| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 using rtc::SocketAddress; | 25 using rtc::SocketAddress; |
| 26 | 26 |
| 27 static const char kIceUfrag1[] = "TESTICEUFRAG0001"; | 27 static const char kIceUfrag1[] = "TESTICEUFRAG0001"; |
| 28 static const char kIcePwd1[] = "TESTICEPWD00000000000001"; | 28 static const char kIcePwd1[] = "TESTICEPWD00000000000001"; |
| 29 | 29 |
| 30 static const char kIceUfrag2[] = "TESTICEUFRAG0002"; | 30 static const char kIceUfrag2[] = "TESTICEUFRAG0002"; |
| 31 static const char kIcePwd2[] = "TESTICEPWD00000000000002"; | 31 static const char kIcePwd2[] = "TESTICEPWD00000000000002"; |
| 32 | 32 |
| 33 class JsepTransportTest : public testing::Test, public sigslot::has_slots<> { | 33 class JsepTransportTest : public testing::Test, public sigslot::has_slots<> { |
| 34 public: | 34 public: |
| 35 JsepTransportTest() | 35 JsepTransportTest() { RecreateTransport(); } |
| 36 : transport_(new JsepTransport("test content name", nullptr)) {} | 36 |
| 37 bool SetupChannel() { | 37 bool SetupChannel() { |
| 38 fake_ice_transport_.reset(new FakeIceTransport(transport_->mid(), 1)); | 38 fake_ice_transport_.reset(new FakeIceTransport(transport_->mid(), 1)); |
| 39 fake_dtls_transport_.reset( | 39 fake_dtls_transport_.reset( |
| 40 new FakeDtlsTransport(fake_ice_transport_.get())); | 40 new FakeDtlsTransport(fake_ice_transport_.get())); |
| 41 return transport_->AddChannel(fake_dtls_transport_.get(), 1); | 41 return transport_->AddChannel(fake_dtls_transport_.get(), 1); |
| 42 } | 42 } |
| 43 |
| 43 void DestroyChannel() { transport_->RemoveChannel(1); } | 44 void DestroyChannel() { transport_->RemoveChannel(1); } |
| 44 | 45 |
| 46 void RecreateTransport() { |
| 47 transport_.reset(new JsepTransport("test content name", nullptr)); |
| 48 } |
| 49 |
| 45 protected: | 50 protected: |
| 46 std::unique_ptr<FakeDtlsTransport> fake_dtls_transport_; | 51 std::unique_ptr<FakeDtlsTransport> fake_dtls_transport_; |
| 47 std::unique_ptr<FakeIceTransport> fake_ice_transport_; | 52 std::unique_ptr<FakeIceTransport> fake_ice_transport_; |
| 48 std::unique_ptr<JsepTransport> transport_; | 53 std::unique_ptr<JsepTransport> transport_; |
| 49 }; | 54 }; |
| 50 | 55 |
| 51 // This test verifies channels are created with proper ICE | 56 // This test verifies channels are created with proper ICE |
| 52 // ufrag/password after a transport description is applied. | 57 // ufrag/password after a transport description is applied. |
| 53 TEST_F(JsepTransportTest, TestChannelIceParameters) { | 58 TEST_F(JsepTransportTest, TestChannelIceParameters) { |
| 54 cricket::TransportDescription local_desc(kIceUfrag1, kIcePwd1); | 59 cricket::TransportDescription local_desc(kIceUfrag1, kIcePwd1); |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 160 EXPECT_FALSE(transport_->VerifyCertificateFingerprint( | 165 EXPECT_FALSE(transport_->VerifyCertificateFingerprint( |
| 161 nullptr, good_fingerprint.get(), &error_desc)); | 166 nullptr, good_fingerprint.get(), &error_desc)); |
| 162 | 167 |
| 163 rtc::SSLFingerprint bad_fingerprint = *good_fingerprint; | 168 rtc::SSLFingerprint bad_fingerprint = *good_fingerprint; |
| 164 bad_fingerprint.digest.AppendData("0", 1); | 169 bad_fingerprint.digest.AppendData("0", 1); |
| 165 EXPECT_FALSE(transport_->VerifyCertificateFingerprint( | 170 EXPECT_FALSE(transport_->VerifyCertificateFingerprint( |
| 166 certificate.get(), &bad_fingerprint, &error_desc)); | 171 certificate.get(), &bad_fingerprint, &error_desc)); |
| 167 } | 172 } |
| 168 } | 173 } |
| 169 | 174 |
| 170 // Tests that NegotiateRole sets the SSL role correctly. | 175 // Tests the logic of DTLS role negotiation for an initial offer/answer. |
