Chromium Code Reviews Chromium Code Reviews
Issue 1312643004:
Replaces SSLIdentity* with scoped_refptr<RTCCertificate> in cricket::Transport layer. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 51 name_(name), | 51 name_(name), |
| 52 signaling_thread_(signaling_thread), | 52 signaling_thread_(signaling_thread), |
| 53 worker_thread_(worker_thread), | 53 worker_thread_(worker_thread), |
| 54 packet_size_(0), | 54 packet_size_(0), |
| 55 use_dtls_srtp_(false), | 55 use_dtls_srtp_(false), |
| 56 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10), | 56 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10), |
| 57 negotiated_dtls_(false), | 57 negotiated_dtls_(false), |
| 58 received_dtls_client_hello_(false), | 58 received_dtls_client_hello_(false), |
| 59 received_dtls_server_hello_(false) { | 59 received_dtls_server_hello_(false) { |
| 60 } | 60 } |
| 61 void CreateIdentity(rtc::KeyType key_type) { | 61 void CreateCertificate(rtc::KeyType key_type) { |
| 62 identity_.reset(rtc::SSLIdentity::Generate(name_, key_type)); | 62 certificate_ = rtc::RTCCertificate::Create( |
| 63 rtc::scoped_ptr<rtc::SSLIdentity>( | |
| 64 rtc::SSLIdentity::Generate(name_, key_type)).Pass()); | |
| 63 } | 65 } |
| 64 rtc::SSLIdentity* identity() { return identity_.get(); } | 66 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() { |
| 67 return certificate_; | |
| 68 } | |
| 65 void SetupSrtp() { | 69 void SetupSrtp() { |
| 66 ASSERT(identity_.get() != NULL); | 70 ASSERT(certificate_); |
| 67 use_dtls_srtp_ = true; | 71 use_dtls_srtp_ = true; |
| 68 } | 72 } |
| 69 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) { | 73 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) { |
| 70 ASSERT(transport_.get() == NULL); | 74 ASSERT(transport_.get() == NULL); |
| 71 ssl_max_version_ = version; | 75 ssl_max_version_ = version; |
| 72 } | 76 } |
| 73 void SetupChannels(int count, cricket::IceRole role) { | 77 void SetupChannels(int count, cricket::IceRole role) { |
| 74 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>( | 78 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>( |
| 75 signaling_thread_, worker_thread_, "dtls content name", NULL, | 79 signaling_thread_, worker_thread_, "dtls content name", nullptr, |
| 76 identity_.get())); | 80 certificate_)); |
| 77 transport_->SetAsync(true); | 81 transport_->SetAsync(true); |
| 78 transport_->SetIceRole(role); | 82 transport_->SetIceRole(role); |
| 79 transport_->SetIceTiebreaker( | 83 transport_->SetIceTiebreaker( |
| 80 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2); | 84 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2); |
| 81 transport_->SignalWritableState.connect(this, | 85 transport_->SignalWritableState.connect(this, |
| 82 &DtlsTestClient::OnTransportWritableState); | 86 &DtlsTestClient::OnTransportWritableState); |
| 83 | 87 |
| 84 for (int i = 0; i < count; ++i) { | 88 for (int i = 0; i < count; ++i) { |
| 85 cricket::DtlsTransportChannelWrapper* channel = | 89 cricket::DtlsTransportChannelWrapper* channel = |
| 86 static_cast<cricket::DtlsTransportChannelWrapper*>( | 90 static_cast<cricket::DtlsTransportChannelWrapper*>( |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 107 static_cast<cricket::DtlsTransportChannelWrapper*>(ch); | 111 static_cast<cricket::DtlsTransportChannelWrapper*>(ch); |
| 108 return (wrapper) ? | 112 return (wrapper) ? |
| 109 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL; | 113 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL; |
| 110 } | 114 } |
| 111 | 115 |
| 112 // Offer DTLS if we have an identity; pass in a remote fingerprint only if | 116 // Offer DTLS if we have an identity; pass in a remote fingerprint only if |
| 113 // both sides support DTLS. | 117 // both sides support DTLS. |
| 114 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action, | 118 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action, |
| 115 ConnectionRole local_role, ConnectionRole remote_role, | 119 ConnectionRole local_role, ConnectionRole remote_role, |
| 116 int flags) { | 120 int flags) { |
| 117 Negotiate(identity_.get(), (identity_) ? peer->identity_.get() : NULL, | 121 rtc::SSLIdentity* identity = |
| 122 certificate_ ? certificate_->identity() : nullptr; | |
| 123 rtc::SSLIdentity* peer_identity = | |
| 124 peer->certificate_ ? peer->certificate_->identity() : nullptr; | |
| 125 // TODO(hbos): Negotiate /w RTCCertificate | |
|
tommi
2015/08/25 10:28:08
fix?
