diff --git a/talk/app/webrtc/webrtcsession_unittest.cc b/talk/app/webrtc/webrtcsession_unittest.cc index 2c52d1301e..0322eff196 100644 --- a/talk/app/webrtc/webrtcsession_unittest.cc +++ b/talk/app/webrtc/webrtcsession_unittest.cc @@ -562,8 +562,9 @@ class WebRtcSessionTest std::string identity_name = "WebRTC" + rtc::ToString(rtc::CreateRandomId()); // Confirmed to work with KT_RSA and KT_ECDSA. - identity_.reset(rtc::SSLIdentity::Generate(identity_name, rtc::KT_DEFAULT)); - tdesc_factory_->set_identity(identity_.get()); + tdesc_factory_->set_certificate(rtc::RTCCertificate::Create( + rtc::scoped_ptr(rtc::SSLIdentity::Generate( + identity_name, rtc::KT_DEFAULT)).Pass())); tdesc_factory_->set_secure(cricket::SEC_REQUIRED); } @@ -1274,7 +1275,6 @@ class WebRtcSessionTest cricket::FakeDeviceManager* device_manager_; rtc::scoped_ptr channel_manager_; rtc::scoped_ptr tdesc_factory_; - rtc::scoped_ptr identity_; rtc::scoped_ptr desc_factory_; rtc::scoped_ptr pss_; rtc::scoped_ptr vss_; diff --git a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc index 41bcfa0593..a06437f334 100644 --- a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc +++ b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc @@ -255,7 +255,7 @@ WebRtcSessionDescriptionFactory::~WebRtcSessionDescriptionFactory() { } } - transport_desc_factory_.set_identity(NULL); + transport_desc_factory_.set_certificate(nullptr); } void WebRtcSessionDescriptionFactory::CreateOffer( @@ -522,8 +522,7 @@ void WebRtcSessionDescriptionFactory::SetCertificate( certificate_request_state_ = CERTIFICATE_SUCCEEDED; SignalCertificateReady(certificate); - // TODO(hbos): set_certificate - transport_desc_factory_.set_identity(certificate->identity()); + transport_desc_factory_.set_certificate(certificate); transport_desc_factory_.set_secure(cricket::SEC_ENABLED); while (!create_session_description_requests_.empty()) { diff --git a/talk/session/media/mediasession_unittest.cc b/talk/session/media/mediasession_unittest.cc index ededa8a680..7787ab5621 100644 --- a/talk/session/media/mediasession_unittest.cc +++ b/talk/session/media/mediasession_unittest.cc @@ -226,15 +226,20 @@ static std::vector GetCodecNames(const std::vector& codecs) { class MediaSessionDescriptionFactoryTest : public testing::Test { public: MediaSessionDescriptionFactoryTest() - : f1_(&tdf1_), f2_(&tdf2_), id1_("id1"), id2_("id2") { + : f1_(&tdf1_), + f2_(&tdf2_) { f1_.set_audio_codecs(MAKE_VECTOR(kAudioCodecs1)); f1_.set_video_codecs(MAKE_VECTOR(kVideoCodecs1)); f1_.set_data_codecs(MAKE_VECTOR(kDataCodecs1)); f2_.set_audio_codecs(MAKE_VECTOR(kAudioCodecs2)); f2_.set_video_codecs(MAKE_VECTOR(kVideoCodecs2)); f2_.set_data_codecs(MAKE_VECTOR(kDataCodecs2)); - tdf1_.set_identity(&id1_); - tdf2_.set_identity(&id2_); + tdf1_.set_certificate(rtc::RTCCertificate::Create( + rtc::scoped_ptr( + new rtc::FakeSSLIdentity("id1")).Pass())); + tdf2_.set_certificate(rtc::RTCCertificate::Create( + rtc::scoped_ptr( + new rtc::FakeSSLIdentity("id2")).Pass())); } // Create a video StreamParamsVec object with: @@ -470,8 +475,6 @@ class MediaSessionDescriptionFactoryTest : public testing::Test { MediaSessionDescriptionFactory f2_; TransportDescriptionFactory tdf1_; TransportDescriptionFactory tdf2_; - rtc::FakeSSLIdentity id1_; - rtc::FakeSSLIdentity id2_; }; // Create a typical audio offer, and ensure it matches what we expect. diff --git a/webrtc/p2p/base/transportdescriptionfactory.cc b/webrtc/p2p/base/transportdescriptionfactory.cc index 7654fdfcf5..4c701df0dd 100644 --- a/webrtc/p2p/base/transportdescriptionfactory.cc +++ b/webrtc/p2p/base/transportdescriptionfactory.cc @@ -20,8 +20,7 @@ namespace cricket { TransportDescriptionFactory::TransportDescriptionFactory() - : secure_(SEC_DISABLED), - identity_(NULL) { + : secure_(SEC_DISABLED) { } TransportDescription* TransportDescriptionFactory::CreateOffer( @@ -97,8 +96,8 @@ TransportDescription* TransportDescriptionFactory::CreateAnswer( bool TransportDescriptionFactory::SetSecurityInfo( TransportDescription* desc, ConnectionRole role) const { - if (!identity_) { - LOG(LS_ERROR) << "Cannot create identity digest with no identity"; + if (!certificate_) { + LOG(LS_ERROR) << "Cannot create identity digest with no certificate"; return false; } @@ -106,13 +105,14 @@ bool TransportDescriptionFactory::SetSecurityInfo( // RFC 4572 Section 5 requires that those lines use the same hash function as // the certificate's signature. std::string digest_alg; - if (!identity_->certificate().GetSignatureDigestAlgorithm(&digest_alg)) { + if (!certificate_->ssl_certificate().GetSignatureDigestAlgorithm( + &digest_alg)) { LOG(LS_ERROR) << "Failed to retrieve the certificate's digest algorithm"; return false; } desc->identity_fingerprint.reset( - rtc::SSLFingerprint::Create(digest_alg, identity_)); + rtc::SSLFingerprint::Create(digest_alg, certificate_->identity())); if (!desc->identity_fingerprint.get()) { LOG(LS_ERROR) << "Failed to create identity fingerprint, alg=" << digest_alg; diff --git a/webrtc/p2p/base/transportdescriptionfactory.h b/webrtc/p2p/base/transportdescriptionfactory.h index 2bd86617ed..828aa6d22c 100644 --- a/webrtc/p2p/base/transportdescriptionfactory.h +++ b/webrtc/p2p/base/transportdescriptionfactory.h @@ -11,6 +11,7 @@ #ifndef WEBRTC_P2P_BASE_TRANSPORTDESCRIPTIONFACTORY_H_ #define WEBRTC_P2P_BASE_TRANSPORTDESCRIPTIONFACTORY_H_ +#include "webrtc/base/rtccertificate.h" #include "webrtc/p2p/base/transportdescription.h" namespace rtc { @@ -33,13 +34,18 @@ class TransportDescriptionFactory { // Default ctor; use methods below to set configuration. TransportDescriptionFactory(); SecurePolicy secure() const { return secure_; } - // The identity to use when setting up DTLS. - rtc::SSLIdentity* identity() const { return identity_; } + // The certificate to use when setting up DTLS. + const rtc::scoped_refptr& certificate() const { + return certificate_; + } // Specifies the transport security policy to use. void set_secure(SecurePolicy s) { secure_ = s; } - // Specifies the identity to use (only used when secure is not SEC_DISABLED). - void set_identity(rtc::SSLIdentity* identity) { identity_ = identity; } + // Specifies the certificate to use (only used when secure != SEC_DISABLED). + void set_certificate( + const rtc::scoped_refptr& certificate) { + certificate_ = certificate; + } // Creates a transport description suitable for use in an offer. TransportDescription* CreateOffer(const TransportOptions& options, @@ -55,7 +61,7 @@ class TransportDescriptionFactory { ConnectionRole role) const; SecurePolicy secure_; - rtc::SSLIdentity* identity_; + rtc::scoped_refptr certificate_; }; } // namespace cricket diff --git a/webrtc/p2p/base/transportdescriptionfactory_unittest.cc b/webrtc/p2p/base/transportdescriptionfactory_unittest.cc index 16a539f2e6..e3992dfdd3 100644 --- a/webrtc/p2p/base/transportdescriptionfactory_unittest.cc +++ b/webrtc/p2p/base/transportdescriptionfactory_unittest.cc @@ -26,8 +26,10 @@ using cricket::TransportOptions; class TransportDescriptionFactoryTest : public testing::Test { public: TransportDescriptionFactoryTest() - : id1_(new rtc::FakeSSLIdentity("User1")), - id2_(new rtc::FakeSSLIdentity("User2")) { + : cert1_(rtc::RTCCertificate::Create(scoped_ptr( + new