Replacing SSLIdentity* with scoped_refptr<RTCCertificate> in the cricket::TransportDescriptionFactory layers.

Updates TransportDescriptionFactory, calls and unittests. BUG=webrtc:4927 R=tommi@webrtc.org, torbjorng@webrtc.org Review URL: https://codereview.webrtc.org/1311903004 . Cr-Commit-Position: refs/heads/master@{#9815}
2015-08-31 09:27:58 +02:00 · 2015-08-31 09:27:58 +02:00 · 3a14bf311f
commit 3a14bf311f
parent a6cba3ab5c
6 changed files with 52 additions and 38 deletions
--- a/talk/app/webrtc/webrtcsession_unittest.cc
+++ b/talk/app/webrtc/webrtcsession_unittest.cc
@ -562,8 +562,9 @@ class WebRtcSessionTest
    std::string identity_name = "WebRTC" +
        rtc::ToString(rtc::CreateRandomId());
    // Confirmed to work with KT_RSA and KT_ECDSA.
-    identity_.reset(rtc::SSLIdentity::Generate(identity_name, rtc::KT_DEFAULT));
-    tdesc_factory_->set_identity(identity_.get());
+    tdesc_factory_->set_certificate(rtc::RTCCertificate::Create(
+        rtc::scoped_ptr<rtc::SSLIdentity>(rtc::SSLIdentity::Generate(
+            identity_name, rtc::KT_DEFAULT)).Pass()));
    tdesc_factory_->set_secure(cricket::SEC_REQUIRED);
  }

@ -1274,7 +1275,6 @@ class WebRtcSessionTest
  cricket::FakeDeviceManager* device_manager_;
  rtc::scoped_ptr<cricket::ChannelManager> channel_manager_;
  rtc::scoped_ptr<cricket::TransportDescriptionFactory> tdesc_factory_;
-  rtc::scoped_ptr<rtc::SSLIdentity> identity_;
  rtc::scoped_ptr<cricket::MediaSessionDescriptionFactory> desc_factory_;
  rtc::scoped_ptr<rtc::PhysicalSocketServer> pss_;
  rtc::scoped_ptr<rtc::VirtualSocketServer> vss_;
--- a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
+++ b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
@ -255,7 +255,7 @@ WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() {
    }
  }

-  transport_desc_factory_.set_identity(NULL);
+  transport_desc_factory_.set_certificate(nullptr);
 }

 void WebRtcSessionDescriptionFactory::CreateOffer(
@ -522,8 +522,7 @@ void WebRtcSessionDescriptionFactory::SetCertificate(
  certificate_request_state_ = CERTIFICATE_SUCCEEDED;
  SignalCertificateReady(certificate);

-  // TODO(hbos): set_certificate
-  transport_desc_factory_.set_identity(certificate->identity());
+  transport_desc_factory_.set_certificate(certificate);
  transport_desc_factory_.set_secure(cricket::SEC_ENABLED);

  while (!create_session_description_requests_.empty()) {
--- a/talk/session/media/mediasession_unittest.cc
+++ b/talk/session/media/mediasession_unittest.cc
@ -226,15 +226,20 @@ static std::vector<std::string> GetCodecNames(const std::vector<T>& codecs) {
 class MediaSessionDescriptionFactoryTest : public testing::Test {
 public:
  MediaSessionDescriptionFactoryTest()
-      : f1_(&tdf1_), f2_(&tdf2_), id1_("id1"), id2_("id2") {
+      : f1_(&tdf1_),
+        f2_(&tdf2_) {
    f1_.set_audio_codecs(MAKE_VECTOR(kAudioCodecs1));
    f1_.set_video_codecs(MAKE_VECTOR(kVideoCodecs1));
    f1_.set_data_codecs(MAKE_VECTOR(kDataCodecs1));
    f2_.set_audio_codecs(MAKE_VECTOR(kAudioCodecs2));
    f2_.set_video_codecs(MAKE_VECTOR(kVideoCodecs2));
    f2_.set_data_codecs(MAKE_VECTOR(kDataCodecs2));
-    tdf1_.set_identity(&id1_);
-    tdf2_.set_identity(&id2_);
+    tdf1_.set_certificate(rtc::RTCCertificate::Create(
+        rtc::scoped_ptr<rtc::SSLIdentity>(
+            new rtc::FakeSSLIdentity("id1")).Pass()));
+    tdf2_.set_certificate(rtc::RTCCertificate::Create(
+        rtc::scoped_ptr<rtc::SSLIdentity>(
+            new rtc::FakeSSLIdentity("id2")).Pass()));
  }

  // Create a video StreamParamsVec object with:
@ -470,8 +475,6 @@ class MediaSessionDescriptionFactoryTest : public testing::Test {
  MediaSessionDescriptionFactory f2_;
  TransportDescriptionFactory tdf1_;
  TransportDescriptionFactory tdf2_;
-  rtc::FakeSSLIdentity id1_;
-  rtc::FakeSSLIdentity id2_;
 };

