diff options
author | Yuri Wiitala <miu@chromium.org> | 2019-11-26 16:10:29 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-11-27 00:20:32 +0000 |
commit | fddca10f23f5d483e2768dea6e3e920abb28898c (patch) | |
tree | f1783cfc7bc65df183156ecd52487048767dc26d /cast/sender | |
parent | f9d1fe4a538ab7003addcdf8592c77519a55b91a (diff) | |
download | openscreen-fddca10f23f5d483e2768dea6e3e920abb28898c.tar.gz |
Remove dependencies on openssl from platform/api.
Moves all certificate utilities out of TlsCredentials (in platform/base)
to a new util/crypto/certificate_utilities.* library.
Then, all remaning boringssl dependencies are removed from platform/api
by modifying the TlsConnectionFactory API to provide DER-encoded X509
certificates (i.e., a serialized form) instead of the boringssl X509
struct.
Bug: openscreen:89
Change-Id: Iaaeec687d81770bb8e7e2bab4837880c77a37aa9
Reviewed-on: https://chromium-review.googlesource.com/c/openscreen/+/1932181
Reviewed-by: Yuri Wiitala <miu@chromium.org>
Reviewed-by: Jordan Bayles <jophba@chromium.org>
Commit-Queue: Yuri Wiitala <miu@chromium.org>
Diffstat (limited to 'cast/sender')
-rw-r--r-- | cast/sender/BUILD.gn | 2 | ||||
-rw-r--r-- | cast/sender/channel/sender_socket_factory.cc | 17 | ||||
-rw-r--r-- | cast/sender/channel/sender_socket_factory.h | 8 |
3 files changed, 17 insertions, 10 deletions
diff --git a/cast/sender/BUILD.gn b/cast/sender/BUILD.gn index 86d67ade..31c21215 100644 --- a/cast/sender/BUILD.gn +++ b/cast/sender/BUILD.gn @@ -13,12 +13,14 @@ source_set("channel") { ] deps = [ + "../../util", "../common/certificate/proto:certificate_proto", "../common/channel/proto:channel_proto", ] public_deps = [ "../../platform", + "../../third_party/boringssl", ] } diff --git a/cast/sender/channel/sender_socket_factory.cc b/cast/sender/channel/sender_socket_factory.cc index 811f07df..3e75c977 100644 --- a/cast/sender/channel/sender_socket_factory.cc +++ b/cast/sender/channel/sender_socket_factory.cc @@ -7,6 +7,7 @@ #include "cast/common/channel/cast_socket.h" #include "cast/sender/channel/message_util.h" #include "platform/base/tls_connect_options.h" +#include "util/crypto/certificate_utils.h" namespace cast { namespace channel { @@ -43,14 +44,14 @@ void SenderSocketFactory::Connect(const IPEndpoint& endpoint, void SenderSocketFactory::OnAccepted( TlsConnectionFactory* factory, - X509* peer_cert, + std::vector<uint8_t> der_x509_peer_cert, std::unique_ptr<TlsConnection> connection) { OSP_NOTREACHED() << "This factory is connect-only."; } void SenderSocketFactory::OnConnected( TlsConnectionFactory* factory, - X509* peer_cert, + std::vector<uint8_t> der_x509_peer_cert, std::unique_ptr<TlsConnection> connection) { const IPEndpoint& endpoint = connection->GetRemoteEndpoint(); auto it = FindPendingConnection(endpoint); @@ -63,16 +64,18 @@ void SenderSocketFactory::OnConnected( CastSocket::Client* client = it->client; pending_connections_.erase(it); + ErrorOr<bssl::UniquePtr<X509>> peer_cert = openscreen::ImportCertificate( + der_x509_peer_cert.data(), der_x509_peer_cert.size()); if (!peer_cert) { - client_->OnError(this, endpoint, Error::Code::kErrCertsMissing); + client_->OnError(this, endpoint, peer_cert.error()); return; } auto socket = std::make_unique<CastSocket>(std::move(connection), this, GetNextSocketId()); - pending_auth_.emplace_back(new PendingAuth{endpoint, media_policy, - std::move(socket), client, - AuthContext::Create(), peer_cert}); + pending_auth_.emplace_back( + new PendingAuth{endpoint, media_policy, std::move(socket), client, + AuthContext::Create(), std::move(peer_cert.value())}); PendingAuth& pending = *pending_auth_.back(); CastMessage auth_challenge = CreateAuthChallengeMessage(pending.auth_context); @@ -146,7 +149,7 @@ void SenderSocketFactory::OnMessage(CastSocket* socket, CastMessage message) { } ErrorOr<CastDeviceCertPolicy> policy_or_error = AuthenticateChallengeReply( - message, (*it)->peer_cert, (*it)->auth_context); + message, (*it)->peer_cert.get(), (*it)->auth_context); if (policy_or_error.is_error()) { client_->OnError(this, pending->endpoint, policy_or_error.error()); return; diff --git a/cast/sender/channel/sender_socket_factory.h b/cast/sender/channel/sender_socket_factory.h index 62fa6d97..63998674 100644 --- a/cast/sender/channel/sender_socket_factory.h +++ b/cast/sender/channel/sender_socket_factory.h @@ -5,6 +5,8 @@ #ifndef CAST_SENDER_CHANNEL_SENDER_SOCKET_FACTORY_H_ #define CAST_SENDER_CHANNEL_SENDER_SOCKET_FACTORY_H_ +#include <openssl/x509.h> + #include <set> #include <utility> #include <vector> @@ -57,10 +59,10 @@ class SenderSocketFactory final : public TlsConnectionFactory::Client, // TlsConnectionFactory::Client overrides. void OnAccepted(TlsConnectionFactory* factory, - X509* peer_cert, + std::vector<uint8_t> der_x509_peer_cert, std::unique_ptr<TlsConnection> connection) override; void OnConnected(TlsConnectionFactory* factory, - X509* peer_cert, + std::vector<uint8_t> der_x509_peer_cert, std::unique_ptr<TlsConnection> connection) override; void OnConnectionFailed(TlsConnectionFactory* factory, const IPEndpoint& remote_address) override; @@ -79,7 +81,7 @@ class SenderSocketFactory final : public TlsConnectionFactory::Client, std::unique_ptr<CastSocket> socket; CastSocket::Client* client; AuthContext auth_context; - X509* peer_cert; + bssl::UniquePtr<X509> peer_cert; }; friend bool operator<(const std::unique_ptr<PendingAuth>& a, uint32_t b); |