Replacing SSLIdentity* with scoped_refptr<RTCCertificate> in the cricket::TransportDescriptionFactory layers.
Updates TransportDescriptionFactory, calls and unittests.
BUG=webrtc:4927
R=tommi@webrtc.org, torbjorng@webrtc.org
Review URL: https://codereview.webrtc.org/1311903004 .
Cr-Commit-Position: refs/heads/master@{#9815}
diff --git a/talk/app/webrtc/webrtcsession_unittest.cc b/talk/app/webrtc/webrtcsession_unittest.cc
index 2c52d13..0322eff 100644
--- a/talk/app/webrtc/webrtcsession_unittest.cc
+++ b/talk/app/webrtc/webrtcsession_unittest.cc
@@ -562,8 +562,9 @@
std::string identity_name = "WebRTC" +
rtc::ToString(rtc::CreateRandomId());
// Confirmed to work with KT_RSA and KT_ECDSA.
- identity_.reset(rtc::SSLIdentity::Generate(identity_name, rtc::KT_DEFAULT));
- tdesc_factory_->set_identity(identity_.get());
+ tdesc_factory_->set_certificate(rtc::RTCCertificate::Create(
+ rtc::scoped_ptr<rtc::SSLIdentity>(rtc::SSLIdentity::Generate(
+ identity_name, rtc::KT_DEFAULT)).Pass()));
tdesc_factory_->set_secure(cricket::SEC_REQUIRED);
}
@@ -1274,7 +1275,6 @@
cricket::FakeDeviceManager* device_manager_;
rtc::scoped_ptr<cricket::ChannelManager> channel_manager_;
rtc::scoped_ptr<cricket::TransportDescriptionFactory> tdesc_factory_;
- rtc::scoped_ptr<rtc::SSLIdentity> identity_;
rtc::scoped_ptr<cricket::MediaSessionDescriptionFactory> desc_factory_;
rtc::scoped_ptr<rtc::PhysicalSocketServer> pss_;
rtc::scoped_ptr<rtc::VirtualSocketServer> vss_;
diff --git a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
index 41bcfa0..a06437f 100644
--- a/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
+++ b/talk/app/webrtc/webrtcsessiondescriptionfactory.cc
@@ -255,7 +255,7 @@
}
}
- transport_desc_factory_.set_identity(NULL);
+ transport_desc_factory_.set_certificate(nullptr);
}
void WebRtcSessionDescriptionFactory::CreateOffer(
@@ -522,8 +522,7 @@
certificate_request_state_ = CERTIFICATE_SUCCEEDED;
SignalCertificateReady(certificate);
- // TODO(hbos): set_certificate
- transport_desc_factory_.set_identity(certificate->identity());
+ transport_desc_factory_.set_certificate(certificate);
transport_desc_factory_.set_secure(cricket::SEC_ENABLED);
while (!create_session_description_requests_.empty()) {
diff --git a/talk/session/media/mediasession_unittest.cc b/talk/session/media/mediasession_unittest.cc
index ededa8a..7787ab5 100644
--- a/talk/session/media/mediasession_unittest.cc
+++ b/talk/session/media/mediasession_unittest.cc
@@ -226,15 +226,20 @@
class MediaSessionDescriptionFactoryTest : public testing::Test {
public:
MediaSessionDescriptionFactoryTest()
- : f1_(&tdf1_), f2_(&tdf2_), id1_("id1"), id2_("id2") {
+ : f1_(&tdf1_),
+ f2_(&tdf2_) {
f1_.set_audio_codecs(MAKE_VECTOR(kAudioCodecs1));
f1_.set_video_codecs(MAKE_VECTOR(kVideoCodecs1));
f1_.set_data_codecs(MAKE_VECTOR(kDataCodecs1));
f2_.set_audio_codecs(MAKE_VECTOR(kAudioCodecs2));
f2_.set_video_codecs(MAKE_VECTOR(kVideoCodecs2));
f2_.set_data_codecs(MAKE_VECTOR(kDataCodecs2));
- tdf1_.set_identity(&id1_);
- tdf2_.set_identity(&id2_);
+ tdf1_.set_certificate(rtc::RTCCertificate::Create(
+ rtc::scoped_ptr<rtc::SSLIdentity>(
+ new rtc::FakeSSLIdentity("id1")).Pass()));
+ tdf2_.set_certificate(rtc::RTCCertificate::Create(
+ rtc::scoped_ptr<rtc::SSLIdentity>(
+ new rtc::FakeSSLIdentity("id2")).Pass()));
}
// Create a video StreamParamsVec object with:
@@ -470,8 +475,6 @@
MediaSessionDescriptionFactory f2_;
TransportDescriptionFactory tdf1_;
TransportDescriptionFactory tdf2_;
- rtc::FakeSSLIdentity id1_;
- rtc::FakeSSLIdentity id2_;
};
// Create a typical audio offer, and ensure it matches what we expect.
