From 6ab97ce0b9564e31c84ea0dbf72e347499d13aa1 Mon Sep 17 00:00:00 2001 From: hbos Date: Mon, 3 Oct 2016 14:16:56 -0700 Subject: [PATCH] RTCCertificateStats[1] added. [1] https://w3c.github.io/webrtc-stats/#certificatestats-dict* BUG=chromium:627816, chromium:629436 NOTRY=True Review-Url: https://codereview.webrtc.org/2243123002 Cr-Commit-Position: refs/heads/master@{#14484} --- webrtc/api/rtcstatscollector.cc | 56 +++++- webrtc/api/rtcstatscollector.h | 17 +- webrtc/api/rtcstatscollector_unittest.cc | 222 +++++++++++++++++++++++ webrtc/api/stats/rtcstats_objects.h | 20 ++ webrtc/stats/rtcstats_objects.cc | 16 ++ 5 files changed, 325 insertions(+), 6 deletions(-) diff --git a/webrtc/api/rtcstatscollector.cc b/webrtc/api/rtcstatscollector.cc index d2938a4c29..084eab177c 100644 --- a/webrtc/api/rtcstatscollector.cc +++ b/webrtc/api/rtcstatscollector.cc @@ -15,7 +15,9 @@ #include #include "webrtc/api/peerconnection.h" +#include "webrtc/api/webrtcsession.h" #include "webrtc/base/checks.h" +#include "webrtc/base/sslidentity.h" namespace webrtc { @@ -88,7 +90,11 @@ void RTCStatsCollector::ProducePartialResultsOnSignalingThread( RTC_DCHECK(signaling_thread_->IsCurrent()); rtc::scoped_refptr report = RTCStatsReport::Create(); - report->AddStats(ProducePeerConnectionStats_s(timestamp_us)); + SessionStats session_stats; + if (pc_->session()->GetTransportStats(&session_stats)) { + ProduceCertificateStats_s(timestamp_us, session_stats, report.get()); + } + ProducePeerConnectionStats_s(timestamp_us, report.get()); AddPartialResults(report); } @@ -153,8 +159,50 @@ void RTCStatsCollector::DeliverCachedReport() { callbacks_.clear(); } -std::unique_ptr -RTCStatsCollector::ProducePeerConnectionStats_s(int64_t timestamp_us) const { +void RTCStatsCollector::ProduceCertificateStats_s( + int64_t timestamp_us, const SessionStats& session_stats, + RTCStatsReport* report) const { + RTC_DCHECK(signaling_thread_->IsCurrent()); + for (const auto& transport : session_stats.transport_stats) { + rtc::scoped_refptr local_certificate; + if (pc_->session()->GetLocalCertificate( + transport.second.transport_name, &local_certificate)) { + ProduceCertificateStatsFromSSLCertificateAndChain_s( + timestamp_us, local_certificate->ssl_certificate(), report); + } + std::unique_ptr remote_certificate = + pc_->session()->GetRemoteSSLCertificate( + transport.second.transport_name); + if (remote_certificate) { + ProduceCertificateStatsFromSSLCertificateAndChain_s( + timestamp_us, *remote_certificate.get(), report); + } + } +} + +void RTCStatsCollector::ProduceCertificateStatsFromSSLCertificateAndChain_s( + int64_t timestamp_us, const rtc::SSLCertificate& certificate, + RTCStatsReport* report) const { + RTC_DCHECK(signaling_thread_->IsCurrent()); + std::unique_ptr ssl_stats = + certificate.GetStats(); + RTCCertificateStats* prev_stats = nullptr; + for (rtc::SSLCertificateStats* s = ssl_stats.get(); s; + s = s->issuer.get()) { + RTCCertificateStats* stats = new RTCCertificateStats( + "RTCCertificate_" + s->fingerprint, timestamp_us); + stats->fingerprint = s->fingerprint; + stats->fingerprint_algorithm = s->fingerprint_algorithm; + stats->base64_certificate = s->base64_certificate; + if (prev_stats) + prev_stats->issuer_certificate_id = stats->id(); + report->AddStats(std::unique_ptr(stats)); + prev_stats = stats; + } +} + +void RTCStatsCollector::ProducePeerConnectionStats_s( + int64_t