RTCCertificateGenerator added.
This is a new way of generating RTCCertificate objects that is meant
to replace DtlsIdentityStoreInterface and all of its implementations
(clean up work).
It is similar to the identity store in that it generates on the worker
thread and does callback on the signaling thread, but:
- It does not generate identities in the background that you did not
ask for (preemptive generation made more sense before certificates
were parameterized, not so much anymore, and ECDSA which will be most
common takes like <=2 ms to generate).
- As such this code is less complicated than the store's code.
- The API is different, it takes Optional<uint64_t> expires and it
returns RTCCertificates, not SSLIdentities.
- It supports a blocking version of GenerateCertificate that can be
called from any thread, necessary for Chrome which can generate
certificates before the signaling/worker threads have been
initialized as WebRTC-threads (Chrome can invoke this version on
the worker thread outside of WebRTC).
This CL does not remove the identity store, only adds the alternative.
Follow-up CLs will start using it, the store will be removed once it
is no longer used anywhere.
BUG=webrtc:5707, webrtc:5708
R=hta@webrtc.org, torbjorng@webrtc.org
Review URL: https://codereview.webrtc.org/1883813002 .
Cr-Commit-Position: refs/heads/master@{#12381}
2016-04-15 17:55:21 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright 2016 The WebRTC project authors. All Rights Reserved.
|
|
|
|
|
*
|
|
|
|
|
* Use of this source code is governed by a BSD-style license
|
|
|
|
|
* that can be found in the LICENSE file in the root of the source
|
|
|
|
|
* tree. An additional intellectual property rights grant can be found
|
|
|
|
|
* in the file PATENTS. All contributing project authors may
|
|
|
|
|
* be found in the AUTHORS file in the root of the source tree.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-01-11 09:11:00 -08:00
|
|
|
#ifndef RTC_BASE_RTC_CERTIFICATE_GENERATOR_H_
|
|
|
|
|
#define RTC_BASE_RTC_CERTIFICATE_GENERATOR_H_
|
RTCCertificateGenerator added.
This is a new way of generating RTCCertificate objects that is meant
to replace DtlsIdentityStoreInterface and all of its implementations
(clean up work).
It is similar to the identity store in that it generates on the worker
thread and does callback on the signaling thread, but:
- It does not generate identities in the background that you did not
ask for (preemptive generation made more sense before certificates
were parameterized, not so much anymore, and ECDSA which will be most
common takes like <=2 ms to generate).
- As such this code is less complicated than the store's code.
- The API is different, it takes Optional<uint64_t> expires and it
returns RTCCertificates, not SSLIdentities.
- It supports a blocking version of GenerateCertificate that can be
called from any thread, necessary for Chrome which can generate
certificates before the signaling/worker threads have been
initialized as WebRTC-threads (Chrome can invoke this version on
the worker thread outside of WebRTC).
This CL does not remove the identity store, only adds the alternative.
Follow-up CLs will start using it, the store will be removed once it
is no longer used anywhere.
BUG=webrtc:5707, webrtc:5708
R=hta@webrtc.org, torbjorng@webrtc.org
Review URL: https://codereview.webrtc.org/1883813002 .
Cr-Commit-Position: refs/heads/master@{#12381}
2016-04-15 17:55:21 +02:00
|
|
|
|
2018-10-23 12:03:01 +02:00
|
|
|
#include <stdint.h>
|
|
|
|
|
|
2018-06-21 11:48:25 +02:00
|
|
|
#include "absl/types/optional.h"
|
2019-01-25 20:26:48 +01:00
|
|
|
#include "api/scoped_refptr.h"
|
2019-01-11 09:11:00 -08:00
|
|
|
#include "rtc_base/ref_count.h"
|
|
|
|
|
#include "rtc_base/rtc_certificate.h"
|
|
|
|
|
#include "rtc_base/ssl_identity.h"
|
2019-09-23 14:54:28 +02:00
|
|
|
#include "rtc_base/system/rtc_export.h"
|
2017-09-15 06:47:31 +02:00
|
|
|
#include "rtc_base/thread.h"
|
RTCCertificateGenerator added.
