Update libjingle to 53920541.

R=mallinath@webrtc.org Review URL: https://webrtc-codereview.appspot.com/2371004 git-svn-id: http://webrtc.googlecode.com/svn/trunk@4945 4adac7df-926f-26a2-2b94-8c16560cd09d
2013-10-09 15:37:36 +00:00
parent 13b2d46593
commit 4551b793de
35 changed files with 941 additions and 71 deletions
--- a/talk/p2p/base/dtlstransport.h
+++ b/talk/p2p/base/dtlstransport.h
@@ -58,6 +58,13 @@ class DtlsTransport : public Base {
  virtual void SetIdentity_w(talk_base::SSLIdentity* identity) {
    identity_ = identity;
  }
+  virtual bool GetIdentity_w(talk_base::SSLIdentity** identity) {
+    if (!identity_)
+      return false;
+
+    *identity = identity_->GetReference();
+    return true;
+  }

  virtual bool ApplyLocalTransportDescription_w(TransportChannelImpl*
                                                channel) {
--- a/talk/p2p/base/dtlstransportchannel.cc
+++ b/talk/p2p/base/dtlstransportchannel.cc
@@ -173,6 +173,15 @@ bool DtlsTransportChannelWrapper::SetLocalIdentity(
  return true;
 }

+bool DtlsTransportChannelWrapper::GetLocalIdentity(
+    talk_base::SSLIdentity** identity) const {
+  if (!local_identity_)
+    return false;
+
+  *identity = local_identity_->GetReference();
+  return true;
+}
+
 bool DtlsTransportChannelWrapper::SetSslRole(talk_base::SSLRole role) {
  if (dtls_state_ == STATE_OPEN) {
    if (ssl_role_ != role) {
@@ -230,6 +239,14 @@ bool DtlsTransportChannelWrapper::SetRemoteFingerprint(
  return true;
 }

+bool DtlsTransportChannelWrapper::GetRemoteCertificate(
+    talk_base::SSLCertificate** cert) const {
+  if (!dtls_)
+    return false;
+
+  return dtls_->GetPeerCertificate(cert);
+}
+
 bool DtlsTransportChannelWrapper::SetupDtls() {
  StreamInterfaceChannel* downward =
      new StreamInterfaceChannel(worker_thread_, channel_);
--- a/talk/p2p/base/dtlstransportchannel.h
+++ b/talk/p2p/base/dtlstransportchannel.h
@@ -128,6 +128,7 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl {
    return channel_->GetIceRole();
  }
  virtual bool SetLocalIdentity(talk_base::SSLIdentity *identity);
+  virtual bool GetLocalIdentity(talk_base::SSLIdentity** identity) const;

  virtual bool SetRemoteFingerprint(const std::string& digest_alg,
                                    const uint8* digest,
@@ -164,6 +165,10 @@ class DtlsTransportChannelWrapper : public TransportChannelImpl {
  virtual bool GetSslRole(talk_base::SSLRole* role) const;
  virtual bool SetSslRole(talk_base::SSLRole role);