| 171 TEST_F(JsepTransportTest, TestNegotiateRole) { | 176 TEST_F(JsepTransportTest, DtlsRoleNegotiation) { |
| 177 rtc::scoped_refptr<rtc::RTCCertificate> certificate = |
| 178 rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>( |
| 179 rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA))); |
| 180 std::unique_ptr<rtc::SSLFingerprint> fingerprint( |
| 181 rtc::SSLFingerprint::CreateFromCertificate(certificate)); |
| 182 |
| 172 TransportDescription local_desc(kIceUfrag1, kIcePwd1); | 183 TransportDescription local_desc(kIceUfrag1, kIcePwd1); |
| 173 TransportDescription remote_desc(kIceUfrag2, kIcePwd2); | 184 TransportDescription remote_desc(kIceUfrag2, kIcePwd2); |
| 185 // Just use the same fingerprint in both descriptions; the remote fingerprint |
| 186 // doesn't matter in a non end-to-end test. |
| 187 local_desc.identity_fingerprint.reset( |
| 188 TransportDescription::CopyFingerprint(fingerprint.get())); |
| 189 remote_desc.identity_fingerprint.reset( |
| 190 TransportDescription::CopyFingerprint(fingerprint.get())); |
| 174 | 191 |
| 175 struct NegotiateRoleParams { | 192 struct NegotiateRoleParams { |
| 176 cricket::ConnectionRole local_role; | 193 cricket::ConnectionRole local_role; |
| 177 cricket::ConnectionRole remote_role; | 194 cricket::ConnectionRole remote_role; |
| 178 cricket::ContentAction local_action; | 195 cricket::ContentAction local_action; |
| 179 cricket::ContentAction remote_action; | 196 cricket::ContentAction remote_action; |
| 180 }; | 197 }; |
| 181 | 198 |
| 182 rtc::SSLRole ssl_role; | |
| 183 std::string error_desc; | 199 std::string error_desc; |
| 184 | 200 |
| 185 // Parameters which set the SSL role to SSL_CLIENT. | 201 // Parameters which set the SSL role to SSL_CLIENT. |
| 186 NegotiateRoleParams valid_client_params[] = { | 202 NegotiateRoleParams valid_client_params[] = { |
| 187 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTPASS, | 203 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTPASS, |
| 188 cricket::CA_ANSWER, cricket::CA_OFFER}, | 204 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| 189 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTPASS, | 205 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTPASS, |
| 190 cricket::CA_PRANSWER, cricket::CA_OFFER}, | 206 cricket::CA_PRANSWER, cricket::CA_OFFER}, |
| 191 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_PASSIVE, | 207 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_PASSIVE, |
| 192 cricket::CA_OFFER, cricket::CA_ANSWER}, | 208 cricket::CA_OFFER, cricket::CA_ANSWER}, |
| 193 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_PASSIVE, | 209 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_PASSIVE, |
| 194 cricket::CA_OFFER, cricket::CA_PRANSWER}}; | 210 cricket::CA_OFFER, cricket::CA_PRANSWER}}; |
| 195 | 211 |
| 196 for (auto& param : valid_client_params) { | 212 for (auto& param : valid_client_params) { |
| 213 RecreateTransport(); |
| 214 transport_->SetLocalCertificate(certificate); |
| 215 |
| 197 local_desc.connection_role = param.local_role; | 216 local_desc.connection_role = param.local_role; |
| 198 remote_desc.connection_role = param.remote_role; | 217 remote_desc.connection_role = param.remote_role; |
| 199 | 218 |
| 200 ASSERT_TRUE(transport_->SetRemoteTransportDescription( | 219 // Set the offer first. |
| 201 remote_desc, param.remote_action, nullptr)); | 220 if (param.local_action == cricket::CA_OFFER) { |
| 202 ASSERT_TRUE(transport_->SetLocalTransportDescription( | 221 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 203 local_desc, param.local_action, nullptr)); | 222 local_desc, param.local_action, nullptr)); |
