Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(79)

Side by Side Diff: webrtc/p2p/base/jseptransport.cc

Issue 2517883002: Refactoring that removes P2PTransport and DtlsTransport classes. (Closed)
Patch Set: Adding stub transport.h file for backwards compat. Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « webrtc/p2p/base/jseptransport.h ('k') | webrtc/p2p/base/jseptransport_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
11 #include <memory> 11 #include <memory>
12 #include <utility> // for std::pair 12 #include <utility> // for std::pair
13 13
14 #include "webrtc/p2p/base/transport.h" 14 #include "webrtc/p2p/base/jseptransport.h"
15 15
16 #include "webrtc/p2p/base/candidate.h" 16 #include "webrtc/p2p/base/candidate.h"
17 #include "webrtc/p2p/base/dtlstransportchannel.h"
17 #include "webrtc/p2p/base/p2pconstants.h" 18 #include "webrtc/p2p/base/p2pconstants.h"
19 #include "webrtc/p2p/base/p2ptransportchannel.h"
18 #include "webrtc/p2p/base/port.h" 20 #include "webrtc/p2p/base/port.h"
19 #include "webrtc/p2p/base/transportchannelimpl.h" 21 #include "webrtc/p2p/base/transportchannelimpl.h"
20 #include "webrtc/base/bind.h" 22 #include "webrtc/base/bind.h"
21 #include "webrtc/base/checks.h" 23 #include "webrtc/base/checks.h"
22 #include "webrtc/base/logging.h" 24 #include "webrtc/base/logging.h"
23 25
24 namespace cricket { 26 namespace cricket {
25 27
26 static bool VerifyIceParams(const TransportDescription& desc) { 28 static bool VerifyIceParams(const TransportDescription& desc) {
27 // For legacy protocols. 29 // For legacy protocols.
(...skipping 23 matching lines...) Expand all
51 const std::string& old_pwd, 53 const std::string& old_pwd,
52 const std::string& new_ufrag, 54 const std::string& new_ufrag,
53 const std::string& new_pwd) { 55 const std::string& new_pwd) {
54 // The standard (RFC 5245 Section 9.1.1.1) says that ICE restarts MUST change 56 // The standard (RFC 5245 Section 9.1.1.1) says that ICE restarts MUST change
55 // both the ufrag and password. However, section 9.2.1.1 says changing the 57 // both the ufrag and password. However, section 9.2.1.1 says changing the
56 // ufrag OR password indicates an ICE restart. So, to keep compatibility with 58 // ufrag OR password indicates an ICE restart. So, to keep compatibility with
57 // endpoints that only change one, we'll treat this as an ICE restart. 59 // endpoints that only change one, we'll treat this as an ICE restart.
58 return (old_ufrag != new_ufrag) || (old_pwd != new_pwd); 60 return (old_ufrag != new_ufrag) || (old_pwd != new_pwd);
59 } 61 }
60 62
61 Transport::Transport(const std::string& name, PortAllocator* allocator) 63 bool VerifyCandidate(const Candidate& cand, std::string* error) {
62 : name_(name), allocator_(allocator) {} 64 // No address zero.
65 if (cand.address().IsNil() || cand.address().IsAnyIP()) {
66 *error = "candidate has address of zero";
67 return false;
68 }
63 69
64 Transport::~Transport() { 70 // Disallow all ports below 1024, except for 80 and 443 on public addresses.
65 RTC_DCHECK(channels_destroyed_); 71 int port = cand.address().port();
72 if (cand.protocol() == TCP_PROTOCOL_NAME &&
73 (cand.tcptype() == TCPTYPE_ACTIVE_STR || port == 0)) {
74 // Expected for active-only candidates per
75 // http://tools.ietf.org/html/rfc6544#section-4.5 so no error.
76 // Libjingle clients emit port 0, in "active" mode.
