Add SSLConfig object to IceServer.
This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.
Bug: webrtc:9662
Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
Reviewed-on: https://webrtc-review.googlesource.com/98762
Commit-Queue: Diogo Real <diogor@google.com>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24696}diff --git a/sdk/android/api/org/webrtc/PeerConnection.java b/sdk/android/api/org/webrtc/PeerConnection.java
index 2f9adcf..2161711 100644
--- a/sdk/android/api/org/webrtc/PeerConnection.java
+++ b/sdk/android/api/org/webrtc/PeerConnection.java
@@ -50,6 +50,7 @@
}
}
+ // TODO(diogor, webrtc:9673): Remove TlsCertPolicy. It's deprecated, in favor of SslConfig.
/** Tracks PeerConnectionInterface::TlsCertPolicy */
public enum TlsCertPolicy {
TLS_CERT_POLICY_SECURE,
@@ -126,7 +127,9 @@
public final List<String> urls;
public final String username;
public final String password;
- public final TlsCertPolicy tlsCertPolicy;
+ // TODO(diogor, webrtc:9673): Remove tlsCertPolicy from this API.
+ // This field will be ignored if tlsCertPolicy is also set in SslConfig.
+ @Deprecated public final TlsCertPolicy tlsCertPolicy;
// If the URIs in |urls| only contain IP addresses, this field can be used
// to indicate the hostname, which may be necessary for TLS (using the SNI
@@ -134,12 +137,18 @@
// necessary.
public final String hostname;
+ // TODO(diogor, webrtc:9673): Remove tlsAlpnProtocols from this API.
// List of protocols to be used in the TLS ALPN extension.
- public final List<String> tlsAlpnProtocols;
+ @Deprecated public final List<String> tlsAlpnProtocols;
+ // TODO(diogor, webrtc:9673): Remove tlsEllipticCurves from this API.
// List of elliptic curves to be used in the TLS elliptic curves extension.
// Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
- public final List<String> tlsEllipticCurves;
+ // This field will be ignored if tlsEllipticCurves is also set in SslConfig.
+ @Deprecated public final List<String> tlsEllipticCurves;
+
+ // SSL configuration options for any SSL/TLS connections to this IceServer.
+ public final SslConfig sslConfig;
/** Convenience constructor for STUN servers. */
@Deprecated
@@ -161,12 +170,12 @@
public IceServer(String uri, String username, String password, TlsCertPolicy tlsCertPolicy,
String hostname) {
this(uri, Collections.singletonList(uri), username, password, tlsCertPolicy, hostname, null,
- null);
+ null, SslConfig.builder().createSslConfig());
}
private IceServer(String uri, List<String> urls, String username, String password,
TlsCertPolicy tlsCertPolicy, String hostname, List<String> tlsAlpnProtocols,
- List<String> tlsEllipticCurves) {
+ List<String> tlsEllipticCurves, SslConfig sslConfig) {
if (uri == null || urls == null || urls.isEmpty()) {
throw new IllegalArgumentException("uri == null || urls == null || urls.isEmpty()");
}
@@ -192,12 +201,13 @@
this.hostname = hostname;
this.tlsAlpnProtocols = tlsAlpnProtocols;
this.tlsEllipticCurves = tlsEllipticCurves;
+ this.sslConfig = sslConfig;
}
@Override
public String toString() {
return urls + " [" + username + ":" + password + "] [" + tlsCertPolicy + "] [" + hostname
- + "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "]";
+ + "] [" + tlsAlpnProtocols + "] [" + tlsEllipticCurves + "] [" + sslConfig + "]";
}
public static Builder builder(String uri) {