 // Create a typical audio offer, and ensure it matches what we expect.
--- a/webrtc/p2p/base/transportdescriptionfactory.cc
+++ b/webrtc/p2p/base/transportdescriptionfactory.cc
@ -20,8 +20,7 @@
 namespace cricket {

 TransportDescriptionFactory::TransportDescriptionFactory()
-    : secure_(SEC_DISABLED),
-      identity_(NULL) {
+    : secure_(SEC_DISABLED) {
 }

 TransportDescription* TransportDescriptionFactory::CreateOffer(
@ -97,8 +96,8 @@ TransportDescription* TransportDescriptionFactory::CreateAnswer(

 bool TransportDescriptionFactory::SetSecurityInfo(
    TransportDescription* desc, ConnectionRole role) const {
-  if (!identity_) {
-    LOG(LS_ERROR) << "Cannot create identity digest with no identity";
+  if (!certificate_) {
+    LOG(LS_ERROR) << "Cannot create identity digest with no certificate";
    return false;
  }

@ -106,13 +105,14 @@ bool TransportDescriptionFactory::SetSecurityInfo(
  // RFC 4572 Section 5 requires that those lines use the same hash function as
  // the certificate's signature.
  std::string digest_alg;
-  if (!identity_->certificate().GetSignatureDigestAlgorithm(&digest_alg)) {
+  if (!certificate_->ssl_certificate().GetSignatureDigestAlgorithm(
+          &digest_alg)) {
    LOG(LS_ERROR) << "Failed to retrieve the certificate's digest algorithm";
    return false;
  }

  desc->identity_fingerprint.reset(
-      rtc::SSLFingerprint::Create(digest_alg, identity_));
+      rtc::SSLFingerprint::Create(digest_alg, certificate_->identity()));
  if (!desc->identity_fingerprint.get()) {
    LOG(LS_ERROR) << "Failed to create identity fingerprint, alg="
                  << digest_alg;
--- a/webrtc/p2p/base/transportdescriptionfactory.h
+++ b/webrtc/p2p/base/transportdescriptionfactory.h
@ -11,6 +11,7 @@
 #ifndef WEBRTC_P2P_BASE_TRANSPORTDESCRIPTIONFACTORY_H_
 #define WEBRTC_P2P_BASE_TRANSPORTDESCRIPTIONFACTORY_H_

+#include "webrtc/base/rtccertificate.h"
 #include "webrtc/p2p/base/transportdescription.h"

 namespace rtc {
@ -33,13 +34,18 @@ class TransportDescriptionFactory {
  // Default ctor; use methods below to set configuration.
  TransportDescriptionFactory();
  SecurePolicy secure() const { return secure_; }
-  // The identity to use when setting up DTLS.
-  rtc::SSLIdentity* identity() const { return identity_; }
+  // The certificate to use when setting up DTLS.
+  const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() const {
+    return certificate_;
+  }

  // Specifies the transport security policy to use.
  void set_secure(SecurePolicy s) { secure_ = s; }
-  // Specifies the identity to use (only used when secure is not SEC_DISABLED).
-  void set_identity(rtc::SSLIdentity* identity) { identity_ = identity; }
+  // Specifies the certificate to use (only used when secure != SEC_DISABLED).
+  void set_certificate(
+      const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
+    certificate_ = certificate;
+  }

  // Creates a transport description suitable for use in an offer.
  TransportDescription* CreateOffer(const TransportOptions& options,
@ -55,7 +61,7 @@ class TransportDescriptionFactory {
                       ConnectionRole role) const;

  SecurePolicy secure_;
-  rtc::SSLIdentity* identity_;
+  rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
 };

 }  // namespace cricket
--- a/webrtc/p2p/base/transportdescriptionfactory_unittest.cc
+++ b/webrtc/p2p/base/transportdescriptionfactory_unittest.cc
@ -26,8 +26,10 @@ using cricket::TransportOptions;
 class TransportDescriptionFactoryTest : public testing::Test {
 public:
  TransportDescriptionFactoryTest()
-      : id1_(new rtc::FakeSSLIdentity("User1")),
-        id2_(new rtc::FakeSSLIdentity("User2")) {
+      : cert1_(rtc::RTCCertificate::Create(scoped_ptr<rtc::SSLIdentity>(
+          new rtc::FakeSSLIdentity("User1")).Pass())),
+        cert2_(rtc::RTCCertificate::Create(scoped_ptr<rtc::SSLIdentity>(
+          new rtc::FakeSSLIdentity("User2")).Pass())) {
  }

