diff --git a/sdk/BUILD.gn b/sdk/BUILD.gn index a8e246d5f6..729a222564 100644 --- a/sdk/BUILD.gn +++ b/sdk/BUILD.gn @@ -101,6 +101,7 @@ if (is_ios || is_mac) { "objc/base/RTCMacros.h", "objc/base/RTCMutableI420Buffer.h", "objc/base/RTCMutableYUVPlanarBuffer.h", + "objc/base/RTCSSLCertificateVerifier.h", "objc/base/RTCVideoCapturer.h", "objc/base/RTCVideoCapturer.m", "objc/base/RTCVideoCodecInfo.h", @@ -1233,6 +1234,7 @@ if (is_ios || is_mac) { "objc/base/RTCMacros.h", "objc/base/RTCMutableI420Buffer.h", "objc/base/RTCMutableYUVPlanarBuffer.h", + "objc/base/RTCSSLCertificateVerifier.h", "objc/base/RTCVideoCapturer.h", "objc/base/RTCVideoCodecInfo.h", "objc/base/RTCVideoDecoder.h", @@ -1429,6 +1431,7 @@ if (is_ios || is_mac) { "objc/base/RTCMacros.h", "objc/base/RTCMutableI420Buffer.h", "objc/base/RTCMutableYUVPlanarBuffer.h", + "objc/base/RTCSSLCertificateVerifier.h", "objc/base/RTCVideoCapturer.h", "objc/base/RTCVideoCodecInfo.h", "objc/base/RTCVideoDecoder.h", @@ -1528,6 +1531,8 @@ if (is_ios || is_mac) { sources = [ "objc/native/api/network_monitor_factory.h", "objc/native/api/network_monitor_factory.mm", + "objc/native/api/ssl_certificate_verifier.h", + "objc/native/api/ssl_certificate_verifier.mm", "objc/native/api/video_capturer.h", "objc/native/api/video_capturer.mm", "objc/native/api/video_decoder_factory.h", diff --git a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h index 43ee420ffe..00f2ef7834 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h +++ b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h @@ -68,6 +68,8 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver { }; } // namespace webrtc +@protocol RTC_OBJC_TYPE +(RTCSSLCertificateVerifier); @interface RTC_OBJC_TYPE (RTCPeerConnection) () @@ -83,11 +85,12 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver { /** Initialize an RTCPeerConnection with a configuration, constraints, and * delegate. */ -- (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory - configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration - constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints - delegate: - (nullable id)delegate; +- (nullable instancetype) + initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory + configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration + constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier:(nullable id)certificateVerifier + delegate:(nullable id)delegate; /** Initialize an RTCPeerConnection with a configuration, constraints, * delegate and PeerConnectionDependencies. diff --git a/sdk/objc/api/peerconnection/RTCPeerConnection.mm b/sdk/objc/api/peerconnection/RTCPeerConnection.mm index 7db986ce1d..203fa4a923 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnection.mm +++ b/sdk/objc/api/peerconnection/RTCPeerConnection.mm @@ -34,6 +34,7 @@ #include "api/set_remote_description_observer_interface.h" #include "rtc_base/checks.h" #include "rtc_base/numerics/safe_conversions.h" +#include "sdk/objc/native/api/ssl_certificate_verifier.h" NSString *const kRTCPeerConnectionErrorDomain = @"org.webrtc.RTC_OBJC_TYPE(RTCPeerConnection)"; int const kRTCPeerConnnectionSessionDescriptionError = -1; @@ -336,10 +337,15 @@ void PeerConnectionDelegateAdapter::OnRemoveTrack( - (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier: + (nullable id)certificateVerifier delegate:(id)delegate { NSParameterAssert(factory); std::unique_ptr dependencies = std::make_unique(nullptr); + if (certificateVerifier != nil) { + dependencies->tls_cert_verifier = webrtc::ObjCToNativeCertificateVerifier(certificateVerifier); + } return [self initWithDependencies:factory configuration:configuration constraints:constraints diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h index 78913527c0..88aac990f2 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h +++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h @@ -29,6 +29,8 @@ NS_ASSUME_NONNULL_BEGIN (RTCVideoDecoderFactory); @protocol RTC_OBJC_TYPE (RTCVideoEncoderFactory); +@protocol RTC_OBJC_TYPE +(RTCSSLCertificateVerifier); RTC_OBJC_EXPORT @interface RTC_OBJC_TYPE (RTCPeerConnectionFactory) : NSObject @@ -82,6 +84,13 @@ RTC_OBJC_EXPORT constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints delegate:(nullable id)delegate; +- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *) + peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration + constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier: + (id)certificateVerifier + delegate:(nullable id)delegate; + /** Set the options to be used for subsequently created RTCPeerConnections */ - (void)setOptions:(nonnull RTC_OBJC_TYPE(RTCPeerConnectionFactoryOptions) *)options; diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm index 63ba934e3d..f7a17558f0 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm +++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm @@ -27,6 +27,7 @@ #import "helpers/NSString+StdString.h" #include "rtc_base/checks.h" #include "sdk/objc/native/api/network_monitor_factory.h" +#include "sdk/objc/native/api/ssl_certificate_verifier.h" #include "system_wrappers/include/field_trial.h" #ifndef HAVE_NO_MEDIA @@ -272,6 +273,21 @@ return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self configuration:configuration constraints:constraints + certificateVerifier:nil + delegate:delegate]; +} + +- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *) + peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration + constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier: + (id)certificateVerifier + delegate: + (nullable id)delegate { + return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self + configuration:configuration + constraints:constraints + certificateVerifier:certificateVerifier delegate:delegate]; } diff --git a/sdk/objc/base/RTCSSLCertificateVerifier.h b/sdk/objc/base/RTCSSLCertificateVerifier.h new file mode 100644 index 0000000000..53da0cceff --- /dev/null +++ b/sdk/objc/base/RTCSSLCertificateVerifier.h @@ -0,0 +1,25 @@ +/* + * Copyright 2022 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#import + +#import "RTCMacros.h" + +NS_ASSUME_NONNULL_BEGIN + +RTC_OBJC_EXPORT @protocol RTC_OBJC_TYPE +(RTCSSLCertificateVerifier) + + /** The certificate to verify */ + - (BOOL)verify : (NSData *)derCertificate; + +@end + +NS_ASSUME_NONNULL_END diff --git a/sdk/objc/native/api/ssl_certificate_verifier.h b/sdk/objc/native/api/ssl_certificate_verifier.h new file mode 100644 index 0000000000..35ab1be9a8 --- /dev/null +++ b/sdk/objc/native/api/ssl_certificate_verifier.h @@ -0,0 +1,26 @@ +/* + * Copyright 2022 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#ifndef SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_ +#define SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_ + +#include + +#import "RTCSSLCertificateVerifier.h" +#include "rtc_base/ssl_certificate.h" + +namespace webrtc { + +std::unique_ptr ObjCToNativeCertificateVerifier( + id objc_certificate_verifier); + +} // namespace webrtc + +#endif // SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_ diff --git a/sdk/objc/native/api/ssl_certificate_verifier.mm b/sdk/objc/native/api/ssl_certificate_verifier.mm new file mode 100644 index 0000000000..4437402b9c --- /dev/null +++ b/sdk/objc/native/api/ssl_certificate_verifier.mm @@ -0,0 +1,48 @@ +/* + * Copyright 2022 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#import "ssl_certificate_verifier.h" + +#include "rtc_base/buffer.h" + +namespace { + +class SSLCertificateVerifierAdapter final : public rtc::SSLCertificateVerifier { + public: + SSLCertificateVerifierAdapter( + id objc_certificate_verifier) + : objc_certificate_verifier_(objc_certificate_verifier) { + RTC_DCHECK(objc_certificate_verifier_ != nil); + } + + bool Verify(const rtc::SSLCertificate& certificate) override { + @autoreleasepool { + rtc::Buffer der_buffer; + certificate.ToDER(&der_buffer); + NSData* serialized_certificate = [[NSData alloc] initWithBytes:der_buffer.data() + length:der_buffer.size()]; + return [objc_certificate_verifier_ verify:serialized_certificate]; + } + } + + private: + id objc_certificate_verifier_; +}; + +} + +namespace webrtc { + +std::unique_ptr ObjCToNativeCertificateVerifier( + id objc_certificate_verifier) { + return std::make_unique(objc_certificate_verifier); +} + +} // namespace webrtc