Refactor ssl_stream_adapter API to show object ownership
Backwards compatible overloads are provided. Bug: none Change-Id: I065ad6b269fe074745f9debf68862ff70fd09628 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/170637 Commit-Queue: Harald Alvestrand <hta@webrtc.org> Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#30851}
This commit is contained in:
Harald Alvestrand
Commit Bot
parent
e7175c9a09
commit
8515d5a4ab
@ -14,6 +14,7 @@
|
||||
#include <memory>
|
||||
#include <utility>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "api/rtc_event_log/rtc_event_log.h"
|
||||
#include "logging/rtc_event_log/events/rtc_event_dtls_transport_state.h"
|
||||
#include "logging/rtc_event_log/events/rtc_event_dtls_writable_state.h"
|
||||
@ -325,18 +326,19 @@ bool DtlsTransport::ExportKeyingMaterial(const std::string& label,
|
||||
|
||||
bool DtlsTransport::SetupDtls() {
|
||||
RTC_DCHECK(dtls_role_);
|
||||
StreamInterfaceChannel* downward = new StreamInterfaceChannel(ice_transport_);
|
||||
{
|
||||
auto downward = std::make_unique<StreamInterfaceChannel>(ice_transport_);
|
||||
StreamInterfaceChannel* downward_ptr = downward.get();
|
||||
|
||||
dtls_.reset(rtc::SSLStreamAdapter::Create(downward));
|
||||
if (!dtls_) {
|
||||
RTC_LOG(LS_ERROR) << ToString() << ": Failed to create DTLS adapter.";
|
||||
delete downward;
|
||||
return false;
|
||||
dtls_ = rtc::SSLStreamAdapter::Create(std::move(downward));
|
||||
if (!dtls_) {
|
||||
RTC_LOG(LS_ERROR) << ToString() << ": Failed to create DTLS adapter.";
|
||||
return false;
|
||||
}
|
||||
downward_ = downward_ptr;
|
||||
}
|
||||
|
||||
downward_ = downward;
|
||||
|
||||
dtls_->SetIdentity(local_certificate_->identity()->GetReference());
|
||||
dtls_->SetIdentity(local_certificate_->identity()->Clone());
|
||||
dtls_->SetMode(rtc::SSL_MODE_DTLS);
|
||||
dtls_->SetMaxProtocolVersion(ssl_max_version_);
|
||||
dtls_->SetServerRole(*dtls_role_);
|
||||
|
||||
@ -66,8 +66,7 @@ class DtlsTestClient : public sigslot::has_slots<> {
|
||||
explicit DtlsTestClient(const std::string& name) : name_(name) {}
|
||||
void CreateCertificate(rtc::KeyType key_type) {
|
||||
certificate_ =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate(name_, key_type)));
|
||||
rtc::RTCCertificate::Create(rtc::SSLIdentity::Create(name_, key_type));
|
||||
}
|
||||
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() {
|
||||
return certificate_;
|
||||
|
||||
@ -109,7 +109,7 @@ class TestTurnServer : public TurnAuthInterface {
|
||||
rtc::SSLAdapter* adapter = rtc::SSLAdapter::Create(socket);
|
||||
adapter->SetRole(rtc::SSL_SERVER);
|
||||
adapter->SetIdentity(
|
||||
rtc::SSLIdentity::Generate(common_name, rtc::KeyParams()));
|
||||
rtc::SSLIdentity::Create(common_name, rtc::KeyParams()));
|
||||
adapter->SetIgnoreBadCert(ignore_bad_cert);
|
||||
socket = adapter;
|
||||
}
|
||||
|
||||
@ -179,9 +179,8 @@ class ChannelTest : public ::testing::Test, public sigslot::has_slots<> {
|
||||
rtcp1 = fake_rtcp_dtls_transport1_.get();
|
||||
}
|
||||
if (flags1 & DTLS) {
|
||||
auto cert1 =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert1 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
fake_rtp_dtls_transport1_->SetLocalCertificate(cert1);
|
||||
if (fake_rtcp_dtls_transport1_) {
|
||||
fake_rtcp_dtls_transport1_->SetLocalCertificate(cert1);
|
||||
@ -209,9 +208,8 @@ class ChannelTest : public ::testing::Test, public sigslot::has_slots<> {
|
||||
rtcp2 = fake_rtcp_dtls_transport2_.get();
|
||||
}
|
||||
if (flags2 & DTLS) {
|
||||
auto cert2 =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session2", rtc::KT_DEFAULT)));
|
||||
auto cert2 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session2", rtc::KT_DEFAULT));
|
||||
fake_rtp_dtls_transport2_->SetLocalCertificate(cert2);
|
||||
if (fake_rtcp_dtls_transport2_) {
|
||||
fake_rtcp_dtls_transport2_->SetLocalCertificate(cert2);
|
||||
|
||||
@ -97,11 +97,11 @@ class DtlsSrtpTransportTest : public ::testing::Test,
|
||||
|
||||
void CompleteDtlsHandshake(FakeDtlsTransport* fake_dtls1,
|
||||
FakeDtlsTransport* fake_dtls2) {
|
||||
auto cert1 = rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert1 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
fake_dtls1->SetLocalCertificate(cert1);
|
||||
auto cert2 = rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert2 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
fake_dtls2->SetLocalCertificate(cert2);
|
||||
fake_dtls1->SetDestination(fake_dtls2);
|
||||
}
|
||||
|
||||
@ -70,11 +70,11 @@ class DtlsTransportTest : public ::testing::Test {
|
||||
auto fake_dtls1 = static_cast<FakeDtlsTransport*>(transport_->internal());
|
||||
auto fake_dtls2 = std::make_unique<FakeDtlsTransport>(
|
||||
"audio", cricket::ICE_CANDIDATE_COMPONENT_RTP);
|
||||
auto cert1 = rtc::RTCCertificate::Create(absl::WrapUnique(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert1 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
fake_dtls1->SetLocalCertificate(cert1);
|
||||
auto cert2 = rtc::RTCCertificate::Create(absl::WrapUnique(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert2 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
fake_dtls2->SetLocalCertificate(cert2);
|
||||
fake_dtls1->SetDestination(fake_dtls2.get());
|
||||
}
|
||||
|
||||
@ -637,8 +637,8 @@ TEST_F(JsepTransportControllerTest, SetAndGetLocalCertificate) {
|
||||
CreateJsepTransportController(JsepTransportController::Config());
|
||||
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate1 =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> returned_certificate;
|
||||
|
||||
auto description = std::make_unique<cricket::SessionDescription>();
|
||||
@ -662,8 +662,8 @@ TEST_F(JsepTransportControllerTest, SetAndGetLocalCertificate) {
|
||||
|
||||
// Shouldn't be able to change the identity once set.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate2 =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session2", rtc::KT_DEFAULT)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session2", rtc::KT_DEFAULT));
|
||||
EXPECT_FALSE(transport_controller_->SetLocalCertificate(certificate2));
|
||||
}
|
||||
|
||||
@ -691,12 +691,10 @@ TEST_F(JsepTransportControllerTest, GetRemoteSSLCertChain) {
|
||||
|
||||
TEST_F(JsepTransportControllerTest, GetDtlsRole) {
|
||||
CreateJsepTransportController(JsepTransportController::Config());
|
||||
auto offer_certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("offer", rtc::KT_DEFAULT)));
|
||||
auto answer_certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("answer", rtc::KT_DEFAULT)));
|
||||
auto offer_certificate = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("offer", rtc::KT_DEFAULT));
|
||||
auto answer_certificate = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("answer", rtc::KT_DEFAULT));
|
||||
transport_controller_->SetLocalCertificate(offer_certificate);
|
||||
|
||||
auto offer_desc = std::make_unique<cricket::SessionDescription>();
|
||||
|
||||
@ -225,11 +225,11 @@ TEST_P(JsepTransport2WithRtcpMux, SetDtlsParameters) {
|
||||
|
||||
// Create certificates.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> local_cert =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("local", rtc::KT_DEFAULT)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("local", rtc::KT_DEFAULT));
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> remote_cert =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("remote", rtc::KT_DEFAULT)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("remote", rtc::KT_DEFAULT));
|
||||
jsep_transport_->SetLocalCertificate(local_cert);
|
||||
|
||||
// Apply offer.