diff --git a/webrtc/p2p/base/transportdescriptionfactory.cc b/webrtc/p2p/base/transportdescriptionfactory.cc
index 7654fdf..4c701df 100644
--- a/webrtc/p2p/base/transportdescriptionfactory.cc
+++ b/webrtc/p2p/base/transportdescriptionfactory.cc
@@ -20,8 +20,7 @@
namespace cricket {
TransportDescriptionFactory::TransportDescriptionFactory()
- : secure_(SEC_DISABLED),
- identity_(NULL) {
+ : secure_(SEC_DISABLED) {
}
TransportDescription* TransportDescriptionFactory::CreateOffer(
@@ -97,8 +96,8 @@
bool TransportDescriptionFactory::SetSecurityInfo(
TransportDescription* desc, ConnectionRole role) const {
- if (!identity_) {
- LOG(LS_ERROR) << "Cannot create identity digest with no identity";
+ if (!certificate_) {
+ LOG(LS_ERROR) << "Cannot create identity digest with no certificate";
return false;
}
@@ -106,13 +105,14 @@
// RFC 4572 Section 5 requires that those lines use the same hash function as
// the certificate's signature.
std::string digest_alg;
- if (!identity_->certificate().GetSignatureDigestAlgorithm(&digest_alg)) {
+ if (!certificate_->ssl_certificate().GetSignatureDigestAlgorithm(
+ &digest_alg)) {
LOG(LS_ERROR) << "Failed to retrieve the certificate's digest algorithm";
return false;
}
desc->identity_fingerprint.reset(
- rtc::SSLFingerprint::Create(digest_alg, identity_));
+ rtc::SSLFingerprint::Create(digest_alg, certificate_->identity()));
if (!desc->identity_fingerprint.get()) {
LOG(LS_ERROR) << "Failed to create identity fingerprint, alg="
<< digest_alg;
diff --git a/webrtc/p2p/base/transportdescriptionfactory.h b/webrtc/p2p/base/transportdescriptionfactory.h
index 2bd8661..828aa6d22 100644
--- a/webrtc/p2p/base/transportdescriptionfactory.h
+++ b/webrtc/p2p/base/transportdescriptionfactory.h
@@ -11,6 +11,7 @@
#ifndef WEBRTC_P2P_BASE_TRANSPORTDESCRIPTIONFACTORY_H_
#define WEBRTC_P2P_BASE_TRANSPORTDESCRIPTIONFACTORY_H_
+#include "webrtc/base/rtccertificate.h"
#include "webrtc/p2p/base/transportdescription.h"
namespace rtc {
@@ -33,13 +34,18 @@
// Default ctor; use methods below to set configuration.
TransportDescriptionFactory();
SecurePolicy secure() const { return secure_; }
- // The identity to use when setting up DTLS.
- rtc::SSLIdentity* identity() const { return identity_; }
+ // The certificate to use when setting up DTLS.
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate() const {
+ return certificate_;
+ }
// Specifies the transport security policy to use.
void set_secure(SecurePolicy s) { secure_ = s; }
- // Specifies the identity to use (only used when secure is not SEC_DISABLED).
- void set_identity(rtc::SSLIdentity* identity) { identity_ = identity; }
+ // Specifies the certificate to use (only used when secure != SEC_DISABLED).
+ void set_certificate(
+ const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) {
+ certificate_ = certificate;
+ }
// Creates a transport description suitable for use in an offer.