timestamp_us, RTCStatsReport* report) const { RTC_DCHECK(signaling_thread_->IsCurrent()); // TODO(hbos): If data channels are removed from the peer connection this will // yield incorrect counts. Address before closing crbug.com/636818. See @@ -173,7 +221,7 @@ RTCStatsCollector::ProducePeerConnectionStats_s(int64_t timestamp_us) const { stats->data_channels_opened = data_channels_opened; stats->data_channels_closed = static_cast(data_channels.size()) - data_channels_opened; - return stats; + report->AddStats(std::move(stats)); } } // namespace webrtc diff --git a/webrtc/api/rtcstatscollector.h b/webrtc/api/rtcstatscollector.h index 61edc52d0d..2f5ed8610a 100644 --- a/webrtc/api/rtcstatscollector.h +++ b/webrtc/api/rtcstatscollector.h @@ -21,9 +21,16 @@ #include "webrtc/base/scoped_ref_ptr.h" #include "webrtc/base/timeutils.h" +namespace rtc { + +class SSLCertificate; + +} // namespace rtc + namespace webrtc { class PeerConnection; +struct SessionStats; class RTCStatsCollectorCallback : public virtual rtc::RefCountInterface { public: @@ -69,8 +76,14 @@ class RTCStatsCollector : public virtual rtc::RefCountInterface { void AddPartialResults_s(rtc::scoped_refptr partial_report); void DeliverCachedReport(); - std::unique_ptr ProducePeerConnectionStats_s( - int64_t timestamp_us) const; + void ProduceCertificateStats_s( + int64_t timestamp_us, const SessionStats& session_stats, + RTCStatsReport* report) const; + void ProduceCertificateStatsFromSSLCertificateAndChain_s( + int64_t timestamp_us, const rtc::SSLCertificate& certificate, + RTCStatsReport* report) const; + void ProducePeerConnectionStats_s( + int64_t timestamp_us, RTCStatsReport* report) const; PeerConnection* const pc_; rtc::Thread* const signaling_thread_; diff --git a/webrtc/api/rtcstatscollector_unittest.cc b/webrtc/api/rtcstatscollector_unittest.cc index 446990c574..020a759a68 100644 --- a/webrtc/api/rtcstatscollector_unittest.cc +++ b/webrtc/api/rtcstatscollector_unittest.cc @@ -22,6 +22,7 @@ #include "webrtc/api/test/mock_webrtcsession.h" #include "webrtc/base/checks.h" #include "webrtc/base/fakeclock.h" +#include "webrtc/base/fakesslidentity.h" #include "webrtc/base/gunit.h" #include "webrtc/base/logging.h" #include "webrtc/base/thread_checker.h" @@ -29,6 +30,8 @@ #include "webrtc/base/timeutils.h" #include "webrtc/media/base/fakemediaengine.h" +using testing::_; +using testing::Invoke; using testing::Return; using testing::ReturnRef; @@ -38,6 +41,56 @@ namespace { const int64_t kGetStatsReportTimeoutMs = 1000; +struct CertificateInfo { + rtc::scoped_refptr certificate; + std::vector ders; + std::vector pems; + std::vector fingerprints; +}; + +std::unique_ptr CreateFakeCertificateAndInfoFromDers( + const std::vector& ders) { + RTC_CHECK(!ders.empty()); + std::unique_ptr info(new CertificateInfo()); + info->ders = ders; + for (const std::string& der : ders) { + info->pems.push_back(rtc::SSLIdentity::DerToPem( + "CERTIFICATE", + reinterpret_cast(der.c_str()), + der.length())); + } + info->certificate = + rtc::RTCCertificate::Create(std::unique_ptr( + new rtc::FakeSSLIdentity(rtc::FakeSSLCertificate(info->pems)))); + // Strip header/footer and newline characters of PEM strings. + for (size_t i = 0; i < info->pems.size(); ++i) { + rtc::replace_substrs("-----BEGIN CERTIFICATE-----", 27, + "", 0, &info->pems[i]); + rtc::replace_substrs("-----END