77 return true;
78 }
79 if (port < 1024) {
80 if ((port != 80) && (port != 443)) {
81 *error = "candidate has port below 1024, but not 80 or 443";
82 return false;
83 }
84
85 if (cand.address().IsPrivateIP()) {
86 *error = "candidate has port of 80 or 443 with private IP address";
87 return false;
88 }
89 }
90
91 return true;
66 } 92 }
67 93
68 void Transport::SetIceRole(IceRole role) { 94 bool VerifyCandidates(const Candidates& candidates, std::string* error) {
69 ice_role_ = role; 95 for (const Candidate& candidate : candidates) {
70 for (const auto& kv : channels_) { 96 if (!VerifyCandidate(candidate, error)) {
71 kv.second->SetIceRole(ice_role_); 97 return false;
98 }
72 } 99 }
100 return true;
73 } 101 }
74 102
75 std::unique_ptr<rtc::SSLCertificate> Transport::GetRemoteSSLCertificate() { 103 JsepTransport::JsepTransport(
76 if (channels_.empty()) { 104 const std::string& mid,
77 return nullptr; 105 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate)
106 : mid_(mid), certificate_(certificate) {}
107
108 bool JsepTransport::AddChannel(TransportChannelImpl* dtls, int component) {
109 if (channels_.find(component) != channels_.end()) {
110 LOG(LS_ERROR) << "Adding channel for component " << component << " twice.";
111 return false;
112 }
113 channels_[component] = dtls;
114 // Something's wrong if a channel is being added after a description is set.
115 // This may currently occur if rtcp-mux is negotiated, then a new m= section
116 // is added in a later offer/answer. But this is suboptimal and should be
117 // changed; we shouldn't support going from muxed to non-muxed.
118 // TODO(deadbeef): Once this is fixed, make the warning an error, and remove
119 // the calls to "ApplyXTransportDescription" below.
120 if (local_description_set_ || remote_description_set_) {
121 LOG(LS_WARNING) << "Adding new transport channel after "
122 "transport description already applied.";
123 }
124 bool ret = true;
125 std::string err;
126 if (local_description_set_) {
127 ret &= ApplyLocalTransportDescription(channels_[component], &err);
128 }
129 if (remote_description_set_) {
130 ret &= ApplyRemoteTransportDescription(channels_[component], &err);
131 }
132 if (local_description_set_ && remote_description_set_) {
133 ret &= ApplyNegotiatedTransportDescription(channels_[component], &err);
134 }
135 return ret;
136 }
137
138 bool JsepTransport::RemoveChannel(int component) {
139 auto it = channels_.find(component);
140 if (it == channels_.end()) {
141 LOG(LS_ERROR) << "Trying to remove channel for component " << component
142 << ", which doesn't exist.";
143 return false;
144 }
145 channels_.erase(component);
146 return true;
147 }
148
149 bool JsepTransport::HasChannels() const {
150 return !channels_.empty();
151 }
152
153 void JsepTransport::SetLocalCertificate(
154 const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
155 certificate_ = certificate;
156 }
157
158 bool JsepTransport::GetLocalCertificate(
159 rtc::scoped_refptr<rtc::RTCCertificate>* certificate) const {
160 if (!certificate_) {
161 return false;
78 } 162 }
79 163
80 auto iter = channels_.begin(); 164 *certificate = certificate_;
81 return iter->second->GetRemoteSSLCertificate(); 165 return true;
82 } 166 }
83 167
84 void Transport::SetIceConfig(const IceConfig& config) { 168 bool JsepTransport::SetLocalTransportDescription(
85 ice_config_ = config;
86 for (const auto& kv : channels_) {
87 kv.second->SetIceConfig(ice_config_);
88 }
89 }
90
91 bool Transport::SetLocalTransportDescription(
92 const TransportDescription& description, 169 const TransportDescription& description,
93 ContentAction action, 170 ContentAction action,
94 std::string* error_desc) { 171 std::string* error_desc) {
95 bool ret = true; 172 bool ret = true;
96 173
97 if (!VerifyIceParams(description)) { 174 if (!VerifyIceParams(description)) {
98 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length", 175 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length",
99 error_desc); 176 error_desc);
100 } 177 }
101 178
102 local_description_.reset(new TransportDescription(description)); 179 local_description_.reset(new TransportDescription(description));
103 180
181 rtc::SSLFingerprint* local_fp =
182 local_description_->identity_fingerprint.get();
183
184 if (!local_fp) {
185 certificate_ = nullptr;
186 } else if (!VerifyCertificateFingerprint(certificate_.get(), local_fp,
187 error_desc)) {
188 return false;
189 }
190
104 for (const auto& kv : channels_) { 191 for (const auto& kv : channels_) {
105 ret &= ApplyLocalTransportDescription(kv.second, error_desc); 192 ret &= ApplyLocalTransportDescription(kv.second, error_desc);
106 } 193 }
107 if (!ret) { 194 if (!ret) {
108 return false; 195 return false;
109 } 196 }
110 197
111 // If PRANSWER/ANSWER is set, we should decide transport protocol type. 198 // If PRANSWER/ANSWER is set, we should decide transport protocol type.