+  // Once DTLS has been established, this method retrieves the certificate in
+  // use by the remote peer, for use in external identity verification.
+  virtual bool GetRemoteCertificate(talk_base::SSLCertificate** cert) const;
+
  // Once DTLS has established (i.e., this channel is writable), this method
  // extracts the keys negotiated during the DTLS handshake, for use in external
  // encryption. DTLS-SRTP uses this to extract the needed SRTP keys.
--- a/talk/p2p/base/dtlstransportchannel_unittest.cc
+++ b/talk/p2p/base/dtlstransportchannel_unittest.cc
@@ -751,3 +751,56 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
  TestTransfer(0, 1000, 100, true);
  TestTransfer(1, 1000, 100, true);
 }
+
+// Test Certificates state after negotiation but before connection.
+TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
+  MAYBE_SKIP_TEST(HaveDtls);
+  PrepareDtls(true, true);
+  Negotiate();
+
+  talk_base::scoped_ptr<talk_base::SSLIdentity> identity1;
+  talk_base::scoped_ptr<talk_base::SSLIdentity> identity2;
+  talk_base::scoped_ptr<talk_base::SSLCertificate> remote_cert1;
+  talk_base::scoped_ptr<talk_base::SSLCertificate> remote_cert2;
+
+  // After negotiation, each side has a distinct local certificate, but still no
+  // remote certificate, because connection has not yet occurred.
+  ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept()));
+  ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept()));
+  ASSERT_NE(identity1->certificate().ToPEMString(),
+            identity2->certificate().ToPEMString());
+  ASSERT_FALSE(
+      client1_.transport()->GetRemoteCertificate(remote_cert1.accept()));
+  ASSERT_FALSE(remote_cert1 != NULL);
+  ASSERT_FALSE(
+      client2_.transport()->GetRemoteCertificate(remote_cert2.accept()));
+  ASSERT_FALSE(remote_cert2 != NULL);
+}
+
+// Test Certificates state after connection.
+TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
+  MAYBE_SKIP_TEST(HaveDtls);
+  PrepareDtls(true, true);
+  ASSERT_TRUE(Connect());
+
+  talk_base::scoped_ptr<talk_base::SSLIdentity> identity1;
+  talk_base::scoped_ptr<talk_base::SSLIdentity> identity2;
+  talk_base::scoped_ptr<talk_base::SSLCertificate> remote_cert1;
+  talk_base::scoped_ptr<talk_base::SSLCertificate> remote_cert2;
+
+  // After connection, each side has a distinct local certificate.
+  ASSERT_TRUE(client1_.transport()->GetIdentity(identity1.accept()));
+  ASSERT_TRUE(client2_.transport()->GetIdentity(identity2.accept()));
+  ASSERT_NE(identity1->certificate().ToPEMString(),
+            identity2->certificate().ToPEMString());
+
+  // Each side's remote certificate is the other side's local certificate.
+  ASSERT_TRUE(
+      client1_.transport()->GetRemoteCertificate(remote_cert1.accept()));
+  ASSERT_EQ(remote_cert1->ToPEMString(),
+            identity2->certificate().ToPEMString());
+  ASSERT_TRUE(
+      client2_.transport()->GetRemoteCertificate(remote_cert2.accept()));
+  ASSERT_EQ(remote_cert2->ToPEMString(),
+            identity1->certificate().ToPEMString());
+}
--- a/talk/p2p/base/fakesession.h
+++ b/talk/p2p/base/fakesession.h
@@ -33,6 +33,7 @@
 #include <vector>

 #include "talk/base/buffer.h"
+#include "talk/base/fakesslidentity.h"
 #include "talk/base/sigslot.h"
 #include "talk/base/sslfingerprint.h"
 #include "talk/base/messagequeue.h"
@@ -212,11 +213,16 @@ class FakeTransportChannel : public TransportChannelImpl,
    return true;
  }

-  bool IsDtlsActive() const {
+
+  void SetRemoteCertificate(talk_base::FakeSSLCertificate* cert) {
+    remote_cert_ = cert;
+  }
+
+  virtual bool IsDtlsActive() const {
    return do_dtls_;
  }

-  bool SetSrtpCiphers(const std::vector<std::string>& ciphers) {
+  virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers) {
    srtp_ciphers_ = ciphers;
    return true;
  }
@@ -229,6 +235,22 @@ class FakeTransportChannel : public TransportChannelImpl,
    return false;
  }

+  virtual bool GetLocalIdentity(talk_base::SSLIdentity** identity) const {
+    if (!identity_)
+      return false;
+
+    *identity = identity_->GetReference();
+    return true;
+  }
+
+  virtual bool GetRemoteCertificate(talk_base::SSLCertificate** cert) const {
+    if (!remote_cert_)
+      return false;
+
+    *cert = remote_cert_->GetReference();
+    return true;
+  }
+
  virtual bool ExportKeyingMaterial(const std::string& label,
                                    const uint8* context,
                                    size_t context_len,
@@ -272,6 +294,7 @@ class FakeTransportChannel : public TransportChannelImpl,
  State state_;
  bool async_;
  talk_base::SSLIdentity* identity_;
+  talk_base::FakeSSLCertificate* remote_cert_;
  bool do_dtls_;
  std::vector<std::string> srtp_ciphers_;
  std::string chosen_srtp_cipher_;
@@ -349,6 +372,16 @@ class FakeTransport : public Transport {
    channels_.erase(channel->component());
    delete channel;
  }
+  virtual void SetIdentity_w(talk_base::SSLIdentity* identity) {
+    identity_ = identity;
+  }
+  virtual bool GetIdentity_w(talk_base::SSLIdentity** identity) {
+    if (!identity_)
+      return false;
+
+    *identity = identity_->GetReference();
+    return true;
+  }

 private:
  FakeTransportChannel* GetFakeChannel(int component) {
--- a/talk/p2p/base/p2ptransportchannel.h
+++ b/talk/p2p/base/p2ptransportchannel.h
@@ -127,6 +127,15 @@ class P2PTransportChannel : public TransportChannelImpl,
    return false;
  }