| 204 EXPECT_TRUE( | 223 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 205 transport_->NegotiateRole(param.local_action, &ssl_role, &error_desc)); | 224 remote_desc, param.remote_action, nullptr)); |
| 206 EXPECT_EQ(rtc::SSL_CLIENT, ssl_role); | 225 } else { |
| 226 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 227 remote_desc, param.remote_action, nullptr)); |
| 228 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 229 local_desc, param.local_action, nullptr)); |
| 230 } |
| 231 EXPECT_EQ(rtc::SSL_CLIENT, *transport_->GetSslRole()); |
| 207 } | 232 } |
| 208 | 233 |
| 209 // Parameters which set the SSL role to SSL_SERVER. | 234 // Parameters which set the SSL role to SSL_SERVER. |
| 210 NegotiateRoleParams valid_server_params[] = { | 235 NegotiateRoleParams valid_server_params[] = { |
| 211 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, | 236 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, |
| 212 cricket::CA_ANSWER, cricket::CA_OFFER}, | 237 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| 213 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, | 238 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, |
| 214 cricket::CA_PRANSWER, cricket::CA_OFFER}, | 239 cricket::CA_PRANSWER, cricket::CA_OFFER}, |
| 215 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE, | 240 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE, |
| 216 cricket::CA_OFFER, cricket::CA_ANSWER}, | 241 cricket::CA_OFFER, cricket::CA_ANSWER}, |
| 217 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE, | 242 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTIVE, |
| 218 cricket::CA_OFFER, cricket::CA_PRANSWER}}; | 243 cricket::CA_OFFER, cricket::CA_PRANSWER}}; |
| 219 | 244 |
| 220 for (auto& param : valid_server_params) { | 245 for (auto& param : valid_server_params) { |
| 246 RecreateTransport(); |
| 247 transport_->SetLocalCertificate(certificate); |
| 248 |
| 221 local_desc.connection_role = param.local_role; | 249 local_desc.connection_role = param.local_role; |
| 222 remote_desc.connection_role = param.remote_role; | 250 remote_desc.connection_role = param.remote_role; |
| 223 | 251 |
| 224 ASSERT_TRUE(transport_->SetRemoteTransportDescription( | 252 // Set the offer first. |
| 225 remote_desc, param.remote_action, nullptr)); | 253 if (param.local_action == cricket::CA_OFFER) { |
| 226 ASSERT_TRUE(transport_->SetLocalTransportDescription( | 254 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 227 local_desc, param.local_action, nullptr)); | 255 local_desc, param.local_action, nullptr)); |
| 228 EXPECT_TRUE( | 256 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 229 transport_->NegotiateRole(param.local_action, &ssl_role, &error_desc)); | 257 remote_desc, param.remote_action, nullptr)); |
| 230 EXPECT_EQ(rtc::SSL_SERVER, ssl_role); | 258 } else { |
| 259 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 260 remote_desc, param.remote_action, nullptr)); |
| 261 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 262 local_desc, param.local_action, nullptr)); |
| 263 } |
| 264 EXPECT_EQ(rtc::SSL_SERVER, *transport_->GetSslRole()); |
| 231 } | 265 } |
| 232 | 266 |
| 233 // Invalid parameters due to both peers having a duplicate role. | 267 // Invalid parameters due to both peers having a duplicate role. |
| 234 NegotiateRoleParams duplicate_params[] = { | 268 NegotiateRoleParams duplicate_params[] = { |
| 235 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTIVE, | 269 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTIVE, |
| 236 cricket::CA_ANSWER, cricket::CA_OFFER}, | 270 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| 237 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTPASS, | 271 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTPASS, |
