admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Expose SSL ciphersuite on the webrtc::DtlsTransport interface

Browse Source 
This allows the ciphersuite to be accessed from Blink code, which is
useful if we want to emit deprecation messages.

Bug: none
Change-Id: Idcf1f5402948406e4cf7c6e54b67a622a1a403ec
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/132004
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27581}
This commit is contained in:
Harald Alvestrand 2019-04-11 13:37:41 +02:00 committed by Commit Bot
parent fa0e03788c
commit 114871b1ba
5 changed files with 47 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/dtls_transport_interface.cc
View File

@ -20,13 +20,16 @@ DtlsTransportInformation::DtlsTransportInformation(DtlsTransportState state)
DtlsTransportInformation::DtlsTransportInformation(
DtlsTransportState state,
absl::optional<int> ssl_cipher_suite,
std::unique_ptr<rtc::SSLCertChain> remote_ssl_certificates)
: state_(state),
ssl_cipher_suite_(ssl_cipher_suite),
remote_ssl_certificates_(std::move(remote_ssl_certificates)) {}
DtlsTransportInformation::DtlsTransportInformation(
const DtlsTransportInformation& c)
: state_(c.state()),
ssl_cipher_suite_(c.ssl_cipher_suite_),
remote_ssl_certificates_(c.remote_ssl_certificates()
? c.remote_ssl_certificates()->Clone()
: nullptr) {}
@ -34,6 +37,7 @@ DtlsTransportInformation::DtlsTransportInformation(
DtlsTransportInformation& DtlsTransportInformation::operator=(
const DtlsTransportInformation& c) {
state_ = c.state();
ssl_cipher_suite_ = c.ssl_cipher_suite_;
remote_ssl_certificates_ = c.remote_ssl_certificates()
? c.remote_ssl_certificates()->Clone()
: nullptr;

4
api/dtls_transport_interface.h
View File

@ -14,6 +14,7 @@
#include <memory>
#include <utility>
#include "absl/types/optional.h"
#include "api/ice_transport_interface.h"
#include "api/rtc_error.h"
#include "api/scoped_refptr.h"
@ -42,6 +43,7 @@ class DtlsTransportInformation {
explicit DtlsTransportInformation(DtlsTransportState state);
DtlsTransportInformation(
DtlsTransportState state,
absl::optional<int> ssl_cipher_suite,
std::unique_ptr<rtc::SSLCertChain> remote_ssl_certificates);
// Copy and assign
DtlsTransportInformation(const DtlsTransportInformation& c);
@ -52,6 +54,7 @@ class DtlsTransportInformation {
default;
DtlsTransportState state() const { return state_; }
absl::optional<int> ssl_cipher_suite() const { return ssl_cipher_suite_; }
// The accessor returns a temporary pointer, it does not release ownership.
const rtc::SSLCertChain* remote_ssl_certificates() const {
return remote_ssl_certificates_.get();
@ -59,6 +62,7 @@ class DtlsTransportInformation {
private:
DtlsTransportState state_;
absl::optional<int> ssl_cipher_suite_;
std::unique_ptr<rtc::SSLCertChain> remote_ssl_certificates_;
};

13
p2p/base/fake_dtls_transport.h
View File

@ -177,7 +177,17 @@ class FakeDtlsTransport : public DtlsTransportInternal {
return true;
}
void SetSrtpCryptoSuite(int crypto_suite) { crypto_suite_ = crypto_suite; }
bool GetSslCipherSuite(int* cipher_suite) override { return false; }
bool GetSslCipherSuite(int* cipher_suite) override {
if (ssl_cipher_suite_) {
*cipher_suite = *ssl_cipher_suite_;
return true;
}
return false;
}
void SetSslCipherSuite(absl::optional<int> cipher_suite) {
ssl_cipher_suite_ = cipher_suite;
}
rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override {
return local_cert_;
}
@ -278,6 +288,7 @@ class FakeDtlsTransport : public DtlsTransportInternal {
rtc::SSLFingerprint dtls_fingerprint_;
absl::optional<rtc::SSLRole> dtls_role_;
int crypto_suite_ = rtc::SRTP_AES128_CM_SHA1_80;
absl::optional<int> ssl_cipher_suite_;
webrtc::CryptoOptions crypto_options_;
DtlsTransportState dtls_state_ = DTLS_TRANSPORT_NEW;

14
pc/dtls_transport.cc
View File

@ -118,9 +118,17 @@ void DtlsTransport::UpdateInformation() {
if (internal_dtls_transport_) {
if (internal_dtls_transport_->dtls_state() ==
cricket::DTLS_TRANSPORT_CONNECTED) {
info_ = DtlsTransportInformation(
TranslateState(internal_dtls_transport_->dtls_state()),
internal_dtls_transport_->GetRemoteSSLCertChain());
int ssl_cipher_suite;
if (internal_dtls_transport_->GetSslCipherSuite(&ssl_cipher_suite)) {
info_ = DtlsTransportInformation(
TranslateState(internal_dtls_transport_->dtls_state()),
ssl_cipher_suite,
internal_dtls_transport_->GetRemoteSSLCertChain());
} else {
info_ = DtlsTransportInformation(
TranslateState(internal_dtls_transport_->dtls_state()),
absl::nullopt, internal_dtls_transport_->GetRemoteSSLCertChain());
}
} else {
info_ = DtlsTransportInformation(
TranslateState(internal_dtls_transport_->dtls_state()));

16
pc/dtls_transport_unittest.cc
View File

@ -20,6 +20,7 @@
#include "test/gtest.h"
constexpr int kDefaultTimeout = 1000; // milliseconds
constexpr int kNonsenseCipherSuite = 1234;
using cricket::FakeDtlsTransport;
using ::testing::ElementsAre;
@ -60,6 +61,7 @@ class DtlsTransportTest : public ::testing::Test {
if (certificate) {
cricket_transport->SetRemoteSSLCertificate(certificate);
}
cricket_transport->SetSslCipherSuite(kNonsenseCipherSuite);
transport_ =
new rtc::RefCountedObject<DtlsTransport>(std::move(cricket_transport));
}
@ -142,4 +144,18 @@ TEST_F(DtlsTransportTest, CertificateDisappearsOnClose) {
EXPECT_FALSE(observer_.info_.remote_ssl_certificates());
}
TEST_F(DtlsTransportTest, CipherSuiteVisibleWhenConnected) {
CreateTransport();
transport()->RegisterObserver(observer());
CompleteDtlsHandshake();
ASSERT_TRUE_WAIT(observer_.state() == DtlsTransportState::kConnected,
kDefaultTimeout);
ASSERT_TRUE(observer_.info_.ssl_cipher_suite());
EXPECT_EQ(kNonsenseCipherSuite, *observer_.info_.ssl_cipher_suite());
transport()->Clear();
ASSERT_TRUE_WAIT(observer_.state() == DtlsTransportState::kClosed,
kDefaultTimeout);
EXPECT_FALSE(observer_.info_.ssl_cipher_suite());
}
} // namespace webrtc