OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #include <set> | 11 #include <set> |
12 | 12 |
13 #include "webrtc/p2p/base/dtlstransport.h" | 13 #include "webrtc/p2p/base/dtlstransport.h" |
14 #include "webrtc/p2p/base/faketransportcontroller.h" | 14 #include "webrtc/p2p/base/fakesession.h" |
15 #include "webrtc/base/common.h" | 15 #include "webrtc/base/common.h" |
16 #include "webrtc/base/dscp.h" | 16 #include "webrtc/base/dscp.h" |
17 #include "webrtc/base/gunit.h" | 17 #include "webrtc/base/gunit.h" |
18 #include "webrtc/base/helpers.h" | 18 #include "webrtc/base/helpers.h" |
19 #include "webrtc/base/scoped_ptr.h" | 19 #include "webrtc/base/scoped_ptr.h" |
20 #include "webrtc/base/ssladapter.h" | 20 #include "webrtc/base/ssladapter.h" |
21 #include "webrtc/base/sslidentity.h" | 21 #include "webrtc/base/sslidentity.h" |
22 #include "webrtc/base/sslstreamadapter.h" | 22 #include "webrtc/base/sslstreamadapter.h" |
23 #include "webrtc/base/stringutils.h" | 23 #include "webrtc/base/stringutils.h" |
| 24 #include "webrtc/base/thread.h" |
24 | 25 |
25 #define MAYBE_SKIP_TEST(feature) \ | 26 #define MAYBE_SKIP_TEST(feature) \ |
26 if (!(rtc::SSLStreamAdapter::feature())) { \ | 27 if (!(rtc::SSLStreamAdapter::feature())) { \ |
27 LOG(LS_INFO) << "Feature disabled... skipping"; \ | 28 LOG(LS_INFO) << "Feature disabled... skipping"; \ |
28 return; \ | 29 return; \ |
29 } | 30 } |
30 | 31 |
31 static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; | 32 static const char AES_CM_128_HMAC_SHA1_80[] = "AES_CM_128_HMAC_SHA1_80"; |
32 static const char kIceUfrag1[] = "TESTICEUFRAG0001"; | 33 static const char kIceUfrag1[] = "TESTICEUFRAG0001"; |
33 static const char kIcePwd1[] = "TESTICEPWD00000000000001"; | 34 static const char kIcePwd1[] = "TESTICEPWD00000000000001"; |
34 static const size_t kPacketNumOffset = 8; | 35 static const size_t kPacketNumOffset = 8; |
35 static const size_t kPacketHeaderLen = 12; | 36 static const size_t kPacketHeaderLen = 12; |
36 | 37 |
37 static bool IsRtpLeadByte(uint8 b) { | 38 static bool IsRtpLeadByte(uint8 b) { |
38 return ((b & 0xC0) == 0x80); | 39 return ((b & 0xC0) == 0x80); |
39 } | 40 } |
40 | 41 |
41 using cricket::ConnectionRole; | 42 using cricket::ConnectionRole; |
42 | 43 |
43 enum Flags { NF_REOFFER = 0x1, NF_EXPECT_FAILURE = 0x2 }; | 44 enum Flags { NF_REOFFER = 0x1, NF_EXPECT_FAILURE = 0x2 }; |
44 | 45 |
45 class DtlsTestClient : public sigslot::has_slots<> { | 46 class DtlsTestClient : public sigslot::has_slots<> { |
46 public: | 47 public: |
47 DtlsTestClient(const std::string& name) | 48 DtlsTestClient(const std::string& name, |
48 : name_(name), | 49 rtc::Thread* signaling_thread, |
49 packet_size_(0), | 50 rtc::Thread* worker_thread) : |
50 use_dtls_srtp_(false), | 51 name_(name), |
51 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10), | 52 signaling_thread_(signaling_thread), |
52 negotiated_dtls_(false), | 53 worker_thread_(worker_thread), |
53 received_dtls_client_hello_(false), | 54 packet_size_(0), |
54 received_dtls_server_hello_(false) {} | 55 use_dtls_srtp_(false), |
| 56 ssl_max_version_(rtc::SSL_PROTOCOL_DTLS_10), |
| 57 negotiated_dtls_(false), |
| 58 received_dtls_client_hello_(false), |
| 59 received_dtls_server_hello_(false) { |
| 60 } |
55 void CreateCertificate(rtc::KeyType key_type) { | 61 void CreateCertificate(rtc::KeyType key_type) { |
56 certificate_ = rtc::RTCCertificate::Create( | 62 certificate_ = rtc::RTCCertificate::Create( |
57 rtc::scoped_ptr<rtc::SSLIdentity>( | 63 rtc::scoped_ptr<rtc::SSLIdentity>( |
