Chromium Code Reviews Chromium Code Reviews
Issue 1269843005:
Added DtlsCertificate, a ref counted object owning an SSLIdentity (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2011 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 158 | 158 |
| 159 static const int kFifoBufferSize = 4096; | 159 static const int kFifoBufferSize = 4096; |
| 160 | 160 |
| 161 class SSLStreamAdapterTestBase : public testing::Test, | 161 class SSLStreamAdapterTestBase : public testing::Test, |
| 162 public sigslot::has_slots<> { | 162 public sigslot::has_slots<> { |
| 163 public: | 163 public: |
| 164 SSLStreamAdapterTestBase(const std::string& client_cert_pem, | 164 SSLStreamAdapterTestBase(const std::string& client_cert_pem, |
| 165 const std::string& client_private_key_pem, | 165 const std::string& client_private_key_pem, |
| 166 bool dtls, | 166 bool dtls, |
| 167 rtc::KeyType client_key_type = rtc::KT_DEFAULT, | 167 rtc::KeyType client_key_type = rtc::KT_DEFAULT, |
| 168 rtc::KeyType server_key_type = rtc::KT_DEFAULT) | 168 rtc::KeyType server_key_type = rtc::KT_DEFAULT) : |
|
tommi (sloooow) - chröme
2015/08/18 14:49:35
nit: no need to change this
| |
| 169 : client_buffer_(kFifoBufferSize), | 169 client_buffer_(kFifoBufferSize), |
| 170 server_buffer_(kFifoBufferSize), | 170 server_buffer_(kFifoBufferSize), |
| 171 client_stream_( | 171 client_stream_( |
| 172 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)), | 172 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_)), |
| 173 server_stream_( | 173 server_stream_( |
| 174 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)), | 174 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_)), |
| 175 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)), | 175 client_ssl_(rtc::SSLStreamAdapter::Create(client_stream_)), |
| 176 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)), | 176 server_ssl_(rtc::SSLStreamAdapter::Create(server_stream_)), |
| 177 client_identity_(NULL), | 177 delay_(0), |
| 178 server_identity_(NULL), | 178 mtu_(1460), |
| 179 delay_(0), | 179 loss_(0), |
| 180 mtu_(1460), | 180 lose_first_packet_(false), |
| 181 loss_(0), | 181 damage_(false), |
| 182 lose_first_packet_(false), | 182 dtls_(dtls), |
| 183 damage_(false), | 183 handshake_wait_(5000), |
| 184 dtls_(dtls), | 184 identities_set_(false) { |
| 185 handshake_wait_(5000), | |
| 186 identities_set_(false) { | |
| 187 // Set use of the test RNG to get predictable loss patterns. | 185 // Set use of the test RNG to get predictable loss patterns. |
| 188 rtc::SetRandomTestMode(true); | 186 rtc::SetRandomTestMode(true); |
| 189 | 187 |
| 190 // Set up the slots | 188 // Set up the slots |
| 191 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); | 189 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 192 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); | 190 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 193 | 191 |
| 194 if (!client_cert_pem.empty() && !client_private_key_pem.empty()) { | 192 if (!client_cert_pem.empty() && !client_private_key_pem.empty()) { |
| 195 client_identity_ = rtc::SSLIdentity::FromPEMStrings( | 193 client_certificate_ = webrtc::DtlsCertificate::Create( |
| 196 client_private_key_pem, client_cert_pem); | 194 rtc::scoped_ptr<rtc::SSLIdentity>( |
| 195 rtc::SSLIdentity::FromPEMStrings(client_private_key_pem, | |
| 196 client_cert_pem)).Pass()); | |
| 197 } else { | 197 } else { |
| 198 client_identity_ = rtc::SSLIdentity::Generate("client", client_key_type); | 198 client_certificate_ = webrtc::DtlsCertificate::Create( |
| 199 rtc::scoped_ptr<rtc::SSLIdentity>( | |
| 200 rtc::SSLIdentity::Generate("client", client_key_type)).Pass()); | |
| 199 } | 201 } |
| 200 server_identity_ = rtc::SSLIdentity::Generate("server", server_key_type); | 202 server_certificate_ = webrtc::DtlsCertificate::Create( |
| 203 rtc::scoped_ptr<rtc::SSLIdentity>( | |
| 204 rtc::SSLIdentity::Generate("server", server_key_type)).Pass()); | |
| 201 | 205 |
| 202 client_ssl_->SetIdentity(client_identity_); | 206 client_ssl_->SetCertificate(client_certificate_); |
| 203 server_ssl_->SetIdentity(server_identity_); | 207 server_ssl_->SetCertificate(server_certificate_); |
| 204 } | 208 } |
| 205 | 209 |
| 206 ~SSLStreamAdapterTestBase() { | 210 ~SSLStreamAdapterTestBase() { |
