From 19a6e9438b12075a72663194d269dcfcdb7bb4fe Mon Sep 17 00:00:00 2001 From: Yury Yaroshevich Date: Fri, 11 Mar 2022 09:22:08 +0100 Subject: [PATCH] Expose RTCSSLCertificateVerifier from iOS SDK. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: webrtc:11710 Change-Id: I825c6350a71b2ff180520f8643cbd4d6febdc883 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254821 Reviewed-by: Kári Helgason Reviewed-by: Harald Alvestrand Commit-Queue: Yura Yaroshevich Cr-Commit-Position: refs/heads/main@{#36284} --- sdk/BUILD.gn | 5 ++ .../RTCPeerConnection+Private.h | 13 +++-- .../api/peerconnection/RTCPeerConnection.mm | 6 +++ .../peerconnection/RTCPeerConnectionFactory.h | 9 ++++ .../RTCPeerConnectionFactory.mm | 16 +++++++ sdk/objc/base/RTCSSLCertificateVerifier.h | 25 ++++++++++ .../native/api/ssl_certificate_verifier.h | 26 ++++++++++ .../native/api/ssl_certificate_verifier.mm | 48 +++++++++++++++++++ 8 files changed, 143 insertions(+), 5 deletions(-) create mode 100644 sdk/objc/base/RTCSSLCertificateVerifier.h create mode 100644 sdk/objc/native/api/ssl_certificate_verifier.h create mode 100644 sdk/objc/native/api/ssl_certificate_verifier.mm diff --git a/sdk/BUILD.gn b/sdk/BUILD.gn index a8e246d5f6..729a222564 100644 --- a/sdk/BUILD.gn +++ b/sdk/BUILD.gn @@ -101,6 +101,7 @@ if (is_ios || is_mac) { "objc/base/RTCMacros.h", "objc/base/RTCMutableI420Buffer.h", "objc/base/RTCMutableYUVPlanarBuffer.h", + "objc/base/RTCSSLCertificateVerifier.h", "objc/base/RTCVideoCapturer.h", "objc/base/RTCVideoCapturer.m", "objc/base/RTCVideoCodecInfo.h", @@ -1233,6 +1234,7 @@ if (is_ios || is_mac) { "objc/base/RTCMacros.h", "objc/base/RTCMutableI420Buffer.h", "objc/base/RTCMutableYUVPlanarBuffer.h", + "objc/base/RTCSSLCertificateVerifier.h", "objc/base/RTCVideoCapturer.h", "objc/base/RTCVideoCodecInfo.h", "objc/base/RTCVideoDecoder.h", @@ -1429,6 +1431,7 @@ if (is_ios || is_mac) { "objc/base/RTCMacros.h", "objc/base/RTCMutableI420Buffer.h", "objc/base/RTCMutableYUVPlanarBuffer.h", + "objc/base/RTCSSLCertificateVerifier.h", "objc/base/RTCVideoCapturer.h", "objc/base/RTCVideoCodecInfo.h", "objc/base/RTCVideoDecoder.h", @@ -1528,6 +1531,8 @@ if (is_ios || is_mac) { sources = [ "objc/native/api/network_monitor_factory.h", "objc/native/api/network_monitor_factory.mm", + "objc/native/api/ssl_certificate_verifier.h", + "objc/native/api/ssl_certificate_verifier.mm", "objc/native/api/video_capturer.h", "objc/native/api/video_capturer.mm", "objc/native/api/video_decoder_factory.h", diff --git a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h index 43ee420ffe..00f2ef7834 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h +++ b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h @@ -68,6 +68,8 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver { }; } // namespace webrtc +@protocol RTC_OBJC_TYPE +(RTCSSLCertificateVerifier); @interface RTC_OBJC_TYPE (RTCPeerConnection) () @@ -83,11 +85,12 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver { /** Initialize an RTCPeerConnection with a configuration, constraints, and * delegate. */ -- (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory - configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration - constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints - delegate: - (nullable id)delegate; +- (nullable instancetype) + initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory + configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration + constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier:(nullable id)certificateVerifier + delegate:(nullable id)delegate; /** Initialize an RTCPeerConnection with a configuration, constraints, * delegate and PeerConnectionDependencies. diff --git a/sdk/objc/api/peerconnection/RTCPeerConnection.mm b/sdk/objc/api/peerconnection/RTCPeerConnection.mm index 7db986ce1d..203fa4a923 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnection.mm +++ b/sdk/objc/api/peerconnection/RTCPeerConnection.mm @@ -34,6 +34,7 @@ #include "api/set_remote_description_observer_interface.h" #include "rtc_base/checks.h" #include "rtc_base/numerics/safe_conversions.h" +#include "sdk/objc/native/api/ssl_certificate_verifier.h" NSString *const kRTCPeerConnectionErrorDomain = @"org.webrtc.RTC_OBJC_TYPE(RTCPeerConnection)"; int const kRTCPeerConnnectionSessionDescriptionError = -1; @@ -336,10 +337,15 @@ void PeerConnectionDelegateAdapter::OnRemoveTrack( - (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier: + (nullable id)certificateVerifier delegate:(id)delegate { NSParameterAssert(factory); std::unique_ptr dependencies = std::make_unique(nullptr); + if (certificateVerifier != nil) { + dependencies->tls_cert_verifier = webrtc::ObjCToNativeCertificateVerifier(certificateVerifier); + } return [self initWithDependencies:factory configuration:configuration constraints:constraints diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h index 78913527c0..88aac990f2 