| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 51 name_(name), | 51 name_(name), |
| 52 signaling_thread_(signaling_thread), | 52 signaling_thread_(signaling_thread), |
| 53 worker_thread_(worker_thread), | 53 worker_thread_(worker_thread), |
| 54 packet_size_(0), | 54 packet_size_(0), |
| 55 use_dtls_srtp_(false), | 55 use_dtls_srtp_(false), |
| 56 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10), | 56 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10), |
| 57 negotiated_dtls_(false), | 57 negotiated_dtls_(false), |
| 58 received_dtls_client_hello_(false), | 58 received_dtls_client_hello_(false), |
| 59 received_dtls_server_hello_(false) { | 59 received_dtls_server_hello_(false) { |
| 60 } | 60 } |
| 61 void CreateIdentity(rtc::KeyType key_type) { | 61 void CreateCertificate(rtc::KeyType key_type) { |
| 62 identity_.reset(rtc::SSLIdentity::Generate(name_, key_type)); | 62 certificate_ = rtc::RTCCertificate::Create( |
| 63 rtc::scoped_ptr<rtc::SSLIdentity>( |
| 64 rtc::SSLIdentity::Generate(name_, key_type)).Pass()); |
| 63 } | 65 } |
| 64 rtc::SSLIdentity* identity() { return identity_.get(); } | 66 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() { |
| 67 return certificate_; |
| 68 } |
| 65 void SetupSrtp() { | 69 void SetupSrtp() { |
| 66 ASSERT(identity_.get() != NULL); | 70 ASSERT(certificate_); |
| 67 use_dtls_srtp_ = true; | 71 use_dtls_srtp_ = true; |
| 68 } | 72 } |
| 69 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) { | 73 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) { |
| 70 ASSERT(transport_.get() == NULL); | 74 ASSERT(transport_.get() == NULL); |
| 71 ssl_max_version_ = version; | 75 ssl_max_version_ = version; |
| 72 } | 76 } |
| 73 void SetupChannels(int count, cricket::IceRole role) { | 77 void SetupChannels(int count, cricket::IceRole role) { |
| 74 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>( | 78 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>( |
| 75 signaling_thread_, worker_thread_, "dtls content name", NULL, | 79 signaling_thread_, worker_thread_, "dtls content name", nullptr, |
| 76 identity_.get())); | 80 certificate_)); |
| 77 transport_->SetAsync(true); | 81 transport_->SetAsync(true); |
| 78 transport_->SetIceRole(role); | 82 transport_->SetIceRole(role); |
| 79 transport_->SetIceTiebreaker( | 83 transport_->SetIceTiebreaker( |
| 80 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2); | 84 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2); |
| 81 transport_->SignalWritableState.connect(this, | 85 transport_->SignalWritableState.connect(this, |
| 82 &DtlsTestClient::OnTransportWritableState); | 86 &DtlsTestClient::OnTransportWritableState); |
| 83 | 87 |
| 84 for (int i = 0; i < count; ++i) { | 88 for (int i = 0; i < count; ++i) { |
| 85 cricket::DtlsTransportChannelWrapper* channel = | 89 cricket::DtlsTransportChannelWrapper* channel = |
| 86 static_cast<cricket::DtlsTransportChannelWrapper*>( | 90 static_cast<cricket::DtlsTransportChannelWrapper*>( |
| (...skipping 20 matching lines...) Expand all Loading... |
| 107 static_cast<cricket::DtlsTransportChannelWrapper*>(ch); | 111 static_cast<cricket::DtlsTransportChannelWrapper*>(ch); |
| 108 return (wrapper) ? | 112 return (wrapper) ? |
| 109 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL; | 113 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL; |
| 110 } | 114 } |
| 111 | 115 |
| 112 // Offer DTLS if we have an identity; pass in a remote fingerprint only if | 116 // Offer DTLS if we have an identity; pass in a remote fingerprint only if |
| 113 // both sides support DTLS. | 117 // both sides support DTLS. |
| 114 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action, | 118 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action, |