| 238 cricket::CA_ANSWER, cricket::CA_OFFER}, | 272 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| 239 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_PASSIVE, | 273 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_PASSIVE, |
| 240 cricket::CA_ANSWER, cricket::CA_OFFER}, | 274 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| (...skipping 10 matching lines...) Expand all Loading... |
| 251 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_PASSIVE, | 285 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_PASSIVE, |
| 252 cricket::CA_OFFER, cricket::CA_ANSWER}, | 286 cricket::CA_OFFER, cricket::CA_ANSWER}, |
| 253 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTIVE, | 287 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_ACTIVE, |
| 254 cricket::CA_OFFER, cricket::CA_PRANSWER}, | 288 cricket::CA_OFFER, cricket::CA_PRANSWER}, |
| 255 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTPASS, | 289 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_ACTPASS, |
| 256 cricket::CA_OFFER, cricket::CA_PRANSWER}, | 290 cricket::CA_OFFER, cricket::CA_PRANSWER}, |
| 257 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_PASSIVE, | 291 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_PASSIVE, |
| 258 cricket::CA_OFFER, cricket::CA_PRANSWER}}; | 292 cricket::CA_OFFER, cricket::CA_PRANSWER}}; |
| 259 | 293 |
| 260 for (auto& param : duplicate_params) { | 294 for (auto& param : duplicate_params) { |
| 295 RecreateTransport(); |
| 296 transport_->SetLocalCertificate(certificate); |
| 297 |
| 261 local_desc.connection_role = param.local_role; | 298 local_desc.connection_role = param.local_role; |
| 262 remote_desc.connection_role = param.remote_role; | 299 remote_desc.connection_role = param.remote_role; |
| 263 | 300 |
| 264 ASSERT_TRUE(transport_->SetRemoteTransportDescription( | 301 // Set the offer first. |
| 265 remote_desc, param.remote_action, nullptr)); | 302 if (param.local_action == cricket::CA_OFFER) { |
| 266 ASSERT_TRUE(transport_->SetLocalTransportDescription( | 303 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 267 local_desc, param.local_action, nullptr)); | 304 local_desc, param.local_action, nullptr)); |
| 268 EXPECT_FALSE( | 305 EXPECT_FALSE(transport_->SetRemoteTransportDescription( |
| 269 transport_->NegotiateRole(param.local_action, &ssl_role, &error_desc)); | 306 remote_desc, param.remote_action, nullptr)); |
| 307 } else { |
| 308 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 309 remote_desc, param.remote_action, nullptr)); |
| 310 EXPECT_FALSE(transport_->SetLocalTransportDescription( |
| 311 local_desc, param.local_action, nullptr)); |
| 312 } |
| 270 } | 313 } |
| 271 | 314 |
| 272 // Invalid parameters due to the offerer not using ACTPASS. | 315 // Invalid parameters due to the offerer not using ACTPASS. |
| 273 NegotiateRoleParams offerer_without_actpass_params[] = { | 316 NegotiateRoleParams offerer_without_actpass_params[] = { |
| 274 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_PASSIVE, | 317 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_PASSIVE, |
| 275 cricket::CA_ANSWER, cricket::CA_OFFER}, | 318 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| 276 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTIVE, | 319 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTIVE, |
| 277 cricket::CA_ANSWER, cricket::CA_OFFER}, | 320 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| 278 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_PASSIVE, | 321 {cricket::CONNECTIONROLE_ACTPASS, cricket::CONNECTIONROLE_PASSIVE, |
