Allow remote fingerprint update during a call

talk/app/webrtc/test/fakedtlsidentitystore.h

Index: talk/app/webrtc/test/fakedtlsidentitystore.h
diff --git a/talk/app/webrtc/test/fakedtlsidentitystore.h b/talk/app/webrtc/test/fakedtlsidentitystore.h
index 0f9bdb9e6c974fb3b133e9bebf91da3ce0d7e6ba..9a097a1364480ffca53bdcd0c4687b7098f9d7f6 100644
--- a/talk/app/webrtc/test/fakedtlsidentitystore.h
+++ b/talk/app/webrtc/test/fakedtlsidentitystore.h
@@ -34,36 +34,67 @@
 #include "talk/app/webrtc/peerconnectioninterface.h"
 #include "webrtc/base/rtccertificate.h"
 
-static const char kRSA_PRIVATE_KEY_PEM[] =
-    "-----BEGIN RSA PRIVATE KEY-----\n"
-    "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
-    "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
-    "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
-    "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
-    "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
-    "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
-    "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
-    "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
-    "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
-    "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
-    "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
-    "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
-    "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
-    "UCXiYxSsu20QNVw=\n"
-    "-----END RSA PRIVATE KEY-----\n";
-
-static const char kCERT_PEM[] =
-    "-----BEGIN CERTIFICATE-----\n"
-    "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
-    "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
-    "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
-    "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
-    "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
-    "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
-    "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
-    "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
-    "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
-    "-----END CERTIFICATE-----\n";
+struct {
+  const char* rsa_private_key_pem;
+  const char* cert_pem;
+} KeyAndCert[] = {

[pthatcher1, 2015/11/18 20:42:43]

Should this be kKeysAndCerts?

[guoweis_webrtc, 2015/11/25 21:03:13]

Done.