hbos
2015/08/25 15:45:44
Done.
| |
| 126 Negotiate(identity, identity ? peer_identity : nullptr, | |
| 118 action, local_role, remote_role, flags); | 127 action, local_role, remote_role, flags); |
| 119 } | 128 } |
| 120 | 129 |
| 121 // Allow any DTLS configuration to be specified (including invalid ones). | 130 // Allow any DTLS configuration to be specified (including invalid ones). |
| 122 void Negotiate(rtc::SSLIdentity* local_identity, | 131 void Negotiate(rtc::SSLIdentity* local_identity, |
| 123 rtc::SSLIdentity* remote_identity, | 132 rtc::SSLIdentity* remote_identity, |
| 124 cricket::ContentAction action, | 133 cricket::ContentAction action, |
| 125 ConnectionRole local_role, | 134 ConnectionRole local_role, |
| 126 ConnectionRole remote_role, | 135 ConnectionRole remote_role, |
| 127 int flags) { | 136 int flags) { |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 245 size_t sent = 0; | 254 size_t sent = 0; |
| 246 do { | 255 do { |
| 247 // Fill the packet with a known value and a sequence number to check | 256 // Fill the packet with a known value and a sequence number to check |
| 248 // against, and make sure that it doesn't look like DTLS. | 257 // against, and make sure that it doesn't look like DTLS. |
| 249 memset(packet.get(), sent & 0xff, size); | 258 memset(packet.get(), sent & 0xff, size); |
| 250 packet[0] = (srtp) ? 0x80 : 0x00; | 259 packet[0] = (srtp) ? 0x80 : 0x00; |
| 251 rtc::SetBE32(packet.get() + kPacketNumOffset, | 260 rtc::SetBE32(packet.get() + kPacketNumOffset, |
| 252 static_cast<uint32>(sent)); | 261 static_cast<uint32>(sent)); |
| 253 | 262 |
| 254 // Only set the bypass flag if we've activated DTLS. | 263 // Only set the bypass flag if we've activated DTLS. |
| 255 int flags = (identity_.get() && srtp) ? cricket::PF_SRTP_BYPASS : 0; | 264 int flags = (certificate_ && srtp) ? cricket::PF_SRTP_BYPASS : 0; |
| 256 rtc::PacketOptions packet_options; | 265 rtc::PacketOptions packet_options; |
| 257 int rv = channels_[channel]->SendPacket( | 266 int rv = channels_[channel]->SendPacket( |
| 258 packet.get(), size, packet_options, flags); | 267 packet.get(), size, packet_options, flags); |
| 259 ASSERT_GT(rv, 0); | 268 ASSERT_GT(rv, 0); |
| 260 ASSERT_EQ(size, static_cast<size_t>(rv)); | 269 ASSERT_EQ(size, static_cast<size_t>(rv)); |
| 261 ++sent; | 270 ++sent; |
| 262 } while (sent < count); | 271 } while (sent < count); |
| 263 } | 272 } |
| 264 | 273 |
| 265 int SendInvalidSrtpPacket(size_t channel, size_t size) { | 274 int SendInvalidSrtpPacket(size_t channel, size_t size) { |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 326 } | 335 } |
| 327 | 336 |
| 328 void OnTransportChannelReadPacket(cricket::TransportChannel* channel, | 337 void OnTransportChannelReadPacket(cricket::TransportChannel* channel, |
| 329 const char* data, size_t size, | 338 const char* data, size_t size, |
| 330 const rtc::PacketTime& packet_time, | 339 const rtc::PacketTime& packet_time, |
| 331 int flags) { | 340 int flags) { |
| 332 uint32 packet_num = 0; | 341 uint32 packet_num = 0; |
| 333 ASSERT_TRUE(VerifyPacket(data, size, &packet_num)); | 342 ASSERT_TRUE(VerifyPacket(data, size, &packet_num)); |
| 334 received_.insert(packet_num); | 343 received_.insert(packet_num); |
| 335 // Only DTLS-SRTP packets should have the bypass flag set. | 344 // Only DTLS-SRTP packets should have the bypass flag set. |
| 336 int expected_flags = (identity_.get() && IsRtpLeadByte(data[0])) ? | 345 int expected_flags = (certificate_ && IsRtpLeadByte(data[0])) ? |
| 337 cricket::PF_SRTP_BYPASS : 0; | 346 cricket::PF_SRTP_BYPASS : 0; |
| 338 ASSERT_EQ(expected_flags, flags); | 347 ASSERT_EQ(expected_flags, flags); |
| 339 } | 348 } |
| 340 | 349 |
| 341 // Hook into the raw packet stream to make sure DTLS packets are encrypted. | 350 // Hook into the raw packet stream to make sure DTLS packets are encrypted. |
| 342 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel, | 351 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel, |
| 343 const char* data, size_t size, | 352 const char* data, size_t size, |
