Add SSLConfig object to IceServer.
This is a rollforward of https://webrtc-review.googlesource.com/c/src/+/96020,
with the addition of setting the old tlsCertPolicy, tlsAlpnProtocols and
tlsEllipticCurves in the RTCIceServer initializer, for backwards compatibility.
Bug: webrtc:9662
Change-Id: I28706ed4ff5abe3f7f913f105779f0e5412aeac5
Reviewed-on: https://webrtc-review.googlesource.com/98762
Commit-Queue: Diogo Real <diogor@google.com>
Reviewed-by: Sami Kalliomäki <sakal@webrtc.org>
Reviewed-by: Kári Helgason <kthelgason@webrtc.org>
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#24696}diff --git a/sdk/objc/api/peerconnection/RTCIceServer.mm b/sdk/objc/api/peerconnection/RTCIceServer.mm
index 2138e4c..d03fd81 100644
--- a/sdk/objc/api/peerconnection/RTCIceServer.mm
+++ b/sdk/objc/api/peerconnection/RTCIceServer.mm
@@ -9,6 +9,7 @@
*/
#import "RTCIceServer+Private.h"
+#import "RTCSSLConfig+Native.h"
#import "helpers/NSString+StdString.h"
@@ -21,6 +22,7 @@
@synthesize hostname = _hostname;
@synthesize tlsAlpnProtocols = _tlsAlpnProtocols;
@synthesize tlsEllipticCurves = _tlsEllipticCurves;
+@synthesize sslConfig = _sslConfig;
- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings {
return [self initWithURLStrings:urlStrings
@@ -83,28 +85,50 @@
hostname:(NSString *)hostname
tlsAlpnProtocols:(NSArray<NSString *> *)tlsAlpnProtocols
tlsEllipticCurves:(NSArray<NSString *> *)tlsEllipticCurves {
+ RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] init];
+ sslConfig.tlsCertPolicy = tlsCertPolicy;
+ sslConfig.tlsALPNProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
+ sslConfig.tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
+ return [self initWithURLStrings:urlStrings
+ username:username
+ credential:credential
+ hostname:hostname
+ sslConfig:sslConfig];
+}
+
+- (instancetype)initWithURLStrings:(NSArray<NSString *> *)urlStrings
+ username:(NSString *)username
+ credential:(NSString *)credential
+ hostname:(NSString *)hostname
+ sslConfig:(RTCSSLConfig *)sslConfig {
NSParameterAssert(urlStrings.count);
if (self = [super init]) {
_urlStrings = [[NSArray alloc] initWithArray:urlStrings copyItems:YES];
_username = [username copy];
_credential = [credential copy];
- _tlsCertPolicy = tlsCertPolicy;
_hostname = [hostname copy];
- _tlsAlpnProtocols = [[NSArray alloc] initWithArray:tlsAlpnProtocols copyItems:YES];
- _tlsEllipticCurves = [[NSArray alloc] initWithArray:tlsEllipticCurves copyItems:YES];
+ _sslConfig = sslConfig;
+
+ // TODO(diogor, webrtc:9673): Remove these duplicate assignments.
+ _tlsCertPolicy = sslConfig.tlsCertPolicy;
+ if (sslConfig.tlsALPNProtocols) {
+ _tlsAlpnProtocols = [[NSArray alloc] initWithArray:sslConfig.tlsALPNProtocols copyItems:YES];
+ }
+ if (sslConfig.tlsEllipticCurves) {
+ _tlsEllipticCurves =
+ [[NSArray alloc] initWithArray:sslConfig.tlsEllipticCurves copyItems:YES];
+ }
}
return self;
}
- (NSString *)description {
- return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@\n%@\n%@",
+ return [NSString stringWithFormat:@"RTCIceServer:\n%@\n%@\n%@\n%@\n%@",
_urlStrings,
_username,
_credential,
- [self stringForTlsCertPolicy:_tlsCertPolicy],
_hostname,
- _tlsAlpnProtocols,
- _tlsEllipticCurves];
+ _sslConfig];
}
#pragma mark - Private
@@ -149,6 +173,8 @@
webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck;
break;
}
+
+ iceServer.ssl_config = [_sslConfig nativeConfig];
return iceServer;
}
@@ -162,34 +188,38 @@
NSString *username = [NSString stringForStdString:nativeServer.username];
NSString *credential = [NSString stringForStdString:nativeServer.password];
NSString *hostname = [NSString stringForStdString:nativeServer.hostname];
- NSMutableArray *tlsAlpnProtocols =
- [NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
- for (auto const &proto : nativeServer.tls_alpn_protocols) {
- [tlsAlpnProtocols addObject:[NSString stringForStdString:proto]];
- }
- NSMutableArray *tlsEllipticCurves =
- [NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
- for (auto const &curve : nativeServer.tls_elliptic_curves) {
- [tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
- }
- RTCTlsCertPolicy tlsCertPolicy;
+ RTCSSLConfig *sslConfig = [[RTCSSLConfig alloc] initWithNativeConfig:nativeServer.ssl_config];
- switch (nativeServer.tls_cert_policy) {
- case webrtc::PeerConnectionInterface::kTlsCertPolicySecure:
- tlsCertPolicy = RTCTlsCertPolicySecure;
- break;
- case webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck:
- tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
- break;
+ if (!nativeServer.ssl_config.tls_alpn_protocols.has_value() &&
+ !nativeServer.tls_alpn_protocols.empty()) {
+ NSMutableArray *tlsALPNProtocols =
+ [NSMutableArray arrayWithCapacity:nativeServer.tls_alpn_protocols.size()];
+ for (auto const &proto : nativeServer.tls_alpn_protocols) {
+ [tlsALPNProtocols addObject:[NSString stringForStdString:proto]];
+ }
+ sslConfig.tlsALPNProtocols = tlsALPNProtocols;
+ }
+
+ if (!nativeServer.ssl_config.tls_elliptic_curves.has_value() &&
+ !nativeServer.tls_elliptic_curves.empty()) {
+ NSMutableArray *tlsEllipticCurves =
+ [NSMutableArray arrayWithCapacity:nativeServer.tls_elliptic_curves.size()];
+ for (auto const &curve : nativeServer.tls_elliptic_curves) {
+ [tlsEllipticCurves addObject:[NSString stringForStdString:curve]];
+ }
+ sslConfig.tlsEllipticCurves = tlsEllipticCurves;
+ }
+
+ if (nativeServer.tls_cert_policy ==
+ webrtc::PeerConnectionInterface::kTlsCertPolicyInsecureNoCheck) {
+ sslConfig.tlsCertPolicy = RTCTlsCertPolicyInsecureNoCheck;
}
self = [self initWithURLStrings:urls
username:username
credential:credential
- tlsCertPolicy:tlsCertPolicy
hostname:hostname
- tlsAlpnProtocols:tlsAlpnProtocols
- tlsEllipticCurves:tlsEllipticCurves];
+ sslConfig:sslConfig];
return self;
}