CERTIFICATE-----", 25, + "", 0, &info->pems[i]); + rtc::replace_substrs("\n", 1, + "", 0, &info->pems[i]); + } + // Fingerprint of leaf certificate. + std::unique_ptr fp( + rtc::SSLFingerprint::Create("sha-1", + &info->certificate->ssl_certificate())); + EXPECT_TRUE(fp); + info->fingerprints.push_back(fp->GetRfc4572Fingerprint()); + // Fingerprints of the rest of the chain. + std::unique_ptr chain = + info->certificate->ssl_certificate().GetChain(); + if (chain) { + for (size_t i = 0; i < chain->GetSize(); i++) { + fp.reset(rtc::SSLFingerprint::Create("sha-1", &chain->Get(i))); + EXPECT_TRUE(fp); + info->fingerprints.push_back(fp->GetRfc4572Fingerprint()); + } + } + EXPECT_EQ(info->ders.size(), info->fingerprints.size()); + return info; +} + class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver { public: RTCStatsCollectorTestHelper() @@ -53,9 +106,11 @@ class RTCStatsCollectorTestHelper : public SetSessionDescriptionObserver { channel_manager_.get())), session_(media_controller_.get()), pc_() { + // Default return values for mocks. EXPECT_CALL(pc_, session()).WillRepeatedly(Return(&session_)); EXPECT_CALL(pc_, sctp_data_channels()).WillRepeatedly( ReturnRef(data_channels_)); + EXPECT_CALL(session_, GetTransportStats(_)).WillRepeatedly(Return(false)); } rtc::ScopedFakeClock& fake_clock() { return fake_clock_; } @@ -253,6 +308,27 @@ class RTCStatsCollectorTest : public testing::Test { return callback->report(); } + void ExpectReportContainsCertificateInfo( + const rtc::scoped_refptr& report, + const CertificateInfo& cert_info) { + for (size_t i = 0; i < cert_info.fingerprints.size(); ++i) { + const RTCStats* stats = report->Get( + "RTCCertificate_" + cert_info.fingerprints[i]); + EXPECT_TRUE(stats); + const RTCCertificateStats& cert_stats = + stats->cast_to(); + EXPECT_EQ(*cert_stats.fingerprint, cert_info.fingerprints[i]); + EXPECT_EQ(*cert_stats.fingerprint_algorithm, "sha-1"); + EXPECT_EQ(*cert_stats.base64_certificate, cert_info.pems[i]); + if (i + 1 < cert_info.fingerprints.size()) { + EXPECT_EQ(*cert_stats.issuer_certificate_id, + "RTCCertificate_" + cert_info.fingerprints[i + 1]); + } else { + EXPECT_FALSE(cert_stats.issuer_certificate_id.is_defined()); + } + } + } + protected: rtc::scoped_refptr test_; rtc::scoped_refptr collector_; @@ -312,6 +388,152 @@ TEST_F(RTCStatsCollectorTest, MultipleCallbacksWithInvalidatedCacheInBetween) { EXPECT_NE(c.get(), b.get()); } +TEST_F(RTCStatsCollectorTest, CollectRTCCertificateStatsSingle) { + std::unique_ptr local_certinfo = + CreateFakeCertificateAndInfoFromDers( + std::vector({ "(local) single certificate" })); + std::unique_ptr remote_certinfo = + CreateFakeCertificateAndInfoFromDers( + std::vector({ "(remote) single certificate" })); + + // Mock the session to return the local and remote certificates. + EXPECT_CALL(test_->session(), GetTransportStats(_)).WillRepeatedly(Invoke( + [this](SessionStats* stats) { + stats->transport_stats["transport"].transport_name = "transport"; + return true; + })); + EXPECT_CALL(test_->session(), GetLocalCertificate(_, _)).WillRepeatedly( + Invoke([this, &local_certinfo](const std::string& transport_name, + rtc::scoped_refptr* certificate) { + if (transport_name == "transport") { + *certificate = local_certinfo->certificate; + return true; + } + return