112 if (action == CA_PRANSWER || action == CA_ANSWER) { 199 if (action == CA_PRANSWER || action == CA_ANSWER) {
113 ret &= NegotiateTransportDescription(action, error_desc); 200 ret &= NegotiateTransportDescription(action, error_desc);
114 } 201 }
115 if (ret) { 202 if (ret) {
116 local_description_set_ = true; 203 local_description_set_ = true;
117 } 204 }
118 205
119 return ret; 206 return ret;
120 } 207 }
121 208
122 bool Transport::SetRemoteTransportDescription( 209 bool JsepTransport::SetRemoteTransportDescription(
123 const TransportDescription& description, 210 const TransportDescription& description,
124 ContentAction action, 211 ContentAction action,
125 std::string* error_desc) { 212 std::string* error_desc) {
126 bool ret = true; 213 bool ret = true;
127 214
128 if (!VerifyIceParams(description)) { 215 if (!VerifyIceParams(description)) {
129 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length", 216 return BadTransportDescription("Invalid ice-ufrag or ice-pwd length",
130 error_desc); 217 error_desc);
131 } 218 }
132 219
133 remote_description_.reset(new TransportDescription(description)); 220 remote_description_.reset(new TransportDescription(description));
134 for (const auto& kv : channels_) { 221 for (const auto& kv : channels_) {
135 ret &= ApplyRemoteTransportDescription(kv.second, error_desc); 222 ret &= ApplyRemoteTransportDescription(kv.second, error_desc);
136 } 223 }
137 224
138 // If PRANSWER/ANSWER is set, we should decide transport protocol type. 225 // If PRANSWER/ANSWER is set, we should decide transport protocol type.
139 if (action == CA_PRANSWER || action == CA_ANSWER) { 226 if (action == CA_PRANSWER || action == CA_ANSWER) {
140 ret = NegotiateTransportDescription(CA_OFFER, error_desc); 227 ret = NegotiateTransportDescription(CA_OFFER, error_desc);
141 } 228 }
142 if (ret) { 229 if (ret) {
143 remote_description_set_ = true; 230 remote_description_set_ = true;
144 } 231 }
145 232
146 return ret; 233 return ret;
147 } 234 }
148 235
149 TransportChannelImpl* Transport::CreateChannel(int component) { 236 void JsepTransport::GetSslRole(rtc::SSLRole* ssl_role) const {
150 TransportChannelImpl* channel; 237 RTC_DCHECK(ssl_role);
151 238 *ssl_role = secure_role_;
152 // Create the entry if it does not exist.
153 bool channel_exists = false;
154 auto iter = channels_.find(component);
155 if (iter == channels_.end()) {
156 channel = CreateTransportChannel(component);
157 channels_.insert(std::pair<int, TransportChannelImpl*>(component, channel));
158 } else {
159 channel = iter->second;
160 channel_exists = true;
161 }
162
163 channels_destroyed_ = false;
164
165 if (channel_exists) {
166 // If this is an existing channel, we should just return it.
167 return channel;
168 }
169
170 // Push down our transport state to the new channel.
171 channel->SetIceRole(ice_role_);
172 channel->SetIceTiebreaker(tiebreaker_);
173 channel->SetIceConfig(ice_config_);
174 // TODO(ronghuawu): Change CreateChannel to be able to return error since
175 // below Apply**Description calls can fail.