| 344 const rtc::PacketTime& time, | 353 const rtc::PacketTime& time, |
| 345 int flags) { | 354 int flags) { |
| 346 // Flags shouldn't be set on the underlying TransportChannel packets. | 355 // Flags shouldn't be set on the underlying TransportChannel packets. |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 363 ASSERT_TRUE(VerifyPacket(data, size, NULL)); | 372 ASSERT_TRUE(VerifyPacket(data, size, NULL)); |
| 364 } | 373 } |
| 365 } | 374 } |
| 366 } | 375 } |
| 367 } | 376 } |
| 368 | 377 |
| 369 private: | 378 private: |
| 370 std::string name_; | 379 std::string name_; |
| 371 rtc::Thread* signaling_thread_; | 380 rtc::Thread* signaling_thread_; |
| 372 rtc::Thread* worker_thread_; | 381 rtc::Thread* worker_thread_; |
| 373 rtc::scoped_ptr<rtc::SSLIdentity> identity_; | 382 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; |
| 374 rtc::scoped_ptr<cricket::FakeTransport> transport_; | 383 rtc::scoped_ptr<cricket::FakeTransport> transport_; |
| 375 std::vector<cricket::DtlsTransportChannelWrapper*> channels_; | 384 std::vector<cricket::DtlsTransportChannelWrapper*> channels_; |
| 376 size_t packet_size_; | 385 size_t packet_size_; |
| 377 std::set<int> received_; | 386 std::set<int> received_; |
| 378 bool use_dtls_srtp_; | 387 bool use_dtls_srtp_; |
| 379 rtc::SSLProtocolVersion ssl_max_version_; | 388 rtc::SSLProtocolVersion ssl_max_version_; |
| 380 bool negotiated_dtls_; | 389 bool negotiated_dtls_; |
| 381 bool received_dtls_client_hello_; | 390 bool received_dtls_client_hello_; |
| 382 bool received_dtls_server_hello_; | 391 bool received_dtls_server_hello_; |
| 383 }; | 392 }; |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 400 channel_ct_ = static_cast<int>(channel_ct); | 409 channel_ct_ = static_cast<int>(channel_ct); |
| 401 } | 410 } |
| 402 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1, | 411 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1, |
| 403 rtc::SSLProtocolVersion c2) { | 412 rtc::SSLProtocolVersion c2) { |
| 404 client1_.SetupMaxProtocolVersion(c1); | 413 client1_.SetupMaxProtocolVersion(c1); |
| 405 client2_.SetupMaxProtocolVersion(c2); | 414 client2_.SetupMaxProtocolVersion(c2); |
| 406 ssl_expected_version_ = std::min(c1, c2); | 415 ssl_expected_version_ = std::min(c1, c2); |
| 407 } | 416 } |
| 408 void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) { | 417 void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) { |
| 409 if (c1) { | 418 if (c1) { |
| 410 client1_.CreateIdentity(key_type); | 419 client1_.CreateCertificate(key_type); |
| 411 } | 420 } |
| 412 if (c2) { | 421 if (c2) { |
| 413 client2_.CreateIdentity(key_type); | 422 client2_.CreateCertificate(key_type); |
| 414 } | 423 } |
| 415 if (c1 && c2) | 424 if (c1 && c2) |
| 416 use_dtls_ = true; | 425 use_dtls_ = true; |
| 417 } | 426 } |
| 418 void PrepareDtlsSrtp(bool c1, bool c2) { | 427 void PrepareDtlsSrtp(bool c1, bool c2) { |
| 419 if (!use_dtls_) | 428 if (!use_dtls_) |
| 420 return; | 429 return; |
| 421 | 430 |
| 422 if (c1) | 431 if (c1) |
| 423 client1_.SetupSrtp(); | 432 client1_.SetupSrtp(); |
| (...skipping 395 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 819 TestTransfer(0, 1000, 100, true); | 828 TestTransfer(0, 1000, 100, true); |
| 820 TestTransfer(1, 1000, 100, true); | 829 TestTransfer(1, 1000, 100, true); |
| 821 } | 830 } |
| 822 | 831 |
| 823 // Test Certificates state after negotiation but before connection. | 832 // Test Certificates state after negotiation but before connection. |
| 824 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) { | 833 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) { |
| 825 MAYBE_SKIP_TEST(HaveDtls); | 834 MAYBE_SKIP_TEST(HaveDtls); |
| 826 PrepareDtls(true, true, rtc::KT_DEFAULT); | 835 PrepareDtls(true, true, rtc::KT_DEFAULT); |
| 827 Negotiate(); | 836 Negotiate(); |
| 828 | 837 |
| 829 rtc::scoped_ptr<rtc::SSLIdentity> identity1; | 838 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; |
| 830 rtc::scoped_ptr<rtc::SSLIdentity> identity2; | 839 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; |