| 115 ConnectionRole local_role, ConnectionRole remote_role, | 119 ConnectionRole local_role, ConnectionRole remote_role, |
| 116 int flags) { | 120 int flags) { |
| 117 Negotiate(identity_.get(), (identity_) ? peer->identity_.get() : NULL, | 121 Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, |
| 118 action, local_role, remote_role, flags); | 122 action, local_role, remote_role, flags); |
| 119 } | 123 } |
| 120 | 124 |
| 121 // Allow any DTLS configuration to be specified (including invalid ones). | 125 // Allow any DTLS configuration to be specified (including invalid ones). |
| 122 void Negotiate(rtc::SSLIdentity* local_identity, | 126 void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert, |
| 123 rtc::SSLIdentity* remote_identity, | 127 const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert, |
| 124 cricket::ContentAction action, | 128 cricket::ContentAction action, |
| 125 ConnectionRole local_role, | 129 ConnectionRole local_role, |
| 126 ConnectionRole remote_role, | 130 ConnectionRole remote_role, |
| 127 int flags) { | 131 int flags) { |
| 128 rtc::scoped_ptr<rtc::SSLFingerprint> local_fingerprint; | 132 rtc::scoped_ptr<rtc::SSLFingerprint> local_fingerprint; |
| 129 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint; | 133 rtc::scoped_ptr<rtc::SSLFingerprint> remote_fingerprint; |
| 130 if (local_identity) { | 134 if (local_cert) { |
| 131 std::string digest_algorithm; | 135 std::string digest_algorithm; |
| 132 ASSERT_TRUE(local_identity->certificate().GetSignatureDigestAlgorithm( | 136 ASSERT_TRUE(local_cert->ssl_certificate().GetSignatureDigestAlgorithm( |
| 133 &digest_algorithm)); | 137 &digest_algorithm)); |
| 134 ASSERT_FALSE(digest_algorithm.empty()); | 138 ASSERT_FALSE(digest_algorithm.empty()); |
| 135 local_fingerprint.reset(rtc::SSLFingerprint::Create( | 139 local_fingerprint.reset(rtc::SSLFingerprint::Create( |
| 136 digest_algorithm, local_identity)); | 140 digest_algorithm, local_cert->identity())); |
| 137 ASSERT_TRUE(local_fingerprint.get() != NULL); | 141 ASSERT_TRUE(local_fingerprint.get() != NULL); |
| 138 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); | 142 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); |
| 139 } | 143 } |
| 140 if (remote_identity) { | 144 if (remote_cert) { |
| 141 std::string digest_algorithm; | 145 std::string digest_algorithm; |
| 142 ASSERT_TRUE(remote_identity->certificate().GetSignatureDigestAlgorithm( | 146 ASSERT_TRUE(remote_cert->ssl_certificate().GetSignatureDigestAlgorithm( |
| 143 &digest_algorithm)); | 147 &digest_algorithm)); |
| 144 ASSERT_FALSE(digest_algorithm.empty()); | 148 ASSERT_FALSE(digest_algorithm.empty()); |
| 145 remote_fingerprint.reset(rtc::SSLFingerprint::Create( | 149 remote_fingerprint.reset(rtc::SSLFingerprint::Create( |
| 146 digest_algorithm, remote_identity)); | 150 digest_algorithm, remote_cert->identity())); |
| 147 ASSERT_TRUE(remote_fingerprint.get() != NULL); | 151 ASSERT_TRUE(remote_fingerprint.get() != NULL); |
| 148 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); | 152 EXPECT_EQ(rtc::DIGEST_SHA_256, digest_algorithm); |
| 149 } | 153 } |
| 150 | 154 |
| 151 if (use_dtls_srtp_ && !(flags & NF_REOFFER)) { | 155 if (use_dtls_srtp_ && !(flags & NF_REOFFER)) { |
| 152 // SRTP ciphers will be set only in the beginning. | 156 // SRTP ciphers will be set only in the beginning. |
| 153 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = | 157 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = |
| 154 channels_.begin(); it != channels_.end(); ++it) { | 158 channels_.begin(); it != channels_.end(); ++it) { |
| 155 std::vector<std::string> ciphers; | 159 std::vector<std::string> ciphers; |
| 156 ciphers.push_back(AES_CM_128_HMAC_SHA1_80); | 160 ciphers.push_back(AES_CM_128_HMAC_SHA1_80); |