176 if (local_description_)
177 ApplyLocalTransportDescription(channel, nullptr);
178 if (remote_description_)
179 ApplyRemoteTransportDescription(channel, nullptr);
180 if (local_description_ && remote_description_)
181 ApplyNegotiatedTransportDescription(channel, nullptr);
182
183 return channel;
184 } 239 }
185 240
186 TransportChannelImpl* Transport::GetChannel(int component) { 241 bool JsepTransport::GetStats(TransportStats* stats) {
187 auto iter = channels_.find(component); 242 stats->transport_name = mid();
188 return (iter != channels_.end()) ? iter->second : nullptr;
189 }
190
191 bool Transport::HasChannels() {
192 return !channels_.empty();
193 }
194
195 void Transport::DestroyChannel(int component) {
196 auto iter = channels_.find(component);
197 if (iter == channels_.end())
198 return;
199
200 TransportChannelImpl* channel = iter->second;
201 channels_.erase(iter);
202 DestroyTransportChannel(channel);
203 }
204
205 void Transport::MaybeStartGathering() {
206 CallChannels(&TransportChannelImpl::MaybeStartGathering);
207 }
208
209 void Transport::DestroyAllChannels() {
210 for (const auto& kv : channels_) {
211 DestroyTransportChannel(kv.second);
212 }
213 channels_.clear();
214 channels_destroyed_ = true;
215 }
216
217 void Transport::CallChannels(TransportChannelFunc func) {
218 for (const auto& kv : channels_) {
219 (kv.second->*func)();
220 }
221 }
222
223 bool Transport::VerifyCandidate(const Candidate& cand, std::string* error) {
224 // No address zero.
225 if (cand.address().IsNil() || cand.address().IsAnyIP()) {
226 *error = "candidate has address of zero";
227 return false;
228 }
229
230 // Disallow all ports below 1024, except for 80 and 443 on public addresses.
231 int port = cand.address().port();
232 if (cand.protocol() == TCP_PROTOCOL_NAME &&
233 (cand.tcptype() == TCPTYPE_ACTIVE_STR || port == 0)) {
234 // Expected for active-only candidates per
235 // http://tools.ietf.org/html/rfc6544#section-4.5 so no error.
236 // Libjingle clients emit port 0, in "active" mode.
237 return true;
238 }
239 if (port < 1024) {
240 if ((port != 80) && (port != 443)) {
241 *error = "candidate has port below 1024, but not 80 or 443";
242 return false;
243 }
244
245 if (cand.address().IsPrivateIP()) {
246 *error = "candidate has port of 80 or 443 with private IP address";
247 return false;
248 }
249 }
250
251 if (!HasChannel(cand.component())) {
252 *error = "Candidate has an unknown component: " + cand.ToString() +
253 " for content: " + name();
254 return false;
255 }
256
257 return true;
258 }
259
260 bool Transport::VerifyCandidates(const Candidates& candidates,
261 std::string* error) {
262 for (const Candidate& candidate : candidates) {
263 if (!VerifyCandidate(candidate, error)) {
264 return false;
265 }
266 }
267 return true;
268 }
269
270
271 bool Transport::GetStats(TransportStats* stats) {
272 stats->transport_name = name();
273 stats->channel_stats.clear(); 243 stats->channel_stats.clear();
274 for (auto kv : channels_) { 244 for (auto& kv : channels_) {
275 TransportChannelImpl* channel = kv.second; 245 TransportChannelImpl* channel = kv.second;
276 TransportChannelStats substats; 246 TransportChannelStats substats;
277 substats.component = channel->component(); 247 substats.component = kv.first;
278 channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite); 248 channel->GetSrtpCryptoSuite(&substats.srtp_crypto_suite);
279 channel->GetSslCipherSuite(&substats.ssl_cipher_suite); 249 channel->GetSslCipherSuite(&substats.ssl_cipher_suite);
280 if (!channel->GetStats(&substats.connection_infos)) { 250 if (!channel->GetStats(&substats.connection_infos)) {
281 return false; 251 return false;
282 } 252 }
283 stats->channel_stats.push_back(substats); 253 stats->channel_stats.push_back(substats);
284 } 254 }
285 return true; 255 return true;
286 } 256 }
287 257
288 bool Transport::AddRemoteCandidates(const std::vector<Candidate>& candidates, 258 bool JsepTransport::VerifyCertificateFingerprint(
289 std::string* error) { 259 const rtc::RTCCertificate* certificate,
290 ASSERT(!channels_destroyed_); 260 const rtc::SSLFingerprint* fingerprint,
291 // Verify each candidate before passing down to the transport layer. 261 std::string* error_desc) const {
292 if (!VerifyCandidates(candidates, error)) { 262 if (!fingerprint) {
293 return false; 263 return BadTransportDescription("No fingerprint.", error_desc);
294 } 264 }
265 if (!certificate) {
266 return BadTransportDescription(
267 "Fingerprint provided but no identity available.", error_desc);
268 }
269 std::unique_ptr<rtc::SSLFingerprint> fp_tmp(rtc::SSLFingerprint::Create(
