RTCCertificates added to RTCConfiguration, used by WebRtcSession/-DescriptionFactory

talk/app/webrtc/webrtcsessiondescriptionfactory.cc

 /*
  * libjingle
  * Copyright 2013 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
@@ skipping 50 matching lines @@
   MediaSessionOptions::Streams sorted_streams = streams;
   std::sort(sorted_streams.begin(), sorted_streams.end(), CompareStream);
   MediaSessionOptions::Streams::iterator it =
       std::adjacent_find(sorted_streams.begin(), sorted_streams.end(),
                          SameId);
   return it == sorted_streams.end();
 }
 
 enum {
   MSG_CREATE_SESSIONDESCRIPTION_SUCCESS,
-  MSG_CREATE_SESSIONDESCRIPTION_FAILED
+  MSG_CREATE_SESSIONDESCRIPTION_FAILED,
+  MSG_USE_CONSTRUCTOR_CERTIFICATE
 };
 
 struct CreateSessionDescriptionMsg : public rtc::MessageData {
   explicit CreateSessionDescriptionMsg(
       webrtc::CreateSessionDescriptionObserver* observer)
       : observer(observer) {
   }
 
   rtc::scoped_refptr<webrtc::CreateSessionDescriptionObserver> observer;
   std::string error;
@@ skipping 37 matching lines @@
         source_desc->candidates(m);
     const IceCandidateCollection* dest_candidates = dest_desc->candidates(m);
     for  (size_t n = 0; n < source_candidates->count(); ++n) {
       const IceCandidateInterface* new_candidate = source_candidates->at(n);
       if (!dest_candidates->HasCandidate(new_candidate))
         dest_desc->AddCandidate(source_candidates->at(n));
     }
   }
 }
 
+// Private constructor called by other constructors.
 WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
     rtc::Thread* signaling_thread,
     cricket::ChannelManager* channel_manager,
     MediaStreamSignaling* mediastream_signaling,
     rtc::scoped_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+    const rtc::scoped_refptr<WebRtcIdentityRequestObserver>&
+        identity_request_observer,
     WebRtcSession* session,
     const std::string& session_id,
     cricket::DataChannelType dct,
     bool dtls_enabled)
     : signaling_thread_(signaling_thread),
       mediastream_signaling_(mediastream_signaling),
       session_desc_factory_(channel_manager, &transport_desc_factory_),
       // RFC 4566 suggested a Network Time Protocol (NTP) format timestamp
       // as the session id and session version. To simplify, it should be fine
       // to just use a random number as session id and start version from
       // |kInitSessionVersion|.
       session_version_(kInitSessionVersion),
       dtls_identity_store_(dtls_identity_store.Pass()),
+      identity_request_observer_(identity_request_observer),
       session_(session),
       session_id_(session_id),
       data_channel_type_(dct),
-      identity_request_state_(IDENTITY_NOT_NEEDED) {
+      certificate_request_state_(CERTIFICATE_NOT_NEEDED) {
   session_desc_factory_.set_add_legacy_streams(false);
   // SRTP-SDES is disabled if DTLS is on.
   SetSdesPolicy(dtls_enabled ? cricket::SEC_DISABLED : cricket::SEC_REQUIRED);
+}
 
-  // If |dtls_enabled| we must have a |dtls_identity_store_|.
-  DCHECK(!dtls_enabled || dtls_identity_store_);
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    MediaStreamSignaling* mediastream_signaling,
+    WebRtcSession* session,
+    const std::string& session_id,
+    cricket::DataChannelType dct)
+    : WebRtcSessionDescriptionFactory(
+        signaling_thread, channel_manager, mediastream_signaling, nullptr,
+        nullptr, session, session_id, dct, false) {
+  LOG(LS_VERBOSE) << "DTLS-SRTP disabled.";
+}
 