| 157 ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers)); | 161 ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers)); |
| 158 } | 162 } |
| 159 } | 163 } |
| 160 | 164 |
| 161 cricket::TransportDescription local_desc( | 165 cricket::TransportDescription local_desc( |
| 162 std::vector<std::string>(), kIceUfrag1, kIcePwd1, | 166 std::vector<std::string>(), kIceUfrag1, kIcePwd1, |
| 163 cricket::ICEMODE_FULL, local_role, | 167 cricket::ICEMODE_FULL, local_role, |
| 164 // If remote if the offerer and has no DTLS support, answer will be | 168 // If remote if the offerer and has no DTLS support, answer will be |
| 165 // without any fingerprint. | 169 // without any fingerprint. |
| 166 (action == cricket::CA_ANSWER && !remote_identity) ? | 170 (action == cricket::CA_ANSWER && !remote_cert) ? |
| 167 NULL : local_fingerprint.get(), | 171 NULL : local_fingerprint.get(), |
| 168 cricket::Candidates()); | 172 cricket::Candidates()); |
| 169 | 173 |
| 170 cricket::TransportDescription remote_desc( | 174 cricket::TransportDescription remote_desc( |
| 171 std::vector<std::string>(), kIceUfrag1, kIcePwd1, | 175 std::vector<std::string>(), kIceUfrag1, kIcePwd1, |
| 172 cricket::ICEMODE_FULL, remote_role, remote_fingerprint.get(), | 176 cricket::ICEMODE_FULL, remote_role, remote_fingerprint.get(), |
| 173 cricket::Candidates()); | 177 cricket::Candidates()); |
| 174 | 178 |
| 175 bool expect_success = (flags & NF_EXPECT_FAILURE) ? false : true; | 179 bool expect_success = (flags & NF_EXPECT_FAILURE) ? false : true; |
| 176 // If |expect_success| is false, expect SRTD or SLTD to fail when | 180 // If |expect_success| is false, expect SRTD or SLTD to fail when |
| 177 // content action is CA_ANSWER. | 181 // content action is CA_ANSWER. |
| 178 if (action == cricket::CA_OFFER) { | 182 if (action == cricket::CA_OFFER) { |
| 179 ASSERT_TRUE(transport_->SetLocalTransportDescription( | 183 ASSERT_TRUE(transport_->SetLocalTransportDescription( |
| 180 local_desc, cricket::CA_OFFER, NULL)); | 184 local_desc, cricket::CA_OFFER, NULL)); |
| 181 ASSERT_EQ(expect_success, transport_->SetRemoteTransportDescription( | 185 ASSERT_EQ(expect_success, transport_->SetRemoteTransportDescription( |
| 182 remote_desc, cricket::CA_ANSWER, NULL)); | 186 remote_desc, cricket::CA_ANSWER, NULL)); |
| 183 } else { | 187 } else { |
| 184 ASSERT_TRUE(transport_->SetRemoteTransportDescription( | 188 ASSERT_TRUE(transport_->SetRemoteTransportDescription( |
| 185 remote_desc, cricket::CA_OFFER, NULL)); | 189 remote_desc, cricket::CA_OFFER, NULL)); |
| 186 ASSERT_EQ(expect_success, transport_->SetLocalTransportDescription( | 190 ASSERT_EQ(expect_success, transport_->SetLocalTransportDescription( |
| 187 local_desc, cricket::CA_ANSWER, NULL)); | 191 local_desc, cricket::CA_ANSWER, NULL)); |
| 188 } | 192 } |
| 189 negotiated_dtls_ = (local_identity && remote_identity); | 193 negotiated_dtls_ = (local_cert && remote_cert); |
| 190 } | 194 } |
| 191 | 195 |
| 192 bool Connect(DtlsTestClient* peer) { | 196 bool Connect(DtlsTestClient* peer) { |
| 193 transport_->ConnectChannels(); | 197 transport_->ConnectChannels(); |
| 194 transport_->SetDestination(peer->transport_.get()); | 198 transport_->SetDestination(peer->transport_.get()); |
| 195 return true; | 199 return true; |
| 196 } | 200 } |
| 197 | 201 |
| 198 bool writable() const { return transport_->writable(); } | 202 bool writable() const { return transport_->writable(); } |
| 199 | 203 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 245 size_t sent = 0; | 249 size_t sent = 0; |
| 246 do { | 250 do { |
| 247 // Fill the packet with a known value and a sequence number to check | 251 // Fill the packet with a known value and a sequence number to check |
