Expose RTCSSLCertificateVerifier from iOS SDK.

Bug: webrtc:11710 Change-Id: I825c6350a71b2ff180520f8643cbd4d6febdc883 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254821 Reviewed-by: Kári Helgason <kthelgason@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Yura Yaroshevich <yura.yaroshevich@gmail.com> Cr-Commit-Position: refs/heads/main@{#36284}
2025-05-12 21:30:45 +01:00 · 2022-03-11 09:22:08 +01:00 · 2022-03-11 09:22:08 +01:00 · 19a6e9438b
commit 19a6e9438b
parent df59e53818
8 changed files with 143 additions and 5 deletions
--- a/sdk/BUILD.gn
+++ b/sdk/BUILD.gn
@ -101,6 +101,7 @@ if (is_ios || is_mac) {
      "objc/base/RTCMacros.h",
      "objc/base/RTCMutableI420Buffer.h",
      "objc/base/RTCMutableYUVPlanarBuffer.h",
+      "objc/base/RTCSSLCertificateVerifier.h",
      "objc/base/RTCVideoCapturer.h",
      "objc/base/RTCVideoCapturer.m",
      "objc/base/RTCVideoCodecInfo.h",
@ -1233,6 +1234,7 @@ if (is_ios || is_mac) {
          "objc/base/RTCMacros.h",
          "objc/base/RTCMutableI420Buffer.h",
          "objc/base/RTCMutableYUVPlanarBuffer.h",
+          "objc/base/RTCSSLCertificateVerifier.h",
          "objc/base/RTCVideoCapturer.h",
          "objc/base/RTCVideoCodecInfo.h",
          "objc/base/RTCVideoDecoder.h",
@ -1429,6 +1431,7 @@ if (is_ios || is_mac) {
          "objc/base/RTCMacros.h",
          "objc/base/RTCMutableI420Buffer.h",
          "objc/base/RTCMutableYUVPlanarBuffer.h",
+          "objc/base/RTCSSLCertificateVerifier.h",
          "objc/base/RTCVideoCapturer.h",
          "objc/base/RTCVideoCodecInfo.h",
          "objc/base/RTCVideoDecoder.h",
@ -1528,6 +1531,8 @@ if (is_ios || is_mac) {
      sources = [
        "objc/native/api/network_monitor_factory.h",
        "objc/native/api/network_monitor_factory.mm",
+        "objc/native/api/ssl_certificate_verifier.h",
+        "objc/native/api/ssl_certificate_verifier.mm",
        "objc/native/api/video_capturer.h",
        "objc/native/api/video_capturer.mm",
        "objc/native/api/video_decoder_factory.h",
--- a/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h
+++ b/sdk/objc/api/peerconnection/RTCPeerConnection+Private.h
@ -68,6 +68,8 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver {
 };

 }  // namespace webrtc
+@protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier);

@interface RTC_OBJC_TYPE (RTCPeerConnection)
 ()
@ -83,11 +85,12 @@ class PeerConnectionDelegateAdapter : public PeerConnectionObserver {
 /** Initialize an RTCPeerConnection with a configuration, constraints, and
 *  delegate.
 */
- (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
-                           configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
-                             constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
-                                delegate:
-                                    (nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+- (nullable instancetype)
+        initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
+          configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+            constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+    certificateVerifier:(nullable id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+               delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;

 /** Initialize an RTCPeerConnection with a configuration, constraints,
 *  delegate and PeerConnectionDependencies.
--- a/sdk/objc/api/peerconnection/RTCPeerConnection.mm
+++ b/sdk/objc/api/peerconnection/RTCPeerConnection.mm
@ -34,6 +34,7 @@
 #include "api/set_remote_description_observer_interface.h"
 #include "rtc_base/checks.h"
 #include "rtc_base/numerics/safe_conversions.h"
+#include "sdk/objc/native/api/ssl_certificate_verifier.h"

 NSString *const kRTCPeerConnectionErrorDomain = @"org.webrtc.RTC_OBJC_TYPE(RTCPeerConnection)";
 int const kRTCPeerConnnectionSessionDescriptionError = -1;
@ -336,10 +337,15 @@ void PeerConnectionDelegateAdapter::OnRemoveTrack(
 - (nullable instancetype)initWithFactory:(RTC_OBJC_TYPE(RTCPeerConnectionFactory) *)factory
                           configuration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
                             constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+                     certificateVerifier:
+                         (nullable id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
                                delegate:(id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate {
  NSParameterAssert(factory);
  std::unique_ptr<webrtc::PeerConnectionDependencies> dependencies =
      std::make_unique<webrtc::PeerConnectionDependencies>(nullptr);
+  if (certificateVerifier != nil) {
+    dependencies->tls_cert_verifier = webrtc::ObjCToNativeCertificateVerifier(certificateVerifier);
+  }
  return [self initWithDependencies:factory
                      configuration:configuration
                        constraints:constraints
--- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h
+++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.h
@ -29,6 +29,8 @@ NS_ASSUME_NONNULL_BEGIN
 (RTCVideoDecoderFactory);
@protocol RTC_OBJC_TYPE
 (RTCVideoEncoderFactory);
+@protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier);