| 279 cricket::CA_ANSWER, cricket::CA_OFFER}, | 322 cricket::CA_ANSWER, cricket::CA_OFFER}, |
| (...skipping 10 matching lines...) Expand all Loading... |
| 290 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, | 333 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, |
| 291 cricket::CA_OFFER, cricket::CA_ANSWER}, | 334 cricket::CA_OFFER, cricket::CA_ANSWER}, |
| 292 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_PASSIVE, | 335 {cricket::CONNECTIONROLE_ACTIVE, cricket::CONNECTIONROLE_PASSIVE, |
| 293 cricket::CA_OFFER, cricket::CA_PRANSWER}, | 336 cricket::CA_OFFER, cricket::CA_PRANSWER}, |
| 294 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTIVE, | 337 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTIVE, |
| 295 cricket::CA_OFFER, cricket::CA_PRANSWER}, | 338 cricket::CA_OFFER, cricket::CA_PRANSWER}, |
| 296 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, | 339 {cricket::CONNECTIONROLE_PASSIVE, cricket::CONNECTIONROLE_ACTPASS, |
| 297 cricket::CA_OFFER, cricket::CA_PRANSWER}}; | 340 cricket::CA_OFFER, cricket::CA_PRANSWER}}; |
| 298 | 341 |
| 299 for (auto& param : offerer_without_actpass_params) { | 342 for (auto& param : offerer_without_actpass_params) { |
| 343 RecreateTransport(); |
| 344 transport_->SetLocalCertificate(certificate); |
| 345 |
| 300 local_desc.connection_role = param.local_role; | 346 local_desc.connection_role = param.local_role; |
| 301 remote_desc.connection_role = param.remote_role; | 347 remote_desc.connection_role = param.remote_role; |
| 302 | 348 |
| 303 ASSERT_TRUE(transport_->SetRemoteTransportDescription( | 349 // Set the offer first. |
| 304 remote_desc, param.remote_action, nullptr)); | 350 // TODO(deadbeef): Really this should fail as soon as the offer is |
| 305 ASSERT_TRUE(transport_->SetLocalTransportDescription( | 351 // attempted to be applied, and not when the answer is applied. |
| 306 local_desc, param.local_action, nullptr)); | 352 if (param.local_action == cricket::CA_OFFER) { |
| 307 EXPECT_FALSE( | 353 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 308 transport_->NegotiateRole(param.local_action, &ssl_role, &error_desc)); | 354 local_desc, param.local_action, nullptr)); |
| 355 EXPECT_FALSE(transport_->SetRemoteTransportDescription( |
| 356 remote_desc, param.remote_action, nullptr)); |
| 357 } else { |
| 358 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 359 remote_desc, param.remote_action, nullptr)); |
| 360 EXPECT_FALSE(transport_->SetLocalTransportDescription( |
| 361 local_desc, param.local_action, nullptr)); |
| 362 } |
| 309 } | 363 } |
| 310 } | 364 } |
| 365 |
| 366 // Test that a remote offer with the current negotiated role can be accepted. |
| 367 // This is allowed by dtls-sdp, though we'll never generate such an offer, |
| 368 // since JSEP requires generating "actpass". |
| 369 TEST_F(JsepTransportTest, RemoteOfferWithCurrentNegotiatedDtlsRole) { |
| 370 rtc::scoped_refptr<rtc::RTCCertificate> certificate = |
| 371 rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>( |
| 372 rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA))); |
| 373 std::unique_ptr<rtc::SSLFingerprint> fingerprint( |
| 374 rtc::SSLFingerprint::CreateFromCertificate(certificate)); |
| 375 transport_->SetLocalCertificate(certificate); |
| 376 |
| 377 TransportDescription local_desc(kIceUfrag1, kIcePwd1); |
| 378 TransportDescription remote_desc(kIceUfrag2, kIcePwd2); |
| 379 // Just use the same fingerprint in both descriptions; the remote fingerprint |
| 380 // doesn't matter in a non end-to-end test. |
| 381 local_desc.identity_fingerprint.reset( |
| 382 TransportDescription::CopyFingerprint(fingerprint.get())); |
