Added DtlsCertificate, a ref counted object owning an SSLIdentity

talk/app/webrtc/webrtcsession_unittest.cc

 /*
  * libjingle
  * Copyright 2012 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
  *     this list of conditions and the following disclaimer in the documentation
  *     and/or other materials provided with the distribution.
  *  3. The name of the author may not be used to endorse or promote products
  *     derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "talk/app/webrtc/audiotrack.h"
+#include "talk/app/webrtc/dtlscertificate.h"
 #include "talk/app/webrtc/fakemetricsobserver.h"
 #include "talk/app/webrtc/jsepicecandidate.h"
 #include "talk/app/webrtc/jsepsessiondescription.h"
 #include "talk/app/webrtc/mediastreamsignaling.h"
 #include "talk/app/webrtc/streamcollection.h"
 #include "talk/app/webrtc/test/fakeconstraints.h"
 #include "talk/app/webrtc/test/fakedtlsidentitystore.h"
 #include "talk/app/webrtc/test/fakemediastreamsignaling.h"
 #include "talk/app/webrtc/videotrack.h"
 #include "talk/app/webrtc/webrtcsession.h"
@@ skipping 313 matching lines @@
     desc_factory_->set_add_legacy_streams(false);
     allocator_->set_step_delay(cricket::kMinimumStepDelay);
   }
 
   void AddInterface(const SocketAddress& addr) {
     network_manager_.AddInterface(addr);
   }
 
   void Init(
       rtc::scoped_ptr<webrtc::DtlsIdentityStoreInterface> dtls_identity_store,
+      const rtc::scoped_refptr<webrtc::DtlsCertificate>& certificate,
       const PeerConnectionInterface::RTCConfiguration& rtc_configuration) {
     ASSERT_TRUE(session_.get() == NULL);
     session_.reset(new WebRtcSessionForTest(
         channel_manager_.get(), rtc::Thread::Current(),
         rtc::Thread::Current(), allocator_.get(),
         &observer_,
         &mediastream_signaling_));
 
     EXPECT_EQ(PeerConnectionInterface::kIceConnectionNew,
         observer_.ice_connection_state_);
     EXPECT_EQ(PeerConnectionInterface::kIceGatheringNew,
         observer_.ice_gathering_state_);
 
-    EXPECT_TRUE(session_->Initialize(
-        options_, constraints_.get(), dtls_identity_store.Pass(),
-        rtc_configuration));
+    if (!certificate) {
+      EXPECT_TRUE(session_->Initialize(options_, constraints_.get(),
+                                       dtls_identity_store.Pass(),
+                                       rtc_configuration));
+    } else {
+      EXPECT_TRUE(session_->Initialize(options_, constraints_.get(),
+                                       certificate, rtc_configuration));
+    }
     session_->set_metrics_observer(metrics_observer_);
   }
 
   void Init() {
     PeerConnectionInterface::RTCConfiguration configuration;
-    Init(nullptr, configuration);
+    Init(nullptr, nullptr, configuration);
   }
 
   void InitWithIceTransport(
       PeerConnectionInterface::IceTransportsType ice_transport_type) {
     PeerConnectionInterface::RTCConfiguration configuration;
     configuration.type = ice_transport_type;
-    Init(nullptr, configuration);
+    Init(nullptr, nullptr, configuration);
   }
 
   void InitWithBundlePolicy(
       PeerConnectionInterface::BundlePolicy bundle_policy) {
     PeerConnectionInterface::RTCConfiguration configuration;
     configuration.bundle_policy = bundle_policy;
-    Init(nullptr, configuration);
+    Init(nullptr, nullptr, configuration);
   }
 
   void InitWithRtcpMuxPolicy(
       PeerConnectionInterface::RtcpMuxPolicy rtcp_mux_policy) {
     PeerConnectionInterface::RTCConfiguration configuration;
     configuration.rtcp_mux_policy = rtcp_mux_policy;
-    Init(nullptr, configuration);
+    Init(nullptr, nullptr, configuration);
   }
 
