Allow remote fingerprint update during a call

talk/app/webrtc/test/fakedtlsidentitystore.h

 /*
  * libjingle
  * Copyright 2013 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
@@ skipping 16 matching lines @@
 
 #ifndef TALK_APP_WEBRTC_TEST_FAKEDTLSIDENTITYSERVICE_H_
 #define TALK_APP_WEBRTC_TEST_FAKEDTLSIDENTITYSERVICE_H_
 
 #include <string>
 
 #include "talk/app/webrtc/dtlsidentitystore.h"
 #include "talk/app/webrtc/peerconnectioninterface.h"
 #include "webrtc/base/rtccertificate.h"
 
-static const char kRSA_PRIVATE_KEY_PEM[] =
-    "-----BEGIN RSA PRIVATE KEY-----\n"
-    "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
-    "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
-    "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
-    "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
-    "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
-    "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
-    "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
-    "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
-    "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
-    "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
-    "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
-    "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
-    "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
-    "UCXiYxSsu20QNVw=\n"
-    "-----END RSA PRIVATE KEY-----\n";
-
-static const char kCERT_PEM[] =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
-    "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
-    "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
-    "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
-    "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
-    "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
-    "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
-    "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
-    "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
-    "-----END CERTIFICATE-----\n";
+struct {
+  const char* rsa_private_key_pem;
+  const char* cert_pem;
+} KeyAndCert[] = {

[pthatcher1, 2015/11/18 20:42:43]

Should this be kKeysAndCerts?

[guoweis_webrtc, 2015/11/25 21:03:13]

Done.

+    {"-----BEGIN RSA PRIVATE KEY-----\n"
+     "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
+     "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
+     "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
+     "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
+     "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
+     "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
+     "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
+     "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
+     "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
+     "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
+     "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
+     "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
+     "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
+     "UCXiYxSsu20QNVw=\n"
+     "-----END RSA PRIVATE KEY-----\n",
+     "-----BEGIN CERTIFICATE-----\n"
+     "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
+     "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
+     "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
+     "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
+     "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
+     "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
+     "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
+     "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
+     "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
+     "-----END CERTIFICATE-----\n"},
+    {"-----BEGIN RSA PRIVATE KEY-----\n"
+     "MIICXQIBAAKBgQDeYqlyJ1wuiMsi905e3X81/WA/G3ym50PIDZBVtSwZi7JVQPgj\n"
+     "Bl8CPZMvDh9EwB4Ji9ytA8dZZbQ4WbJWPr73zPpJSCvQqz6sOXSlenBRi72acNaQ\n"
+     "sOR/qPvviJx5I6Hqo4qemfnjZhAW85a5BpgrAwKgMLIQTHCTLWwVSyrDrwIDAQAB\n"
+     "AoGARni9eY8/hv+SX+I+05EdXt6MQXNUbQ+cSykBNCfVccLzIFEWUQMT2IHqwl6X\n"
+     "ShIXcq7/n1QzOAEiuzixauM3YHg4xZ1Um2Ha9a7ig5Xg4v6b43bmMkNE6LkoAtYs\n"
+     "qnQdfMh442b1liDud6IMb1Qk0amt3fSrgRMc547TZQVx4QECQQDxUeDm94r3p4ng\n"
+     "5rCLLC1K5/6HSTZsh7jatKPlz7GfP/IZlYV7iE5784/n0wRiCjZOS7hQRy/8m2Gp\n"
+     "pf4aZq+DAkEA6+np4d36FYikydvUrupLT3FkdRHGn/v83qOll/VmeNh+L1xMZlIP\n"
+     "tM26hAXCcQb7O5+J9y3cx2CAQsBS11ZXZQJAfGgTo76WG9p5UEJdXUInD2jOZPwv\n"
+     "XIATolxh6kXKcijLLLlSmT7KB0inNYIpzkkpee+7U1d/u6B3FriGaSHq9QJBAM/J\n"
+     "ICnDdLCgwNvWVraVQC3BpwSB2pswvCFwq7py94V60XFvbw80Ogc6qIv98qvQxVlX\n"
+     "hJIEgA/PjEi+0ng94Q0CQQDm8XSDby35gmjO+6eRmJtAjtB7nguLvrPXM6CPXRmD\n"
+     "sRoBocpHw6j9UdzZ6qYG0FkdXZghezXFY58ro2BYYRR3\n"
+     "-----END RSA PRIVATE KEY-----\n",
+     "-----BEGIN CERTIFICATE-----\n"
+     "MIICWDCCAcGgAwIBAgIJALgDjxMbBOhbMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n"
+     "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
+     "aWRnaXRzIFB0eSBMdGQwHhcNMTUxMTEzMjIzMjEzWhcNMTYxMTEyMjIzMjEzWjBF\n"
+     "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
+     "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+     "gQDeYqlyJ1wuiMsi905e3X81/WA/G3ym50PIDZBVtSwZi7JVQPgjBl8CPZMvDh9E\n"
+     "wB4Ji9ytA8dZZbQ4WbJWPr73zPpJSCvQqz6sOXSlenBRi72acNaQsOR/qPvviJx5\n"
+     "I6Hqo4qemfnjZhAW85a5BpgrAwKgMLIQTHCTLWwVSyrDrwIDAQABo1AwTjAdBgNV\n"
+     "HQ4EFgQUx2tbJdlcSTCepn09UdYORXKuSTAwHwYDVR0jBBgwFoAUx2tbJdlcSTCe\n"
+     "pn09UdYORXKuSTAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAmp9Id\n"
+     "E716gHMqeBG4S2FCgVFCr0a0ugkaneQAN/c2L9CbMemEN9W6jvucUIVOtYd90dDW\n"
+     "lXuowWmT/JctPe3D2qt4yvYW3puECHk2tVQmrJOZiZiTRtWm6HxkmoUYHYp/DtaS\n"
+     "1Xe29gSTnZtI5sQCrGMzk3SGRSSs7ejLKiVDBQ==\n"
+     "-----END CERTIFICATE-----\n"}};
 