+  // Returns false because the channel is not encrypted by default.
+  virtual bool GetLocalIdentity(talk_base::SSLIdentity** identity) const {
+    return false;
+  }
+
+  virtual bool GetRemoteCertificate(talk_base::SSLCertificate** cert) const {
+    return false;
+  }
+
  // Allows key material to be extracted for external encryption.
  virtual bool ExportKeyingMaterial(
      const std::string& label,
--- a/talk/p2p/base/rawtransportchannel.h
+++ b/talk/p2p/base/rawtransportchannel.h
@@ -128,6 +128,15 @@ class RawTransportChannel : public TransportChannelImpl,
    return false;
  }

+  // Returns false because the channel is not DTLS.
+  virtual bool GetLocalIdentity(talk_base::SSLIdentity** identity) const {
+    return false;
+  }
+
+  virtual bool GetRemoteCertificate(talk_base::SSLCertificate** cert) const {
+    return false;
+  }
+
  // Allows key material to be extracted for external encryption.
  virtual bool ExportKeyingMaterial(
      const std::string& label,
--- a/talk/p2p/base/session.h
+++ b/talk/p2p/base/session.h
@@ -350,7 +350,7 @@ class BaseSession : public sigslot::has_slots<>,

  // Returns the transport that has been negotiated or NULL if
  // negotiation is still in progress.
-  Transport* GetTransport(const std::string& content_name);
+  virtual Transport* GetTransport(const std::string& content_name);

  // Creates a new channel with the given names.  This method may be called
  // immediately after creating the session.  However, the actual
--- a/talk/p2p/base/transport.cc
+++ b/talk/p2p/base/transport.cc
@@ -107,6 +107,29 @@ void Transport::SetIdentity(talk_base::SSLIdentity* identity) {
  worker_thread_->Invoke<void>(Bind(&Transport::SetIdentity_w, this, identity));
 }

+bool Transport::GetIdentity(talk_base::SSLIdentity** identity) {
+  // The identity is set on the worker thread, so for safety it must also be
+  // acquired on the worker thread.
+  return worker_thread_->Invoke<bool>(
+      Bind(&Transport::GetIdentity_w, this, identity));
+}
+
+bool Transport::GetRemoteCertificate(talk_base::SSLCertificate** cert) {
+  // Channels can be deleted on the worker thread, so for safety the remote
+  // certificate is acquired on the worker thread.
+  return worker_thread_->Invoke<bool>(
+      Bind(&Transport::GetRemoteCertificate_w, this, cert));
+}
+
+bool Transport::GetRemoteCertificate_w(talk_base::SSLCertificate** cert) {
+  ASSERT(worker_thread()->IsCurrent());
+  if (channels_.empty())
+    return false;
+
+  ChannelMap::iterator iter = channels_.begin();
+  return iter->second->GetRemoteCertificate(cert);
+}
+
 bool Transport::SetLocalTransportDescription(
    const TransportDescription& description, ContentAction action) {
  return worker_thread_->Invoke<bool>(Bind(
--- a/talk/p2p/base/transport.h
+++ b/talk/p2p/base/transport.h
@@ -247,6 +247,12 @@ class Transport : public talk_base::MessageHandler,
  // Must be called before applying local session description.
  void SetIdentity(talk_base::SSLIdentity* identity);

+  // Get a copy of the local identity provided by SetIdentity.
+  bool GetIdentity(talk_base::SSLIdentity** identity);
+
+  // Get a copy of the remote certificate in use by the specified channel.
+  bool GetRemoteCertificate(talk_base::SSLCertificate** cert);
+
  TransportProtocol protocol() const { return protocol_; }