|
||||
@ -276,11 +276,11 @@ TEST_P(JsepTransport2WithRtcpMux, SetDtlsParametersWithPassiveAnswer) {
|
||||
|
||||
// Create certificates.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> local_cert =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("local", rtc::KT_DEFAULT)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("local", rtc::KT_DEFAULT));
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> remote_cert =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("remote", rtc::KT_DEFAULT)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("remote", rtc::KT_DEFAULT));
|
||||
jsep_transport_->SetLocalCertificate(local_cert);
|
||||
|
||||
// Apply offer.
|
||||
@ -393,8 +393,8 @@ TEST_P(JsepTransport2WithRtcpMux, VerifyCertificateFingerprint) {
|
||||
|
||||
for (auto& key_type : key_types) {
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", key_type)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", key_type));
|
||||
ASSERT_NE(nullptr, certificate);
|
||||
|
||||
std::string digest_algorithm;
|
||||
@ -433,8 +433,8 @@ TEST_P(JsepTransport2WithRtcpMux, ValidDtlsRoleNegotiation) {
|
||||
// Just use the same certificate for both sides; doesn't really matter in a
|
||||
// non end-to-end test.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
|
||||
JsepTransportDescription local_description = MakeJsepTransportDescription(
|
||||
rtcp_mux_enabled, kIceUfrag1, kIcePwd1, certificate);
|
||||
@ -532,8 +532,8 @@ TEST_P(JsepTransport2WithRtcpMux, InvalidDtlsRoleNegotiation) {
|
||||
// Just use the same certificate for both sides; doesn't really matter in a
|
||||
// non end-to-end test.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
|
||||
JsepTransportDescription local_description = MakeJsepTransportDescription(
|
||||
rtcp_mux_enabled, kIceUfrag1, kIcePwd1, certificate);
|
||||
@ -663,8 +663,8 @@ TEST_F(JsepTransport2Test, ValidDtlsReofferFromAnswerer) {
|
||||
// Just use the same certificate for both sides; doesn't really matter in a
|
||||
// non end-to-end test.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
bool rtcp_mux_enabled = true;
|
||||
jsep_transport_ = CreateJsepTransport2(rtcp_mux_enabled, SrtpMode::kDtlsSrtp);
|
||||
jsep_transport_->SetLocalCertificate(certificate);
|
||||
@ -710,8 +710,8 @@ TEST_F(JsepTransport2Test, InvalidDtlsReofferFromAnswerer) {
|
||||
// Just use the same certificate for both sides; doesn't really matter in a
|
||||
// non end-to-end test.
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
bool rtcp_mux_enabled = true;
|
||||
jsep_transport_ = CreateJsepTransport2(rtcp_mux_enabled, SrtpMode::kDtlsSrtp);
|
||||
jsep_transport_->SetLocalCertificate(certificate);
|
||||
@ -756,8 +756,8 @@ TEST_F(JsepTransport2Test, InvalidDtlsReofferFromAnswerer) {
|
||||
// since JSEP requires generating "actpass".
|
||||
TEST_F(JsepTransport2Test, RemoteOfferWithCurrentNegotiatedDtlsRole) {
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
bool rtcp_mux_enabled = true;
|
||||
jsep_transport_ = CreateJsepTransport2(rtcp_mux_enabled, SrtpMode::kDtlsSrtp);
|
||||
jsep_transport_->SetLocalCertificate(certificate);
|
||||
@ -801,8 +801,8 @@ TEST_F(JsepTransport2Test, RemoteOfferWithCurrentNegotiatedDtlsRole) {
|
||||
// role is rejected.
|
||||
TEST_F(JsepTransport2Test, RemoteOfferThatChangesNegotiatedDtlsRole) {
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
bool rtcp_mux_enabled = true;
|
||||
jsep_transport_ = CreateJsepTransport2(rtcp_mux_enabled, SrtpMode::kDtlsSrtp);
|
||||
jsep_transport_->SetLocalCertificate(certificate);
|
||||
@ -846,8 +846,8 @@ TEST_F(JsepTransport2Test, RemoteOfferThatChangesNegotiatedDtlsRole) {
|
||||
// interpreted as having an active role.
|
||||
TEST_F(JsepTransport2Test, DtlsSetupWithLegacyAsAnswerer) {
|
||||
rtc::scoped_refptr<rtc::RTCCertificate> certificate =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA)));
|
||||
rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("testing", rtc::KT_ECDSA));
|
||||
bool rtcp_mux_enabled = true;
|
||||
jsep_transport_ = CreateJsepTransport2(rtcp_mux_enabled, SrtpMode::kDtlsSrtp);
|
||||
jsep_transport_->SetLocalCertificate(certificate);
|
||||
@ -1052,13 +1052,11 @@ class JsepTransport2HeaderExtensionTest
|
||||
this, &JsepTransport2HeaderExtensionTest::OnReadPacket2);
|
||||
|
||||
if (mode == SrtpMode::kDtlsSrtp) {
|
||||
auto cert1 =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert1 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
jsep_transport1_->rtp_dtls_transport()->SetLocalCertificate(cert1);
|
||||
auto cert2 =
|
||||
rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>(
|
||||
rtc::SSLIdentity::Generate("session1", rtc::KT_DEFAULT)));
|
||||
auto cert2 = rtc::RTCCertificate::Create(
|
||||
rtc::SSLIdentity::Create("session1", rtc::KT_DEFAULT));
|
||||
jsep_transport2_->rtp_dtls_transport()->SetLocalCertificate(cert2);
|
||||
}
|
||||
}
|
||||
|
||||
@ -757,6 +757,7 @@ rtc_library("rtc_base") {
|
||||
defines = []
|
||||
deps = [
|
||||
":checks",
|
||||
":deprecation",
|
||||
":stringutils",
|
||||
"../api:array_view",
|
||||
"../api:function_view",
|
||||
|
||||
@ -94,6 +94,10 @@ FakeSSLIdentity* FakeSSLIdentity::GetReference() const {
|
||||
return new FakeSSLIdentity(*this);
|
||||
}
|
||||
|
||||
std::unique_ptr<SSLIdentity> FakeSSLIdentity::CloneInternal() const {
|
||||
return std::make_unique<FakeSSLIdentity>(*this);
|
||||
}
|
||||
|
||||
const SSLCertificate& FakeSSLIdentity::certificate() const {
|
||||
return cert_chain_->Get(0);
|
||||
}
|
||||
|
||||
@ -73,6 +73,8 @@ class FakeSSLIdentity : public SSLIdentity {
|
||||
virtual bool operator==(const SSLIdentity& other) const;
|
||||
|
||||
private:
|
||||
std::unique_ptr<SSLIdentity> CloneInternal() const override;
|
||||
|
||||
std::unique_ptr<SSLCertChain> cert_chain_;
|
||||
};
|
||||
|
||||
|
||||
@ -20,6 +20,7 @@
|
||||
|
||||
#include <memory>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "rtc_base/checks.h"
|
||||
#include "rtc_base/location.h"
|
||||
#include "rtc_base/logging.h"
|
||||
@ -226,6 +227,12 @@ void OpenSSLAdapter::SetIdentity(SSLIdentity* identity) {
|
||||
identity_.reset(static_cast<OpenSSLIdentity*>(identity));
