RTCCertificateStats added.

webrtc/api/rtcstatscollector_unittest.cc

Index: webrtc/api/rtcstatscollector_unittest.cc
diff --git a/webrtc/api/rtcstatscollector_unittest.cc b/webrtc/api/rtcstatscollector_unittest.cc
index 446990c574129238a24798453f872d8f234005e3..4006363f317b1912e7e703d41a34972906c96b56 100644
--- a/webrtc/api/rtcstatscollector_unittest.cc
+++ b/webrtc/api/rtcstatscollector_unittest.cc
@@ -22,6 +22,7 @@
 #include "webrtc/api/test/mock_webrtcsession.h"
 #include "webrtc/base/checks.h"
 #include "webrtc/base/fakeclock.h"
+#include "webrtc/base/fakesslidentity.h"
 #include "webrtc/base/gunit.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/thread_checker.h"
@@ -29,6 +30,8 @@
 #include "webrtc/base/timeutils.h"
 #include "webrtc/media/base/fakemediaengine.h"
 
+using testing::_;
+using testing::Invoke;
 using testing::Return;
 using testing::ReturnRef;
 
@@ -38,6 +41,56 @@ namespace {
 
 const int64_t kGetStatsReportTimeoutMs = 1000;
 
+struct CertificateInfo {
+  rtc::scoped_refptr<rtc::RTCCertificate> certificate;
+  std::vector<std::string> ders;
+  std::vector<std::string> pems;
+  std::vector<std::string> fingerprints;
+};
+
+CertificateInfo CreateFakeCertificateAndInfoFromDers(

[hta-webrtc, 2016/09/29 13:22:58]

This is in the test, so the copying overhead doesn't matter, but I still wince
when returning large structs by value. Can we return a std::unique_ptr instead?

[hbos, 2016/10/03 12:11:59]

Done.

+    const std::vector<std::string>& ders) {
+  RTC_CHECK(!ders.empty());
+  CertificateInfo info;
+  info.ders = ders;
+  for (const std::string& der : ders) {
+    info.pems.push_back(rtc::SSLIdentity::DerToPem(
+        "CERTIFICATE",
+        reinterpret_cast<const unsigned char*>(der.c_str()),
+        der.length()));
+  }
+  info.certificate =
+      rtc::RTCCertificate::Create(std::unique_ptr<rtc::FakeSSLIdentity>(
+          new rtc::FakeSSLIdentity(rtc::FakeSSLCertificate(info.pems))));
+  // Strip header/footer and newline characters of PEM strings.
+  for (size_t i = 0; i < info.pems.size(); ++i) {
+    rtc::replace_substrs("-----BEGIN CERTIFICATE-----", 27,
+                         "", 0, &info.pems[i]);
+    rtc::replace_substrs("-----END CERTIFICATE-----", 25,
+                         "", 0, &info.pems[i]);
+    rtc::replace_substrs("\n", 1,
+                         "", 0, &info.pems[i]);
+  }
+  // Fingerprint of leaf certificate.
+  std::unique_ptr<rtc::SSLFingerprint> fp(
+      rtc::SSLFingerprint::Create("sha-1",
+                                  &info.certificate->ssl_certificate()));
+  EXPECT_TRUE(fp);
+  info.fingerprints.push_back(fp->GetRfc4572Fingerprint());
+  // Fingerprints of the rest of the chain.
+  std::unique_ptr<rtc::SSLCertChain> chain =
+      info.certificate->ssl_certificate().GetChain();
+  if (chain) {
+    for (size_t i = 0; i < chain->GetSize(); i++) {
+      fp.reset(rtc::SSLFingerprint::Create("sha-1", &chain->Get(i)));
+      EXPECT_TRUE(fp);
+      info.fingerprints.push_back(fp->GetRfc4572Fingerprint());
+    }
+  }
+  EXPECT_EQ(info.ders.size(), info.fingerprints.size());
+  return info;
+}
+
 class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver {
  public:
   RTCStatsCollectorTestHelper()
@@ -56,6 +109,20 @@ class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver {
     EXPECT_CALL(pc_, session()).WillRepeatedly(Return(&session_));

[hta-webrtc, 2016/09/29 13:22:58]

This number of calls installed with EXPECT_CALL indicates that you're not really
using a mock, you're using a fake created via gmock.

Are you sure this is the right tool for the job?

[hbos, 2016/10/03 12:11:59]

You're right. I changed it so that only the certificate-related tests do
EXPECT_CALL, mocking it to return just what that test expects, instead of a
"faking" type of mock setup.