58 rtc::SSLIdentity::Generate(name_, key_type)).Pass()); | 64 rtc::SSLIdentity::Generate(name_, key_type)).Pass()); |
59 } | 65 } |
60 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() { | 66 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() { |
61 return certificate_; | 67 return certificate_; |
62 } | 68 } |
63 void SetupSrtp() { | 69 void SetupSrtp() { |
64 ASSERT(certificate_); | 70 ASSERT(certificate_); |
65 use_dtls_srtp_ = true; | 71 use_dtls_srtp_ = true; |
66 } | 72 } |
67 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) { | 73 void SetupMaxProtocolVersion(rtc::SSLProtocolVersion version) { |
68 ASSERT(!transport_); | 74 ASSERT(transport_.get() == NULL); |
69 ssl_max_version_ = version; | 75 ssl_max_version_ = version; |
70 } | 76 } |
71 void SetupChannels(int count, cricket::IceRole role) { | 77 void SetupChannels(int count, cricket::IceRole role) { |
72 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>( | 78 transport_.reset(new cricket::DtlsTransport<cricket::FakeTransport>( |
73 "dtls content name", nullptr, certificate_)); | 79 signaling_thread_, worker_thread_, "dtls content name", nullptr, |
| 80 certificate_)); |
74 transport_->SetAsync(true); | 81 transport_->SetAsync(true); |
75 transport_->SetIceRole(role); | 82 transport_->SetIceRole(role); |
76 transport_->SetIceTiebreaker( | 83 transport_->SetIceTiebreaker( |
77 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2); | 84 (role == cricket::ICEROLE_CONTROLLING) ? 1 : 2); |
78 transport_->SignalWritableState.connect(this, | 85 transport_->SignalWritableState.connect(this, |
79 &DtlsTestClient::OnTransportWritableState); | 86 &DtlsTestClient::OnTransportWritableState); |
80 | 87 |
81 for (int i = 0; i < count; ++i) { | 88 for (int i = 0; i < count; ++i) { |
82 cricket::DtlsTransportChannelWrapper* channel = | 89 cricket::DtlsTransportChannelWrapper* channel = |
83 static_cast<cricket::DtlsTransportChannelWrapper*>( | 90 static_cast<cricket::DtlsTransportChannelWrapper*>( |
(...skipping 20 matching lines...) Expand all Loading... |
104 static_cast<cricket::DtlsTransportChannelWrapper*>(ch); | 111 static_cast<cricket::DtlsTransportChannelWrapper*>(ch); |
105 return (wrapper) ? | 112 return (wrapper) ? |
106 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL; | 113 static_cast<cricket::FakeTransportChannel*>(wrapper->channel()) : NULL; |
107 } | 114 } |
108 | 115 |
109 // Offer DTLS if we have an identity; pass in a remote fingerprint only if | 116 // Offer DTLS if we have an identity; pass in a remote fingerprint only if |
110 // both sides support DTLS. | 117 // both sides support DTLS. |
111 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action, | 118 void Negotiate(DtlsTestClient* peer, cricket::ContentAction action, |
112 ConnectionRole local_role, ConnectionRole remote_role, | 119 ConnectionRole local_role, ConnectionRole remote_role, |
113 int flags) { | 120 int flags) { |
114 Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, action, | 121 Negotiate(certificate_, certificate_ ? peer->certificate_ : nullptr, |
115 local_role, remote_role, flags); | 122 action, local_role, remote_role, flags); |
116 } | 123 } |
117 | 124 |
118 // Allow any DTLS configuration to be specified (including invalid ones). | 125 // Allow any DTLS configuration to be specified (including invalid ones). |
119 void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert, | 126 void Negotiate(const rtc::scoped_refptr<rtc::RTCCertificate>& local_cert, |