This is a new way of generating RTCCertificate objects that is meant
to replace DtlsIdentityStoreInterface and all of its implementations
(clean up work).
It is similar to the identity store in that it generates on the worker
thread and does callback on the signaling thread, but:
- It does not generate identities in the background that you did not
ask for (preemptive generation made more sense before certificates
were parameterized, not so much anymore, and ECDSA which will be most
common takes like <=2 ms to generate).
- As such this code is less complicated than the store's code.
- The API is different, it takes Optional<uint64_t> expires and it
returns RTCCertificates, not SSLIdentities.
- It supports a blocking version of GenerateCertificate that can be
called from any thread, necessary for Chrome which can generate
certificates before the signaling/worker threads have been
initialized as WebRTC-threads (Chrome can invoke this version on
the worker thread outside of WebRTC).
This CL does not remove the identity store, only adds the alternative.
Follow-up CLs will start using it, the store will be removed once it
is no longer used anywhere.
BUG=webrtc:5707, webrtc:5708
R=hta@webrtc.org, torbjorng@webrtc.org
Review URL: https://codereview.webrtc.org/1883813002 .
Cr-Commit-Position: refs/heads/master@{#12381}
2016-04-15 17:55:21 +02:00
|
|
|
|
2017-06-29 07:52:50 +02:00
|
|
|
namespace rtc {
|
|
|
|
|
|
2021-08-10 01:22:31 +02:00
|
|
|
// See `RTCCertificateGeneratorInterface::GenerateCertificateAsync`.
|
2017-06-29 07:52:50 +02:00
|
|
|
class RTCCertificateGeneratorCallback : public RefCountInterface {
|
|
|
|
|
public:
|
|
|
|
|
virtual void OnSuccess(const scoped_refptr<RTCCertificate>& certificate) = 0;
|
|
|
|
|
virtual void OnFailure() = 0;
|
|
|
|
|
|
|
|
|
|
protected:
|
|
|
|
|
~RTCCertificateGeneratorCallback() override {}
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-26 16:03:14 +02:00
|
|
|
// Generates `RTCCertificate`s.
|
|
|
|
|
// See `RTCCertificateGenerator` for the WebRTC repo's implementation.
|
2017-06-29 07:52:50 +02:00
|
|
|
class RTCCertificateGeneratorInterface {
|
|
|
|
|
public:
|
|
|
|
|
virtual ~RTCCertificateGeneratorInterface() {}
|
|
|
|
|
|
|
|
|
|
// Generates a certificate asynchronously on the worker thread.
|
2021-07-26 16:03:14 +02:00
|
|
|
// Must be called on the signaling thread. The `callback` is invoked with the
|
|
|
|
|
// result on the signaling thread. `exipres_ms` optionally specifies for how
|
2017-06-29 07:52:50 +02:00
|
|
|
// long we want the certificate to be valid, but the implementation may choose
|
|
|
|
|
// its own restrictions on the expiration time.
|
|
|
|
|
virtual void GenerateCertificateAsync(
|
|
|
|
|
const KeyParams& key_params,
|
2018-06-21 11:48:25 +02:00
|
|
|
const absl::optional<uint64_t>& expires_ms,
|
2017-06-29 07:52:50 +02:00
|
|
|
const scoped_refptr<RTCCertificateGeneratorCallback>& callback) = 0;
|
|
|
|
|
};
|
|
|
|
|
|
2021-07-26 16:03:14 +02:00
|
|
|
// Standard implementation of `RTCCertificateGeneratorInterface`.