| 207 // Put it back for the next test. | 211 // Put it back for the next test. |
| 208 rtc::SetRandomTestMode(false); | 212 rtc::SetRandomTestMode(false); |
| 209 } | 213 } |
| 210 | 214 |
| 211 // Recreate the client/server identities with the specified validity period. | 215 // Recreate the client/server identities with the specified validity period. |
| 212 // |not_before| and |not_after| are offsets from the current time in number | 216 // |not_before| and |not_after| are offsets from the current time in number |
| 213 // of seconds. | 217 // of seconds. |
| 214 void ResetIdentitiesWithValidity(int not_before, int not_after) { | 218 void ResetIdentitiesWithValidity(int not_before, int not_after) { |
| 215 client_stream_ = | 219 client_stream_ = |
| 216 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_); | 220 new SSLDummyStream(this, "c2s", &client_buffer_, &server_buffer_); |
| 217 server_stream_ = | 221 server_stream_ = |
| 218 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_); | 222 new SSLDummyStream(this, "s2c", &server_buffer_, &client_buffer_); |
| 219 | 223 |
| 220 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); | 224 client_ssl_.reset(rtc::SSLStreamAdapter::Create(client_stream_)); |
| 221 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); | 225 server_ssl_.reset(rtc::SSLStreamAdapter::Create(server_stream_)); |
| 222 | 226 |
| 223 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); | 227 client_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 224 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); | 228 server_ssl_->SignalEvent.connect(this, &SSLStreamAdapterTestBase::OnEvent); |
| 225 | 229 |
| 226 rtc::SSLIdentityParams client_params; | 230 rtc::SSLIdentityParams client_params; |
| 227 client_params.common_name = "client"; | 231 client_params.common_name = "client"; |
| 228 client_params.not_before = not_before; | 232 client_params.not_before = not_before; |
| 229 client_params.not_after = not_after; | 233 client_params.not_after = not_after; |
| 230 client_params.key_type = rtc::KT_DEFAULT; | 234 client_params.key_type = rtc::KT_DEFAULT; |
| 231 client_identity_ = rtc::SSLIdentity::GenerateForTest(client_params); | 235 client_certificate_ = webrtc::DtlsCertificate::Create( |
| 236 rtc::scoped_ptr<rtc::SSLIdentity>( | |
| 237 rtc::SSLIdentity::GenerateForTest(client_params)).Pass()); | |
| 232 | 238 |
| 233 rtc::SSLIdentityParams server_params; | 239 rtc::SSLIdentityParams server_params; |
| 234 server_params.common_name = "server"; | 240 server_params.common_name = "server"; |
| 235 server_params.not_before = not_before; | 241 server_params.not_before = not_before; |
| 236 server_params.not_after = not_after; | 242 server_params.not_after = not_after; |
| 237 server_params.key_type = rtc::KT_DEFAULT; | 243 server_params.key_type = rtc::KT_DEFAULT; |
| 238 server_identity_ = rtc::SSLIdentity::GenerateForTest(server_params); | 244 server_certificate_ = webrtc::DtlsCertificate::Create( |
| 245 rtc::scoped_ptr<rtc::SSLIdentity>( | |
| 246 rtc::SSLIdentity::GenerateForTest(server_params)).Pass()); | |
| 239 | 247 |
| 240 client_ssl_->SetIdentity(client_identity_); | 248 client_ssl_->SetCertificate(client_certificate_); |
| 241 server_ssl_->SetIdentity(server_identity_); | 249 server_ssl_->SetCertificate(server_certificate_); |
| 242 } | 250 } |
| 243 | 251 |
| 244 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) { | 252 virtual void OnEvent(rtc::StreamInterface *stream, int sig, int err) { |
| 245 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; | 253 LOG(LS_INFO) << "SSLStreamAdapterTestBase::OnEvent sig=" << sig; |
| 246 | 254 |
| 247 if (sig & rtc::SE_READ) { | 255 if (sig & rtc::SE_READ) { |
| 248 ReadData(stream); | 256 ReadData(stream); |
| 249 } | 257 } |
| 250 | 258 |
| 251 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) { | 259 if ((stream == client_ssl_.get()) && (sig & rtc::SE_WRITE)) { |
| 252 WriteData(); | 260 WriteData(); |
| 253 } | 261 } |
| 254 } | 262 } |
| 255 | 263 |
| 256 void SetPeerIdentitiesByDigest(bool correct) { | 264 void SetPeerIdentitiesByDigest(bool correct) { |
| 257 unsigned char digest[20]; | 265 unsigned char digest[20]; |
| 258 size_t digest_len; | 266 size_t digest_len; |
| 259 bool rv; | 267 bool rv; |
| 260 | 268 |