 class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
                               public rtc::MessageHandler {
  public:
   typedef rtc::TypedMessageData<rtc::scoped_refptr<
       webrtc::DtlsIdentityRequestObserver> > MessageData;
 
   FakeDtlsIdentityStore() : should_fail_(false) {}
 
   void set_should_fail(bool should_fail) {
     should_fail_ = should_fail;
   }
 
+  void use_original_key() { key_index_ = 0; }
+  void use_alternate_key() { key_index_ = 1; }

[pthatcher1, 2015/11/18 20:42:43]

Instead of having "use_original" and "use_alternate", why not just have
"set_key_by_index", and blow up if it's out of range?

[guoweis_webrtc, 2015/11/25 21:03:13]

I was using key index to control which key to use but I don't like the blow up
behavior and want to avoid function like num_of_keys() type of function.

+
   void RequestIdentity(
       rtc::KeyType key_type,
       const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
           observer) override {
     // TODO(hbos): Should be able to generate KT_ECDSA too.
     RTC_DCHECK(key_type == rtc::KT_RSA || should_fail_);
     MessageData* msg = new MessageData(
         rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>(observer));
     rtc::Thread::Current()->Post(
         this, should_fail_ ? MSG_FAILURE : MSG_SUCCESS, msg);
   }
 
   static rtc::scoped_refptr<rtc::RTCCertificate> GenerateCertificate() {
     std::string cert;
     std::string key;
-    rtc::SSLIdentity::PemToDer("CERTIFICATE", kCERT_PEM, &cert);
-    rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY", kRSA_PRIVATE_KEY_PEM, &key);
+    rtc::SSLIdentity::PemToDer("CERTIFICATE", KeyAndCert[0].cert_pem, &cert);
+    rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY",
+                               KeyAndCert[0].rsa_private_key_pem, &key);

[pthatcher1, 2015/11/18 20:42:43]

Would it make sense to use key_index_ here too (or just key() and cert(); see
below)?

[guoweis_webrtc, 2015/11/25 21:03:13]

I didn't do that since this is a static function.

 
     std::string pem_cert = rtc::SSLIdentity::DerToPem(
         rtc::kPemTypeCertificate,
         reinterpret_cast<const unsigned char*>(cert.data()),
         cert.length());
     std::string pem_key = rtc::SSLIdentity::DerToPem(
         rtc::kPemTypeRsaPrivateKey,
         reinterpret_cast<const unsigned char*>(key.data()),
         key.length());
     rtc::scoped_ptr<rtc::SSLIdentity> identity(
@@ skipping 10 matching lines @@
 
   // rtc::MessageHandler implementation.
   void OnMessage(rtc::Message* msg) {
     MessageData* message_data = static_cast<MessageData*>(msg->pdata);
     rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer =
         message_data->data();
     switch (msg->message_id) {
       case MSG_SUCCESS: {
         std::string cert;
         std::string key;
-        rtc::SSLIdentity::PemToDer("CERTIFICATE", kCERT_PEM, &cert);
-        rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY", kRSA_PRIVATE_KEY_PEM,
+        rtc::SSLIdentity::PemToDer("CERTIFICATE",
+                                   KeyAndCert[key_index_].cert_pem, &cert);
+        rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY",
+                                   KeyAndCert[key_index_].rsa_private_key_pem,

[pthatcher1, 2015/11/18 20:42:43]

Would it make sense to have a getter such as key() and cert()?

[guoweis_webrtc, 2015/11/25 21:03:13]

From the coding standard:
structs should be used for passive objects that carry data, and may have
associated constants, but lack any functionality other than access/setting the
data members. The accessing/setting of fields is done by directly accessing the
fields rather than through method invocations. Methods should not provide
behavior but should only be used to set up the data members, e.g., constructor,
destructor, Initialize(), Reset(), Validate().

It seems the directly accessing the fields is better?

[pthatcher1, 2015/11/30 20:23:10]

I meant helper methods like this:

const char* key() {
  return KeyAndCert[key_index_].rsa_private_key_pem;
}


const char* cert() {
  return KeyAndCert[key_index_].cert_pem;
}


I that you could then use them in here and in GenerateCertificate, but it looks
like it can't be done so easily in GenerateCertificate since it's static.

                                    &key);
         observer->OnSuccess(cert, key);
         break;
       }
       case MSG_FAILURE:
         observer->OnFailure(0);
         break;
     }
     delete message_data;
   }
 
   bool should_fail_;
+  int key_index_ = 0;
 };
 
 #endif  // TALK_APP_WEBRTC_TEST_FAKEDTLSIDENTITYSERVICE_H_