false; + })); + EXPECT_CALL(test_->session(), + GetRemoteSSLCertificate_ReturnsRawPointer(_)).WillRepeatedly(Invoke( + [this, &remote_certinfo](const std::string& transport_name) { + if (transport_name == "transport") + return remote_certinfo->certificate->ssl_certificate().GetReference(); + return static_cast(nullptr); + })); + + rtc::scoped_refptr report = GetStatsReport(); + ExpectReportContainsCertificateInfo(report, *local_certinfo.get()); + ExpectReportContainsCertificateInfo(report, *remote_certinfo.get()); +} + +TEST_F(RTCStatsCollectorTest, CollectRTCCertificateStatsMultiple) { + std::unique_ptr audio_local_certinfo = + CreateFakeCertificateAndInfoFromDers( + std::vector({ "(local) audio" })); + audio_local_certinfo = CreateFakeCertificateAndInfoFromDers( + audio_local_certinfo->ders); + std::unique_ptr audio_remote_certinfo = + CreateFakeCertificateAndInfoFromDers( + std::vector({ "(remote) audio" })); + audio_remote_certinfo = CreateFakeCertificateAndInfoFromDers( + audio_remote_certinfo->ders); + + std::unique_ptr video_local_certinfo = + CreateFakeCertificateAndInfoFromDers( + std::vector({ "(local) video" })); + video_local_certinfo = CreateFakeCertificateAndInfoFromDers( + video_local_certinfo->ders); + std::unique_ptr video_remote_certinfo = + CreateFakeCertificateAndInfoFromDers( + std::vector({ "(remote) video" })); + video_remote_certinfo = CreateFakeCertificateAndInfoFromDers( + video_remote_certinfo->ders); + + // Mock the session to return the local and remote certificates. + EXPECT_CALL(test_->session(), GetTransportStats(_)).WillRepeatedly(Invoke( + [this](SessionStats* stats) { + stats->transport_stats["audio"].transport_name = "audio"; + stats->transport_stats["video"].transport_name = "video"; + return true; + })); + EXPECT_CALL(test_->session(), GetLocalCertificate(_, _)).WillRepeatedly( + Invoke([this, &audio_local_certinfo, &video_local_certinfo]( + const std::string& transport_name, + rtc::scoped_refptr* certificate) { + if (transport_name == "audio") { + *certificate = audio_local_certinfo->certificate; + return true; + } + if (transport_name == "video") { + *certificate = video_local_certinfo->certificate; + return true; + } + return false; + })); + EXPECT_CALL(test_->session(), + GetRemoteSSLCertificate_ReturnsRawPointer(_)).WillRepeatedly(Invoke( + [this, &audio_remote_certinfo, &video_remote_certinfo]( + const std::string& transport_name) { + if (transport_name == "audio") { + return audio_remote_certinfo->certificate->ssl_certificate() + .GetReference(); + } + if (transport_name == "video") { + return video_remote_certinfo->certificate->ssl_certificate() + .GetReference(); + } + return static_cast(nullptr); + })); + + rtc::scoped_refptr report = GetStatsReport(); + ExpectReportContainsCertificateInfo(report, *audio_local_certinfo.get()); + ExpectReportContainsCertificateInfo(report, *audio_remote_certinfo.get()); + ExpectReportContainsCertificateInfo(report, *video_local_certinfo.get()); + ExpectReportContainsCertificateInfo(report, *video_remote_certinfo.get()); +} + +TEST_F(RTCStatsCollectorTest, CollectRTCCertificateStatsChain) { + std::vector local_ders; + local_ders.push_back("(local) this"); + local_ders.push_back("(local) is"); + local_ders.push_back("(local) a"); + local_ders.push_back("(local) chain"); + std::unique_ptr local_certinfo = + CreateFakeCertificateAndInfoFromDers(local_ders); + std::vector