| 261 LOG(LS_INFO) << "Setting peer identities by digest"; | 269 LOG(LS_INFO) << "Setting peer identities by digest"; |
| 262 | 270 |
| 263 rv = server_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1, | 271 rv = server_certificate_->identity()->certificate().ComputeDigest( |
| 264 digest, 20, | 272 rtc::DIGEST_SHA_1, digest, 20, &digest_len); |
| 265 &digest_len); | |
| 266 ASSERT_TRUE(rv); | 273 ASSERT_TRUE(rv); |
| 267 if (!correct) { | 274 if (!correct) { |
| 268 LOG(LS_INFO) << "Setting bogus digest for server cert"; | 275 LOG(LS_INFO) << "Setting bogus digest for server cert"; |
| 269 digest[0]++; | 276 digest[0]++; |
| 270 } | 277 } |
| 271 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, | 278 rv = client_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, |
| 272 digest_len); | 279 digest_len); |
| 273 ASSERT_TRUE(rv); | 280 ASSERT_TRUE(rv); |
| 274 | 281 |
| 275 | 282 |
| 276 rv = client_identity_->certificate().ComputeDigest(rtc::DIGEST_SHA_1, | 283 rv = client_certificate_->identity()->certificate().ComputeDigest( |
| 277 digest, 20, &digest_len); | 284 rtc::DIGEST_SHA_1, digest, 20, &digest_len); |
| 278 ASSERT_TRUE(rv); | 285 ASSERT_TRUE(rv); |
| 279 if (!correct) { | 286 if (!correct) { |
| 280 LOG(LS_INFO) << "Setting bogus digest for client cert"; | 287 LOG(LS_INFO) << "Setting bogus digest for client cert"; |
| 281 digest[0]++; | 288 digest[0]++; |
| 282 } | 289 } |
| 283 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, | 290 rv = server_ssl_->SetPeerCertificateDigest(rtc::DIGEST_SHA_1, digest, |
| 284 digest_len); | 291 digest_len); |
| 285 ASSERT_TRUE(rv); | 292 ASSERT_TRUE(rv); |
| 286 | 293 |
| 287 identities_set_ = true; | 294 identities_set_ = true; |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 441 virtual void ReadData(rtc::StreamInterface *stream) = 0; | 448 virtual void ReadData(rtc::StreamInterface *stream) = 0; |
| 442 virtual void TestTransfer(int size) = 0; | 449 virtual void TestTransfer(int size) = 0; |
| 443 | 450 |
| 444 protected: | 451 protected: |
| 445 rtc::FifoBuffer client_buffer_; | 452 rtc::FifoBuffer client_buffer_; |
| 446 rtc::FifoBuffer server_buffer_; | 453 rtc::FifoBuffer server_buffer_; |
| 447 SSLDummyStream *client_stream_; // freed by client_ssl_ destructor | 454 SSLDummyStream *client_stream_; // freed by client_ssl_ destructor |
| 448 SSLDummyStream *server_stream_; // freed by server_ssl_ destructor | 455 SSLDummyStream *server_stream_; // freed by server_ssl_ destructor |
| 449 rtc::scoped_ptr<rtc::SSLStreamAdapter> client_ssl_; | 456 rtc::scoped_ptr<rtc::SSLStreamAdapter> client_ssl_; |
| 450 rtc::scoped_ptr<rtc::SSLStreamAdapter> server_ssl_; | 457 rtc::scoped_ptr<rtc::SSLStreamAdapter> server_ssl_; |
| 451 rtc::SSLIdentity *client_identity_; // freed by client_ssl_ destructor | 458 rtc::scoped_refptr<webrtc::DtlsCertificate> client_certificate_; |
| 452 rtc::SSLIdentity *server_identity_; // freed by server_ssl_ destructor | 459 rtc::scoped_refptr<webrtc::DtlsCertificate> server_certificate_; |
| 453 int delay_; | 460 int delay_; |
| 454 size_t mtu_; | 461 size_t mtu_; |
| 455 int loss_; | 462 int loss_; |
| 456 bool lose_first_packet_; | 463 bool lose_first_packet_; |
| 457 bool damage_; | 464 bool damage_; |
| 458 bool dtls_; | 465 bool dtls_; |
| 459 int handshake_wait_; | 466 int handshake_wait_; |
| 460 bool identities_set_; | 467 bool identities_set_; |
| 461 }; | 468 }; |
| 462 | 469 |
| (...skipping 588 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1051 } | 1058 } |
| 1052 | 1059 |
| 1053 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsTLS, | 1060 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsTLS, |
| 1054 SSLStreamAdapterTestTLS, | 1061 SSLStreamAdapterTestTLS, |
| 1055 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA), | 1062 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA), |
| 1056 Values(rtc::KT_RSA, rtc::KT_ECDSA))); | 1063 Values(rtc::KT_RSA, rtc::KT_ECDSA))); |
| 1057 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsDTLS, | 1064 INSTANTIATE_TEST_CASE_P(SSLStreamAdapterTestsDTLS, |
| 1058 SSLStreamAdapterTestDTLS, | 1065 SSLStreamAdapterTestDTLS, |
| 1059 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA), | 1066 Combine(Values(rtc::KT_RSA, rtc::KT_ECDSA), |
| 1060 Values(rtc::KT_RSA, rtc::KT_ECDSA))); | 1067 Values(rtc::KT_RSA, rtc::KT_ECDSA))); |
| OLD | NEW |