270 fingerprint->algorithm, certificate->identity()));
271 ASSERT(fp_tmp.get() != NULL);
272 if (*fp_tmp == *fingerprint) {
273 return true;
274 }
275 std::ostringstream desc;
276 desc << "Local fingerprint does not match identity. Expected: ";
277 desc << fp_tmp->ToString();
278 desc << " Got: " << fingerprint->ToString();
279 return BadTransportDescription(desc.str(), error_desc);
280 }
295 281
296 for (const Candidate& candidate : candidates) { 282 bool JsepTransport::ApplyLocalTransportDescription(
297 TransportChannelImpl* channel = GetChannel(candidate.component()); 283 TransportChannelImpl* channel,
298 if (channel != nullptr) { 284 std::string* error_desc) {
299 channel->AddRemoteCandidate(candidate); 285 channel->SetIceParameters(local_description_->GetIceParameters());
300 } 286 return true;
287 }
288
289 bool JsepTransport::ApplyRemoteTransportDescription(
290 TransportChannelImpl* channel,
291 std::string* error_desc) {
292 // Currently, all ICE-related calls still go through this DTLS channel. But
293 // that will change once we get rid of TransportChannelImpl, and the DTLS
294 // channel interface no longer includes ICE-specific methods. Then this class
295 // will need to call dtls->ice()->SetIceRole(), for example, assuming the Dtls
296 // interface will expose its inner ICE channel.
297 channel->SetRemoteIceParameters(remote_description_->GetIceParameters());
298 channel->SetRemoteIceMode(remote_description_->ice_mode);
299 return true;
300 }
301
302 bool JsepTransport::ApplyNegotiatedTransportDescription(
303 TransportChannelImpl* channel,
304 std::string* error_desc) {
305 // Set SSL role. Role must be set before fingerprint is applied, which
306 // initiates DTLS setup.
307 if (!channel->SetSslRole(secure_role_)) {
308 return BadTransportDescription("Failed to set SSL role for the channel.",
309 error_desc);
310 }
311 // Apply remote fingerprint.
312 if (!channel->SetRemoteFingerprint(
313 remote_fingerprint_->algorithm,
314 reinterpret_cast<const uint8_t*>(remote_fingerprint_->digest.data()),
315 remote_fingerprint_->digest.size())) {
316 return BadTransportDescription("Failed to apply remote fingerprint.",
317 error_desc);
301 } 318 }
302 return true; 319 return true;
303 } 320 }
304 321
305 bool Transport::RemoveRemoteCandidates(const std::vector<Candidate>& candidates, 322 bool JsepTransport::NegotiateTransportDescription(ContentAction local_role,
306 std::string* error) { 323 std::string* error_desc) {
307 ASSERT(!channels_destroyed_); 324 if (!local_description_ || !remote_description_) {
308 // Verify each candidate before passing down to the transport layer. 325 const std::string msg =
309 if (!VerifyCandidates(candidates, error)) { 326 "Applying an answer transport description "
310 return false; 327 "without applying any offer.";
328 return BadTransportDescription(msg, error_desc);
311 } 329 }
312 330 rtc::SSLFingerprint* local_fp =
313 for (const Candidate& candidate : candidates) { 331 local_description_->identity_fingerprint.get();
314 TransportChannelImpl* channel = GetChannel(candidate.component()); 332 rtc::SSLFingerprint* remote_fp =
315 if (channel != nullptr) { 333 remote_description_->identity_fingerprint.get();
316 channel->RemoveRemoteCandidate(candidate); 334 if (remote_fp && local_fp) {
335 remote_fingerprint_.reset(new rtc::SSLFingerprint(*remote_fp));
336 if (!NegotiateRole(local_role, &secure_role_, error_desc)) {
337 return false;
317 } 338 }
339 } else if (local_fp && (local_role == CA_ANSWER)) {
340 return BadTransportDescription(
341 "Local fingerprint supplied when caller didn't offer DTLS.",
342 error_desc);
343 } else {
344 // We are not doing DTLS
345 remote_fingerprint_.reset(new rtc::SSLFingerprint("", nullptr, 0));
318 } 346 }
319 return true;
320 }
321
322 bool Transport::ApplyLocalTransportDescription(TransportChannelImpl* ch,
323 std::string* error_desc) {
324 ch->SetIceParameters(local_description_->GetIceParameters());
325 return true;
326 }
327
328 bool Transport::ApplyRemoteTransportDescription(TransportChannelImpl* ch,
329 std::string* error_desc) {
330 ch->SetRemoteIceParameters(remote_description_->GetIceParameters());
331 return true;
332 }
333
334 bool Transport::ApplyNegotiatedTransportDescription(
335 TransportChannelImpl* channel,
336 std::string* error_desc) {
337 channel->SetRemoteIceMode(remote_ice_mode_);
338 return true;
339 }
340
341 bool Transport::NegotiateTransportDescription(ContentAction local_role,
342 std::string* error_desc) {
343 // TODO(ekr@rtfm.com): This is ICE-specific stuff. Refactor into
344 // P2PTransport.