+    {"-----BEGIN RSA PRIVATE KEY-----\n"
+     "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAMYRkbhmI7kVA/rM\n"
+     "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
+     "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
+     "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAECgYAvgOs4FJcgvp+TuREx7YtiYVsH\n"
+     "mwQPTum2z/8VzWGwR8BBHBvIpVe1MbD/Y4seyI2aco/7UaisatSgJhsU46/9Y4fq\n"
+     "2TwXH9QANf4at4d9n/R6rzwpAJOpgwZgKvdQjkfrKTtgLV+/dawvpxUYkRH4JZM1\n"
+     "CVGukMfKNrSVH4Ap4QJBAOJmGV1ASPnB4r4nc99at7JuIJmd7fmuVUwUgYi4XgaR\n"
+     "WhScBsgYwZ/JoywdyZJgnbcrTDuVcWG56B3vXbhdpMsCQQDf9zeJrjnPZ3Cqm79y\n"
+     "kdqANep0uwZciiNiWxsQrCHztywOvbFhdp8iYVFG9EK8DMY41Y5TxUwsHD+67zao\n"
+     "ZNqJAkEA1suLUP/GvL8IwuRneQd2tWDqqRQ/Td3qq03hP7e77XtF/buya3Ghclo5\n"
+     "54czUR89QyVfJEC6278nzA7n2h1uVQJAcG6mztNL6ja/dKZjYZye2CY44QjSlLo0\n"
+     "MTgTSjdfg/28fFn2Jjtqf9Pi/X+50LWI/RcYMC2no606wRk9kyOuIQJBAK6VSAim\n"
+     "1pOEjsYQn0X5KEIrz1G3bfCbB848Ime3U2/FWlCHMr6ch8kCZ5d1WUeJD3LbwMNG\n"
+     "UCXiYxSsu20QNVw=\n"
+     "-----END RSA PRIVATE KEY-----\n",
+     "-----BEGIN CERTIFICATE-----\n"
+     "MIIBmTCCAQKgAwIBAgIEbzBSAjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDEwZX\n"
+     "ZWJSVEMwHhcNMTQwMTAyMTgyNDQ3WhcNMTQwMjAxMTgyNDQ3WjARMQ8wDQYDVQQD\n"
+     "EwZXZWJSVEMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMYRkbhmI7kVA/rM\n"
+     "czsZ+6JDhDvnkF+vn6yCAGuRPV03zuRqZtDy4N4to7PZu9PjqrRl7nDMXrG3YG9y\n"
+     "rlIAZ72KjcKKFAJxQyAKLCIdawKRyp8RdK3LEySWEZb0AV58IadqPZDTNHHRX8dz\n"
+     "5aTSMsbbkZ+C/OzTnbiMqLL/vg6jAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAUflI\n"
+     "VUe5Krqf5RVa5C3u/UTAOAUJBiDS3VANTCLBxjuMsvqOG0WvaYWP3HYPgrz0jXK2\n"
+     "LJE/mGw3MyFHEqi81jh95J+ypl6xKW6Rm8jKLR87gUvCaVYn/Z4/P3AqcQTB7wOv\n"
+     "UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
+     "-----END CERTIFICATE-----\n"},
+    {"-----BEGIN RSA PRIVATE KEY-----\n"
+     "MIICXQIBAAKBgQDeYqlyJ1wuiMsi905e3X81/WA/G3ym50PIDZBVtSwZi7JVQPgj\n"
+     "Bl8CPZMvDh9EwB4Ji9ytA8dZZbQ4WbJWPr73zPpJSCvQqz6sOXSlenBRi72acNaQ\n"
+     "sOR/qPvviJx5I6Hqo4qemfnjZhAW85a5BpgrAwKgMLIQTHCTLWwVSyrDrwIDAQAB\n"
+     "AoGARni9eY8/hv+SX+I+05EdXt6MQXNUbQ+cSykBNCfVccLzIFEWUQMT2IHqwl6X\n"
+     "ShIXcq7/n1QzOAEiuzixauM3YHg4xZ1Um2Ha9a7ig5Xg4v6b43bmMkNE6LkoAtYs\n"
+     "qnQdfMh442b1liDud6IMb1Qk0amt3fSrgRMc547TZQVx4QECQQDxUeDm94r3p4ng\n"
+     "5rCLLC1K5/6HSTZsh7jatKPlz7GfP/IZlYV7iE5784/n0wRiCjZOS7hQRy/8m2Gp\n"
+     "pf4aZq+DAkEA6+np4d36FYikydvUrupLT3FkdRHGn/v83qOll/VmeNh+L1xMZlIP\n"
+     "tM26hAXCcQb7O5+J9y3cx2CAQsBS11ZXZQJAfGgTo76WG9p5UEJdXUInD2jOZPwv\n"
+     "XIATolxh6kXKcijLLLlSmT7KB0inNYIpzkkpee+7U1d/u6B3FriGaSHq9QJBAM/J\n"
+     "ICnDdLCgwNvWVraVQC3BpwSB2pswvCFwq7py94V60XFvbw80Ogc6qIv98qvQxVlX\n"
+     "hJIEgA/PjEi+0ng94Q0CQQDm8XSDby35gmjO+6eRmJtAjtB7nguLvrPXM6CPXRmD\n"
+     "sRoBocpHw6j9UdzZ6qYG0FkdXZghezXFY58ro2BYYRR3\n"
+     "-----END RSA PRIVATE KEY-----\n",
+     "-----BEGIN CERTIFICATE-----\n"
+     "MIICWDCCAcGgAwIBAgIJALgDjxMbBOhbMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n"
+     "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n"
+     "aWRnaXRzIFB0eSBMdGQwHhcNMTUxMTEzMjIzMjEzWhcNMTYxMTEyMjIzMjEzWjBF\n"
+     "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n"
+     "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n"
+     "gQDeYqlyJ1wuiMsi905e3X81/WA/G3ym50PIDZBVtSwZi7JVQPgjBl8CPZMvDh9E\n"
+     "wB4Ji9ytA8dZZbQ4WbJWPr73zPpJSCvQqz6sOXSlenBRi72acNaQsOR/qPvviJx5\n"
+     "I6Hqo4qemfnjZhAW85a5BpgrAwKgMLIQTHCTLWwVSyrDrwIDAQABo1AwTjAdBgNV\n"
+     "HQ4EFgQUx2tbJdlcSTCepn09UdYORXKuSTAwHwYDVR0jBBgwFoAUx2tbJdlcSTCe\n"
+     "pn09UdYORXKuSTAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAmp9Id\n"
+     "E716gHMqeBG4S2FCgVFCr0a0ugkaneQAN/c2L9CbMemEN9W6jvucUIVOtYd90dDW\n"
+     "lXuowWmT/JctPe3D2qt4yvYW3puECHk2tVQmrJOZiZiTRtWm6HxkmoUYHYp/DtaS\n"
+     "1Xe29gSTnZtI5sQCrGMzk3SGRSSs7ejLKiVDBQ==\n"
+     "-----END CERTIFICATE-----\n"}};
 