| 831 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; | 840 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; |
| 832 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; | 841 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; |
| 833 | 842 |
| 834 // After negotiation, each side has a distinct local certificate, but still no | 843 // After negotiation, each side has a distinct local certificate, but still no |
| 835 // remote certificate, because connection has not yet occurred. | 844 // remote certificate, because connection has not yet occurred. |
| 836 ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept())); | 845 ASSERT_TRUE(client1_.transport()->GetCertificate(&certificate1)); |
| 837 ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept())); | 846 ASSERT_TRUE(client2_.transport()->GetCertificate(&certificate2)); |
| 838 ASSERT_NE(identity1->certificate().ToPEMString(), | 847 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), |
| 839 identity2->certificate().ToPEMString()); | 848 certificate2->ssl_certificate().ToPEMString()); |
| 840 ASSERT_FALSE( | 849 ASSERT_FALSE( |
| 841 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); | 850 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); |
| 842 ASSERT_FALSE(remote_cert1 != NULL); | 851 ASSERT_FALSE(remote_cert1 != NULL); |
| 843 ASSERT_FALSE( | 852 ASSERT_FALSE( |
| 844 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); | 853 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); |
| 845 ASSERT_FALSE(remote_cert2 != NULL); | 854 ASSERT_FALSE(remote_cert2 != NULL); |
| 846 } | 855 } |
| 847 | 856 |
| 848 // Test Certificates state after connection. | 857 // Test Certificates state after connection. |
| 849 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) { | 858 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) { |
| 850 MAYBE_SKIP_TEST(HaveDtls); | 859 MAYBE_SKIP_TEST(HaveDtls); |
| 851 PrepareDtls(true, true, rtc::KT_DEFAULT); | 860 PrepareDtls(true, true, rtc::KT_DEFAULT); |
| 852 ASSERT_TRUE(Connect()); | 861 ASSERT_TRUE(Connect()); |
| 853 | 862 |
| 854 rtc::scoped_ptr<rtc::SSLIdentity> identity1; | 863 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; |
| 855 rtc::scoped_ptr<rtc::SSLIdentity> identity2; | 864 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; |
| 856 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; | 865 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; |
| 857 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; | 866 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; |
| 858 | 867 |
| 859 // After connection, each side has a distinct local certificate. | 868 // After connection, each side has a distinct local certificate. |
| 860 ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept())); | 869 ASSERT_TRUE(client1_.transport()->GetCertificate(&certificate1)); |
| 861 ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept())); | 870 ASSERT_TRUE(client2_.transport()->GetCertificate(&certificate2)); |
| 862 ASSERT_NE(identity1->certificate().ToPEMString(), | 871 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), |
| 863 identity2->certificate().ToPEMString()); | 872 certificate2->ssl_certificate().ToPEMString()); |
| 864 | 873 |
| 865 // Each side's remote certificate is the other side's local certificate. | 874 // Each side's remote certificate is the other side's local certificate. |
| 866 ASSERT_TRUE( | 875 ASSERT_TRUE( |
| 867 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); | 876 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); |
| 868 ASSERT_EQ(remote_cert1->ToPEMString(), | 877 ASSERT_EQ(remote_cert1->ToPEMString(), |
| 869 identity2->certificate().ToPEMString()); | 878 certificate2->ssl_certificate().ToPEMString()); |
| 870 ASSERT_TRUE( | 879 ASSERT_TRUE( |
| 871 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); | 880 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); |
| 872 ASSERT_EQ(remote_cert2->ToPEMString(), | 881 ASSERT_EQ(remote_cert2->ToPEMString(), |
| 873 identity1->certificate().ToPEMString()); | 882 certificate1->ssl_certificate().ToPEMString()); |
| 874 } | 883 } |
| OLD | NEW |