TransportDescription* CreateOffer(const TransportOptions& options,
@@ -55,7 +61,7 @@
ConnectionRole role) const;
SecurePolicy secure_;
- rtc::SSLIdentity* identity_;
+ rtc::scoped_refptr<rtc::RTCCertificate> certificate_;
};
} // namespace cricket
diff --git a/webrtc/p2p/base/transportdescriptionfactory_unittest.cc b/webrtc/p2p/base/transportdescriptionfactory_unittest.cc
index 16a539f..e3992df 100644
--- a/webrtc/p2p/base/transportdescriptionfactory_unittest.cc
+++ b/webrtc/p2p/base/transportdescriptionfactory_unittest.cc
@@ -26,8 +26,10 @@
class TransportDescriptionFactoryTest : public testing::Test {
public:
TransportDescriptionFactoryTest()
- : id1_(new rtc::FakeSSLIdentity("User1")),
- id2_(new rtc::FakeSSLIdentity("User2")) {
+ : cert1_(rtc::RTCCertificate::Create(scoped_ptr<rtc::SSLIdentity>(
+ new rtc::FakeSSLIdentity("User1")).Pass())),
+ cert2_(rtc::RTCCertificate::Create(scoped_ptr<rtc::SSLIdentity>(
+ new rtc::FakeSSLIdentity("User2")).Pass())) {
}
void CheckDesc(const TransportDescription* desc,
@@ -61,8 +63,8 @@
if (dtls) {
f1_.set_secure(cricket::SEC_ENABLED);
f2_.set_secure(cricket::SEC_ENABLED);
- f1_.set_identity(id1_.get());
- f2_.set_identity(id2_.get());
+ f1_.set_certificate(cert1_);
+ f2_.set_certificate(cert2_);
} else {
f1_.set_secure(cricket::SEC_DISABLED);
f2_.set_secure(cricket::SEC_DISABLED);
@@ -113,8 +115,9 @@
protected:
TransportDescriptionFactory f1_;
TransportDescriptionFactory f2_;
- scoped_ptr<rtc::SSLIdentity> id1_;
- scoped_ptr<rtc::SSLIdentity> id2_;
+
+ rtc::scoped_refptr<rtc::RTCCertificate> cert1_;
+ rtc::scoped_refptr<rtc::RTCCertificate> cert2_;
};
TEST_F(TransportDescriptionFactoryTest, TestOfferDefault) {
@@ -125,9 +128,10 @@
TEST_F(TransportDescriptionFactoryTest, TestOfferDtls) {
f1_.set_secure(cricket::SEC_ENABLED);
- f1_.set_identity(id1_.get());
+ f1_.set_certificate(cert1_);
std::string digest_alg;
- ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg));
+ ASSERT_TRUE(cert1_->ssl_certificate().GetSignatureDigestAlgorithm(
+ &digest_alg));
scoped_ptr<TransportDescription> desc(f1_.CreateOffer(
TransportOptions(), NULL));
CheckDesc(desc.get(), "", "", "", digest_alg);
@@ -149,9 +153,10 @@
// The ICE credentials should stay the same in the new offer.
TEST_F(TransportDescriptionFactoryTest, TestOfferDtlsReofferDtls) {
f1_.set_secure(cricket::SEC_ENABLED);
- f1_.set_identity(id1_.get());
+ f1_.set_certificate(cert1_);
std::string digest_alg;
- ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg));
+ ASSERT_TRUE(cert1_->ssl_certificate().GetSignatureDigestAlgorithm(
+ &digest_alg));
scoped_ptr<TransportDescription> old_desc(f1_.CreateOffer(
TransportOptions(), NULL));
ASSERT_TRUE(old_desc.get() != NULL);
@@ -192,7 +197,7 @@
// Test that we handle answering an offer with DTLS with no DTLS.
TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToNoDtls) {
f1_.set_secure(cricket::SEC_ENABLED);
- f1_.set_identity(id1_.get());
+ f1_.set_certificate(cert1_);
scoped_ptr<TransportDescription> offer(
f1_.CreateOffer(TransportOptions(), NULL));
ASSERT_TRUE(offer.get() != NULL);
@@ -205,7 +210,7 @@
// but fail if we require DTLS.
TEST_F(TransportDescriptionFactoryTest, TestAnswerNoDtlsToDtls) {
f2_.set_secure(cricket::SEC_ENABLED);
- f2_.set_identity(id2_.get());
+ f2_.set_certificate(cert2_);
scoped_ptr<TransportDescription> offer(
f1_.CreateOffer(TransportOptions(), NULL));
ASSERT_TRUE(offer.get() != NULL);
@@ -222,14 +227,15 @@
// DTLS enabled and required.
TEST_F(TransportDescriptionFactoryTest, TestAnswerDtlsToDtls) {
f1_.set_secure(cricket::SEC_ENABLED);
- f1_.set_identity(id1_.get());
+ f1_.set_certificate(cert1_);
f2_.set_secure(cricket::SEC_ENABLED);
- f2_.set_identity(id2_.get());
+ f2_.set_certificate(cert2_);
// f2_ produces the answer that is being checked in this test, so the
- // answer must contain fingerprint lines with id2_'s digest algorithm.
+ // answer must contain fingerprint lines with cert2_'s digest algorithm.
std::string digest_alg2;
- ASSERT_TRUE(id2_->certificate().GetSignatureDigestAlgorithm(&digest_alg2));
+ ASSERT_TRUE(cert2_->ssl_certificate().GetSignatureDigestAlgorithm(
+ &digest_alg2));
scoped_ptr<TransportDescription> offer(
f1_.CreateOffer(TransportOptions(), NULL));