   void InitWithDtls(bool identity_request_should_fail = false) {
     rtc::scoped_ptr<FakeDtlsIdentityStore> dtls_identity_store(
         new FakeDtlsIdentityStore());
     dtls_identity_store->set_should_fail(identity_request_should_fail);
     PeerConnectionInterface::RTCConfiguration configuration;
-    Init(dtls_identity_store.Pass(), configuration);
+    Init(dtls_identity_store.Pass(), nullptr, configuration);
   }
 
   void InitWithDtmfCodec() {
     // Add kTelephoneEventCodec for dtmf test.
     const cricket::AudioCodec kTelephoneEventCodec(
         106, "telephone-event", 8000, 0, 1, 0);
     std::vector<cricket::AudioCodec> codecs;
     codecs.push_back(kTelephoneEventCodec);
     media_engine_->SetAudioCodecs(codecs);
     desc_factory_->set_audio_codecs(codecs);
@@ skipping 110 matching lines @@
       EXPECT_EQ(std::string(cricket::kMediaProtocolAvpf),
                 video_content->protocol());
     }
   }
 
   // Set the internal fake description factories to do DTLS-SRTP.
   void SetFactoryDtlsSrtp() {
     desc_factory_->set_secure(cricket::SEC_DISABLED);
     std::string identity_name = "WebRTC" +
         rtc::ToString(rtc::CreateRandomId());
-    identity_.reset(rtc::SSLIdentity::Generate(identity_name));
-    tdesc_factory_->set_identity(identity_.get());
+    certificate_ = webrtc::DtlsCertificate::Create(
+        rtc::scoped_ptr<rtc::SSLIdentity>(
+            rtc::SSLIdentity::Generate(identity_name)).Pass());
+    tdesc_factory_->set_certificate(certificate_);
     tdesc_factory_->set_secure(cricket::SEC_REQUIRED);
   }
 
   void VerifyFingerprintStatus(const cricket::SessionDescription* sdp,
                                bool expected) {
     const TransportInfo* audio = sdp->GetTransportInfoByName("audio");
     ASSERT_TRUE(audio != NULL);
     ASSERT_EQ(expected, audio->description.identity_fingerprint.get() != NULL);
     const TransportInfo* video = sdp->GetTransportInfoByName("video");
     ASSERT_TRUE(video != NULL);
@@ skipping 677 matching lines @@
     allocator_->set_step_delay(cricket::kMinimumStepDelay);
     allocator_->set_flags(cricket::PORTALLOCATOR_DISABLE_TCP |
                           cricket::PORTALLOCATOR_ENABLE_SHARED_UFRAG);
   }
 
   cricket::FakeMediaEngine* media_engine_;
   cricket::FakeDataEngine* data_engine_;
   cricket::FakeDeviceManager* device_manager_;
   rtc::scoped_ptr<cricket::ChannelManager> channel_manager_;
   rtc::scoped_ptr<cricket::TransportDescriptionFactory> tdesc_factory_;
-  rtc::scoped_ptr<rtc::SSLIdentity> identity_;
+  rtc::scoped_refptr<webrtc::DtlsCertificate> certificate_;
   rtc::scoped_ptr<cricket::MediaSessionDescriptionFactory> desc_factory_;
   rtc::scoped_ptr<rtc::PhysicalSocketServer> pss_;
   rtc::scoped_ptr<rtc::VirtualSocketServer> vss_;
   rtc::scoped_ptr<rtc::FirewallSocketServer> fss_;
   rtc::SocketServerScope ss_scope_;
   rtc::SocketAddress stun_socket_addr_;
   rtc::scoped_ptr<cricket::TestStunServer> stun_server_;
   cricket::TestTurnServer turn_server_;
   rtc::FakeNetworkManager network_manager_;
   rtc::scoped_ptr<cricket::BasicPortAllocator> allocator_;
@@ skipping 2334 matching lines @@
 
   ASSERT_EQ(1UL, ch->recv_codecs().size());
   EXPECT_EQ(cricket::kGoogleSctpDataCodecId, ch->recv_codecs()[0].id);
   EXPECT_EQ(0, strcmp(cricket::kGoogleSctpDataCodecName,
                       ch->recv_codecs()[0].name.c_str()));
   EXPECT_TRUE(ch->recv_codecs()[0].GetParam(cricket::kCodecParamPort,
                                             &portnum));
   EXPECT_EQ(new_recv_port, portnum);
 }
 
+// Verifies that if a certificate is provided it is the one that will be used.