120 const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert, | 127 const rtc::scoped_refptr<rtc::RTCCertificate>& remote_cert, |
121 cricket::ContentAction action, | 128 cricket::ContentAction action, |
122 ConnectionRole local_role, | 129 ConnectionRole local_role, |
123 ConnectionRole remote_role, | 130 ConnectionRole remote_role, |
124 int flags) { | 131 int flags) { |
125 rtc::scoped_ptr<rtc::SSLFingerprint> local_fingerprint; | 132 rtc::scoped_ptr<rtc::SSLFingerprint> local_fingerprint; |
(...skipping 23 matching lines...) Expand all Loading... |
149 // SRTP ciphers will be set only in the beginning. | 156 // SRTP ciphers will be set only in the beginning. |
150 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = | 157 for (std::vector<cricket::DtlsTransportChannelWrapper*>::iterator it = |
151 channels_.begin(); it != channels_.end(); ++it) { | 158 channels_.begin(); it != channels_.end(); ++it) { |
152 std::vector<std::string> ciphers; | 159 std::vector<std::string> ciphers; |
153 ciphers.push_back(AES_CM_128_HMAC_SHA1_80); | 160 ciphers.push_back(AES_CM_128_HMAC_SHA1_80); |
154 ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers)); | 161 ASSERT_TRUE((*it)->SetSrtpCiphers(ciphers)); |
155 } | 162 } |
156 } | 163 } |
157 | 164 |
158 cricket::TransportDescription local_desc( | 165 cricket::TransportDescription local_desc( |
159 std::vector<std::string>(), kIceUfrag1, kIcePwd1, cricket::ICEMODE_FULL, | 166 std::vector<std::string>(), kIceUfrag1, kIcePwd1, |
160 local_role, | 167 cricket::ICEMODE_FULL, local_role, |
161 // If remote if the offerer and has no DTLS support, answer will be | 168 // If remote if the offerer and has no DTLS support, answer will be |
162 // without any fingerprint. | 169 // without any fingerprint. |
163 (action == cricket::CA_ANSWER && !remote_cert) | 170 (action == cricket::CA_ANSWER && !remote_cert) ? |
164 ? nullptr | 171 NULL : local_fingerprint.get(), |
165 : local_fingerprint.get(), | |
166 cricket::Candidates()); | 172 cricket::Candidates()); |
167 | 173 |
168 cricket::TransportDescription remote_desc( | 174 cricket::TransportDescription remote_desc( |
169 std::vector<std::string>(), kIceUfrag1, kIcePwd1, cricket::ICEMODE_FULL, | 175 std::vector<std::string>(), kIceUfrag1, kIcePwd1, |
170 remote_role, remote_fingerprint.get(), cricket::Candidates()); | 176 cricket::ICEMODE_FULL, remote_role, remote_fingerprint.get(), |
| 177 cricket::Candidates()); |
171 | 178 |
172 bool expect_success = (flags & NF_EXPECT_FAILURE) ? false : true; | 179 bool expect_success = (flags & NF_EXPECT_FAILURE) ? false : true; |
173 // If |expect_success| is false, expect SRTD or SLTD to fail when | 180 // If |expect_success| is false, expect SRTD or SLTD to fail when |
174 // content action is CA_ANSWER. | 181 // content action is CA_ANSWER. |
175 if (action == cricket::CA_OFFER) { | 182 if (action == cricket::CA_OFFER) { |
176 ASSERT_TRUE(transport_->SetLocalTransportDescription( | 183 ASSERT_TRUE(transport_->SetLocalTransportDescription( |
177 local_desc, cricket::CA_OFFER, NULL)); | 184 local_desc, cricket::CA_OFFER, NULL)); |
178 ASSERT_EQ(expect_success, transport_->SetRemoteTransportDescription( | 185 ASSERT_EQ(expect_success, transport_->SetRemoteTransportDescription( |
179 remote_desc, cricket::CA_ANSWER, NULL)); | 186 remote_desc, cricket::CA_ANSWER, NULL)); |
180 } else { | 187 } else { |
181 ASSERT_TRUE(transport_->SetRemoteTransportDescription( | 188 ASSERT_TRUE(transport_->SetRemoteTransportDescription( |