     EXPECT_CALL(pc_, sctp_data_channels()).WillRepeatedly(
         ReturnRef(data_channels_));
+    EXPECT_CALL(session_, GetTransportStats(_)).WillRepeatedly(Invoke(
+        [this](SessionStats* stats) {
+          return session_GetTransportStats(stats);
+        }));
+    EXPECT_CALL(session_, GetLocalCertificate(_, _)).WillRepeatedly(Invoke(
+        [this](const std::string& transport_name,
+               rtc::scoped_refptr<rtc::RTCCertificate>* certificate) {
+          return session_GetLocalCertificate(transport_name, certificate);
+        }));
+    EXPECT_CALL(session_,
+        GetRemoteSSLCertificate_ReturnsRawPointer(_)).WillRepeatedly(Invoke(
+        [this](const std::string& transport_name) {
+          return session_GetRemoteSSLCertificate(transport_name);
+        }));
   }
 
   rtc::ScopedFakeClock& fake_clock() { return fake_clock_; }
@@ -65,6 +132,49 @@ class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver {
     return data_channels_;
   }
 
+  // The transport names, local and remote certificate added by this method are
+  // the ones that will be returned through mocking of
+  // |session_.GetTransportStats|, |session_.GetLocalCertificate| and
+  // |session_.GetRemoteSSLCertificate|.
+  void AddTransportCertificatePair(
+      const std::string& transport_name,
+      const rtc::scoped_refptr<rtc::RTCCertificate>& local_certificate,
+      const rtc::scoped_refptr<rtc::RTCCertificate>& remote_certificate) {
+    transport_certificates_.insert(
+        std::pair<std::string, CertificatePair>(
+            transport_name,
+            CertificatePair(local_certificate, remote_certificate)));
+  }
+
+  // |session_.GetTransportStats| is mocked to invoke this.
+  bool session_GetTransportStats(SessionStats* stats) {

[hta-webrtc, 2016/09/29 13:22:58]

This is a butt-ugly name for a function. Can you please use a standard-case name
for it?

GetTransportStatsFromSession might be a better one.

As is, this function accesses transport_certificates_, not session_, so the name
is misleading too.

[hbos, 2016/10/03 12:11:59]

Functions removed.

+    for (auto& kv : transport_certificates_) {
+      stats->transport_stats[kv.first].transport_name = kv.first;
+    }
+    return true;
+  }
+  // |session_.GetLocalCertificate| is mocked to invoke this.
+  bool session_GetLocalCertificate(
+      const std::string& transport_name,
+      rtc::scoped_refptr<rtc::RTCCertificate>* certificate) {
+    std::map<std::string, CertificatePair>::iterator it =
+        transport_certificates_.find(transport_name);
+    if (it == transport_certificates_.end())
+      return false;
+    *certificate = it->second.first;
+    return true;
+  }
+  // |session_.GetRemoteSSLCertificate| is mocked to invoke this (using the
+  // |GetRemoteSSLCertificate_ReturnsRawPointer| workaround).
+  rtc::SSLCertificate* session_GetRemoteSSLCertificate(
+      const std::string& transport_name) {
+    std::map<std::string, CertificatePair>::iterator it =
+        transport_certificates_.find(transport_name);
+    if (it == transport_certificates_.end())
+      return nullptr;
+    return it->second.second->ssl_certificate().GetReference();
+  }
+
   // SetSessionDescriptionObserver overrides.
   void OnSuccess() override {}
   void OnFailure(const std::string& error) override {
@@ -72,6 +182,9 @@ class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver {
   }
 
  private:
+  typedef std::pair<rtc::scoped_refptr<rtc::RTCCertificate>,
+                    rtc::scoped_refptr<rtc::RTCCertificate>> CertificatePair;
+
   rtc::ScopedFakeClock fake_clock_;
   rtc::Thread* const worker_thread_;
   rtc::Thread* const network_thread_;
@@ -81,6 +194,8 @@ class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver {
   MockPeerConnection pc_;
 
   std::vector<rtc::scoped_refptr<DataChannel>> data_channels_;
+  // Transport name -> (local and remote certificate) map.
+  std::map<std::string, CertificatePair> transport_certificates_;
 };
 
 class RTCTestStats : public RTCStats {
@@ -253,6 +368,27 @@ class RTCStatsCollectorTest : public testing::Test {
     return callback->report();
   }
 