|
|
|
|
|
// The static function `GenerateCertificate` generates a certificate on the
|
|
|
|
|
// current thread. The `RTCCertificateGenerator` instance generates certificates
|
|
|
|
|
// asynchronously on the worker thread with `GenerateCertificateAsync`.
|
2019-09-23 14:54:28 +02:00
|
|
|
class RTC_EXPORT RTCCertificateGenerator
|
|
|
|
|
: public RTCCertificateGeneratorInterface {
|
2017-06-29 07:52:50 +02:00
|
|
|
public:
|
|
|
|
|
// Generates a certificate on the current thread. Returns null on failure.
|
2021-07-26 16:03:14 +02:00
|
|
|
// If `expires_ms` is specified, the certificate will expire in approximately
|
|
|
|
|
// that many milliseconds from now. `expires_ms` is limited to a year, a
|
|
|
|
|
// larger value than that is clamped down to a year. If `expires_ms` is not
|
2017-06-29 07:52:50 +02:00
|
|
|
// specified, a default expiration time is used.
|
|
|
|
|
static scoped_refptr<RTCCertificate> GenerateCertificate(
|
|
|
|
|
const KeyParams& key_params,
|
2018-06-21 11:48:25 +02:00
|
|
|
const absl::optional<uint64_t>& expires_ms);
|
2017-06-29 07:52:50 +02:00
|
|
|
|
|
|
|
|
RTCCertificateGenerator(Thread* signaling_thread, Thread* worker_thread);
|
|
|
|
|
~RTCCertificateGenerator() override {}
|
|
|
|
|
|
2021-07-26 16:03:14 +02:00
|
|
|
// `RTCCertificateGeneratorInterface` overrides.
|
|
|
|
|
// If `expires_ms` is specified, the certificate will expire in approximately
|
|
|
|
|
// that many milliseconds from now. `expires_ms` is limited to a year, a
|
|
|
|
|
// larger value than that is clamped down to a year. If `expires_ms` is not
|
2017-06-29 07:52:50 +02:00
|
|
|
// specified, a default expiration time is used.
|
|
|
|
|
void GenerateCertificateAsync(
|
|
|
|
|
const KeyParams& key_params,
|
2018-06-21 11:48:25 +02:00
|
|
|
const absl::optional<uint64_t>& expires_ms,
|
2017-06-29 07:52:50 +02:00
|
|
|
const scoped_refptr<RTCCertificateGeneratorCallback>& callback) override;
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
Thread* const signaling_thread_;
|
|
|
|
|
Thread* const worker_thread_;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} // namespace rtc
|
RTCCertificateGenerator added.
This is a new way of generating RTCCertificate objects that is meant
to replace DtlsIdentityStoreInterface and all of its implementations
(clean up work).
It is similar to the identity store in that it generates on the worker
thread and does callback on the signaling thread, but:
- It does not generate identities in the background that you did not
ask for (preemptive generation made more sense before certificates
were parameterized, not so much anymore, and ECDSA which will be most
common takes like <=2 ms to generate).
- As such this code is less complicated than the store's code.
- The API is different, it takes Optional<uint64_t> expires and it
returns RTCCertificates, not SSLIdentities.
- It supports a blocking version of GenerateCertificate that can be
called from any thread, necessary for Chrome which can generate
certificates before the signaling/worker threads have been
initialized as WebRTC-threads (Chrome can invoke this version on
the worker thread outside of WebRTC).
This CL does not remove the identity store, only adds the alternative.
Follow-up CLs will start using it, the store will be removed once it
is no longer used anywhere.
BUG=webrtc:5707, webrtc:5708
R=hta@webrtc.org, torbjorng@webrtc.org
Review URL: https://codereview.webrtc.org/1883813002 .
Cr-Commit-Position: refs/heads/master@{#12381}
2016-04-15 17:55:21 +02:00
|
|
|
|
2019-01-11 09:11:00 -08:00
|
|
|
#endif // RTC_BASE_RTC_CERTIFICATE_GENERATOR_H_
|