| 248 // against, and make sure that it doesn't look like DTLS. | 252 // against, and make sure that it doesn't look like DTLS. |
| 249 memset(packet.get(), sent & 0xff, size); | 253 memset(packet.get(), sent & 0xff, size); |
| 250 packet[0] = (srtp) ? 0x80 : 0x00; | 254 packet[0] = (srtp) ? 0x80 : 0x00; |
| 251 rtc::SetBE32(packet.get() + kPacketNumOffset, | 255 rtc::SetBE32(packet.get() + kPacketNumOffset, |
| 252 static_cast<uint32>(sent)); | 256 static_cast<uint32>(sent)); |
| 253 | 257 |
| 254 // Only set the bypass flag if we've activated DTLS. | 258 // Only set the bypass flag if we've activated DTLS. |
| 255 int flags = (identity_.get() && srtp) ? cricket::PF_SRTP_BYPASS : 0; | 259 int flags = (certificate_ && srtp) ? cricket::PF_SRTP_BYPASS : 0; |
| 256 rtc::PacketOptions packet_options; | 260 rtc::PacketOptions packet_options; |
| 257 int rv = channels_[channel]->SendPacket( | 261 int rv = channels_[channel]->SendPacket( |
| 258 packet.get(), size, packet_options, flags); | 262 packet.get(), size, packet_options, flags); |
| 259 ASSERT_GT(rv, 0); | 263 ASSERT_GT(rv, 0); |
| 260 ASSERT_EQ(size, static_cast<size_t>(rv)); | 264 ASSERT_EQ(size, static_cast<size_t>(rv)); |
| 261 ++sent; | 265 ++sent; |
| 262 } while (sent < count); | 266 } while (sent < count); |
| 263 } | 267 } |
| 264 | 268 |
| 265 int SendInvalidSrtpPacket(size_t channel, size_t size) { | 269 int SendInvalidSrtpPacket(size_t channel, size_t size) { |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 326 } | 330 } |
| 327 | 331 |
| 328 void OnTransportChannelReadPacket(cricket::TransportChannel* channel, | 332 void OnTransportChannelReadPacket(cricket::TransportChannel* channel, |
| 329 const char* data, size_t size, | 333 const char* data, size_t size, |
| 330 const rtc::PacketTime& packet_time, | 334 const rtc::PacketTime& packet_time, |
| 331 int flags) { | 335 int flags) { |
| 332 uint32 packet_num = 0; | 336 uint32 packet_num = 0; |
| 333 ASSERT_TRUE(VerifyPacket(data, size, &packet_num)); | 337 ASSERT_TRUE(VerifyPacket(data, size, &packet_num)); |
| 334 received_.insert(packet_num); | 338 received_.insert(packet_num); |
| 335 // Only DTLS-SRTP packets should have the bypass flag set. | 339 // Only DTLS-SRTP packets should have the bypass flag set. |
| 336 int expected_flags = (identity_.get() && IsRtpLeadByte(data[0])) ? | 340 int expected_flags = (certificate_ && IsRtpLeadByte(data[0])) ? |
| 337 cricket::PF_SRTP_BYPASS : 0; | 341 cricket::PF_SRTP_BYPASS : 0; |
| 338 ASSERT_EQ(expected_flags, flags); | 342 ASSERT_EQ(expected_flags, flags); |
| 339 } | 343 } |
| 340 | 344 |
| 341 // Hook into the raw packet stream to make sure DTLS packets are encrypted. | 345 // Hook into the raw packet stream to make sure DTLS packets are encrypted. |
| 342 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel, | 346 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel, |
| 343 const char* data, size_t size, | 347 const char* data, size_t size, |
| 344 const rtc::PacketTime& time, | 348 const rtc::PacketTime& time, |
| 345 int flags) { | 349 int flags) { |
| 346 // Flags shouldn't be set on the underlying TransportChannel packets. | 350 // Flags shouldn't be set on the underlying TransportChannel packets. |
| (...skipping 16 matching lines...) Expand all Loading... |
| 363 ASSERT_TRUE(VerifyPacket(data, size, NULL)); | 367 ASSERT_TRUE(VerifyPacket(data, size, NULL)); |
| 364 } | 368 } |
| 365 } | 369 } |
| 366 } | 370 } |
| 367 } | 371 } |
| 368 | 372 |
| 369 private: | 373 private: |
| 370 std::string name_; | 374 std::string name_; |
| 371 rtc::Thread* signaling_thread_; | 375 rtc::Thread* signaling_thread_; |
| 372 rtc::Thread* worker_thread_; | 376 rtc::Thread* worker_thread_; |
| 373 rtc::scoped_ptr<rtc::SSLIdentity> identity_; | 377 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; |