+  void ExpectReportContainsCertificateInfo(
+      const rtc::scoped_refptr<const RTCStatsReport>& report,
+      const CertificateInfo& cert_info) {
+    for (size_t i = 0; i < cert_info.fingerprints.size(); ++i) {
+      const RTCStats* stats = report->Get(
+          "RTCCertificate_" + cert_info.fingerprints[i]);
+      EXPECT_TRUE(stats);
+      const RTCCertificateStats& cert_stats =
+          stats->cast_to<const RTCCertificateStats>();
+      EXPECT_EQ(*cert_stats.fingerprint, cert_info.fingerprints[i]);
+      EXPECT_EQ(*cert_stats.fingerprint_algorithm, "sha-1");
+      EXPECT_EQ(*cert_stats.base64_certificate, cert_info.pems[i]);
+      if (i + 1 < cert_info.fingerprints.size()) {
+        EXPECT_EQ(*cert_stats.issuer_certificate_id,
+                  "RTCCertificate_" + cert_info.fingerprints[i + 1]);
+      } else {
+        EXPECT_FALSE(cert_stats.issuer_certificate_id.is_defined());
+      }
+    }
+  }
+
  protected:
   rtc::scoped_refptr<RTCStatsCollectorTestHelper> test_;
   rtc::scoped_refptr<RTCStatsCollector> collector_;
@@ -312,6 +448,68 @@ TEST_F(RTCStatsCollectorTest, MultipleCallbacksWithInvalidatedCacheInBetween) {
   EXPECT_NE(c.get(), b.get());
 }
 
+TEST_F(RTCStatsCollectorTest, CollectRTCCertificateStatsSingle) {
+  CertificateInfo local;
+  local.ders.push_back("(local) single certificate");
+  local = CreateFakeCertificateAndInfoFromDers(local.ders);
+  CertificateInfo remote;
+  remote.ders.push_back("(remote) single certificate");
+  remote = CreateFakeCertificateAndInfoFromDers(remote.ders);
+  test_->AddTransportCertificatePair(
+      "transport", local.certificate, remote.certificate);
+
+  rtc::scoped_refptr<const RTCStatsReport> report = GetStatsReport();
+  ExpectReportContainsCertificateInfo(report, local);
+  ExpectReportContainsCertificateInfo(report, remote);
+}
+
+TEST_F(RTCStatsCollectorTest, CollectRTCCertificateStatsMultiple) {
+  CertificateInfo first_local;
+  first_local.ders.push_back("(local) first");
+  first_local = CreateFakeCertificateAndInfoFromDers(first_local.ders);
+  CertificateInfo first_remote;
+  first_remote.ders.push_back("(remote) first");
+  first_remote = CreateFakeCertificateAndInfoFromDers(first_remote.ders);
+  test_->AddTransportCertificatePair(
+      "audio", first_local.certificate, first_remote.certificate);
+
+  CertificateInfo second_local;
+  second_local.ders.push_back("(local) second");
+  second_local = CreateFakeCertificateAndInfoFromDers(second_local.ders);
+  CertificateInfo second_remote;
+  second_remote.ders.push_back("(remote) second");
+  second_remote = CreateFakeCertificateAndInfoFromDers(second_remote.ders);
+  test_->AddTransportCertificatePair(
+      "video", second_local.certificate, second_remote.certificate);
+
+  rtc::scoped_refptr<const RTCStatsReport> report = GetStatsReport();
+  ExpectReportContainsCertificateInfo(report, first_local);
+  ExpectReportContainsCertificateInfo(report, first_remote);
+  ExpectReportContainsCertificateInfo(report, second_local);
+  ExpectReportContainsCertificateInfo(report, second_remote);
+}
+
+TEST_F(RTCStatsCollectorTest, CollectRTCCertificateStatsChain) {
+  CertificateInfo local;
+  local.ders.push_back("(local) this");
+  local.ders.push_back("(local) is");
+  local.ders.push_back("(local) a");
+  local.ders.push_back("(local) chain");
+  local = CreateFakeCertificateAndInfoFromDers(local.ders);
+  CertificateInfo remote;
+  remote.ders.push_back("(remote) this");
+  remote.ders.push_back("(remote) is");
+  remote.ders.push_back("(remote) another");
+  remote.ders.push_back("(remote) chain");
+  remote = CreateFakeCertificateAndInfoFromDers(remote.ders);
+  test_->AddTransportCertificatePair(
+      "transport", local.certificate, remote.certificate);
+
+  rtc::scoped_refptr<const RTCStatsReport> report = GetStatsReport();
+  ExpectReportContainsCertificateInfo(report, local);
+  ExpectReportContainsCertificateInfo(report, remote);
+}
+
 TEST_F(RTCStatsCollectorTest, CollectRTCPeerConnectionStats) {
   int64_t before = rtc::TimeUTCMicros();
   rtc::scoped_refptr<const RTCStatsReport> report = GetStatsReport();