182 remote_desc, cricket::CA_OFFER, NULL)); | 189 remote_desc, cricket::CA_OFFER, NULL)); |
183 ASSERT_EQ(expect_success, transport_->SetLocalTransportDescription( | 190 ASSERT_EQ(expect_success, transport_->SetLocalTransportDescription( |
184 local_desc, cricket::CA_ANSWER, NULL)); | 191 local_desc, cricket::CA_ANSWER, NULL)); |
185 } | 192 } |
186 negotiated_dtls_ = (local_cert && remote_cert); | 193 negotiated_dtls_ = (local_cert && remote_cert); |
187 } | 194 } |
188 | 195 |
189 bool Connect(DtlsTestClient* peer) { | 196 bool Connect(DtlsTestClient* peer) { |
190 transport_->ConnectChannels(); | 197 transport_->ConnectChannels(); |
191 transport_->SetDestination(peer->transport_.get()); | 198 transport_->SetDestination(peer->transport_.get()); |
192 return true; | 199 return true; |
193 } | 200 } |
194 | 201 |
195 bool all_channels_writable() const { | 202 bool writable() const { return transport_->writable(); } |
196 return transport_->all_channels_writable(); | |
197 } | |
198 | 203 |
199 void CheckRole(rtc::SSLRole role) { | 204 void CheckRole(rtc::SSLRole role) { |
200 if (role == rtc::SSL_CLIENT) { | 205 if (role == rtc::SSL_CLIENT) { |
201 ASSERT_FALSE(received_dtls_client_hello_); | 206 ASSERT_FALSE(received_dtls_client_hello_); |
202 ASSERT_TRUE(received_dtls_server_hello_); | 207 ASSERT_TRUE(received_dtls_server_hello_); |
203 } else { | 208 } else { |
204 ASSERT_TRUE(received_dtls_client_hello_); | 209 ASSERT_TRUE(received_dtls_client_hello_); |
205 ASSERT_FALSE(received_dtls_server_hello_); | 210 ASSERT_FALSE(received_dtls_server_hello_); |
206 } | 211 } |
207 } | 212 } |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
325 } | 330 } |
326 | 331 |
327 void OnTransportChannelReadPacket(cricket::TransportChannel* channel, | 332 void OnTransportChannelReadPacket(cricket::TransportChannel* channel, |
328 const char* data, size_t size, | 333 const char* data, size_t size, |
329 const rtc::PacketTime& packet_time, | 334 const rtc::PacketTime& packet_time, |
330 int flags) { | 335 int flags) { |
331 uint32 packet_num = 0; | 336 uint32 packet_num = 0; |
332 ASSERT_TRUE(VerifyPacket(data, size, &packet_num)); | 337 ASSERT_TRUE(VerifyPacket(data, size, &packet_num)); |
333 received_.insert(packet_num); | 338 received_.insert(packet_num); |
334 // Only DTLS-SRTP packets should have the bypass flag set. | 339 // Only DTLS-SRTP packets should have the bypass flag set. |
335 int expected_flags = | 340 int expected_flags = (certificate_ && IsRtpLeadByte(data[0])) ? |
336 (certificate_ && IsRtpLeadByte(data[0])) ? cricket::PF_SRTP_BYPASS : 0; | 341 cricket::PF_SRTP_BYPASS : 0; |
337 ASSERT_EQ(expected_flags, flags); | 342 ASSERT_EQ(expected_flags, flags); |
338 } | 343 } |
339 | 344 |
340 // Hook into the raw packet stream to make sure DTLS packets are encrypted. | 345 // Hook into the raw packet stream to make sure DTLS packets are encrypted. |
341 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel, | 346 void OnFakeTransportChannelReadPacket(cricket::TransportChannel* channel, |
342 const char* data, size_t size, | 347 const char* data, size_t size, |
343 const rtc::PacketTime& time, | 348 const rtc::PacketTime& time, |
344 int flags) { | 349 int flags) { |
345 // Flags shouldn't be set on the underlying TransportChannel packets. | 350 // Flags shouldn't be set on the underlying TransportChannel packets. |
346 ASSERT_EQ(0, flags); | 351 ASSERT_EQ(0, flags); |
(...skipping 13 matching lines...) Expand all Loading... |
