1/* 2 * libjingle 3 * Copyright 2012, Google Inc. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions are met: 7 * 8 * 1. Redistributions of source code must retain the above copyright notice, 9 * this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright notice, 11 * this list of conditions and the following disclaimer in the documentation 12 * and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include <string> 29#include <vector> 30 31#include "talk/base/fakesslidentity.h" 32#include "talk/base/gunit.h" 33#include "talk/p2p/base/constants.h" 34#include "talk/p2p/base/transportdescription.h" 35#include "talk/p2p/base/transportdescriptionfactory.h" 36 37using talk_base::scoped_ptr; 38using cricket::TransportDescriptionFactory; 39using cricket::TransportDescription; 40using cricket::TransportOptions; 41 42class TransportDescriptionFactoryTest : public testing::Test { 43 public: 44 TransportDescriptionFactoryTest() 45 : id1_(new talk_base::FakeSSLIdentity("User1")), 46 id2_(new talk_base::FakeSSLIdentity("User2")) { 47 } 48 void CheckDesc(const TransportDescription* desc, const std::string& type, 49 const std::string& opt, const std::string& ice_ufrag, 50 const std::string& ice_pwd, const std::string& dtls_alg) { 51 ASSERT_TRUE(desc != NULL); 52 EXPECT_EQ(type, desc->transport_type); 53 EXPECT_EQ(!opt.empty(), desc->HasOption(opt)); 54 if (ice_ufrag.empty() && ice_pwd.empty()) { 55 EXPECT_EQ(static_cast<size_t>(cricket::ICE_UFRAG_LENGTH), 56 desc->ice_ufrag.size()); 57 EXPECT_EQ(static_cast<size_t>(cricket::ICE_PWD_LENGTH), 58 desc->ice_pwd.size()); 59 } else { 60 EXPECT_EQ(ice_ufrag, desc->ice_ufrag); 61 EXPECT_EQ(ice_pwd, desc->ice_pwd); 62 } 63 if (dtls_alg.empty()) { 64 EXPECT_TRUE(desc->identity_fingerprint.get() == NULL); 65 } else { 66 ASSERT_TRUE(desc->identity_fingerprint.get() != NULL); 67 EXPECT_EQ(desc->identity_fingerprint->algorithm, dtls_alg); 68 EXPECT_GT(desc->identity_fingerprint->digest.length(), 0U); 69 } 70 } 71 72 // This test ice restart by doing two offer answer exchanges. On the second 73 // exchange ice is restarted. The test verifies that the ufrag and password 74 // in the offer and answer is changed. 75 // If |dtls| is true, the test verifies that the finger print is not changed. 76 void TestIceRestart(bool dtls) { 77 if (dtls) { 78 f1_.set_secure(cricket::SEC_ENABLED); 79 f2_.set_secure(cricket::SEC_ENABLED); 80 f1_.set_identity(id1_.get()); 81 f2_.set_identity(id2_.get()); 82 } else { 83 f1_.set_secure(cricket::SEC_DISABLED); 84 f2_.set_secure(cricket::SEC_DISABLED); 85 } 86 87 cricket::TransportOptions options; 88 // The initial offer / answer exchange. 89 talk_base::scoped_ptr<TransportDescription> offer(f1_.CreateOffer( 90 options, NULL)); 91 talk_base::scoped_ptr<TransportDescription> answer( 92 f2_.CreateAnswer(offer.get(), 93 options, NULL)); 94 95 // Create an updated offer where we restart ice. 96 options.ice_restart = true; 97 talk_base::scoped_ptr<TransportDescription> restart_offer(f1_.CreateOffer( 98 options, offer.get())); 99 100 VerifyUfragAndPasswordChanged(dtls, offer.get(), restart_offer.get()); 101 102 // Create a new answer. The transport ufrag and password is changed since 103 // |options.ice_restart == true| 104 talk_base::scoped_ptr<TransportDescription> restart_answer( 105 f2_.CreateAnswer(restart_offer.get(), options, answer.get())); 106 ASSERT_TRUE(restart_answer.get() != NULL); 107 108 VerifyUfragAndPasswordChanged(dtls, answer.get(), restart_answer.get()); 109 } 110 111 void VerifyUfragAndPasswordChanged(bool dtls, 112 const TransportDescription* org_desc, 113 const TransportDescription* restart_desc) { 114 EXPECT_NE(org_desc->ice_pwd, restart_desc->ice_pwd); 115 EXPECT_NE(org_desc->ice_ufrag, restart_desc->ice_ufrag); 116 EXPECT_EQ(static_cast<size_t>(cricket::ICE_UFRAG_LENGTH), 117 restart_desc->ice_ufrag.size()); 118 EXPECT_EQ(static_cast<size_t>(cricket::ICE_PWD_LENGTH), 119 restart_desc->ice_pwd.size()); 120 // If DTLS is enabled, make sure the finger print is unchanged. 