 RTC_OBJC_EXPORT
@interface RTC_OBJC_TYPE (RTCPeerConnectionFactory) : NSObject
@ -82,6 +84,13 @@ RTC_OBJC_EXPORT
                        constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
                           delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;

+- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *)
+    peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+                        constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+                certificateVerifier:
+                    (id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+                           delegate:(nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate;
+
 /** Set the options to be used for subsequently created RTCPeerConnections */
 - (void)setOptions:(nonnull RTC_OBJC_TYPE(RTCPeerConnectionFactoryOptions) *)options;

--- a/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm
+++ b/sdk/objc/api/peerconnection/RTCPeerConnectionFactory.mm
@ -27,6 +27,7 @@
 #import "helpers/NSString+StdString.h"
 #include "rtc_base/checks.h"
 #include "sdk/objc/native/api/network_monitor_factory.h"
+#include "sdk/objc/native/api/ssl_certificate_verifier.h"
 #include "system_wrappers/include/field_trial.h"

 #ifndef HAVE_NO_MEDIA
@ -272,6 +273,21 @@
  return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self
                                                     configuration:configuration
                                                       constraints:constraints
+                                               certificateVerifier:nil
+                                                          delegate:delegate];
+}
+
+- (nullable RTC_OBJC_TYPE(RTCPeerConnection) *)
+    peerConnectionWithConfiguration:(RTC_OBJC_TYPE(RTCConfiguration) *)configuration
+                        constraints:(RTC_OBJC_TYPE(RTCMediaConstraints) *)constraints
+                certificateVerifier:
+                    (id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)>)certificateVerifier
+                           delegate:
+                               (nullable id<RTC_OBJC_TYPE(RTCPeerConnectionDelegate)>)delegate {
+  return [[RTC_OBJC_TYPE(RTCPeerConnection) alloc] initWithFactory:self
+                                                     configuration:configuration
+                                                       constraints:constraints
+                                               certificateVerifier:certificateVerifier
                                                          delegate:delegate];
 }

--- a/sdk/objc/base/RTCSSLCertificateVerifier.h
+++ b/sdk/objc/base/RTCSSLCertificateVerifier.h
@ -0,0 +1,25 @@
+/*
+ *  Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import <Foundation/Foundation.h>
+
+#import "RTCMacros.h"
+
+NS_ASSUME_NONNULL_BEGIN
+
+RTC_OBJC_EXPORT @protocol RTC_OBJC_TYPE
+(RTCSSLCertificateVerifier)<NSObject>
+
+    /** The certificate to verify */
+    - (BOOL)verify : (NSData *)derCertificate;
+
+@end
+
+NS_ASSUME_NONNULL_END
--- a/sdk/objc/native/api/ssl_certificate_verifier.h
+++ b/sdk/objc/native/api/ssl_certificate_verifier.h
@ -0,0 +1,26 @@
+/*
+ *  Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
+#define SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
+
+#include <memory>
+
+#import "RTCSSLCertificateVerifier.h"
+#include "rtc_base/ssl_certificate.h"
+
+namespace webrtc {
+
+std::unique_ptr<rtc::SSLCertificateVerifier> ObjCToNativeCertificateVerifier(
+    id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier);
+
+}  // namespace webrtc
+
+#endif  // SDK_OBJC_NATIVE_API_SSL_CERTIFICATE_VERIFIER_H_
--- a/sdk/objc/native/api/ssl_certificate_verifier.mm
+++ b/sdk/objc/native/api/ssl_certificate_verifier.mm
@ -0,0 +1,48 @@
+/*
+ *  Copyright 2022 The WebRTC project authors. All Rights Reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#import "ssl_certificate_verifier.h"
+
+#include "rtc_base/buffer.h"
+
+namespace {
+
+class SSLCertificateVerifierAdapter final : public rtc::SSLCertificateVerifier {
+ public:
+  SSLCertificateVerifierAdapter(
+      id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier)
+      : objc_certificate_verifier_(objc_certificate_verifier) {
+    RTC_DCHECK(objc_certificate_verifier_ != nil);
+  }
+
+  bool Verify(const rtc::SSLCertificate& certificate) override {
+    @autoreleasepool {
+      rtc::Buffer der_buffer;
+      certificate.ToDER(&der_buffer);
+      NSData* serialized_certificate = [[NSData alloc] initWithBytes:der_buffer.data()
+                                                              length:der_buffer.size()];
+      return [objc_certificate_verifier_ verify:serialized_certificate];
+    }
+  }
+
+ private:
+  id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier_;
+};
+
+}
+
+namespace webrtc {
+
+std::unique_ptr<rtc::SSLCertificateVerifier> ObjCToNativeCertificateVerifier(
+    id<RTC_OBJC_TYPE(RTCSSLCertificateVerifier)> objc_certificate_verifier) {
+  return std::make_unique<SSLCertificateVerifierAdapter>(objc_certificate_verifier);
+}
+
+}  // namespace webrtc