|
||||
}
|
||||
|
||||
void OpenSSLAdapter::SetIdentity(std::unique_ptr<SSLIdentity> identity) {
|
||||
RTC_DCHECK(!identity_);
|
||||
identity_ =
|
||||
absl::WrapUnique(static_cast<OpenSSLIdentity*>(identity.release()));
|
||||
}
|
||||
|
||||
void OpenSSLAdapter::SetRole(SSLRole role) {
|
||||
role_ = role;
|
||||
}
|
||||
@ -238,7 +245,7 @@ AsyncSocket* OpenSSLAdapter::Accept(SocketAddress* paddr) {
|
||||
}
|
||||
|
||||
SSLAdapter* adapter = SSLAdapter::Create(socket);
|
||||
adapter->SetIdentity(identity_->GetReference());
|
||||
adapter->SetIdentity(identity_->Clone());
|
||||
adapter->SetRole(rtc::SSL_SERVER);
|
||||
adapter->SetIgnoreBadCert(ignore_bad_cert_);
|
||||
adapter->StartSSL("", false);
|
||||
|
||||
@ -54,6 +54,7 @@ class OpenSSLAdapter final : public SSLAdapter, public MessageHandler {
|
||||
void SetMode(SSLMode mode) override;
|
||||
void SetCertVerifier(SSLCertificateVerifier* ssl_cert_verifier) override;
|
||||
void SetIdentity(SSLIdentity* identity) override;
|
||||
void SetIdentity(std::unique_ptr<SSLIdentity> identity) override;
|
||||
void SetRole(SSLRole role) override;
|
||||
AsyncSocket* Accept(SocketAddress* paddr) override;
|
||||
int StartSSL(const char* hostname, bool restartable) override;
|
||||
|
||||
@ -209,21 +209,24 @@ OpenSSLIdentity::OpenSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair,
|
||||
|
||||
OpenSSLIdentity::~OpenSSLIdentity() = default;
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
|
||||
std::unique_ptr<OpenSSLIdentity> OpenSSLIdentity::CreateInternal(
|
||||
const SSLIdentityParams& params) {
|
||||
std::unique_ptr<OpenSSLKeyPair> key_pair(
|
||||
OpenSSLKeyPair::Generate(params.key_params));
|
||||
if (key_pair) {
|
||||
std::unique_ptr<OpenSSLCertificate> certificate(
|
||||
OpenSSLCertificate::Generate(key_pair.get(), params));
|
||||
if (certificate != nullptr)
|
||||
return new OpenSSLIdentity(std::move(key_pair), std::move(certificate));
|
||||
if (certificate != nullptr) {
|
||||
return absl::WrapUnique(
|
||||
new OpenSSLIdentity(std::move(key_pair), std::move(certificate)));
|
||||
}
|
||||
}
|
||||
RTC_LOG(LS_INFO) << "Identity generation failed";
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::GenerateWithExpiration(
|
||||
// static
|
||||
std::unique_ptr<OpenSSLIdentity> OpenSSLIdentity::CreateWithExpiration(
|
||||
const std::string& common_name,
|
||||
const KeyParams& key_params,
|
||||
time_t certificate_lifetime) {
|
||||
@ -235,16 +238,30 @@ OpenSSLIdentity* OpenSSLIdentity::GenerateWithExpiration(
|
||||
params.not_after = now + certificate_lifetime;
|
||||
if (params.not_before > params.not_after)
|
||||
return nullptr;
|
||||
return GenerateInternal(params);
|
||||
return CreateInternal(params);
|
||||
}
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::GenerateWithExpiration(
|
||||
const std::string& common_name,
|
||||
const KeyParams& key_params,
|
||||
time_t certificate_lifetime) {
|
||||
return CreateWithExpiration(common_name, key_params, certificate_lifetime)
|
||||
.release();
|
||||
}
|
||||
|
||||
std::unique_ptr<OpenSSLIdentity> OpenSSLIdentity::CreateForTest(
|
||||
const SSLIdentityParams& params) {
|
||||
return CreateInternal(params);
|
||||
}
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::GenerateForTest(
|
||||
const SSLIdentityParams& params) {
|
||||
return GenerateInternal(params);
|
||||
return CreateInternal(params).release();
|
||||
}
|
||||
|
||||
SSLIdentity* OpenSSLIdentity::FromPEMStrings(const std::string& private_key,
|
||||
const std::string& certificate) {
|
||||
std::unique_ptr<SSLIdentity> OpenSSLIdentity::CreateFromPEMStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate) {
|
||||
std::unique_ptr<OpenSSLCertificate> cert(
|
||||
OpenSSLCertificate::FromPEMString(certificate));
|
||||
if (!cert) {
|
||||
@ -259,10 +276,16 @@ SSLIdentity* OpenSSLIdentity::FromPEMStrings(const std::string& private_key,
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
return new OpenSSLIdentity(std::move(key_pair), std::move(cert));
|
||||
return absl::WrapUnique(
|
||||
new OpenSSLIdentity(std::move(key_pair), std::move(cert)));
|
||||
}
|
||||
|
||||
SSLIdentity* OpenSSLIdentity::FromPEMChainStrings(
|
||||
SSLIdentity* OpenSSLIdentity::FromPEMStrings(const std::string& private_key,
|
||||
const std::string& certificate) {
|
||||
return CreateFromPEMStrings(private_key, certificate).release();
|
||||
}
|
||||
|
||||
std::unique_ptr<SSLIdentity> OpenSSLIdentity::CreateFromPEMChainStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate_chain) {
|
||||
BIO* bio = BIO_new_mem_buf(certificate_chain.data(),
|
||||
@ -300,8 +323,14 @@ SSLIdentity* OpenSSLIdentity::FromPEMChainStrings(
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
return new OpenSSLIdentity(std::move(key_pair),
|
||||
std::make_unique<SSLCertChain>(std::move(certs)));
|
||||
return absl::WrapUnique(new OpenSSLIdentity(
|
||||
std::move(key_pair), std::make_unique<SSLCertChain>(std::move(certs))));
|
||||
}
|
||||
|
||||
SSLIdentity* OpenSSLIdentity::FromPEMChainStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate_chain) {
|
||||
return CreateFromPEMChainStrings(private_key, certificate_chain).release();
|
||||
}
|
||||
|
||||
const OpenSSLCertificate& OpenSSLIdentity::certificate() const {
|
||||
@ -313,8 +342,14 @@ const SSLCertChain& OpenSSLIdentity::cert_chain() const {
|
||||
}
|
||||
|
||||
OpenSSLIdentity* OpenSSLIdentity::GetReference() const {
|
||||
return new OpenSSLIdentity(absl::WrapUnique(key_pair_->GetReference()),
|
||||
cert_chain_->Clone());
|
||||
return static_cast<OpenSSLIdentity*>(CloneInternal().release());
|
||||
}
|
||||
|
||||
std::unique_ptr<SSLIdentity> OpenSSLIdentity::CloneInternal() const {
|
||||
// We cannot use std::make_unique here because the referenced OpenSSLIdentity
|
||||
// constructor is private.
|
||||
return absl::WrapUnique(new OpenSSLIdentity(
|
||||
absl::WrapUnique(key_pair_->GetReference()), cert_chain_->Clone()));
|
||||
}
|
||||
|
||||
bool OpenSSLIdentity::ConfigureIdentity(SSL_CTX* ctx) {
|
||||
|
||||
@ -60,6 +60,19 @@ class OpenSSLKeyPair final {
|
||||
// them consistently.