-  if (dtls_enabled && dtls_identity_store_) {
-    identity_request_observer_ =
-      new rtc::RefCountedObject<WebRtcIdentityRequestObserver>();
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    MediaStreamSignaling* mediastream_signaling,
+    rtc::scoped_ptr<DtlsIdentityStoreInterface> dtls_identity_store,
+    WebRtcSession* session,
+    const std::string& session_id,
+    cricket::DataChannelType dct)
+    : WebRtcSessionDescriptionFactory(
+        signaling_thread,
+        channel_manager,
+        mediastream_signaling,
+        dtls_identity_store.Pass(),
+        new rtc::RefCountedObject<WebRtcIdentityRequestObserver>(),
+        session,
+        session_id,
+        dct,
+        true) {
+  DCHECK(dtls_identity_store_);
 
-    identity_request_observer_->SignalRequestFailed.connect(
-        this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
-    identity_request_observer_->SignalIdentityReady.connect(
-        this, &WebRtcSessionDescriptionFactory::SetIdentity);
+  certificate_request_state_ = CERTIFICATE_WAITING;
 
-    LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request.";
-    identity_request_state_ = IDENTITY_WAITING;
-    dtls_identity_store_->RequestIdentity(rtc::KT_DEFAULT,
-                                          identity_request_observer_);
-  }
+  identity_request_observer_->SignalRequestFailed.connect(
+      this, &WebRtcSessionDescriptionFactory::OnIdentityRequestFailed);
+  identity_request_observer_->SignalIdentityReady.connect(
+      this, &WebRtcSessionDescriptionFactory::SetIdentity);
+
+  rtc::KeyType key_type = rtc::KT_DEFAULT;
+  LOG(LS_VERBOSE) << "DTLS-SRTP enabled; sending DTLS identity request (key "
+                  << "type: " << key_type << ").";
+
+  // Request identity. This happens asynchronously, so the caller will have a
+  // chance to connect to SignalIdentityReady.
+  dtls_identity_store_->RequestIdentity(key_type, identity_request_observer_);
+}
+
+WebRtcSessionDescriptionFactory::WebRtcSessionDescriptionFactory(
+    rtc::Thread* signaling_thread,
+    cricket::ChannelManager* channel_manager,
+    MediaStreamSignaling* mediastream_signaling,
+    rtc::scoped_refptr<rtc::RTCCertificate> certificate,
+    WebRtcSession* session,
+    const std::string& session_id,
+    cricket::DataChannelType dct)
+    : WebRtcSessionDescriptionFactory(
+        signaling_thread, channel_manager, mediastream_signaling, nullptr,
+        nullptr, session, session_id, dct, true) {
+  DCHECK(certificate);
+
+  certificate_request_state_ = CERTIFICATE_WAITING;
+
+  LOG(LS_VERBOSE) << "DTLS-SRTP enabled; has certificate parameter.";
+  // We already have a certificate but we wait to do SetIdentity; if we do
+  // it in the constructor then the caller has not had a chance to connect to
+  // SignalIdentityReady.
+  signaling_thread_->Post(this, MSG_USE_CONSTRUCTOR_CERTIFICATE,
+                          new rtc::ScopedRefMessageData<rtc::RTCCertificate>(
+                              certificate));
 }
 
 WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() {
   ASSERT(signaling_thread_->IsCurrent());
 
   // Fail any requests that were asked for before identity generation completed.
   FailPendingRequests(kFailedDueToSessionShutdown);
 
