rhubarb-lip-sync/rhubarb/lib/webrtc-8d2248ff/webrtc/p2p/base/dtlstransport.h

164 lines
5.8 KiB
C
Raw Permalink Normal View History

2016-06-21 20:13:05 +00:00
/*
* Copyright 2012 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_P2P_BASE_DTLSTRANSPORT_H_
#define WEBRTC_P2P_BASE_DTLSTRANSPORT_H_
#include <memory>
#include "webrtc/p2p/base/dtlstransportchannel.h"
#include "webrtc/p2p/base/transport.h"
namespace rtc {
class SSLIdentity;
}
namespace cricket {
class PortAllocator;
// Base should be a descendant of cricket::Transport and have a constructor
// that takes a transport name and PortAllocator.
//
// Everything in this class should be called on the worker thread.
template<class Base>
class DtlsTransport : public Base {
public:
DtlsTransport(const std::string& name,
PortAllocator* allocator,
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
: Base(name, allocator),
certificate_(certificate),
secure_role_(rtc::SSL_CLIENT),
ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_12) {}
~DtlsTransport() {
Base::DestroyAllChannels();
}
void SetLocalCertificate(
const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override {
certificate_ = certificate;
}
bool GetLocalCertificate(
rtc::scoped_refptr<rtc::RTCCertificate>* certificate) override {
if (!certificate_)
return false;
*certificate = certificate_;
return true;
}
bool SetSslMaxProtocolVersion(rtc::SSLProtocolVersion version) override {
ssl_max_version_ = version;
return true;
}
bool ApplyLocalTransportDescription(TransportChannelImpl* channel,
std::string* error_desc) override {
rtc::SSLFingerprint* local_fp =
Base::local_description()->identity_fingerprint.get();
if (!local_fp) {
certificate_ = nullptr;
} else if (!Base::VerifyCertificateFingerprint(certificate_.get(), local_fp,
error_desc)) {
return false;
}
if (!channel->SetLocalCertificate(certificate_)) {
return BadTransportDescription("Failed to set local identity.",
error_desc);
}
// Apply the description in the base class.
return Base::ApplyLocalTransportDescription(channel, error_desc);
}
bool NegotiateTransportDescription(ContentAction local_role,
std::string* error_desc) override {
if (!Base::local_description() || !Base::remote_description()) {
const std::string msg = "Local and Remote description must be set before "
"transport descriptions are negotiated";
return BadTransportDescription(msg, error_desc);
}
rtc::SSLFingerprint* local_fp =
Base::local_description()->identity_fingerprint.get();
rtc::SSLFingerprint* remote_fp =
Base::remote_description()->identity_fingerprint.get();
if (remote_fp && local_fp) {
remote_fingerprint_.reset(new rtc::SSLFingerprint(*remote_fp));
if (!Base::NegotiateRole(local_role, &secure_role_, error_desc)) {
return false;
}
} else if (local_fp && (local_role == CA_ANSWER)) {
return BadTransportDescription(
"Local fingerprint supplied when caller didn't offer DTLS.",
error_desc);
} else {
// We are not doing DTLS
remote_fingerprint_.reset(new rtc::SSLFingerprint("", nullptr, 0));
}
// Now run the negotiation for the base class.
return Base::NegotiateTransportDescription(local_role, error_desc);
}
DtlsTransportChannelWrapper* CreateTransportChannel(int component) override {
DtlsTransportChannelWrapper* channel = new DtlsTransportChannelWrapper(
Base::CreateTransportChannel(component));
channel->SetSslMaxProtocolVersion(ssl_max_version_);
return channel;
}
void DestroyTransportChannel(TransportChannelImpl* channel) override {
// Kind of ugly, but this lets us do the exact inverse of the create.
DtlsTransportChannelWrapper* dtls_channel =
static_cast<DtlsTransportChannelWrapper*>(channel);
TransportChannelImpl* base_channel = dtls_channel->channel();
delete dtls_channel;
Base::DestroyTransportChannel(base_channel);
}
bool GetSslRole(rtc::SSLRole* ssl_role) const override {
ASSERT(ssl_role != NULL);
*ssl_role = secure_role_;
return true;
}
private:
bool ApplyNegotiatedTransportDescription(TransportChannelImpl* channel,
std::string* error_desc) override {
// Set ssl role. Role must be set before fingerprint is applied, which
// initiates DTLS setup.
if (!channel->SetSslRole(secure_role_)) {
return BadTransportDescription("Failed to set ssl role for the channel.",
error_desc);
}
// Apply remote fingerprint.
if (!channel->SetRemoteFingerprint(remote_fingerprint_->algorithm,
reinterpret_cast<const uint8_t*>(
remote_fingerprint_->digest.data()),
remote_fingerprint_->digest.size())) {
return BadTransportDescription("Failed to apply remote fingerprint.",
error_desc);
}
return Base::ApplyNegotiatedTransportDescription(channel, error_desc);
}
rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
rtc::SSLRole secure_role_;
rtc::SSLProtocolVersion ssl_max_version_;
std::unique_ptr<rtc::SSLFingerprint> remote_fingerprint_;
};
} // namespace cricket
#endif // WEBRTC_P2P_BASE_DTLSTRANSPORT_H_