|
||||
class OpenSSLIdentity final : public SSLIdentity {
|
||||
public:
|
||||
static std::unique_ptr<OpenSSLIdentity> CreateWithExpiration(
|
||||
const std::string& common_name,
|
||||
const KeyParams& key_params,
|
||||
time_t certificate_lifetime);
|
||||
static std::unique_ptr<OpenSSLIdentity> CreateForTest(
|
||||
const SSLIdentityParams& params);
|
||||
static std::unique_ptr<SSLIdentity> CreateFromPEMStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate);
|
||||
static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate_chain);
|
||||
// Deprecated versions
|
||||
static OpenSSLIdentity* GenerateWithExpiration(const std::string& common_name,
|
||||
const KeyParams& key_params,
|
||||
time_t certificate_lifetime);
|
||||
@ -72,7 +85,7 @@ class OpenSSLIdentity final : public SSLIdentity {
|
||||
|
||||
const OpenSSLCertificate& certificate() const override;
|
||||
const SSLCertChain& cert_chain() const override;
|
||||
OpenSSLIdentity* GetReference() const override;
|
||||
RTC_DEPRECATED OpenSSLIdentity* GetReference() const override;
|
||||
|
||||
// Configure an SSL context object to use our key and certificate.
|
||||
bool ConfigureIdentity(SSL_CTX* ctx);
|
||||
@ -87,8 +100,10 @@ class OpenSSLIdentity final : public SSLIdentity {
|
||||
std::unique_ptr<OpenSSLCertificate> certificate);
|
||||
OpenSSLIdentity(std::unique_ptr<OpenSSLKeyPair> key_pair,
|
||||
std::unique_ptr<SSLCertChain> cert_chain);
|
||||
std::unique_ptr<SSLIdentity> CloneInternal() const override;
|
||||
|
||||
static OpenSSLIdentity* GenerateInternal(const SSLIdentityParams& params);
|
||||
static std::unique_ptr<OpenSSLIdentity> CreateInternal(
|
||||
const SSLIdentityParams& params);
|
||||
|
||||
std::unique_ptr<OpenSSLKeyPair> key_pair_;
|
||||
std::unique_ptr<SSLCertChain> cert_chain_;
|
||||
|
||||
@ -265,8 +265,9 @@ static long stream_ctrl(BIO* b, int cmd, long num, void* ptr) {
|
||||
// OpenSSLStreamAdapter
|
||||
/////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)
|
||||
: SSLStreamAdapter(stream),
|
||||
OpenSSLStreamAdapter::OpenSSLStreamAdapter(
|
||||
std::unique_ptr<StreamInterface> stream)
|
||||
: SSLStreamAdapter(std::move(stream)),
|
||||
state_(SSL_NONE),
|
||||
role_(SSL_CLIENT),
|
||||
ssl_read_needs_write_(false),
|
||||
@ -284,9 +285,13 @@ OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
|
||||
Cleanup(0);
|
||||
}
|
||||
|
||||
void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {
|
||||
void OpenSSLStreamAdapter::SetIdentity(std::unique_ptr<SSLIdentity> identity) {
|
||||
RTC_DCHECK(!identity_);
|
||||
identity_.reset(static_cast<OpenSSLIdentity*>(identity));
|
||||
identity_.reset(static_cast<OpenSSLIdentity*>(identity.release()));
|
||||
}
|
||||
|
||||
OpenSSLIdentity* OpenSSLStreamAdapter::GetIdentityForTesting() const {
|
||||
return identity_.get();
|
||||
}
|
||||
|
||||
void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {
|
||||
|
||||
@ -57,10 +57,11 @@ class SSLCertChain;
|
||||
|
||||
class OpenSSLStreamAdapter final : public SSLStreamAdapter {
|
||||
public:
|
||||
explicit OpenSSLStreamAdapter(StreamInterface* stream);
|
||||
explicit OpenSSLStreamAdapter(std::unique_ptr<StreamInterface> stream);
|
||||
~OpenSSLStreamAdapter() override;
|
||||
|
||||
void SetIdentity(SSLIdentity* identity) override;
|
||||
void SetIdentity(std::unique_ptr<SSLIdentity> identity) override;
|
||||
OpenSSLIdentity* GetIdentityForTesting() const override;
|
||||
|
||||
// Default argument is for compatibility
|
||||
void SetServerRole(SSLRole role = SSL_SERVER) override;
|
||||
|
||||
@ -64,7 +64,7 @@ RTCCertificatePEM RTCCertificate::ToPEM() const {
|
||||
scoped_refptr<RTCCertificate> RTCCertificate::FromPEM(
|
||||
const RTCCertificatePEM& pem) {
|
||||
std::unique_ptr<SSLIdentity> identity(
|
||||
SSLIdentity::FromPEMStrings(pem.private_key(), pem.certificate()));
|
||||
SSLIdentity::CreateFromPEMStrings(pem.private_key(), pem.certificate()));
|
||||
if (!identity)
|
||||
return nullptr;
|
||||
return new RefCountedObject<RTCCertificate>(identity.release());
|
||||
|
||||
@ -109,9 +109,9 @@ scoped_refptr<RTCCertificate> RTCCertificateGenerator::GenerateCertificate(
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
SSLIdentity* identity = nullptr;
|
||||
std::unique_ptr<SSLIdentity> identity;
|
||||
if (!expires_ms) {
|
||||
identity = SSLIdentity::Generate(kIdentityName, key_params);
|
||||
identity = SSLIdentity::Create(kIdentityName, key_params);
|
||||
} else {
|
||||
uint64_t expires_s = *expires_ms / 1000;
|
||||
// Limit the expiration time to something reasonable (a year). This was
|
||||
@ -123,14 +123,12 @@ scoped_refptr<RTCCertificate> RTCCertificateGenerator::GenerateCertificate(
|
||||
// |SSLIdentity::Generate| should stop relying on |time_t|.
|
||||
// See bugs.webrtc.org/5720.
|
||||
time_t cert_lifetime_s = static_cast<time_t>(expires_s);
|
||||
identity = SSLIdentity::GenerateWithExpiration(kIdentityName, key_params,
|
||||
cert_lifetime_s);
|
||||
identity = SSLIdentity::Create(kIdentityName, key_params, cert_lifetime_s);
|
||||
}
|
||||
if (!identity) {
|
||||
return nullptr;
|
||||
}
|
||||
std::unique_ptr<SSLIdentity> identity_sptr(identity);
|
||||
return RTCCertificate::Create(std::move(identity_sptr));
|
||||
return RTCCertificate::Create(std::move(identity));
|
||||
}
|
||||
|
||||
RTCCertificateGenerator::RTCCertificateGenerator(Thread* signaling_thread,
|
||||
|
||||
@ -33,7 +33,7 @@ class RTCCertificateTest : public ::testing::Test {
|
||||
protected:
|
||||
scoped_refptr<RTCCertificate> GenerateECDSA() {
|
||||
std::unique_ptr<SSLIdentity> identity(
|
||||
SSLIdentity::Generate(kTestCertCommonName, KeyParams::ECDSA()));
|
||||
SSLIdentity::Create(kTestCertCommonName, KeyParams::ECDSA()));
|
||||
RTC_CHECK(identity);
|
||||
return RTCCertificate::Create(std::move(identity));
|
||||
}
|
||||
@ -78,7 +78,7 @@ class RTCCertificateTest : public ::testing::Test {
|
||||
// is fast to generate.
|
||||
params.key_params = KeyParams::ECDSA();
|
||||
|
||||
std::unique_ptr<SSLIdentity> identity(SSLIdentity::GenerateForTest(params));
|
||||
std::unique_ptr<SSLIdentity> identity(SSLIdentity::CreateForTest(params));
|
||||
return RTCCertificate::Create(std::move(identity));
|
||||
}
|
||||
};
|
||||
|
||||
@ -69,7 +69,9 @@ class SSLAdapter : public AsyncSocketAdapter {
|
||||
virtual void SetCertVerifier(SSLCertificateVerifier* ssl_cert_verifier) = 0;
|
||||
|
||||
// Set the certificate this socket will present to incoming clients.
|
||||
virtual void SetIdentity(SSLIdentity* identity) = 0;
|
||||
// Takes ownership of |identity|.
