Gitiles
Code Review Sign In
gerrit.openfyde.cn / webrtc.googlesource.com / src / 8662f940230bb0f8989ddc993488cde3a9c5b76a^! / . / webrtc / base
commit8662f940230bb0f8989ddc993488cde3a9c5b76a[log] [tgz]
authordeadbeef <deadbeef@webrtc.org>Fri Jan 20 21:20:51 2017 -0800
committerCommit bot <commit-bot@chromium.org>Sat Jan 21 05:20:51 2017 +0000
tree71f082cec138e33a29f3db54bd8d9ae2842fafc2
parent2197e9186087012fb677a5865a42835297cdea19 [diff]
Only set certificate on DTLS transport if fingerprint is found in SDP.

This is used for fallback from DTLS to SDES encryption, which we probably still
want to support. Setting a certificate puts the DTLS transport in a "DTLS
enabled" mode, so it should be delayed until SDP with "a=fingerprint" is set.

BUG=webrtc:6972

Review-Url: https://codereview.webrtc.org/2641633002
Cr-Commit-Position: refs/heads/master@{#16199}

diff --git a/webrtc/base/sslfingerprint.cc b/webrtc/base/sslfingerprint.cc
index 2c3e1e9..e172a2c 100644
--- a/webrtc/base/sslfingerprint.cc
+++ b/webrtc/base/sslfingerprint.cc

@@ -14,6 +14,7 @@
 #include <string>
 
 #include "webrtc/base/helpers.h"
+#include "webrtc/base/logging.h"
 #include "webrtc/base/messagedigest.h"
 #include "webrtc/base/stringencode.h"
 
@@ -62,6 +63,22 @@
                             value_len);
 }
 
+SSLFingerprint* SSLFingerprint::CreateFromCertificate(
+    const RTCCertificate* cert) {
+  std::string digest_alg;
+  if (!cert->ssl_certificate().GetSignatureDigestAlgorithm(&digest_alg)) {
+    LOG(LS_ERROR) << "Failed to retrieve the certificate's digest algorithm";
+    return nullptr;
+  }
+
+  SSLFingerprint* fingerprint = Create(digest_alg, cert->identity());
+  if (!fingerprint) {
+    LOG(LS_ERROR) << "Failed to create identity fingerprint, alg="
+                  << digest_alg;
+  }
+  return fingerprint;
+}
+
 SSLFingerprint::SSLFingerprint(const std::string& algorithm,
                                const uint8_t* digest_in,
                                size_t digest_len)

diff --git a/webrtc/base/sslfingerprint.h b/webrtc/base/sslfingerprint.h
index 4ffb2b0..62b4bc8 100644
--- a/webrtc/base/sslfingerprint.h
+++ b/webrtc/base/sslfingerprint.h

@@ -15,6 +15,7 @@
 
 #include "webrtc/base/basictypes.h"
 #include "webrtc/base/copyonwritebuffer.h"
+#include "webrtc/base/rtccertificate.h"
 #include "webrtc/base/sslidentity.h"
 
 namespace rtc {
@@ -31,6 +32,10 @@
   static SSLFingerprint* CreateFromRfc4572(const std::string& algorithm,
                                            const std::string& fingerprint);
 
+  // Creates a fingerprint from a certificate, using the same digest algorithm
+  // as the certificate's signature.
+  static SSLFingerprint* CreateFromCertificate(const RTCCertificate* cert);
+
   SSLFingerprint(const std::string& algorithm,
                  const uint8_t* digest_in,
                  size_t digest_len);