Measure usage of fingerprints with SHA-1 certificates

at time of connect. This may allow deprecating SHA-1 which is no longer used by browsers and not supported by the JS API. BUG=None Change-Id: Iae1d800a61d46e0dcdb622ccb009acc6fb7db53f Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/327540 Commit-Queue: Philipp Hancke <phancke@microsoft.com> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Reviewed-by: Johannes Kron <kron@webrtc.org> Cr-Commit-Position: refs/heads/main@{#41187}
2023-11-15 15:23:06 +01:00 · 2023-11-15 15:23:06 +01:00 · 0967247662
commit 0967247662
parent 4e1e5eae9e
1 changed files with 16 additions and 6 deletions
--- a/pc/peer_connection.cc
+++ b/pc/peer_connection.cc
@ -2032,13 +2032,13 @@ void PeerConnection::ReportFirstConnectUsageMetrics() {
  RTC_HISTOGRAM_ENUMERATION("WebRTC.PeerConnection.ProvisionalAnswer", pranswer,
                            kProvisionalAnswerMax);

-  // Record the number of valid / invalid ice-ufrag. We do allow certain
-  // non-spec ice-char for backward-compat reasons. At this point we know
-  // that the ufrag/pwd consists of a valid ice-char or one of the four
-  // not allowed characters since we have passed the IsIceChar check done
-  // by the p2p transport description on setRemoteDescription calls.
  auto transport_infos = remote_description()->description()->transport_infos();
-  if (transport_infos.size() > 0) {
+  if (!transport_infos.empty()) {
+    // Record the number of valid / invalid ice-ufrag. We do allow certain
+    // non-spec ice-char for backward-compat reasons. At this point we know
+    // that the ufrag/pwd consists of a valid ice-char or one of the four
+    // not allowed characters since we have passed the IsIceChar check done
+    // by the p2p transport description on setRemoteDescription calls.
    auto ice_parameters = transport_infos[0].description.GetIceParameters();
    auto is_invalid_char = [](char c) {
      return c == '-' || c == '=' || c == '#' || c == '_';
@ -2050,6 +2050,16 @@ void PeerConnection::ReportFirstConnectUsageMetrics() {
    RTC_HISTOGRAM_BOOLEAN(
        "WebRTC.PeerConnection.ValidIceChars",
        !(isUsingInvalidIceCharInUfrag || isUsingInvalidIceCharInPwd));
+
+    // Record whether the hash algorithm of the first transport's
+    // DTLS fingerprint is still using SHA-1.
+    if (transport_infos[0].description.identity_fingerprint) {
+      RTC_HISTOGRAM_BOOLEAN(
+          "WebRTC.PeerConnection.DtlsFingerprintLegacySha1",
+          absl::EqualsIgnoreCase(
+              transport_infos[0].description.identity_fingerprint->algorithm,
+              "sha-1"));
+    }
  }

  // Record RtcpMuxPolicy setting.