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h +++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h @@ -29,6 +29,8 @@ NS_ASSUME_NONNULL_BEGIN (RTCVideoDecoderFactory); @protocol RTC_OBJC_TYPE (RTCVideoEncoderFactory); +@protocol RTC_OBJC_TYPE +(RTCSSLCertificateVerifier); RTC_OBJC_EXPORT @interface RTC_OBJC_TYPE (RTCPeerConnectionFactory) : NSObject @@ -82,6 +84,13 @@ RTC_OBJC_EXPORT constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints delegate:(nullable id)delegate; +- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *) + peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration + constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier: + (id)certificateVerifier + delegate:(nullable id)delegate; + /** Set the options to be used for subsequently created RTCPeerConnections */ - (void)setOptions:(nonnull RTC_OBJC_TYPE(RTCPeerConnectionFactoryOptions) *)options; diff --git a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm index 63ba934e3d..f7a17558f0 100644 --- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm +++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm @@ -27,6 +27,7 @@ #import "helpers/NSString+StdString.h" #include "rtc_base/checks.h" #include "sdk/objc/native/api/network_monitor_factory.h" +#include "sdk/objc/native/api/ssl_certificate_verifier.h" #include "system_wrappers/include/field_trial.h" #ifndef HAVE_NO_MEDIA @@ -272,6 +273,21 @@ return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self configuration:configuration constraints:constraints + certificateVerifier:nil + delegate:delegate]; +} + +- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *) + peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration + constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints + certificateVerifier: + (id)certificateVerifier + delegate: + (nullable id)delegate { + return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self + configuration:configuration + constraints:constraints + certificateVerifier:certificateVerifier delegate:delegate]; } diff --git a/sdk/objc/base/RTCSSLCertificateVerifier.h b/sdk/objc/base/RTCSSLCertificateVerifier.h new file mode 100644 index 0000000000..53da0cceff --- /dev/null +++ b/sdk/objc/base/RTCSSLCertificateVerifier.h @@ -0,0 +1,25 @@ +/* + * Copyright 2022 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#import + +#import "RTCMacros.h" + +NS_ASSUME_NONNULL_BEGIN + +RTC_OBJC_EXPORT @protocol RTC_OBJC_TYPE +(RTCSSLCertificateVerifier) + + /** The certificate to verify */ + - (BOOL)verify : (NSData *)derCertificate; + +@end + +NS_ASSUME_NONNULL_END diff --git a/sdk/objc/native/api/ssl_certificate_verifier.h b/sdk/objc/native/api/ssl_certificate_verifier.h new file mode 100644 index 0000000000..35ab1be9a8 --- /dev/null +++ b/sdk/objc/native/api/ssl_certificate_verifier.h @@ -0,0 +1,26 @@ +/* + * Copyright 2022 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#ifndef SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_ +#define SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_ + +#include + +#import "RTCSSLCertificateVerifier.h" +#include "rtc_base/ssl_certificate.h" + +namespace webrtc { + +std::unique_ptr ObjCToNativeCertificateVerifier( + id objc_certificate_verifier); + +} // namespace webrtc + +#endif // SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_ diff --git a/sdk/objc/native/api/ssl_certificate_verifier.mm b/sdk/objc/native/api/ssl_certificate_verifier.mm new file mode 100644 index 0000000000..4437402b9c --- /dev/null +++ b/sdk/objc/native/api/ssl_certificate_verifier.mm @@ -0,0 +1,48 @@ +/* + * Copyright 2022 The WebRTC project authors. All Rights Reserved. + * + * Use of this source code is governed by a BSD-style license + * that can be found in the LICENSE file in the root of the source + * tree. An additional intellectual property rights grant can be found + * in the file PATENTS. All contributing project authors may + * be found in the AUTHORS file in the root of the source tree. + */ + +#import "ssl_certificate_verifier.h" + +#include "rtc_base/buffer.h" + +namespace { + +class SSLCertificateVerifierAdapter final : public rtc::SSLCertificateVerifier { + public: + SSLCertificateVerifierAdapter( + id objc_certificate_verifier) + : objc_certificate_verifier_(objc_certificate_verifier) { + RTC_DCHECK(objc_certificate_verifier_ != nil); + } + + bool Verify(const rtc::SSLCertificate& certificate) override { + @autoreleasepool { + rtc::Buffer der_buffer; + certificate.ToDER(&der_buffer); + NSData* serialized_certificate = [[NSData alloc] initWithBytes:der_buffer.data() + length:der_buffer.size()]; + return [objc_certificate_verifier_ verify:serialized_certificate]; + } + } + + private: + id objc_certificate_verifier_; +}; + +} + +namespace webrtc { + +std::unique_ptr ObjCToNativeCertificateVerifier( + id objc_certificate_verifier) { + return std::make_unique(objc_certificate_verifier); +} + +} // namespace webrtc