rtc::FakeSSLIdentity("User1")).Pass())), + cert2_(rtc::RTCCertificate::Create(scoped_ptr( + new rtc::FakeSSLIdentity("User2")).Pass())) { } void CheckDesc(const TransportDescription* desc, @@ -61,8 +63,8 @@ class TransportDescriptionFactoryTest : public testing::Test { if (dtls) { f1_.set_secure(cricket::SEC_ENABLED); f2_.set_secure(cricket::SEC_ENABLED); - f1_.set_identity(id1_.get()); - f2_.set_identity(id2_.get()); + f1_.set_certificate(cert1_); + f2_.set_certificate(cert2_); } else { f1_.set_secure(cricket::SEC_DISABLED); f2_.set_secure(cricket::SEC_DISABLED); @@ -113,8 +115,9 @@ class TransportDescriptionFactoryTest : public testing::Test { protected: TransportDescriptionFactory f1_; TransportDescriptionFactory f2_; - scoped_ptr id1_; - scoped_ptr id2_; + + rtc::scoped_refptr cert1_; + rtc::scoped_refptr cert2_; }; TEST_F(TransportDescriptionFactoryTest, TestOfferDefault) { @@ -125,9 +128,10 @@ TEST_F(TransportDescriptionFactoryTest, TestOfferDefault) { TEST_F(TransportDescriptionFactoryTest, TestOfferDtls) { f1_.set_secure(cricket::SEC_ENABLED); - f1_.set_identity(id1_.get()); + f1_.set_certificate(cert1_); std::string digest_alg; - ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg)); + ASSERT_TRUE(cert1_->ssl_certificate().GetSignatureDigestAlgorithm( + &digest_alg)); scoped_ptr desc(f1_.CreateOffer( TransportOptions(), NULL)); CheckDesc(desc.get(), "", "", "", digest_alg); @@ -149,9 +153,10 @@ TEST_F(TransportDescriptionFactoryTest, TestOfferDtlsWithNoIdentity) { // The ICE credentials should stay the same in the new offer. TEST_F(TransportDescriptionFactoryTest, TestOfferDtlsReofferDtls) { f1_.set_secure(cricket::SEC_ENABLED); - f1_.set_identity(id1_.get()); + f1_.set_certificate(cert1_); std::string digest_alg; - ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg)); + ASSERT_TRUE(cert1_->ssl_certificate().GetSignatureDigestAlgorithm( + &digest_alg)); scoped_ptr old_desc(f1_.CreateOffer( TransportOptions(), NULL)); ASSERT_TRUE(old_desc.get() != NULL); @@ -192,7 +197,7 @@ TEST_F(TransportDescriptionFactoryTest, TestReanswer) { // Test that we handle answering an offer with DTLS with no DTLS. TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToNoDtls) { f1_.set_secure(cricket::SEC_ENABLED); - f1_.set_identity(id1_.get()); + f1_.set_certificate(cert1_); scoped_ptr offer( f1_.CreateOffer(TransportOptions(), NULL)); ASSERT_TRUE(offer.get() != NULL); @@ -205,7 +210,7 @@ TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToNoDtls) { // but fail if we require DTLS. TEST_F(TransportDescriptionFactoryTest, TestAnswerNoDtlsToDtls) { f2_.set_secure(cricket::SEC_ENABLED); - f2_.set_identity(id2_.get()); + f2_.set_certificate(cert2_); scoped_ptr offer( f1_.CreateOffer(TransportOptions(), NULL)); ASSERT_TRUE(offer.get() != NULL); @@ -222,14 +227,15 @@ TEST_F(TransportDescriptionFactoryTest, TestAnswerNoDtlsToDtls) { // DTLS enabled and required. TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToDtls) { f1_.set_secure(cricket::SEC_ENABLED); - f1_.set_identity(id1_.get()); + f1_.set_certificate(cert1_); f2_.set_secure(cricket::SEC_ENABLED); - f2_.set_identity(id2_.get()); + f2_.set_certificate(cert2_); // f2_ produces the answer that is being checked in this test, so the - // answer must contain fingerprint lines with id2_'s digest algorithm. + // answer must contain fingerprint lines with cert2_'s digest algorithm. std::string digest_alg2; - ASSERT_TRUE(id2_->certificate().GetSignatureDigestAlgorithm(&digest_alg2)); + ASSERT_TRUE(cert2_->ssl_certificate().GetSignatureDigestAlgorithm( + &digest_alg2)); scoped_ptr offer( f1_.CreateOffer(TransportOptions(), NULL));