345
346 // If transport is in ICEROLE_CONTROLLED and remote end point supports only
347 // ice_lite, this local end point should take CONTROLLING role.
348 if (ice_role_ == ICEROLE_CONTROLLED &&
349 remote_description_->ice_mode == ICEMODE_LITE) {
350 SetIceRole(ICEROLE_CONTROLLING);
351 }
352
353 // Update remote ice_mode to all existing channels.
354 remote_ice_mode_ = remote_description_->ice_mode;
355
356 // Now that we have negotiated everything, push it downward. 347 // Now that we have negotiated everything, push it downward.
357 // Note that we cache the result so that if we have race conditions 348 // Note that we cache the result so that if we have race conditions
358 // between future SetRemote/SetLocal invocations and new channel 349 // between future SetRemote/SetLocal invocations and new channel
359 // creation, we have the negotiation state saved until a new 350 // creation, we have the negotiation state saved until a new
360 // negotiation happens. 351 // negotiation happens.
361 for (const auto& kv : channels_) { 352 for (const auto& kv : channels_) {
362 if (!ApplyNegotiatedTransportDescription(kv.second, error_desc)) { 353 if (!ApplyNegotiatedTransportDescription(kv.second, error_desc)) {
363 return false; 354 return false;
364 } 355 }
365 } 356 }
366 return true; 357 return true;
367 } 358 }
368 359
369 bool Transport::VerifyCertificateFingerprint( 360 bool JsepTransport::NegotiateRole(ContentAction local_role,
370 const rtc::RTCCertificate* certificate, 361 rtc::SSLRole* ssl_role,
371 const rtc::SSLFingerprint* fingerprint, 362 std::string* error_desc) const {
372 std::string* error_desc) const {
373 if (!fingerprint) {
374 return BadTransportDescription("No fingerprint.", error_desc);
375 }
376 if (!certificate) {
377 return BadTransportDescription(
378 "Fingerprint provided but no identity available.", error_desc);
379 }
380 std::unique_ptr<rtc::SSLFingerprint> fp_tmp(rtc::SSLFingerprint::Create(
381 fingerprint->algorithm, certificate->identity()));
382 ASSERT(fp_tmp.get() != NULL);
383 if (*fp_tmp == *fingerprint) {
384 return true;
385 }
386 std::ostringstream desc;
387 desc << "Local fingerprint does not match identity. Expected: ";
388 desc << fp_tmp->ToString();
389 desc << " Got: " << fingerprint->ToString();
390 return BadTransportDescription(desc.str(), error_desc);
391 }
392
393 bool Transport::NegotiateRole(ContentAction local_role,
394 rtc::SSLRole* ssl_role,
395 std::string* error_desc) const {
396 RTC_DCHECK(ssl_role); 363 RTC_DCHECK(ssl_role);
397 if (!local_description() || !remote_description()) { 364 if (!local_description_ || !remote_description_) {
398 const std::string msg = 365 const std::string msg =
399 "Local and Remote description must be set before " 366 "Local and Remote description must be set before "
400 "transport descriptions are negotiated"; 367 "transport descriptions are negotiated";
401 return BadTransportDescription(msg, error_desc); 368 return BadTransportDescription(msg, error_desc);
402 } 369 }
403 370
404 // From RFC 4145, section-4.1, The following are the values that the 371 // From RFC 4145, section-4.1, The following are the values that the
405 // 'setup' attribute can take in an offer/answer exchange: 372 // 'setup' attribute can take in an offer/answer exchange:
406 // Offer Answer 373 // Offer Answer
407 // ________________ 374 // ________________
408 // active passive / holdconn 375 // active passive / holdconn
409 // passive active / holdconn 376 // passive active / holdconn
410 // actpass active / passive / holdconn 377 // actpass active / passive / holdconn
411 // holdconn holdconn 378 // holdconn holdconn
412 // 379 //
413 // Set the role that is most conformant with RFC 5763, Section 5, bullet 1 380 // Set the role that is most conformant with RFC 5763, Section 5, bullet 1
414 // The endpoint MUST use the setup attribute defined in [RFC4145]. 381 // The endpoint MUST use the setup attribute defined in [RFC4145].