@@ -216,6 +226,7 @@
private String hostname = "";
private List<String> tlsAlpnProtocols;
private List<String> tlsEllipticCurves;
+ private SslConfig sslConfig = SslConfig.builder().createSslConfig();
private Builder(List<String> urls) {
if (urls == null || urls.isEmpty()) {
@@ -234,6 +245,7 @@
return this;
}
+ @Deprecated
public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
this.tlsCertPolicy = tlsCertPolicy;
return this;
@@ -244,19 +256,26 @@
return this;
}
+ @Deprecated
public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
this.tlsAlpnProtocols = tlsAlpnProtocols;
return this;
}
+ @Deprecated
public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
this.tlsEllipticCurves = tlsEllipticCurves;
return this;
}
+ public Builder setSslConfig(SslConfig sslConfig) {
+ this.sslConfig = sslConfig;
+ return this;
+ }
+
public IceServer createIceServer() {
return new IceServer(urls.get(0), urls, username, password, tlsCertPolicy, hostname,
- tlsAlpnProtocols, tlsEllipticCurves);
+ tlsAlpnProtocols, tlsEllipticCurves, sslConfig);
}
}
@@ -298,6 +317,11 @@
List<String> getTlsEllipticCurves() {
return tlsEllipticCurves;
}
+
+ @CalledByNative("IceServer")
+ SslConfig getSslConfig() {
+ return sslConfig;
+ }
}
/** Java version of PeerConnectionInterface.IceTransportsType */
diff --git a/sdk/android/api/org/webrtc/SslConfig.java b/sdk/android/api/org/webrtc/SslConfig.java
new file mode 100644
index 0000000..7a94928
--- /dev/null
+++ b/sdk/android/api/org/webrtc/SslConfig.java
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2018 The WebRTC project authors. All Rights Reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+package org.webrtc;
+
+import java.util.Collections;
+import java.util.List;
+import javax.annotation.Nullable;
+
+/**
+ * Java version of rtc::SSLConfig.
+ *
+ * Contains the configuration of any SSL/TLS connections that are initiated by
+ * our client.
+ */
+public class SslConfig {
+ /** Tracks rtc::TlsCertPolicy */
+ public enum TlsCertPolicy {
+ TLS_CERT_POLICY_SECURE,
+ TLS_CERT_POLICY_INSECURE_NO_CHECK,
+ }
+
+ /** Indicates whether to enable OCSP stapling in TLS. */
+ public final boolean enableOcspStapling;
+ /** Indicates whether to enable the signed certificate timestamp extension in TLS. */
+ public final boolean enableSignedCertTimestamp;
+ /** Indicates whether to enable the TLS Channel ID extension. */
+ public final boolean enableTlsChannelId;
+ /** Indicates whether to enable the TLS GREASE extension. */
+ public final boolean enableGrease;
+
+ /** Indicates how to process TURN server certificates */
+ public final TlsCertPolicy tlsCertPolicy;
+
+ /**
+ * Highest supported SSL version, as defined in the supported_versions TLS extension.
+ * If null, the default OpenSSL/BoringSSL max version will be used.
+ */
+ @Nullable public final Integer maxSslVersion;
+
+ /**
+ * List of protocols to be used in the TLS ALPN extension.
+ * If null, the default list of OpenSSL/BoringSSL ALPN protocols will be used.
+ */
+ @Nullable public final List<String> tlsAlpnProtocols;
+
+ /**
+ * List of elliptic curves to be used in the TLS elliptic curves extension.
+ * Only curve names supported by OpenSSL should be used (eg. "P-256","X25519").
+ * If null, the default list of OpenSSL/BoringSSL curves will be used.