   // Process all pending notifications in the message queue.  If we don't do
   // this, requests will linger and not know they succeeded or failed.
   rtc::MessageList list;
   signaling_thread_->Clear(this, rtc::MQID_ANY, &list);
-  for (auto& msg : list)
-    OnMessage(&msg);
+  for (auto& msg : list) {
+    if (msg.message_id != MSG_USE_CONSTRUCTOR_CERTIFICATE)
+      OnMessage(&msg);
+    else {
+      // Skip MSG_USE_CONSTRUCTOR_CERTIFICATE because we don't want to trigger
+      // SetIdentity-related callbacks in the destructor. This can be a problem
+      // when WebRtcSession listens to the callback but it was the WebRtcSession
+      // destructor that caused WebRtcSessionDescriptionFactory's destruction.
+      // The callback is then ignored, leaking memory allocated by OnMessage for
+      // MSG_USE_CONSTRUCTOR_CERTIFICATE.
+      delete msg.pdata;
+    }
+  }
 
   transport_desc_factory_.set_identity(NULL);
 }
 
 void WebRtcSessionDescriptionFactory::CreateOffer(
     CreateSessionDescriptionObserver* observer,
     const PeerConnectionInterface::RTCOfferAnswerOptions& options) {
   cricket::MediaSessionOptions session_options;
 
   std::string error = "CreateOffer";
-  if (identity_request_state_ == IDENTITY_FAILED) {
+  if (certificate_request_state_ == CERTIFICATE_FAILED) {
     error += kFailedDueToIdentityFailed;
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
     return;
   }
 
   if (!mediastream_signaling_->GetOptionsForOffer(options,
                                                   &session_options)) {
     error += " called with invalid options.";
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
     return;
   }
 
   if (!ValidStreams(session_options.streams)) {
     error += " called with invalid media streams.";
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
     return;
   }
 
   if (data_channel_type_ == cricket::DCT_SCTP &&
       mediastream_signaling_->HasDataChannels()) {
     session_options.data_channel_type = cricket::DCT_SCTP;
   }
 
   CreateSessionDescriptionRequest request(
       CreateSessionDescriptionRequest::kOffer, observer, session_options);
-  if (identity_request_state_ == IDENTITY_WAITING) {
+  if (certificate_request_state_ == CERTIFICATE_WAITING) {
     create_session_description_requests_.push(request);
   } else {
-    ASSERT(identity_request_state_ == IDENTITY_SUCCEEDED ||
-           identity_request_state_ == IDENTITY_NOT_NEEDED);
+    ASSERT(certificate_request_state_ == CERTIFICATE_SUCCEEDED ||
+           certificate_request_state_ == CERTIFICATE_NOT_NEEDED);
     InternalCreateOffer(request);
   }
 }
 
 void WebRtcSessionDescriptionFactory::CreateAnswer(
     CreateSessionDescriptionObserver* observer,
     const MediaConstraintsInterface* constraints) {
   std::string error = "CreateAnswer";
-  if (identity_request_state_ == IDENTITY_FAILED) {
+  if (certificate_request_state_ == CERTIFICATE_FAILED) {
     error += kFailedDueToIdentityFailed;
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
     return;
   }
   if (!session_->remote_description()) {
     error += " can't be called before SetRemoteDescription.";
     LOG(LS_ERROR) << error;
     PostCreateSessionDescriptionFailed(observer, error);
     return;
@@ skipping 21 matching lines @@
   }
   // RTP data channel is handled in MediaSessionOptions::AddStream. SCTP streams
   // are not signaled in the SDP so does not go through that path and must be
   // handled here.
   if (data_channel_type_ == cricket::DCT_SCTP) {
     options.data_channel_type = cricket::DCT_SCTP;
   }
 
   CreateSessionDescriptionRequest request(
       CreateSessionDescriptionRequest::kAnswer, observer, options);
-  if (identity_request_state_ == IDENTITY_WAITING) {
+  if (certificate_request_state_ == CERTIFICATE_WAITING) {
     create_session_description_requests_.push(request);
   } else {
-    ASSERT(identity_request_state_ == IDENTITY_SUCCEEDED ||
-           identity_request_state_ == IDENTITY_NOT_NEEDED);
+    ASSERT(certificate_request_state_ == CERTIFICATE_SUCCEEDED ||
+           certificate_request_state_ == CERTIFICATE_NOT_NEEDED);
     InternalCreateAnswer(request);
   }
 }
 