415 // The endpoint that is the offerer MUST use the setup attribute 382 // The endpoint that is the offerer MUST use the setup attribute
416 // value of setup:actpass and be prepared to receive a client_hello 383 // value of setup:actpass and be prepared to receive a client_hello
417 // before it receives the answer. The answerer MUST use either a 384 // before it receives the answer. The answerer MUST use either a
418 // setup attribute value of setup:active or setup:passive. Note that 385 // setup attribute value of setup:active or setup:passive. Note that
419 // if the answerer uses setup:passive, then the DTLS handshake will 386 // if the answerer uses setup:passive, then the DTLS handshake will
420 // not begin until the answerer is received, which adds additional 387 // not begin until the answerer is received, which adds additional
421 // latency. setup:active allows the answer and the DTLS handshake to 388 // latency. setup:active allows the answer and the DTLS handshake to
422 // occur in parallel. Thus, setup:active is RECOMMENDED. Whichever 389 // occur in parallel. Thus, setup:active is RECOMMENDED. Whichever
423 // party is active MUST initiate a DTLS handshake by sending a 390 // party is active MUST initiate a DTLS handshake by sending a
424 // ClientHello over each flow (host/port quartet). 391 // ClientHello over each flow (host/port quartet).
425 // IOW - actpass and passive modes should be treated as server and 392 // IOW - actpass and passive modes should be treated as server and
426 // active as client. 393 // active as client.
427 ConnectionRole local_connection_role = local_description()->connection_role; 394 ConnectionRole local_connection_role = local_description_->connection_role;
428 ConnectionRole remote_connection_role = remote_description()->connection_role; 395 ConnectionRole remote_connection_role = remote_description_->connection_role;
429 396
430 bool is_remote_server = false; 397 bool is_remote_server = false;
431 if (local_role == CA_OFFER) { 398 if (local_role == CA_OFFER) {
432 if (local_connection_role != CONNECTIONROLE_ACTPASS) { 399 if (local_connection_role != CONNECTIONROLE_ACTPASS) {
433 return BadTransportDescription( 400 return BadTransportDescription(
434 "Offerer must use actpass value for setup attribute.", error_desc); 401 "Offerer must use actpass value for setup attribute.", error_desc);
435 } 402 }
436 403
437 if (remote_connection_role == CONNECTIONROLE_ACTIVE || 404 if (remote_connection_role == CONNECTIONROLE_ACTIVE ||
438 remote_connection_role == CONNECTIONROLE_PASSIVE || 405 remote_connection_role == CONNECTIONROLE_PASSIVE ||
(...skipping 24 matching lines...) Expand all
463 } 430 }
464 431
465 // If local is passive, local will act as server. 432 // If local is passive, local will act as server.
466 } 433 }
467 434
468 *ssl_role = is_remote_server ? rtc::SSL_CLIENT : rtc::SSL_SERVER; 435 *ssl_role = is_remote_server ? rtc::SSL_CLIENT : rtc::SSL_SERVER;
469 return true; 436 return true;
470 } 437 }
471 438
472 } // namespace cricket 439 } // namespace cricket
OLDNEW
« no previous file with comments | « webrtc/p2p/base/jseptransport.h ('k') | webrtc/p2p/base/jseptransport_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698