360 ASSERT_TRUE(VerifyEncryptedPacket(data, size)); | 365 ASSERT_TRUE(VerifyEncryptedPacket(data, size)); |
361 } else if (IsRtpLeadByte(data[0])) { | 366 } else if (IsRtpLeadByte(data[0])) { |
362 ASSERT_TRUE(VerifyPacket(data, size, NULL)); | 367 ASSERT_TRUE(VerifyPacket(data, size, NULL)); |
363 } | 368 } |
364 } | 369 } |
365 } | 370 } |
366 } | 371 } |
367 | 372 |
368 private: | 373 private: |
369 std::string name_; | 374 std::string name_; |
| 375 rtc::Thread* signaling_thread_; |
| 376 rtc::Thread* worker_thread_; |
370 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; | 377 rtc::scoped_refptr<rtc::RTCCertificate> certificate_; |
371 rtc::scoped_ptr<cricket::FakeTransport> transport_; | 378 rtc::scoped_ptr<cricket::FakeTransport> transport_; |
372 std::vector<cricket::DtlsTransportChannelWrapper*> channels_; | 379 std::vector<cricket::DtlsTransportChannelWrapper*> channels_; |
373 size_t packet_size_; | 380 size_t packet_size_; |
374 std::set<int> received_; | 381 std::set<int> received_; |
375 bool use_dtls_srtp_; | 382 bool use_dtls_srtp_; |
376 rtc::SSLProtocolVersion ssl_max_version_; | 383 rtc::SSLProtocolVersion ssl_max_version_; |
377 bool negotiated_dtls_; | 384 bool negotiated_dtls_; |
378 bool received_dtls_client_hello_; | 385 bool received_dtls_client_hello_; |
379 bool received_dtls_server_hello_; | 386 bool received_dtls_server_hello_; |
380 }; | 387 }; |
381 | 388 |
382 | 389 |
383 class DtlsTransportChannelTest : public testing::Test { | 390 class DtlsTransportChannelTest : public testing::Test { |
384 public: | 391 public: |
385 DtlsTransportChannelTest() | 392 DtlsTransportChannelTest() : |
386 : client1_("P1"), | 393 client1_("P1", rtc::Thread::Current(), |
387 client2_("P2"), | 394 rtc::Thread::Current()), |
388 channel_ct_(1), | 395 client2_("P2", rtc::Thread::Current(), |
389 use_dtls_(false), | 396 rtc::Thread::Current()), |
390 use_dtls_srtp_(false), | 397 channel_ct_(1), |
391 ssl_expected_version_(rtc::SSL_PROTOCOL_DTLS_10) {} | 398 use_dtls_(false), |
| 399 use_dtls_srtp_(false), |
| 400 ssl_expected_version_(rtc::SSL_PROTOCOL_DTLS_10) { |
| 401 } |
392 | 402 |
393 void SetChannelCount(size_t channel_ct) { | 403 void SetChannelCount(size_t channel_ct) { |
394 channel_ct_ = static_cast<int>(channel_ct); | 404 channel_ct_ = static_cast<int>(channel_ct); |
395 } | 405 } |
396 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1, | 406 void SetMaxProtocolVersions(rtc::SSLProtocolVersion c1, |
397 rtc::SSLProtocolVersion c2) { | 407 rtc::SSLProtocolVersion c2) { |
398 client1_.SetupMaxProtocolVersion(c1); | 408 client1_.SetupMaxProtocolVersion(c1); |
399 client2_.SetupMaxProtocolVersion(c2); | 409 client2_.SetupMaxProtocolVersion(c2); |
400 ssl_expected_version_ = std::min(c1, c2); | 410 ssl_expected_version_ = std::min(c1, c2); |
401 } | 411 } |
(...skipping 21 matching lines...) Expand all Loading... |
423 } | 433 } |
424 | 434 |
425 bool Connect(ConnectionRole client1_role, ConnectionRole client2_role) { | 435 bool Connect(ConnectionRole client1_role, ConnectionRole client2_role) { |
426 Negotiate(client1_role, client2_role); | 436 Negotiate(client1_role, client2_role); |
427 | 437 |
428 bool rv = client1_.Connect(&client2_); | 438 bool rv = client1_.Connect(&client2_); |
429 EXPECT_TRUE(rv); | 439 EXPECT_TRUE(rv); |
430 if (!rv) | 440 if (!rv) |
431 return false; | 441 return false; |
432 | 442 |
433 EXPECT_TRUE_WAIT( | 443 EXPECT_TRUE_WAIT(client1_.writable() && client2_.writable(), 10000); |
