsAlpnProtocols,
+ _tlsEllipticCurves];
}
#pragma mark - Private
@@ -163,8 +149,6 @@
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck;
break;
}
-
- iceServer.ssl_config = [_sslConfig nativeConfig];
return iceServer;
}
@@ -178,38 +162,34 @@
NSString *username = [NSString stringForStdString:nativeServer.username];
NSString *credential = [NSString stringForStdString:nativeServer.password];
NSString *hostname = [NSString stringForStdString:nativeServer.hostname];
- RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] initWithNativeConfig:nativeServer.ssl_config];
-
- if (!nativeServer.ssl_config.tls_alpn_protocols.has_value() &&
- !nativeServer.tls_alpn_protocols.empty()) {
- NSMutableArray *tlsALPNProtocols =
- [NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
- for (auto const &proto : nativeServer.tls_alpn_protocols) {
- [tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
- }
- sslConfig.tlsALPNProtocols = tlsALPNProtocols;
+ NSMutableArray *tlsAlpnProtocols =
+ [NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
+ for (auto const &proto : nativeServer.tls_alpn_protocols) {
+ [tlsAlpnProtocols addObject:[NSString stringForStdString:proto]];
}
-
- if (!nativeServer.ssl_config.tls_elliptic_curves.has_value() &&
- !nativeServer.tls_elliptic_curves.empty()) {
- NSMutableArray *tlsEllipticCurves =
- [NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
- for (auto const &curve : nativeServer.tls_elliptic_curves) {
- [tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
- }
- sslConfig.tlsEllipticCurves = tlsEllipticCurves;
+ NSMutableArray *tlsEllipticCurves =
+ [NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
+ for (auto const &curve : nativeServer.tls_elliptic_curves) {
+ [tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
}
+ RTCTlsCertPolicy tlsCertPolicy;
- if (nativeServer.tls_cert_policy ==
- webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
- sslConfig.tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
+ switch (nativeServer.tls_cert_policy) {
+ case webrtc::PeerConnectionInterface::kTlsCertPolicySecure:
+ tlsCertPolicy = RTCTlsCertPolicySecure;
+ break;
+ case webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck:
+ tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
+ break;
}
self = [self initWithURLStrings:urls
username:username
credential:credential
+ tlsCertPolicy:tlsCertPolicy
hostname:hostname
- sslConfig:sslConfig];
+ tlsAlpnProtocols:tlsAlpnProtocols
+ tlsEllipticCurves:tlsEllipticCurves];
return self;
}
diff --git a/sdk/objc/api/peerconnection/RTCSSLConfig+Native.h b/sdk/objc/api/peerconnection/RTCSSLConfig+Native.h
deleted file mode 100644
index 7a38edc..0000000
--- a/sdk/objc/api/peerconnection/RTCSSLConfig+Native.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright 2018 The WebRTC project authors. All Rights Reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#import "RTCSSLConfig.h"
-
-#include "api/peerconnectioninterface.h"
-#include "rtc_base/ssladapter.h"
-
-NS_ASSUME_NONNULL_BEGIN
-
-@interface RTCSSLConfig (Native)
-
-- (rtc::SSLConfig)nativeConfig;
-
-/** Initialize an RTCSSLConfig from a native SSLConfig. */
-- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config;
-
-@end
-
-NS_ASSUME_NONNULL_END
diff --git a/sdk/objc/api/peerconnection/RTCSSLConfig.h b/sdk/objc/api/peerconnection/RTCSSLConfig.h
deleted file mode 100644
index 5421609..0000000
--- a/sdk/objc/api/peerconnection/RTCSSLConfig.h
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright 2018 The WebRTC project authors. All Rights Reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#import <Foundation/Foundation.h>
-
-#import <WebRTC/RTCMacros.h>
-
-typedef NS_ENUM(NSUInteger, RTCTlsCertPolicy) {
- RTCTlsCertPolicySecure,
- RTCTlsCertPolicyInsecureNoCheck
-};
-
-NS_ASSUME_NONNULL_BEGIN
-
-RTC_EXPORT
-@interface RTCSSLConfig : NSObject
-
-/** Indicates whether to enable OCSP stapling in TLS. */
-@property(nonatomic) BOOL enableOCSPStapling;
-
-/** Indicates whether to enable the signed certificate timestamp extension in TLS. */
-@property(nonatomic) BOOL enableSignedCertTimestamp;
-
-/** Indicates whether to enable the TLS Channel ID extension. */
-@property(nonatomic) BOOL enableTlsChannelId;
-
-/** Indicates whether to enable the TLS GREASE extension. */
-@property(nonatomic) BOOL enableGrease;
-
-/** Indicates how to process TURN server certificates */
-@property(nonatomic) RTCTlsCertPolicy tlsCertPolicy;
-
-/** Highest supported SSL version, as defined in the supported_versions TLS extension. */
-@property(nonatomic, nullable) NSNumber *maxSSLVersion;
-
-/** List of protocols to be used in the TLS ALPN extension. */
-@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsALPNProtocols;
-
-/**
- List of elliptic curves to be used in the TLS elliptic curves extension.
- Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
- */
-@property(nonatomic, copy, nullable) NSArray<NSString *> *tlsEllipticCurves;
-
-- (instancetype)init;
-
-@end
-
-NS_ASSUME_NONNULL_END
diff --git a/sdk/objc/api/peerconnection/RTCSSLConfig.mm b/sdk/objc/api/peerconnection/RTCSSLConfig.mm
deleted file mode 100644
index 60ff47c..0000000
--- a/sdk/objc/api/peerconnection/RTCSSLConfig.mm
+++ /dev/null
@@ -1,134 +0,0 @@
-/*
- * Copyright 2018 The WebRTC project authors. All Rights Reserved.
- *
- * Use of this source code is governed by a BSD-style license
- * that can be found in the LICENSE file in the root of the source
- * tree. An additional intellectual property rights grant can be found
- * in the file PATENTS. All contributing project authors may
- * be found in the AUTHORS file in the root of the source tree.
- */
-
-#import "RTCSSLConfig+Native.h"
-
-#import "helpers/NSString+StdString.h"
-
-@implementation RTCSSLConfig
-
-@synthesize enableOCSPStapling = _enableOCSPStapling;
-@synthesize enableSignedCertTimestamp = _enableSignedCertTimestamp;
-@synthesize enableTlsChannelId = _enableTlsChannelId;
-@synthesize enableGrease = _enableGrease;
-@synthesize tlsCertPolicy = _tlsCertPolicy;
-@synthesize maxSSLVersion = _maxSSLVersion;
-@synthesize tlsALPNProtocols = _tlsALPNProtocols;
-@synthesize tlsEllipticCurves = _tlsEllipticCurves;
-
-- (instancetype)init {
- // Copy defaults
- rtc::SSLConfig config;
- return [self initWithNativeConfig:config];
-}
-
-- (instancetype)initWithNativeConfig:(const rtc::SSLConfig &)config {
- if (self = [super init]) {
- _enableOCSPStapling = config.enable_ocsp_stapling;
- _enableSignedCertTimestamp = config.enable_signed_cert_timestamp;
- _enableTlsChannelId = config.enable_tls_channel_id;
- _enableGrease = config.enable_grease;
-
- switch (config.tls_cert_policy) {
- case rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE:
- _tlsCertPolicy = RTCTlsCertPolicySecure;
- break;
- case rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK:
- _tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
- break;
- }
-
- if (config.max_ssl_version) {
- _maxSSLVersion = [NSNumber numberWithInt:*config.max_ssl_version];
- }
- if (config.tls_alpn_protocols) {
- NSMutableArray *tlsALPNProtocols =
- [NSMutableArray arrayWithCapacity:config.tls_alpn_protocols.value().size()];
- for (auto const &proto : config.tls_alpn_protocols.value()) {
- [tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
- }
- _tlsALPNProtocols = tlsALPNProtocols;
- }
- if (config.tls_elliptic_curves) {
- NSMutableArray *tlsEllipticCurves =
- [NSMutableArray arrayWithCapacity:config.tls_elliptic_curves.value().size()];
- for (auto const &curve : config.tls_elliptic_curves.value()) {
- [tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
- }
- _tlsEllipticCurves = tlsEllipticCurves;
- }
- }
- return self;
-}
-
-- (NSString *)description {
- return [NSString stringWithFormat:@"RTCSSLConfig:\n%d\n%d\n%d\n%d\n%@\n%@\n%@\n%@",
- _enableOCSPStapling,
- _enableSignedCertTimestamp,
- _enableTlsChannelId,
- _enableGrease,
- [self stringForTlsCertPolicy:_tlsCertPolicy],
- _maxSSLVersion,