|
||||
RTC_DEPRECATED virtual void SetIdentity(SSLIdentity* identity) = 0;
|
||||
virtual void SetIdentity(std::unique_ptr<SSLIdentity> identity) = 0;
|
||||
|
||||
// Choose whether the socket acts as a server socket or client socket.
|
||||
virtual void SetRole(SSLRole role) = 0;
|
||||
|
||||
@ -12,6 +12,7 @@
|
||||
#include <string>
|
||||
#include <utility>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "rtc_base/gunit.h"
|
||||
#include "rtc_base/ip_address.h"
|
||||
#include "rtc_base/message_digest.h"
|
||||
@ -163,7 +164,7 @@ class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
|
||||
const rtc::KeyParams& key_params)
|
||||
: ssl_mode_(ssl_mode) {
|
||||
// Generate a key pair and a certificate for this host.
|
||||
ssl_identity_.reset(rtc::SSLIdentity::Generate(GetHostname(), key_params));
|
||||
ssl_identity_ = rtc::SSLIdentity::Create(GetHostname(), key_params);
|
||||
|
||||
server_socket_.reset(CreateSocket(ssl_mode_));
|
||||
|
||||
@ -254,9 +255,8 @@ class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
|
||||
|
||||
private:
|
||||
void DoHandshake(rtc::AsyncSocket* socket) {
|
||||
rtc::SocketStream* stream = new rtc::SocketStream(socket);
|
||||
|
||||
ssl_stream_adapter_.reset(rtc::SSLStreamAdapter::Create(stream));
|
||||
ssl_stream_adapter_ = rtc::SSLStreamAdapter::Create(
|
||||
std::make_unique<rtc::SocketStream>(socket));
|
||||
|
||||
ssl_stream_adapter_->SetMode(ssl_mode_);
|
||||
ssl_stream_adapter_->SetServerRole();
|
||||
@ -268,7 +268,7 @@ class SSLAdapterTestDummyServer : public sigslot::has_slots<> {
|
||||
// Accordingly, we must disable client authentication here.
|
||||
ssl_stream_adapter_->SetClientAuthEnabledForTesting(false);
|
||||
|
||||
ssl_stream_adapter_->SetIdentity(ssl_identity_->GetReference());
|
||||
ssl_stream_adapter_->SetIdentity(ssl_identity_->Clone());
|
||||
|
||||
// Set a bogus peer certificate digest.
|
||||
unsigned char digest[20];
|
||||
|
||||
@ -209,6 +209,51 @@ std::string SSLIdentity::DerToPem(const std::string& pem_type,
|
||||
return result.Release();
|
||||
}
|
||||
|
||||
// static
|
||||
std::unique_ptr<SSLIdentity> SSLIdentity::Create(const std::string& common_name,
|
||||
const KeyParams& key_param,
|
||||
time_t certificate_lifetime) {
|
||||
return OpenSSLIdentity::CreateWithExpiration(common_name, key_param,
|
||||
certificate_lifetime);
|
||||
}
|
||||
|
||||
// static
|
||||
std::unique_ptr<SSLIdentity> SSLIdentity::Create(const std::string& common_name,
|
||||
const KeyParams& key_param) {
|
||||
return OpenSSLIdentity::CreateWithExpiration(
|
||||
common_name, key_param, kDefaultCertificateLifetimeInSeconds);
|
||||
}
|
||||
|
||||
// static
|
||||
std::unique_ptr<SSLIdentity> SSLIdentity::Create(const std::string& common_name,
|
||||
KeyType key_type) {
|
||||
return OpenSSLIdentity::CreateWithExpiration(
|
||||
common_name, KeyParams(key_type), kDefaultCertificateLifetimeInSeconds);
|
||||
}
|
||||
|
||||
// static
|
||||
std::unique_ptr<SSLIdentity> SSLIdentity::CreateForTest(
|
||||
const SSLIdentityParams& params) {
|
||||
return OpenSSLIdentity::CreateForTest(params);
|
||||
}
|
||||
|
||||
// Construct an identity from a private key and a certificate.
|
||||
// static
|
||||
std::unique_ptr<SSLIdentity> SSLIdentity::CreateFromPEMStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate) {
|
||||
return OpenSSLIdentity::CreateFromPEMStrings(private_key, certificate);
|
||||
}
|
||||
|
||||
// Construct an identity from a private key and a certificate chain.
|
||||
// static
|
||||
std::unique_ptr<SSLIdentity> SSLIdentity::CreateFromPEMChainStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate_chain) {
|
||||
return OpenSSLIdentity::CreateFromPEMChainStrings(private_key,
|
||||
certificate_chain);
|
||||
}
|
||||
|
||||
// static
|
||||
SSLIdentity* SSLIdentity::GenerateWithExpiration(const std::string& common_name,
|
||||
const KeyParams& key_params,
|
||||
|
||||
@ -15,8 +15,10 @@
|
||||
|
||||
#include <stdint.h>
|
||||
#include <ctime>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
|
||||
#include "rtc_base/deprecation.h"
|
||||
#include "rtc_base/system/rtc_export.h"
|
||||
|
||||
namespace rtc {
|
||||
@ -107,26 +109,52 @@ class RTC_EXPORT SSLIdentity {
|
||||
// should be a non-negative number.
|
||||
// Returns null on failure.
|
||||
// Caller is responsible for freeing the returned object.
|
||||
static SSLIdentity* GenerateWithExpiration(const std::string& common_name,
|
||||
static std::unique_ptr<SSLIdentity> Create(const std::string& common_name,
|
||||
const KeyParams& key_param,
|
||||
time_t certificate_lifetime);
|
||||
static SSLIdentity* Generate(const std::string& common_name,
|
||||
const KeyParams& key_param);
|
||||
static SSLIdentity* Generate(const std::string& common_name,
|
||||
KeyType key_type);
|
||||
static std::unique_ptr<SSLIdentity> Create(const std::string& common_name,
|
||||
const KeyParams& key_param);
|
||||
static std::unique_ptr<SSLIdentity> Create(const std::string& common_name,
|
||||
KeyType key_type);
|
||||
static std::unique_ptr<SSLIdentity> CreateForTest(
|
||||
const SSLIdentityParams& params);
|
||||
|
||||
// Construct an identity from a private key and a certificate.
|
||||
static std::unique_ptr<SSLIdentity> CreateFromPEMStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate);
|
||||
|
||||
// Construct an identity from a private key and a certificate chain.
|
||||
static std::unique_ptr<SSLIdentity> CreateFromPEMChainStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate_chain);
|
||||
|
||||
// Old versions of Create(). These return a pointer, but still require the
|
||||
// caller to take ownership.
|
||||
RTC_DEPRECATED static SSLIdentity* GenerateWithExpiration(
|
||||
const std::string& common_name,
|
||||
const KeyParams& key_param,
|
||||
time_t certificate_lifetime);
|
||||
RTC_DEPRECATED static SSLIdentity* Generate(const std::string& common_name,
|
||||
const KeyParams& key_param);
|
||||
RTC_DEPRECATED static SSLIdentity* Generate(const std::string& common_name,
|
||||
KeyType key_type);
|
||||
|
||||
// Generates an identity with the specified validity period.
|
||||
// TODO(torbjorng): Now that Generate() accepts relevant params, make tests
|
||||
// use that instead of this function.
|
||||
static SSLIdentity* GenerateForTest(const SSLIdentityParams& params);
|
||||
RTC_DEPRECATED static SSLIdentity* GenerateForTest(
|
||||
const SSLIdentityParams& params);
|
||||
|
||||
// Construct an identity from a private key and a certificate.
|
||||
static SSLIdentity* FromPEMStrings(const std::string& private_key,
|
||||
const std::string& certificate);
|
||||
RTC_DEPRECATED static SSLIdentity* FromPEMStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate);
|
||||
|
||||
// Construct an identity from a private key and a certificate chain.