  void CheckDesc(const TransportDescription* desc,
@ -61,8 +63,8 @@ class TransportDescriptionFactoryTest : public testing::Test {
    if (dtls) {
      f1_.set_secure(cricket::SEC_ENABLED);
      f2_.set_secure(cricket::SEC_ENABLED);
-      f1_.set_identity(id1_.get());
-      f2_.set_identity(id2_.get());
+      f1_.set_certificate(cert1_);
+      f2_.set_certificate(cert2_);
    } else {
      f1_.set_secure(cricket::SEC_DISABLED);
      f2_.set_secure(cricket::SEC_DISABLED);
@ -113,8 +115,9 @@ class TransportDescriptionFactoryTest : public testing::Test {
 protected:
  TransportDescriptionFactory f1_;
  TransportDescriptionFactory f2_;
-  scoped_ptr<rtc::SSLIdentity> id1_;
-  scoped_ptr<rtc::SSLIdentity> id2_;
+
+  rtc::scoped_refptr<rtc::RTCCertificate> cert1_;
+  rtc::scoped_refptr<rtc::RTCCertificate> cert2_;
 };

 TEST_F(TransportDescriptionFactoryTest, TestOfferDefault) {
@ -125,9 +128,10 @@ TEST_F(TransportDescriptionFactoryTest, TestOfferDefault) {

 TEST_F(TransportDescriptionFactoryTest, TestOfferDtls) {
  f1_.set_secure(cricket::SEC_ENABLED);
-  f1_.set_identity(id1_.get());
+  f1_.set_certificate(cert1_);
  std::string digest_alg;
-  ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg));
+  ASSERT_TRUE(cert1_->ssl_certificate().GetSignatureDigestAlgorithm(
+      &digest_alg));
  scoped_ptr<TransportDescription> desc(f1_.CreateOffer(
      TransportOptions(), NULL));
  CheckDesc(desc.get(), "", "", "", digest_alg);
@ -149,9 +153,10 @@ TEST_F(TransportDescriptionFactoryTest, TestOfferDtlsWithNoIdentity) {
 // The ICE credentials should stay the same in the new offer.
 TEST_F(TransportDescriptionFactoryTest, TestOfferDtlsReofferDtls) {
  f1_.set_secure(cricket::SEC_ENABLED);
-  f1_.set_identity(id1_.get());
+  f1_.set_certificate(cert1_);
  std::string digest_alg;
-  ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg));
+  ASSERT_TRUE(cert1_->ssl_certificate().GetSignatureDigestAlgorithm(
+      &digest_alg));
  scoped_ptr<TransportDescription> old_desc(f1_.CreateOffer(
      TransportOptions(), NULL));
  ASSERT_TRUE(old_desc.get() != NULL);
@ -192,7 +197,7 @@ TEST_F(TransportDescriptionFactoryTest, TestReanswer) {
 // Test that we handle answering an offer with DTLS with no DTLS.
 TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToNoDtls) {
  f1_.set_secure(cricket::SEC_ENABLED);
-  f1_.set_identity(id1_.get());
+  f1_.set_certificate(cert1_);
  scoped_ptr<TransportDescription> offer(
      f1_.CreateOffer(TransportOptions(), NULL));
  ASSERT_TRUE(offer.get() != NULL);
@ -205,7 +210,7 @@ TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToNoDtls) {
 // but fail if we require DTLS.
 TEST_F(TransportDescriptionFactoryTest, TestAnswerNoDtlsToDtls) {
  f2_.set_secure(cricket::SEC_ENABLED);
-  f2_.set_identity(id2_.get());
+  f2_.set_certificate(cert2_);
  scoped_ptr<TransportDescription> offer(
      f1_.CreateOffer(TransportOptions(), NULL));
  ASSERT_TRUE(offer.get() != NULL);
@ -222,14 +227,15 @@ TEST_F(TransportDescriptionFactoryTest, TestAnswerNoDtlsToDtls) {
 // DTLS enabled and required.
 TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToDtls) {
  f1_.set_secure(cricket::SEC_ENABLED);
-  f1_.set_identity(id1_.get());
+  f1_.set_certificate(cert1_);

  f2_.set_secure(cricket::SEC_ENABLED);
-  f2_.set_identity(id2_.get());
+  f2_.set_certificate(cert2_);
  // f2_ produces the answer that is being checked in this test, so the
-  // answer must contain fingerprint lines with id2_'s digest algorithm.
+  // answer must contain fingerprint lines with cert2_'s digest algorithm.
  std::string digest_alg2;
-  ASSERT_TRUE(id2_->certificate().GetSignatureDigestAlgorithm(&digest_alg2));
+  ASSERT_TRUE(cert2_->ssl_certificate().GetSignatureDigestAlgorithm(
+      &digest_alg2));

  scoped_ptr<TransportDescription> offer(
      f1_.CreateOffer(TransportOptions(), NULL));