- _tlsALPNProtocols,
- _tlsEllipticCurves];
-}
-
-#pragma mark - Private
-
-- (NSString *)stringForTlsCertPolicy:(RTCTlsCertPolicy)tlsCertPolicy {
- switch (tlsCertPolicy) {
- case RTCTlsCertPolicySecure:
- return @"RTCTlsCertPolicySecure";
- case RTCTlsCertPolicyInsecureNoCheck:
- return @"RTCTlsCertPolicyInsecureNoCheck";
- }
-}
-
-- (rtc::SSLConfig)nativeConfig {
- __block rtc::SSLConfig sslConfig;
-
- sslConfig.enable_ocsp_stapling = _enableOCSPStapling;
- sslConfig.enable_signed_cert_timestamp = _enableSignedCertTimestamp;
- sslConfig.enable_tls_channel_id = _enableTlsChannelId;
- sslConfig.enable_grease = _enableGrease;
-
- switch (_tlsCertPolicy) {
- case RTCTlsCertPolicySecure:
- sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_SECURE;
- break;
- case RTCTlsCertPolicyInsecureNoCheck:
- sslConfig.tls_cert_policy = rtc::TlsCertPolicy::TLS_CERT_POLICY_INSECURE_NO_CHECK;
- break;
- }
-
- if (_maxSSLVersion != nil) {
- sslConfig.max_ssl_version = absl::optional<int>(_maxSSLVersion.intValue);
- }
-
- if (_tlsALPNProtocols != nil) {
- __block std::vector<std::string> alpn_protocols;
- [_tlsALPNProtocols enumerateObjectsUsingBlock:^(NSString *proto, NSUInteger idx, BOOL *stop) {
- alpn_protocols.push_back(proto.stdString);
- }];
- sslConfig.tls_alpn_protocols = absl::optional<std::vector<std::string>>(alpn_protocols);
- }
-
- if (_tlsEllipticCurves != nil) {
- __block std::vector<std::string> elliptic_curves;
- [_tlsEllipticCurves enumerateObjectsUsingBlock:^(NSString *curve, NSUInteger idx, BOOL *stop) {
- elliptic_curves.push_back(curve.stdString);
- }];
- sslConfig.tls_elliptic_curves = absl::optional<std::vector<std::string>>(elliptic_curves);
- }
-
- return sslConfig;
-}
-
-@end
diff --git a/sdk/objc/unittests/RTCIceServerTest.mm b/sdk/objc/unittests/RTCIceServerTest.mm
index 7659196..8ef5195 100644
--- a/sdk/objc/unittests/RTCIceServerTest.mm
+++ b/sdk/objc/unittests/RTCIceServerTest.mm
@@ -89,7 +89,7 @@
EXPECT_EQ("username", iceStruct.username);
EXPECT_EQ("credential", iceStruct.password);
EXPECT_EQ("hostname", iceStruct.hostname);
- EXPECT_EQ(2u, iceStruct.ssl_config.tls_alpn_protocols.value().size());
+ EXPECT_EQ(2u, iceStruct.tls_alpn_protocols.size());
}
- (void)testTlsEllipticCurves {
@@ -106,8 +106,8 @@
EXPECT_EQ("username", iceStruct.username);
EXPECT_EQ("credential", iceStruct.password);
EXPECT_EQ("hostname", iceStruct.hostname);
- EXPECT_EQ(2u, iceStruct.ssl_config.tls_alpn_protocols.value().size());
- EXPECT_EQ(2u, iceStruct.ssl_config.tls_elliptic_curves.value().size());
+ EXPECT_EQ(2u, iceStruct.tls_alpn_protocols.size());
+ EXPECT_EQ(2u, iceStruct.tls_elliptic_curves.size());
}
- (void)testInitFromNativeServer {
@@ -129,8 +129,8 @@
EXPECT_EQ("username", [NSString stdStringForString:iceServer.username]);
EXPECT_EQ("password", [NSString stdStringForString:iceServer.credential]);
EXPECT_EQ("hostname", [NSString stdStringForString:iceServer.hostname]);
- EXPECT_EQ(2u, iceServer.sslConfig.tlsALPNProtocols.count);
- EXPECT_EQ(2u, iceServer.sslConfig.tlsEllipticCurves.count);
+ EXPECT_EQ(2u, iceServer.tlsAlpnProtocols.count);
+ EXPECT_EQ(2u, iceServer.tlsEllipticCurves.count);
}
@end