 class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
                               public rtc::MessageHandler {
@@ -77,6 +108,9 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
     should_fail_ = should_fail;
   }
 
+  void use_original_key() { key_index_ = 0; }
+  void use_alternate_key() { key_index_ = 1; }

[pthatcher1, 2015/11/18 20:42:43]

Instead of having "use_original" and "use_alternate", why not just have
"set_key_by_index", and blow up if it's out of range?

[guoweis_webrtc, 2015/11/25 21:03:13]

I was using key index to control which key to use but I don't like the blow up
behavior and want to avoid function like num_of_keys() type of function.

+
   void RequestIdentity(
       rtc::KeyType key_type,
       const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>&
@@ -92,8 +126,9 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
   static rtc::scoped_refptr<rtc::RTCCertificate> GenerateCertificate() {
     std::string cert;
     std::string key;
-    rtc::SSLIdentity::PemToDer("CERTIFICATE", kCERT_PEM, &cert);
-    rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY", kRSA_PRIVATE_KEY_PEM, &key);
+    rtc::SSLIdentity::PemToDer("CERTIFICATE", KeyAndCert[0].cert_pem, &cert);
+    rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY",
+                               KeyAndCert[0].rsa_private_key_pem, &key);

[pthatcher1, 2015/11/18 20:42:43]

Would it make sense to use key_index_ here too (or just key() and cert(); see
below)?

[guoweis_webrtc, 2015/11/25 21:03:13]

I didn't do that since this is a static function.

 
     std::string pem_cert = rtc::SSLIdentity::DerToPem(
         rtc::kPemTypeCertificate,
@@ -124,8 +159,10 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
       case MSG_SUCCESS: {
         std::string cert;
         std::string key;
-        rtc::SSLIdentity::PemToDer("CERTIFICATE", kCERT_PEM, &cert);
-        rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY", kRSA_PRIVATE_KEY_PEM,
+        rtc::SSLIdentity::PemToDer("CERTIFICATE",
+                                   KeyAndCert[key_index_].cert_pem, &cert);
+        rtc::SSLIdentity::PemToDer("RSA PRIVATE KEY",
+                                   KeyAndCert[key_index_].rsa_private_key_pem,

[pthatcher1, 2015/11/18 20:42:43]

Would it make sense to have a getter such as key() and cert()?

[guoweis_webrtc, 2015/11/25 21:03:13]

From the coding standard:
structs should be used for passive objects that carry data, and may have
associated constants, but lack any functionality other than access/setting the
data members. The accessing/setting of fields is done by directly accessing the
fields rather than through method invocations. Methods should not provide
behavior but should only be used to set up the data members, e.g., constructor,
destructor, Initialize(), Reset(), Validate().

It seems the directly accessing the fields is better?

[pthatcher1, 2015/11/30 20:23:10]

I meant helper methods like this:

const char* key() {
  return KeyAndCert[key_index_].rsa_private_key_pem;
}


const char* cert() {
  return KeyAndCert[key_index_].cert_pem;
}


I that you could then use them in here and in GenerateCertificate, but it looks
like it can't be done so easily in GenerateCertificate since it's static.

                                    &key);
         observer->OnSuccess(cert, key);
         break;
@@ -138,6 +175,7 @@ class FakeDtlsIdentityStore : public webrtc::DtlsIdentityStoreInterface,
   }
 
   bool should_fail_;
+  int key_index_ = 0;
 };
 
 #endif  // TALK_APP_WEBRTC_TEST_FAKEDTLSIDENTITYSERVICE_H_