| 374 rtc::scoped_ptr<cricket::FakeTransport> transport_; | 378 rtc::scoped_ptr<cricket::FakeTransport> transport_; |
| 375 std::vector<cricket::DtlsTransportChannelWrapper*> channels_; | 379 std::vector<cricket::DtlsTransportChannelWrapper*> channels_; |
| 376 size_t packet_size_; | 380 size_t packet_size_; |
| 377 std::set<int> received_; | 381 std::set<int> received_; |
| 378 bool use_dtls_srtp_; | 382 bool use_dtls_srtp_; |
| 379 rtc::SSLProtocolVersion ssl_max_version_; | 383 rtc::SSLProtocolVersion ssl_max_version_; |
| 380 bool negotiated_dtls_; | 384 bool negotiated_dtls_; |
| 381 bool received_dtls_client_hello_; | 385 bool received_dtls_client_hello_; |
| 382 bool received_dtls_server_hello_; | 386 bool received_dtls_server_hello_; |
| 383 }; | 387 }; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 400 channel_ct_ = static_cast<int>(channel_ct); | 404 channel_ct_ = static_cast<int>(channel_ct); |
| 401 } | 405 } |
| 402 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1, | 406 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1, |
| 403 rtc::SSLProtocolVersion c2) { | 407 rtc::SSLProtocolVersion c2) { |
| 404 client1_.SetupMaxProtocolVersion(c1); | 408 client1_.SetupMaxProtocolVersion(c1); |
| 405 client2_.SetupMaxProtocolVersion(c2); | 409 client2_.SetupMaxProtocolVersion(c2); |
| 406 ssl_expected_version_ = std::min(c1, c2); | 410 ssl_expected_version_ = std::min(c1, c2); |
| 407 } | 411 } |
| 408 void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) { | 412 void PrepareDtls(bool c1, bool c2, rtc::KeyType key_type) { |
| 409 if (c1) { | 413 if (c1) { |
| 410 client1_.CreateIdentity(key_type); | 414 client1_.CreateCertificate(key_type); |
| 411 } | 415 } |
| 412 if (c2) { | 416 if (c2) { |
| 413 client2_.CreateIdentity(key_type); | 417 client2_.CreateCertificate(key_type); |
| 414 } | 418 } |
| 415 if (c1 && c2) | 419 if (c1 && c2) |
| 416 use_dtls_ = true; | 420 use_dtls_ = true; |
| 417 } | 421 } |
| 418 void PrepareDtlsSrtp(bool c1, bool c2) { | 422 void PrepareDtlsSrtp(bool c1, bool c2) { |
| 419 if (!use_dtls_) | 423 if (!use_dtls_) |
| 420 return; | 424 return; |
| 421 | 425 |
| 422 if (c1) | 426 if (c1) |
| 423 client1_.SetupSrtp(); | 427 client1_.SetupSrtp(); |
| (...skipping 395 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 819 TestTransfer(0, 1000, 100, true); | 823 TestTransfer(0, 1000, 100, true); |
| 820 TestTransfer(1, 1000, 100, true); | 824 TestTransfer(1, 1000, 100, true); |
| 821 } | 825 } |
| 822 | 826 |
| 823 // Test Certificates state after negotiation but before connection. | 827 // Test Certificates state after negotiation but before connection. |
| 824 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) { | 828 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) { |
| 825 MAYBE_SKIP_TEST(HaveDtls); | 829 MAYBE_SKIP_TEST(HaveDtls); |
| 826 PrepareDtls(true, true, rtc::KT_DEFAULT); | 830 PrepareDtls(true, true, rtc::KT_DEFAULT); |
| 827 Negotiate(); | 831 Negotiate(); |
| 828 | 832 |
| 829 rtc::scoped_ptr<rtc::SSLIdentity> identity1; | 833 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; |
| 830 rtc::scoped_ptr<rtc::SSLIdentity> identity2; | 834 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; |
| 831 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; | 835 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; |
| 832 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; | 836 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; |
| 833 | 837 |
| 834 // After negotiation, each side has a distinct local certificate, but still no | 838 // After negotiation, each side has a distinct local certificate, but still no |
| 835 // remote certificate, because connection has not yet occurred. | 839 // remote certificate, because connection has not yet occurred. |