+ */
+ @Nullable public final List<String> tlsEllipticCurves;
+
+ private SslConfig(boolean enableOcspStapling, boolean enableSignedCertTimestamp,
+ boolean enableTlsChannelId, boolean enableGrease, TlsCertPolicy tlsCertPolicy,
+ Integer maxSslVersion, List<String> tlsAlpnProtocols, List<String> tlsEllipticCurves) {
+ this.enableOcspStapling = enableOcspStapling;
+ this.enableSignedCertTimestamp = enableSignedCertTimestamp;
+ this.enableTlsChannelId = enableTlsChannelId;
+ this.enableGrease = enableGrease;
+ this.tlsCertPolicy = tlsCertPolicy;
+ this.maxSslVersion = maxSslVersion;
+ if (tlsAlpnProtocols != null) {
+ this.tlsAlpnProtocols = Collections.unmodifiableList(tlsAlpnProtocols);
+ } else {
+ this.tlsAlpnProtocols = null;
+ }
+ if (tlsEllipticCurves != null) {
+ this.tlsEllipticCurves = Collections.unmodifiableList(tlsEllipticCurves);
+ } else {
+ this.tlsEllipticCurves = null;
+ }
+ }
+
+ @Override
+ public String toString() {
+ return "[enableOcspStapling=" + enableOcspStapling + "] [enableSignedCertTimestamp="
+ + enableSignedCertTimestamp + "] [enableTlsChannelId=" + enableTlsChannelId
+ + "] [enableGrease=" + enableGrease + "] [tlsCertPolicy=" + tlsCertPolicy
+ + "] [maxSslVersion=" + maxSslVersion + "] [tlsAlpnProtocols=" + tlsAlpnProtocols
+ + "] [tlsEllipticCurves=" + tlsEllipticCurves + "]";
+ }
+
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static class Builder {
+ private boolean enableOcspStapling;
+ private boolean enableSignedCertTimestamp;
+ private boolean enableTlsChannelId;
+ private boolean enableGrease;
+ private TlsCertPolicy tlsCertPolicy;
+ @Nullable private Integer maxSslVersion;
+ @Nullable private List<String> tlsAlpnProtocols;
+ @Nullable private List<String> tlsEllipticCurves;
+
+ private Builder() {
+ this.enableOcspStapling = true;
+ this.enableSignedCertTimestamp = true;
+ this.enableTlsChannelId = false;
+ this.enableGrease = false;
+ this.tlsCertPolicy = TlsCertPolicy.TLS_CERT_POLICY_SECURE;
+ this.maxSslVersion = null;
+ this.tlsAlpnProtocols = null;
+ this.tlsEllipticCurves = null;
+ }
+
+ public Builder setEnableOcspStapling(boolean enableOcspStapling) {
+ this.enableOcspStapling = enableOcspStapling;
+ return this;
+ }
+
+ public Builder setEnableSignedCertTimestamp(boolean enableSignedCertTimestamp) {
+ this.enableSignedCertTimestamp = enableSignedCertTimestamp;
+ return this;
+ }
+
+ public Builder setEnableTlsChannelId(boolean enableTlsChannelId) {
+ this.enableTlsChannelId = enableTlsChannelId;
+ return this;
+ }
+
+ public Builder setEnableGrease(boolean enableGrease) {
+ this.enableGrease = enableGrease;
+ return this;
+ }
+
+ public Builder setTlsCertPolicy(TlsCertPolicy tlsCertPolicy) {
+ this.tlsCertPolicy = tlsCertPolicy;
+ return this;
+ }
+
+ public Builder setMaxSslVersion(int maxSslVersion) {
+ this.maxSslVersion = maxSslVersion;
+ return this;
+ }
+
+ public Builder setTlsAlpnProtocols(List<String> tlsAlpnProtocols) {
+ this.tlsAlpnProtocols = tlsAlpnProtocols;
+ return this;
+ }
+
+ public Builder setTlsEllipticCurves(List<String> tlsEllipticCurves) {
+ this.tlsEllipticCurves = tlsEllipticCurves;
+ return this;
+ }
+
+ public SslConfig createSslConfig() {
+ return new SslConfig(enableOcspStapling, enableSignedCertTimestamp, enableTlsChannelId,
+ enableGrease, tlsCertPolicy, maxSslVersion, tlsAlpnProtocols, tlsEllipticCurves);
+ }
+ }
+
+ @CalledByNative
+ boolean getEnableOcspStapling() {
+ return enableOcspStapling;
+ }
+
+ @CalledByNative
+ boolean getEnableSignedCertTimestamp() {
+ return enableSignedCertTimestamp;
+ }
+
+ @CalledByNative
+ boolean getEnableTlsChannelId() {
+ return enableTlsChannelId;
+ }
+
+ @CalledByNative
+ boolean getEnableGrease() {
+ return enableGrease;
+ }
+
+ @CalledByNative
+ TlsCertPolicy getTlsCertPolicy() {
+ return tlsCertPolicy;
+ }
+
+ @Nullable
+ @CalledByNative
+ Integer getMaxSslVersion() {
+ return maxSslVersion;
+ }
+
+ @Nullable
+ @CalledByNative
+ List<String> getTlsAlpnProtocols() {
+ return tlsAlpnProtocols;
+ }
+
+ @Nullable
+ @CalledByNative
+ List<String> getTlsEllipticCurves() {
+ return tlsEllipticCurves;
+ }
+}