|
||||
static SSLIdentity* FromPEMChainStrings(const std::string& private_key,
|
||||
const std::string& certificate_chain);
|
||||
RTC_DEPRECATED static SSLIdentity* FromPEMChainStrings(
|
||||
const std::string& private_key,
|
||||
const std::string& certificate_chain);
|
||||
|
||||
virtual ~SSLIdentity() {}
|
||||
|
||||
@ -134,7 +162,8 @@ class RTC_EXPORT SSLIdentity {
|
||||
// identity information.
|
||||
// Caller is responsible for freeing the returned object.
|
||||
// TODO(hbos,torbjorng): Rename to a less confusing name.
|
||||
virtual SSLIdentity* GetReference() const = 0;
|
||||
RTC_DEPRECATED virtual SSLIdentity* GetReference() const = 0;
|
||||
std::unique_ptr<SSLIdentity> Clone() const { return CloneInternal(); }
|
||||
|
||||
// Returns a temporary reference to the end-entity (leaf) certificate.
|
||||
virtual const SSLCertificate& certificate() const = 0;
|
||||
@ -150,6 +179,9 @@ class RTC_EXPORT SSLIdentity {
|
||||
static std::string DerToPem(const std::string& pem_type,
|
||||
const unsigned char* data,
|
||||
size_t length);
|
||||
|
||||
protected:
|
||||
virtual std::unique_ptr<SSLIdentity> CloneInternal() const = 0;
|
||||
};
|
||||
|
||||
bool operator==(const SSLIdentity& a, const SSLIdentity& b);
|
||||
|
||||
@ -194,10 +194,10 @@ IdentityAndInfo CreateFakeIdentityAndInfoFromDers(
|
||||
class SSLIdentityTest : public ::testing::Test {
|
||||
public:
|
||||
void SetUp() override {
|
||||
identity_rsa1_.reset(SSLIdentity::Generate("test1", rtc::KT_RSA));
|
||||
identity_rsa2_.reset(SSLIdentity::Generate("test2", rtc::KT_RSA));
|
||||
identity_ecdsa1_.reset(SSLIdentity::Generate("test3", rtc::KT_ECDSA));
|
||||
identity_ecdsa2_.reset(SSLIdentity::Generate("test4", rtc::KT_ECDSA));
|
||||
identity_rsa1_ = SSLIdentity::Create("test1", rtc::KT_RSA);
|
||||
identity_rsa2_ = SSLIdentity::Create("test2", rtc::KT_RSA);
|
||||
identity_ecdsa1_ = SSLIdentity::Create("test3", rtc::KT_ECDSA);
|
||||
identity_ecdsa2_ = SSLIdentity::Create("test4", rtc::KT_ECDSA);
|
||||
|
||||
ASSERT_TRUE(identity_rsa1_);
|
||||
ASSERT_TRUE(identity_rsa2_);
|
||||
@ -303,8 +303,8 @@ class SSLIdentityTest : public ::testing::Test {
|
||||
std::string priv_pem = identity.PrivateKeyToPEMString();
|
||||
std::string publ_pem = identity.PublicKeyToPEMString();
|
||||
std::string cert_pem = identity.certificate().ToPEMString();
|
||||
std::unique_ptr<SSLIdentity> clone(
|
||||
SSLIdentity::FromPEMStrings(priv_pem, cert_pem));
|
||||
std::unique_ptr<SSLIdentity> clone =
|
||||
SSLIdentity::CreateFromPEMStrings(priv_pem, cert_pem);
|
||||
EXPECT_TRUE(clone);
|
||||
|
||||
// Make sure the clone is identical to the original.
|
||||
@ -390,7 +390,7 @@ TEST_F(SSLIdentityTest, IdentityComparison) {
|
||||
|
||||
TEST_F(SSLIdentityTest, FromPEMStringsRSA) {
|
||||
std::unique_ptr<SSLIdentity> identity(
|
||||
SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kRSA_CERT_PEM));
|
||||
SSLIdentity::CreateFromPEMStrings(kRSA_PRIVATE_KEY_PEM, kRSA_CERT_PEM));
|
||||
EXPECT_TRUE(identity);
|
||||
EXPECT_EQ(kRSA_PRIVATE_KEY_PEM, identity->PrivateKeyToPEMString());
|
||||
EXPECT_EQ(kRSA_PUBLIC_KEY_PEM, identity->PublicKeyToPEMString());
|
||||
@ -398,8 +398,8 @@ TEST_F(SSLIdentityTest, FromPEMStringsRSA) {
|
||||
}
|
||||
|
||||
TEST_F(SSLIdentityTest, FromPEMStringsEC) {
|
||||
std::unique_ptr<SSLIdentity> identity(
|
||||
SSLIdentity::FromPEMStrings(kECDSA_PRIVATE_KEY_PEM, kECDSA_CERT_PEM));
|
||||
std::unique_ptr<SSLIdentity> identity(SSLIdentity::CreateFromPEMStrings(
|
||||
kECDSA_PRIVATE_KEY_PEM, kECDSA_CERT_PEM));
|
||||
EXPECT_TRUE(identity);
|
||||
EXPECT_EQ(kECDSA_PRIVATE_KEY_PEM, identity->PrivateKeyToPEMString());
|
||||
EXPECT_EQ(kECDSA_PUBLIC_KEY_PEM, identity->PublicKeyToPEMString());
|
||||
@ -433,7 +433,7 @@ TEST_F(SSLIdentityTest, GetSignatureDigestAlgorithm) {
|
||||
|
||||
TEST_F(SSLIdentityTest, SSLCertificateGetStatsRSA) {
|
||||
std::unique_ptr<SSLIdentity> identity(
|
||||
SSLIdentity::FromPEMStrings(kRSA_PRIVATE_KEY_PEM, kRSA_CERT_PEM));
|
||||
SSLIdentity::CreateFromPEMStrings(kRSA_PRIVATE_KEY_PEM, kRSA_CERT_PEM));
|
||||
std::unique_ptr<rtc::SSLCertificateStats> stats =
|
||||
identity->certificate().GetStats();
|
||||
EXPECT_EQ(stats->fingerprint, kRSA_FINGERPRINT);
|
||||
@ -443,8 +443,8 @@ TEST_F(SSLIdentityTest, SSLCertificateGetStatsRSA) {
|
||||
}
|
||||
|
||||
TEST_F(SSLIdentityTest, SSLCertificateGetStatsECDSA) {
|
||||
std::unique_ptr<SSLIdentity> identity(
|
||||
SSLIdentity::FromPEMStrings(kECDSA_PRIVATE_KEY_PEM, kECDSA_CERT_PEM));
|
||||
std::unique_ptr<SSLIdentity> identity(SSLIdentity::CreateFromPEMStrings(
|
||||
kECDSA_PRIVATE_KEY_PEM, kECDSA_CERT_PEM));
|
||||
std::unique_ptr<rtc::SSLCertificateStats> stats =
|
||||
identity->certificate().GetStats();
|
||||
EXPECT_EQ(stats->fingerprint, kECDSA_FINGERPRINT);
|
||||
@ -580,14 +580,13 @@ class SSLIdentityExpirationTest : public ::testing::Test {
|
||||
time_t lifetime =
|
||||
rtc::CreateRandomId() % (0x80000000 - time_before_generation);
|
||||
rtc::KeyParams key_params = rtc::KeyParams::ECDSA(rtc::EC_NIST_P256);
|
||||
SSLIdentity* identity =
|
||||
rtc::SSLIdentity::GenerateWithExpiration("", key_params, lifetime);
|
||||
auto identity =
|
||||
rtc::SSLIdentity::Create("", key_params, lifetime);
|
||||
time_t time_after_generation = time(nullptr);
|
||||
EXPECT_LE(time_before_generation + lifetime,
|
||||
identity->certificate().CertificateExpirationTime());
|
||||
EXPECT_GE(time_after_generation + lifetime,
|
||||
identity->certificate().CertificateExpirationTime());
|
||||
delete identity;
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
@ -10,6 +10,7 @@
|
||||
|
||||
#include "rtc_base/ssl_stream_adapter.h"
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "rtc_base/openssl_stream_adapter.h"
|
||||
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
@ -89,12 +90,13 @@ bool IsGcmCryptoSuiteName(const std::string& crypto_suite) {
|
||||
crypto_suite == CS_AEAD_AES_128_GCM);
|
||||
}
|
||||
|
||||
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
|
||||
return new OpenSSLStreamAdapter(stream);
|
||||
std::unique_ptr<SSLStreamAdapter> SSLStreamAdapter::Create(
|
||||
std::unique_ptr<StreamInterface> stream) {
|
||||
return std::make_unique<OpenSSLStreamAdapter>(std::move(stream));
|
||||
}
|
||||
|
||||
SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
|
||||
: StreamAdapterInterface(stream) {}
|
||||
SSLStreamAdapter::SSLStreamAdapter(std::unique_ptr<StreamInterface> stream)
|
||||
: StreamAdapterInterface(stream.release()) {}
|
||||
|
||||
SSLStreamAdapter::~SSLStreamAdapter() {}
|
||||
|
||||
|
||||
@ -17,6 +17,8 @@
|
||||
#include <string>
|
||||
#include <vector>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "rtc_base/deprecation.h"
|
||||
#include "rtc_base/ssl_certificate.h"
|
||||
#include "rtc_base/ssl_identity.h"
|
||||
#include "rtc_base/stream.h"
|
||||
@ -122,15 +124,23 @@ class SSLStreamAdapter : public StreamAdapterInterface {
|
||||
// Instantiate an SSLStreamAdapter wrapping the given stream,
|
||||
// (using the selected implementation for the platform).