| 383 remote_desc.identity_fingerprint.reset( |
| 384 TransportDescription::CopyFingerprint(fingerprint.get())); |
| 385 |
| 386 remote_desc.connection_role = cricket::CONNECTIONROLE_ACTPASS; |
| 387 local_desc.connection_role = cricket::CONNECTIONROLE_ACTIVE; |
| 388 |
| 389 // Normal initial offer/answer with "actpass" in the offer and "active" in |
| 390 // the answer. |
| 391 ASSERT_TRUE(transport_->SetRemoteTransportDescription( |
| 392 remote_desc, cricket::CA_OFFER, nullptr)); |
| 393 ASSERT_TRUE(transport_->SetLocalTransportDescription( |
| 394 local_desc, cricket::CA_ANSWER, nullptr)); |
| 395 |
| 396 // Sanity check that role was actually negotiated. |
| 397 rtc::Optional<rtc::SSLRole> role = transport_->GetSslRole(); |
| 398 ASSERT_TRUE(role); |
| 399 EXPECT_EQ(rtc::SSL_CLIENT, *role); |
| 400 |
| 401 // Subsequent offer with current negotiated role of "passive". |
| 402 remote_desc.connection_role = cricket::CONNECTIONROLE_PASSIVE; |
| 403 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 404 remote_desc, cricket::CA_OFFER, nullptr)); |
| 405 EXPECT_TRUE(transport_->SetLocalTransportDescription( |
| 406 local_desc, cricket::CA_ANSWER, nullptr)); |
| 407 } |
| 408 |
| 409 // Test that a remote offer with the inverse of the current negotiated DTLS |
| 410 // role is rejected. |
| 411 TEST_F(JsepTransportTest, RemoteOfferThatChangesNegotiatedDtlsRole) { |
| 412 rtc::scoped_refptr<rtc::RTCCertificate> certificate = |
| 413 rtc::RTCCertificate::Create(std::unique_ptr<rtc::SSLIdentity>( |
| 414 rtc::SSLIdentity::Generate("testing", rtc::KT_ECDSA))); |
| 415 std::unique_ptr<rtc::SSLFingerprint> fingerprint( |
| 416 rtc::SSLFingerprint::CreateFromCertificate(certificate)); |
| 417 transport_->SetLocalCertificate(certificate); |
| 418 |
| 419 TransportDescription local_desc(kIceUfrag1, kIcePwd1); |
| 420 TransportDescription remote_desc(kIceUfrag2, kIcePwd2); |
| 421 // Just use the same fingerprint in both descriptions; the remote fingerprint |
| 422 // doesn't matter in a non end-to-end test. |
| 423 local_desc.identity_fingerprint.reset( |
| 424 TransportDescription::CopyFingerprint(fingerprint.get())); |
| 425 remote_desc.identity_fingerprint.reset( |
| 426 TransportDescription::CopyFingerprint(fingerprint.get())); |
| 427 |
| 428 remote_desc.connection_role = cricket::CONNECTIONROLE_ACTPASS; |
| 429 local_desc.connection_role = cricket::CONNECTIONROLE_ACTIVE; |
| 430 |
| 431 // Normal initial offer/answer with "actpass" in the offer and "active" in |
| 432 // the answer. |
| 433 ASSERT_TRUE(transport_->SetRemoteTransportDescription( |
| 434 remote_desc, cricket::CA_OFFER, nullptr)); |
| 435 ASSERT_TRUE(transport_->SetLocalTransportDescription( |
| 436 local_desc, cricket::CA_ANSWER, nullptr)); |
| 437 |
| 438 // Sanity check that role was actually negotiated. |
| 439 rtc::Optional<rtc::SSLRole> role = transport_->GetSslRole(); |
| 440 ASSERT_TRUE(role); |
| 441 EXPECT_EQ(rtc::SSL_CLIENT, *role); |
| 442 |
| 443 // Subsequent offer with "active", which is the opposite of the remote |
| 444 // endpoint's negotiated role. |
| 445 // TODO(deadbeef): Really this should fail as soon as the offer is |
| 446 // attempted to be applied, and not when the answer is applied. |
| 447 remote_desc.connection_role = cricket::CONNECTIONROLE_ACTIVE; |
| 448 EXPECT_TRUE(transport_->SetRemoteTransportDescription( |
| 449 remote_desc, cricket::CA_OFFER, nullptr)); |
| 450 EXPECT_FALSE(transport_->SetLocalTransportDescription( |
| 451 local_desc, cricket::CA_ANSWER, nullptr)); |
| 452 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2770903003:
Accept remote offers with current DTLS role, rather than "actpass". (Closed)