[Henrik Grunell WebRTC, 2015/08/12 14:46:30]

I think we should run all test with parameters, one for testing with explicitly
generated certificate and one without. It could be extended later on to test
different types of certificates.

[hbos, 2015/08/14 14:09:39]

Hmm, will think about and address in the next PS...

+TEST_F(WebRtcSessionTest, TestUsesProvidedCertificate) {
+  rtc::scoped_refptr<webrtc::DtlsCertificate> certificate =
+      FakeDtlsIdentityStore::GenerateCertificate();
+
+  PeerConnectionInterface::RTCConfiguration configuration;
+  Init(nullptr, certificate, configuration);
+  EXPECT_TRUE_WAIT(!session_->waiting_for_certificate(), 1000);
+
+  EXPECT_EQ(session_->get_certificate(), certificate);
+}
+
 // Verifies that CreateOffer succeeds when CreateOffer is called before async
 // identity generation is finished.
 TEST_F(WebRtcSessionTest, TestCreateOfferBeforeIdentityRequestReturnSuccess) {
   MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls();
 
-  EXPECT_TRUE(session_->waiting_for_identity());
+  EXPECT_TRUE(session_->waiting_for_certificate());
   mediastream_signaling_.SendAudioVideoStream1();
   rtc::scoped_ptr<SessionDescriptionInterface> offer(CreateOffer());
 
   EXPECT_TRUE(offer != NULL);
   VerifyNoCryptoParams(offer->description(), true);
   VerifyFingerprintStatus(offer->description(), true);
 }
 
 // Verifies that CreateAnswer succeeds when CreateOffer is called before async
 // identity generation is finished.
@@ skipping 14 matching lines @@
   VerifyNoCryptoParams(answer->description(), true);
   VerifyFingerprintStatus(answer->description(), true);
 }
 
 // Verifies that CreateOffer succeeds when CreateOffer is called after async
 // identity generation is finished.
 TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnSuccess) {
   MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls();
 
-  EXPECT_TRUE_WAIT(!session_->waiting_for_identity(), 1000);
+  EXPECT_TRUE_WAIT(!session_->waiting_for_certificate(), 1000);
 
   rtc::scoped_ptr<SessionDescriptionInterface> offer(CreateOffer());
   EXPECT_TRUE(offer != NULL);
 }
 
 // Verifies that CreateOffer fails when CreateOffer is called after async
 // identity generation fails.
 TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnFailure) {
   MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
   InitWithDtls(true);
 
-  EXPECT_TRUE_WAIT(!session_->waiting_for_identity(), 1000);
+  EXPECT_TRUE_WAIT(!session_->waiting_for_certificate(), 1000);
 
   rtc::scoped_ptr<SessionDescriptionInterface> offer(CreateOffer());
   EXPECT_TRUE(offer == NULL);
 }
 
 // Verifies that CreateOffer succeeds when Multiple CreateOffer calls are made
 // before async identity generation is finished.
 TEST_F(WebRtcSessionTest,
        TestMultipleCreateOfferBeforeIdentityRequestReturnSuccess) {
   MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
@@ skipping 282 matching lines @@
     // terminated.  The offer creation may or may not have succeeded, but we
     // must have received a notification which, so the only invalid state
     // is kInit.
     EXPECT_NE(WebRtcSessionCreateSDPObserverForTest::kInit, o->state());
   }
 }
 
 // TODO(bemasc): Add a TestIceStatesBundle with BUNDLE enabled.  That test
 // currently fails because upon disconnection and reconnection OnIceComplete is
 // called more than once without returning to IceGatheringGathering.