|
||||
// Caller is responsible for freeing the returned object.
|
||||
static SSLStreamAdapter* Create(StreamInterface* stream);
|
||||
static std::unique_ptr<SSLStreamAdapter> Create(
|
||||
std::unique_ptr<StreamInterface> stream);
|
||||
RTC_DEPRECATED static SSLStreamAdapter* Create(StreamInterface* stream) {
|
||||
return Create(absl::WrapUnique(stream)).release();
|
||||
}
|
||||
|
||||
explicit SSLStreamAdapter(StreamInterface* stream);
|
||||
explicit SSLStreamAdapter(std::unique_ptr<StreamInterface> stream);
|
||||
~SSLStreamAdapter() override;
|
||||
|
||||
// Specify our SSL identity: key and certificate. SSLStream takes ownership
|
||||
// of the SSLIdentity object and will free it when appropriate. Should be
|
||||
// called no more than once on a given SSLStream instance.
|
||||
virtual void SetIdentity(SSLIdentity* identity) = 0;
|
||||
virtual void SetIdentity(std::unique_ptr<SSLIdentity> identity) = 0;
|
||||
RTC_DEPRECATED virtual void SetIdentity(SSLIdentity* identity) {
|
||||
SetIdentity(absl::WrapUnique(identity));
|
||||
}
|
||||
virtual SSLIdentity* GetIdentityForTesting() const = 0;
|
||||
|
||||
// Call this to indicate that we are to play the server role (or client role,
|
||||
// if the default argument is replaced by SSL_CLIENT).
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
#include <set>
|
||||
#include <string>
|
||||
|
||||
#include "absl/memory/memory.h"
|
||||
#include "rtc_base/buffer_queue.h"
|
||||
#include "rtc_base/checks.h"
|
||||
#include "rtc_base/gunit.h"
|
||||
@ -298,8 +299,6 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
server_key_type_(server_key_type),
|
||||
client_stream_(nullptr),
|
||||
server_stream_(nullptr),
|
||||
client_identity_(nullptr),
|
||||
server_identity_(nullptr),
|
||||
delay_(0),
|
||||
mtu_(1460),
|
||||
loss_(0),
|
||||
@ -320,23 +319,26 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
void SetUp() override {
|
||||
CreateStreams();
|
||||
|
||||
client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
|
||||
server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
|
||||
client_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
|
||||
server_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
|
||||
|
||||
// Set up the slots
|
||||
client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
|
||||
server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
|
||||
|
||||
std::unique_ptr<rtc::SSLIdentity> client_identity;
|
||||
if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
|
||||
client_identity_ = rtc::SSLIdentity::FromPEMStrings(
|
||||
client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
|
||||
client_private_key_pem_, client_cert_pem_);
|
||||
} else {
|
||||
client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_);
|
||||
client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
|
||||
}
|
||||
server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type_);
|
||||
auto server_identity = rtc::SSLIdentity::Create("server", server_key_type_);
|
||||
|
||||
client_ssl_->SetIdentity(client_identity_);
|
||||
server_ssl_->SetIdentity(server_identity_);
|
||||
client_ssl_->SetIdentity(std::move(client_identity));
|
||||
server_ssl_->SetIdentity(std::move(server_identity));
|
||||
}
|
||||
|
||||
void TearDown() override {
|
||||
@ -352,8 +354,10 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
void ResetIdentitiesWithValidity(int not_before, int not_after) {
|
||||
CreateStreams();
|
||||
|
||||
client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
|
||||
server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
|
||||
client_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
|
||||
server_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
|
||||
|
||||
client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
|
||||
server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent);
|
||||
@ -365,17 +369,17 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
client_params.common_name = "client";
|
||||
client_params.not_before = now + not_before;
|
||||
client_params.not_after = now + not_after;
|
||||
client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params);
|
||||
auto client_identity = rtc::SSLIdentity::CreateForTest(client_params);
|
||||
|
||||
rtc::SSLIdentityParams server_params;
|
||||
server_params.key_params = rtc::KeyParams(rtc::KT_DEFAULT);
|
||||
server_params.common_name = "server";
|
||||
server_params.not_before = now + not_before;
|
||||
server_params.not_after = now + not_after;
|
||||
server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params);
|
||||
auto server_identity = rtc::SSLIdentity::CreateForTest(server_params);
|
||||
|
||||
client_ssl_->SetIdentity(client_identity_);
|
||||
server_ssl_->SetIdentity(server_identity_);
|
||||
client_ssl_->SetIdentity(std::move(client_identity));
|
||||
server_ssl_->SetIdentity(std::move(server_identity));
|
||||
}
|
||||
|
||||
virtual void OnEvent(rtc::StreamInterface* stream, int sig, int err) {
|
||||
@ -404,10 +408,10 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
|
||||
RTC_LOG(LS_INFO) << "Setting peer identities by digest";
|
||||
|
||||
rv = server_identity_->certificate().ComputeDigest(
|
||||
rv = server_identity()->certificate().ComputeDigest(
|
||||
rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
|
||||
ASSERT_TRUE(rv);
|
||||
rv = client_identity_->certificate().ComputeDigest(
|
||||
rv = client_identity()->certificate().ComputeDigest(
|
||||
rtc::DIGEST_SHA_1, client_digest, 20, &client_digest_len);
|
||||
ASSERT_TRUE(rv);
|
||||
|
||||
@ -634,6 +638,19 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
virtual void TestTransfer(int size) = 0;
|
||||
|
||||
protected:
|
||||
rtc::SSLIdentity* client_identity() const {
|
||||
if (!client_ssl_) {
|
||||
return nullptr;
|
||||
}
|
||||
return client_ssl_->GetIdentityForTesting();
|
||||
}
|
||||
rtc::SSLIdentity* server_identity() const {
|
||||
if (!server_ssl_) {
|
||||
return nullptr;
|
||||
}
|
||||
return server_ssl_->GetIdentityForTesting();
|
||||
}
|
||||
|
||||
std::string client_cert_pem_;
|
||||
std::string client_private_key_pem_;
|
||||
rtc::KeyParams client_key_type_;
|
||||
@ -642,8 +659,6 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
|
||||
SSLDummyStreamBase* server_stream_; // freed by server_ssl_ destructor
|
||||
std::unique_ptr<rtc::SSLStreamAdapter> client_ssl_;
|
||||
std::unique_ptr<rtc::SSLStreamAdapter> server_ssl_;
|
||||
rtc::SSLIdentity* client_identity_; // freed by client_ssl_ destructor