 void WebRtcSessionDescriptionFactory::SetSdesPolicy(
     cricket::SecurePolicy secure_policy) {
   session_desc_factory_.set_secure(secure_policy);
 }
 
 cricket::SecurePolicy WebRtcSessionDescriptionFactory::SdesPolicy() const {
   return session_desc_factory_.secure();
 }
 
 void WebRtcSessionDescriptionFactory::OnMessage(rtc::Message* msg) {
   switch (msg->message_id) {
     case MSG_CREATE_SESSIONDESCRIPTION_SUCCESS: {
       CreateSessionDescriptionMsg* param =
           static_cast<CreateSessionDescriptionMsg*>(msg->pdata);
       param->observer->OnSuccess(param->description.release());
       delete param;
       break;
     }
     case MSG_CREATE_SESSIONDESCRIPTION_FAILED: {
       CreateSessionDescriptionMsg* param =
           static_cast<CreateSessionDescriptionMsg*>(msg->pdata);
       param->observer->OnFailure(param->error);
       delete param;
       break;
     }
+    case MSG_USE_CONSTRUCTOR_CERTIFICATE: {
+      rtc::ScopedRefMessageData<rtc::RTCCertificate>* param =
+          static_cast<rtc::ScopedRefMessageData<rtc::RTCCertificate>*>(
+              msg->pdata);
+      LOG(LS_INFO) << "Using certificate supplied to the constructor.";
+      // TODO(hbos): Pass around scoped_refptr<RTCCertificate> instead of
+      // SSLIdentity* (then there will be no need to do GetReference here).

[torbjorng (webrtc), 2015/08/21 12:39:19]

Perhaps we ought to rename GetReference to make things less confusing?

[hbos, 2015/08/24 10:16:44]

Sure but let's do that in a separate CL, added a TODO.

+      SetIdentity(param->data()->identity()->GetReference());
+      delete param;
+      break;
+    }
     default:
       ASSERT(false);
       break;
   }
 }
 
 void WebRtcSessionDescriptionFactory::InternalCreateOffer(
     CreateSessionDescriptionRequest request) {
   cricket::SessionDescription* desc(
       session_desc_factory_.CreateOffer(
@@ skipping 98 matching lines @@
     SessionDescriptionInterface* description) {
   CreateSessionDescriptionMsg* msg = new CreateSessionDescriptionMsg(observer);
   msg->description.reset(description);
   signaling_thread_->Post(this, MSG_CREATE_SESSIONDESCRIPTION_SUCCESS, msg);
 }
 
 void WebRtcSessionDescriptionFactory::OnIdentityRequestFailed(int error) {
   ASSERT(signaling_thread_->IsCurrent());
 
   LOG(LS_ERROR) << "Async identity request failed: error = " << error;
-  identity_request_state_ = IDENTITY_FAILED;
+  certificate_request_state_ = CERTIFICATE_FAILED;
 
   FailPendingRequests(kFailedDueToIdentityFailed);
 }
 
 void WebRtcSessionDescriptionFactory::SetIdentity(
     rtc::SSLIdentity* identity) {
   LOG(LS_VERBOSE) << "Setting new identity";
 
-  identity_request_state_ = IDENTITY_SUCCEEDED;
+  certificate_request_state_ = CERTIFICATE_SUCCEEDED;
   SignalIdentityReady(identity);
 
   transport_desc_factory_.set_identity(identity);
   transport_desc_factory_.set_secure(cricket::SEC_ENABLED);
 
   while (!create_session_description_requests_.empty()) {
     if (create_session_description_requests_.front().type ==
         CreateSessionDescriptionRequest::kOffer) {
       InternalCreateOffer(create_session_description_requests_.front());
     } else {
       InternalCreateAnswer(create_session_description_requests_.front());
     }
     create_session_description_requests_.pop();
   }
 }
 }  // namespace webrtc