remote_ders; + remote_ders.push_back("(remote) this"); + remote_ders.push_back("(remote) is"); + remote_ders.push_back("(remote) another"); + remote_ders.push_back("(remote) chain"); + std::unique_ptr remote_certinfo = + CreateFakeCertificateAndInfoFromDers(remote_ders); + + // Mock the session to return the local and remote certificates. + EXPECT_CALL(test_->session(), GetTransportStats(_)).WillRepeatedly(Invoke( + [this](SessionStats* stats) { + stats->transport_stats["transport"].transport_name = "transport"; + return true; + })); + EXPECT_CALL(test_->session(), GetLocalCertificate(_, _)).WillRepeatedly( + Invoke([this, &local_certinfo](const std::string& transport_name, + rtc::scoped_refptr* certificate) { + if (transport_name == "transport") { + *certificate = local_certinfo->certificate; + return true; + } + return false; + })); + EXPECT_CALL(test_->session(), + GetRemoteSSLCertificate_ReturnsRawPointer(_)).WillRepeatedly(Invoke( + [this, &remote_certinfo](const std::string& transport_name) { + if (transport_name == "transport") + return remote_certinfo->certificate->ssl_certificate().GetReference(); + return static_cast(nullptr); + })); + + rtc::scoped_refptr report = GetStatsReport(); + ExpectReportContainsCertificateInfo(report, *local_certinfo.get()); + ExpectReportContainsCertificateInfo(report, *remote_certinfo.get()); +} + TEST_F(RTCStatsCollectorTest, CollectRTCPeerConnectionStats) { int64_t before = rtc::TimeUTCMicros(); rtc::scoped_refptr report = GetStatsReport(); diff --git a/webrtc/api/stats/rtcstats_objects.h b/webrtc/api/stats/rtcstats_objects.h index ac480a937b..6ff9f9949a 100644 --- a/webrtc/api/stats/rtcstats_objects.h +++ b/webrtc/api/stats/rtcstats_objects.h @@ -17,6 +17,26 @@ namespace webrtc { +// https://w3c.github.io/webrtc-stats/#certificatestats-dict* +class RTCCertificateStats : public RTCStats { + public: + RTCCertificateStats(const std::string& id, int64_t timestamp_us); + RTCCertificateStats(std::string&& id, int64_t timestamp_us); + + WEBRTC_RTCSTATS_IMPL(RTCStats, RTCCertificateStats, + &fingerprint, + &fingerprint_algorithm, + &base64_certificate, + &issuer_certificate_id); + + RTCStatsMember fingerprint; + RTCStatsMember fingerprint_algorithm; + RTCStatsMember base64_certificate; + RTCStatsMember issuer_certificate_id; +}; + +// https://w3c.github.io/webrtc-stats/#pcstats-dict* +// TODO(hbos): Tracking bug crbug.com/636818 class RTCPeerConnectionStats : public RTCStats { public: RTCPeerConnectionStats(const std::string& id, int64_t timestamp_us); diff --git a/webrtc/stats/rtcstats_objects.cc b/webrtc/stats/rtcstats_objects.cc index c435908dc4..fbd16ed39d 100644 --- a/webrtc/stats/rtcstats_objects.cc +++ b/webrtc/stats/rtcstats_objects.cc @@ -12,6 +12,22 @@ namespace webrtc { +const char RTCCertificateStats::kType[] = "certificate"; + +RTCCertificateStats::RTCCertificateStats( + const std::string& id, int64_t timestamp_us) + : RTCCertificateStats(std::string(id), timestamp_us) { +} + +RTCCertificateStats::RTCCertificateStats( + std::string&& id, int64_t timestamp_us) + : RTCStats(std::move(id), timestamp_us), + fingerprint("fingerprint"), + fingerprint_algorithm("fingerprintAlgorithm"), + base64_certificate("base64Certificate"), + issuer_certificate_id("issuerCertificateId") { +} + const char RTCPeerConnectionStats::kType[] = "peer-connection"; RTCPeerConnectionStats::RTCPeerConnectionStats(