| 836 ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept())); | 840 ASSERT_TRUE(client1_.transport()->GetCertificate(&certificate1)); |
| 837 ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept())); | 841 ASSERT_TRUE(client2_.transport()->GetCertificate(&certificate2)); |
| 838 ASSERT_NE(identity1->certificate().ToPEMString(), | 842 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), |
| 839 identity2->certificate().ToPEMString()); | 843 certificate2->ssl_certificate().ToPEMString()); |
| 840 ASSERT_FALSE( | 844 ASSERT_FALSE( |
| 841 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); | 845 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); |
| 842 ASSERT_FALSE(remote_cert1 != NULL); | 846 ASSERT_FALSE(remote_cert1 != NULL); |
| 843 ASSERT_FALSE( | 847 ASSERT_FALSE( |
| 844 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); | 848 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); |
| 845 ASSERT_FALSE(remote_cert2 != NULL); | 849 ASSERT_FALSE(remote_cert2 != NULL); |
| 846 } | 850 } |
| 847 | 851 |
| 848 // Test Certificates state after connection. | 852 // Test Certificates state after connection. |
| 849 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) { | 853 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) { |
| 850 MAYBE_SKIP_TEST(HaveDtls); | 854 MAYBE_SKIP_TEST(HaveDtls); |
| 851 PrepareDtls(true, true, rtc::KT_DEFAULT); | 855 PrepareDtls(true, true, rtc::KT_DEFAULT); |
| 852 ASSERT_TRUE(Connect()); | 856 ASSERT_TRUE(Connect()); |
| 853 | 857 |
| 854 rtc::scoped_ptr<rtc::SSLIdentity> identity1; | 858 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; |
| 855 rtc::scoped_ptr<rtc::SSLIdentity> identity2; | 859 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; |
| 856 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; | 860 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; |
| 857 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; | 861 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; |
| 858 | 862 |
| 859 // After connection, each side has a distinct local certificate. | 863 // After connection, each side has a distinct local certificate. |
| 860 ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept())); | 864 ASSERT_TRUE(client1_.transport()->GetCertificate(&certificate1)); |
| 861 ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept())); | 865 ASSERT_TRUE(client2_.transport()->GetCertificate(&certificate2)); |
| 862 ASSERT_NE(identity1->certificate().ToPEMString(), | 866 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), |
| 863 identity2->certificate().ToPEMString()); | 867 certificate2->ssl_certificate().ToPEMString()); |
| 864 | 868 |
| 865 // Each side's remote certificate is the other side's local certificate. | 869 // Each side's remote certificate is the other side's local certificate. |
| 866 ASSERT_TRUE( | 870 ASSERT_TRUE( |
| 867 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); | 871 client1_.transport()->GetRemoteCertificate(remote_cert1.accept())); |
| 868 ASSERT_EQ(remote_cert1->ToPEMString(), | 872 ASSERT_EQ(remote_cert1->ToPEMString(), |
| 869 identity2->certificate().ToPEMString()); | 873 certificate2->ssl_certificate().ToPEMString()); |
| 870 ASSERT_TRUE( | 874 ASSERT_TRUE( |
| 871 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); | 875 client2_.transport()->GetRemoteCertificate(remote_cert2.accept())); |
| 872 ASSERT_EQ(remote_cert2->ToPEMString(), | 876 ASSERT_EQ(remote_cert2->ToPEMString(), |
| 873 identity1->certificate().ToPEMString()); | 877 certificate1->ssl_certificate().ToPEMString()); |
| 874 } | 878 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1312643004:
Replaces SSLIdentity* with scoped_refptr<RTCCertificate> in cricket::Transport layer. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master