434 client1_.all_channels_writable() && client2_.all_channels_writable(), | 444 if (!client1_.writable() || !client2_.writable()) |
435 10000); | |
436 if (!client1_.all_channels_writable() || !client2_.all_channels_writable()) | |
437 return false; | 445 return false; |
438 | 446 |
439 // Check that we used the right roles. | 447 // Check that we used the right roles. |
440 if (use_dtls_) { | 448 if (use_dtls_) { |
441 rtc::SSLRole client1_ssl_role = | 449 rtc::SSLRole client1_ssl_role = |
442 (client1_role == cricket::CONNECTIONROLE_ACTIVE || | 450 (client1_role == cricket::CONNECTIONROLE_ACTIVE || |
443 (client2_role == cricket::CONNECTIONROLE_PASSIVE && | 451 (client2_role == cricket::CONNECTIONROLE_PASSIVE && |
444 client1_role == cricket::CONNECTIONROLE_ACTPASS)) ? | 452 client1_role == cricket::CONNECTIONROLE_ACTPASS)) ? |
445 rtc::SSL_CLIENT : rtc::SSL_SERVER; | 453 rtc::SSL_CLIENT : rtc::SSL_SERVER; |
446 | 454 |
(...skipping 356 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
803 MAYBE_SKIP_TEST(HaveDtlsSrtp); | 811 MAYBE_SKIP_TEST(HaveDtlsSrtp); |
804 SetChannelCount(2); | 812 SetChannelCount(2); |
805 PrepareDtls(true, true, rtc::KT_DEFAULT); | 813 PrepareDtls(true, true, rtc::KT_DEFAULT); |
806 PrepareDtlsSrtp(true, true); | 814 PrepareDtlsSrtp(true, true); |
807 Negotiate(); | 815 Negotiate(); |
808 | 816 |
809 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS, | 817 Renegotiate(&client1_, cricket::CONNECTIONROLE_ACTPASS, |
810 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER); | 818 cricket::CONNECTIONROLE_ACTIVE, NF_REOFFER); |
811 bool rv = client1_.Connect(&client2_); | 819 bool rv = client1_.Connect(&client2_); |
812 EXPECT_TRUE(rv); | 820 EXPECT_TRUE(rv); |
813 EXPECT_TRUE_WAIT( | 821 EXPECT_TRUE_WAIT(client1_.writable() && client2_.writable(), 10000); |
814 client1_.all_channels_writable() && client2_.all_channels_writable(), | |
815 10000); | |
816 | 822 |
817 TestTransfer(0, 1000, 100, true); | 823 TestTransfer(0, 1000, 100, true); |
818 TestTransfer(1, 1000, 100, true); | 824 TestTransfer(1, 1000, 100, true); |
819 } | 825 } |
820 | 826 |
821 // Test Certificates state after negotiation but before connection. | 827 // Test Certificates state after negotiation but before connection. |
822 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) { | 828 TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) { |
823 MAYBE_SKIP_TEST(HaveDtls); | 829 MAYBE_SKIP_TEST(HaveDtls); |
824 PrepareDtls(true, true, rtc::KT_DEFAULT); | 830 PrepareDtls(true, true, rtc::KT_DEFAULT); |
825 Negotiate(); | 831 Negotiate(); |
826 | 832 |
827 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; | 833 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; |
828 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; | 834 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; |
829 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; | 835 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; |
830 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; | 836 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; |
831 | 837 |
832 // After negotiation, each side has a distinct local certificate, but still no | 838 // After negotiation, each side has a distinct local certificate, but still no |
833 // remote certificate, because connection has not yet occurred. | 839 // remote certificate, because connection has not yet occurred. |
834 ASSERT_TRUE(client1_.transport()->GetLocalCertificate(&certificate1)); | 840 ASSERT_TRUE(client1_.transport()->GetCertificate(&certificate1)); |