  // Create, destroy, and lookup the channels of this type by their components.
@@ -349,6 +355,10 @@ class Transport : public talk_base::MessageHandler,

  virtual void SetIdentity_w(talk_base::SSLIdentity* identity) {}

+  virtual bool GetIdentity_w(talk_base::SSLIdentity** identity) {
+    return false;
+  }
+
  // Pushes down the transport parameters from the local description, such
  // as the ICE ufrag and pwd.
  // Derived classes can override, but must call the base as well.
@@ -462,6 +472,8 @@ class Transport : public talk_base::MessageHandler,
  bool SetRemoteTransportDescription_w(const TransportDescription& desc,
                                       ContentAction action);
  bool GetStats_w(TransportStats* infos);
+  bool GetRemoteCertificate_w(talk_base::SSLCertificate** cert);
+

  talk_base::Thread* signaling_thread_;
  talk_base::Thread* worker_thread_;
--- a/talk/p2p/base/transportchannel.h
+++ b/talk/p2p/base/transportchannel.h
@@ -101,12 +101,18 @@ class TransportChannel : public sigslot::has_slots<> {
  // Default implementation.
  virtual bool GetSslRole(talk_base::SSLRole* role) const = 0;

-  // Set up the ciphers to use for DTLS-SRTP.
+  // Sets up the ciphers to use for DTLS-SRTP.
  virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers) = 0;

-  // Find out which DTLS-SRTP cipher was negotiated
+  // Finds out which DTLS-SRTP cipher was negotiated
  virtual bool GetSrtpCipher(std::string* cipher) = 0;

+  // Gets a copy of the local SSL identity, owned by the caller.
+  virtual bool GetLocalIdentity(talk_base::SSLIdentity** identity) const = 0;
+
+  // Gets a copy of the remote side's SSL certificate, owned by the caller.
+  virtual bool GetRemoteCertificate(talk_base::SSLCertificate** cert) const = 0;
+
  // Allows key material to be extracted for external encryption.
  virtual bool ExportKeyingMaterial(const std::string& label,
      const uint8* context,
--- a/talk/p2p/base/transportchannelimpl.h
+++ b/talk/p2p/base/transportchannelimpl.h
@@ -93,7 +93,10 @@ class TransportChannelImpl : public TransportChannel {
  virtual void OnCandidate(const Candidate& candidate) = 0;

  // DTLS methods
-  // Set DTLS local identity.
+  // Set DTLS local identity.  The identity object is not copied, but the caller
+  // retains ownership and must delete it after this TransportChannelImpl is
+  // destroyed.
+  // TODO(bemasc): Fix the ownership semantics of this method.
  virtual bool SetLocalIdentity(talk_base::SSLIdentity* identity) = 0;

  // Set DTLS Remote fingerprint. Must be after local identity set.
--- a/talk/p2p/base/transportchannelproxy.cc
+++ b/talk/p2p/base/transportchannelproxy.cc
@@ -180,6 +180,24 @@ bool TransportChannelProxy::GetSrtpCipher(std::string* cipher) {
  return impl_->GetSrtpCipher(cipher);
 }

+bool TransportChannelProxy::GetLocalIdentity(
+    talk_base::SSLIdentity** identity) const {
+  ASSERT(talk_base::Thread::Current() == worker_thread_);
+  if (!impl_) {
+    return false;
+  }
+  return impl_->GetLocalIdentity(identity);
+}
+
+bool TransportChannelProxy::GetRemoteCertificate(
+    talk_base::SSLCertificate** cert) const {
+  ASSERT(talk_base::Thread::Current() == worker_thread_);
+  if (!impl_) {
+    return false;
+  }
+  return impl_->GetRemoteCertificate(cert);
+}
+
 bool TransportChannelProxy::ExportKeyingMaterial(const std::string& label,
                                                 const uint8* context,
                                                 size_t context_len,
--- a/talk/p2p/base/transportchannelproxy.h
+++ b/talk/p2p/base/transportchannelproxy.h
@@ -75,6 +75,8 @@ class TransportChannelProxy : public TransportChannel,
  virtual bool SetSslRole(talk_base::SSLRole role);
  virtual bool SetSrtpCiphers(const std::vector<std::string>& ciphers);
  virtual bool GetSrtpCipher(std::string* cipher);
+  virtual bool GetLocalIdentity(talk_base::SSLIdentity** identity) const;
+  virtual bool GetRemoteCertificate(talk_base::SSLCertificate** cert) const;
  virtual bool ExportKeyingMaterial(const std::string& label,
                            const uint8* context,
                            size_t context_len,