|
||||
rtc::SSLIdentity* server_identity_; // freed by server_ssl_ destructor
|
||||
int delay_;
|
||||
size_t mtu_;
|
||||
int loss_;
|
||||
@ -939,8 +954,10 @@ class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS {
|
||||
void SetUp() override {
|
||||
CreateStreams();
|
||||
|
||||
client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
|
||||
server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
|
||||
client_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
|
||||
server_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
|
||||
|
||||
// Set up the slots
|
||||
client_ssl_->SignalEvent.connect(
|
||||
@ -950,14 +967,15 @@ class SSLStreamAdapterTestDTLSCertChain : public SSLStreamAdapterTestDTLS {
|
||||
reinterpret_cast<SSLStreamAdapterTestBase*>(this),
|
||||
&SSLStreamAdapterTestBase::OnEvent);
|
||||
|
||||
std::unique_ptr<rtc::SSLIdentity> client_identity;
|
||||
if (!client_cert_pem_.empty() && !client_private_key_pem_.empty()) {
|
||||
client_identity_ = rtc::SSLIdentity::FromPEMStrings(
|
||||
client_identity = rtc::SSLIdentity::CreateFromPEMStrings(
|
||||
client_private_key_pem_, client_cert_pem_);
|
||||
} else {
|
||||
client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_);
|
||||
client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
|
||||
}
|
||||
|
||||
client_ssl_->SetIdentity(client_identity_);
|
||||
client_ssl_->SetIdentity(std::move(client_identity));
|
||||
}
|
||||
};
|
||||
|
||||
@ -975,13 +993,13 @@ TEST_P(SSLStreamAdapterTestTLS, GetPeerCertChainWithOneCertificate) {
|
||||
ASSERT_NE(nullptr, cert_chain);
|
||||
EXPECT_EQ(1u, cert_chain->GetSize());
|
||||
EXPECT_EQ(cert_chain->Get(0).ToPEMString(),
|
||||
server_identity_->certificate().ToPEMString());
|
||||
server_identity()->certificate().ToPEMString());
|
||||
}
|
||||
|
||||
TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
|
||||
server_identity_ = rtc::SSLIdentity::FromPEMChainStrings(
|
||||
auto server_identity = rtc::SSLIdentity::CreateFromPEMChainStrings(
|
||||
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert);
|
||||
server_ssl_->SetIdentity(server_identity_);
|
||||
server_ssl_->SetIdentity(std::move(server_identity));
|
||||
TestHandshake();
|
||||
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
|
||||
client_ssl_->GetPeerSSLCertChain();
|
||||
@ -992,11 +1010,8 @@ TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshake) {
|
||||
}
|
||||
|
||||
TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
|
||||
std::unique_ptr<rtc::SSLIdentity> identity(
|
||||
rtc::SSLIdentity::FromPEMChainStrings(kRSA_PRIVATE_KEY_PEM,
|
||||
std::string(kCERT_PEM) + kCACert));
|
||||
server_identity_ = identity->GetReference();
|
||||
server_ssl_->SetIdentity(server_identity_);
|
||||
server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
|
||||
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kCACert));
|
||||
TestHandshake();
|
||||
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
|
||||
client_ssl_->GetPeerSSLCertChain();
|
||||
@ -1007,9 +1022,8 @@ TEST_F(SSLStreamAdapterTestDTLSCertChain, TwoCertHandshakeWithCopy) {
|
||||
}
|
||||
|
||||
TEST_F(SSLStreamAdapterTestDTLSCertChain, ThreeCertHandshake) {
|
||||
server_identity_ = rtc::SSLIdentity::FromPEMChainStrings(
|
||||
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert);
|
||||
server_ssl_->SetIdentity(server_identity_);
|
||||
server_ssl_->SetIdentity(rtc::SSLIdentity::CreateFromPEMChainStrings(
|
||||
kRSA_PRIVATE_KEY_PEM, std::string(kCERT_PEM) + kIntCert1 + kCACert));
|
||||
TestHandshake();
|
||||
std::unique_ptr<rtc::SSLCertChain> peer_cert_chain =
|
||||
client_ssl_->GetPeerSSLCertChain();
|
||||
@ -1075,7 +1089,7 @@ TEST_P(SSLStreamAdapterTestTLS,
|
||||
bool rv;
|
||||
rtc::SSLPeerCertificateDigestError err;
|
||||
|
||||
rv = server_identity_->certificate().ComputeDigest(
|
||||
rv = server_identity()->certificate().ComputeDigest(
|
||||
rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
|
||||
ASSERT_TRUE(rv);
|
||||
|
||||
@ -1093,7 +1107,7 @@ TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
|
||||
bool rv;
|
||||
rtc::SSLPeerCertificateDigestError err;
|
||||
|
||||
rv = server_identity_->certificate().ComputeDigest(
|
||||
rv = server_identity()->certificate().ComputeDigest(
|
||||
rtc::DIGEST_SHA_1, server_digest, 20, &server_digest_len);
|
||||
ASSERT_TRUE(rv);
|
||||
|
||||
@ -1476,24 +1490,26 @@ class SSLStreamAdapterTestDTLSLegacyProtocols
|
||||
webrtc::test::ScopedFieldTrials trial(experiment);
|
||||
client_stream_ =
|
||||
new SSLDummyStreamDTLS(this, "c2s", &client_buffer_, &server_buffer_);
|
||||
client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_));
|
||||
client_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(client_stream_));
|
||||
client_ssl_->SignalEvent.connect(
|
||||
static_cast<SSLStreamAdapterTestBase*>(this),
|
||||
&SSLStreamAdapterTestBase::OnEvent);
|
||||
client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type_);
|
||||
client_ssl_->SetIdentity(client_identity_);
|
||||
auto client_identity = rtc::SSLIdentity::Create("client", client_key_type_);
|
||||
client_ssl_->SetIdentity(std::move(client_identity));
|
||||
}
|
||||
|
||||
void ConfigureServer(std::string experiment) {
|
||||
// webrtc::test::ScopedFieldTrials trial(experiment);
|
||||
server_stream_ =
|
||||
new SSLDummyStreamDTLS(this, "s2c", &server_buffer_, &client_buffer_);
|
||||
server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_));
|
||||
server_ssl_ =
|
||||
rtc::SSLStreamAdapter::Create(absl::WrapUnique(server_stream_));
|
||||
server_ssl_->SignalEvent.connect(
|
||||
static_cast<SSLStreamAdapterTestBase*>(this),
|
||||
&SSLStreamAdapterTestBase::OnEvent);
|
||||
server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type_);
|
||||
server_ssl_->SetIdentity(server_identity_);
|
||||
server_ssl_->SetIdentity(
|
||||
rtc::SSLIdentity::Create("server", server_key_type_));
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
@ -85,7 +85,7 @@ ScenarioIceConnectionImpl::ScenarioIceConnectionImpl(
|
||||
signaling_thread_(rtc::Thread::Current()),
|
||||
network_thread_(manager_->network_thread()),
|
||||
certificate_(rtc::RTCCertificate::Create(
|
||||
absl::WrapUnique(rtc::SSLIdentity::Generate("", ::rtc::KT_DEFAULT)))),
|
||||
rtc::SSLIdentity::Create("", ::rtc::KT_DEFAULT))),
|
||||
transport_description_(
|
||||
/*transport_options*/ {},
|
||||
rtc::CreateRandomString(cricket::ICE_UFRAG_LENGTH),
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user