835 ASSERT_TRUE(client2_.transport()->GetLocalCertificate(&certificate2)); | 841 ASSERT_TRUE(client2_.transport()->GetCertificate(&certificate2)); |
836 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), | 842 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), |
837 certificate2->ssl_certificate().ToPEMString()); | 843 certificate2->ssl_certificate().ToPEMString()); |
838 ASSERT_FALSE( | 844 ASSERT_FALSE( |
839 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept())); | 845 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept())); |
840 ASSERT_FALSE(remote_cert1 != NULL); | 846 ASSERT_FALSE(remote_cert1 != NULL); |
841 ASSERT_FALSE( | 847 ASSERT_FALSE( |
842 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept())); | 848 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept())); |
843 ASSERT_FALSE(remote_cert2 != NULL); | 849 ASSERT_FALSE(remote_cert2 != NULL); |
844 } | 850 } |
845 | 851 |
846 // Test Certificates state after connection. | 852 // Test Certificates state after connection. |
847 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) { | 853 TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) { |
848 MAYBE_SKIP_TEST(HaveDtls); | 854 MAYBE_SKIP_TEST(HaveDtls); |
849 PrepareDtls(true, true, rtc::KT_DEFAULT); | 855 PrepareDtls(true, true, rtc::KT_DEFAULT); |
850 ASSERT_TRUE(Connect()); | 856 ASSERT_TRUE(Connect()); |
851 | 857 |
852 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; | 858 rtc::scoped_refptr<rtc::RTCCertificate> certificate1; |
853 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; | 859 rtc::scoped_refptr<rtc::RTCCertificate> certificate2; |
854 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; | 860 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert1; |
855 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; | 861 rtc::scoped_ptr<rtc::SSLCertificate> remote_cert2; |
856 | 862 |
857 // After connection, each side has a distinct local certificate. | 863 // After connection, each side has a distinct local certificate. |
858 ASSERT_TRUE(client1_.transport()->GetLocalCertificate(&certificate1)); | 864 ASSERT_TRUE(client1_.transport()->GetCertificate(&certificate1)); |
859 ASSERT_TRUE(client2_.transport()->GetLocalCertificate(&certificate2)); | 865 ASSERT_TRUE(client2_.transport()->GetCertificate(&certificate2)); |
860 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), | 866 ASSERT_NE(certificate1->ssl_certificate().ToPEMString(), |
861 certificate2->ssl_certificate().ToPEMString()); | 867 certificate2->ssl_certificate().ToPEMString()); |
862 | 868 |
863 // Each side's remote certificate is the other side's local certificate. | 869 // Each side's remote certificate is the other side's local certificate. |
864 ASSERT_TRUE( | 870 ASSERT_TRUE( |
865 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept())); | 871 client1_.transport()->GetRemoteSSLCertificate(remote_cert1.accept())); |
866 ASSERT_EQ(remote_cert1->ToPEMString(), | 872 ASSERT_EQ(remote_cert1->ToPEMString(), |
867 certificate2->ssl_certificate().ToPEMString()); | 873 certificate2->ssl_certificate().ToPEMString()); |
868 ASSERT_TRUE( | 874 ASSERT_TRUE( |
869 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept())); | 875 client2_.transport()->GetRemoteSSLCertificate(remote_cert2.accept())); |
870 ASSERT_EQ(remote_cert2->ToPEMString(), | 876 ASSERT_EQ(remote_cert2->ToPEMString(), |
871 certificate1->ssl_certificate().ToPEMString()); | 877 certificate1->ssl_certificate().ToPEMString()); |
872 } | 878 } |
OLD | NEW |