121 if (dtls) { 122 EXPECT_FALSE( 123 org_desc->identity_fingerprint->GetRfc4572Fingerprint().empty()); 124 EXPECT_EQ(org_desc->identity_fingerprint->GetRfc4572Fingerprint(), 125 restart_desc->identity_fingerprint->GetRfc4572Fingerprint()); 126 } 127 } 128 129 protected: 130 TransportDescriptionFactory f1_; 131 TransportDescriptionFactory f2_; 132 scoped_ptr<talk_base::SSLIdentity> id1_; 133 scoped_ptr<talk_base::SSLIdentity> id2_; 134}; 135 136// Test that in the default case, we generate the expected G-ICE offer. 137TEST_F(TransportDescriptionFactoryTest, TestOfferGice) { 138 f1_.set_protocol(cricket::ICEPROTO_GOOGLE); 139 scoped_ptr<TransportDescription> desc(f1_.CreateOffer( 140 TransportOptions(), NULL)); 141 CheckDesc(desc.get(), cricket::NS_GINGLE_P2P, "", "", "", ""); 142} 143 144// Test generating a hybrid offer. 145TEST_F(TransportDescriptionFactoryTest, TestOfferHybrid) { 146 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 147 scoped_ptr<TransportDescription> desc(f1_.CreateOffer( 148 TransportOptions(), NULL)); 149 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "google-ice", "", "", ""); 150} 151 152// Test generating an ICE-only offer. 153TEST_F(TransportDescriptionFactoryTest, TestOfferIce) { 154 f1_.set_protocol(cricket::ICEPROTO_RFC5245); 155 scoped_ptr<TransportDescription> desc(f1_.CreateOffer( 156 TransportOptions(), NULL)); 157 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 158} 159 160// Test generating a hybrid offer with DTLS. 161TEST_F(TransportDescriptionFactoryTest, TestOfferHybridDtls) { 162 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 163 f1_.set_secure(cricket::SEC_ENABLED); 164 f1_.set_identity(id1_.get()); 165 std::string digest_alg; 166 ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg)); 167 scoped_ptr<TransportDescription> desc(f1_.CreateOffer( 168 TransportOptions(), NULL)); 169 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "google-ice", "", "", 170 digest_alg); 171 // Ensure it also works with SEC_REQUIRED. 172 f1_.set_secure(cricket::SEC_REQUIRED); 173 desc.reset(f1_.CreateOffer(TransportOptions(), NULL)); 174 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "google-ice", "", "", 175 digest_alg); 176} 177 178// Test generating a hybrid offer with DTLS fails with no identity. 179TEST_F(TransportDescriptionFactoryTest, TestOfferHybridDtlsWithNoIdentity) { 180 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 181 f1_.set_secure(cricket::SEC_ENABLED); 182 scoped_ptr<TransportDescription> desc(f1_.CreateOffer( 183 TransportOptions(), NULL)); 184 ASSERT_TRUE(desc.get() == NULL); 185} 186 187// Test updating a hybrid offer with DTLS to pick ICE. 188// The ICE credentials should stay the same in the new offer. 189TEST_F(TransportDescriptionFactoryTest, TestOfferHybridDtlsReofferIceDtls) { 190 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 191 f1_.set_secure(cricket::SEC_ENABLED); 192 f1_.set_identity(id1_.get()); 193 std::string digest_alg; 194 ASSERT_TRUE(id1_->certificate().GetSignatureDigestAlgorithm(&digest_alg)); 195 scoped_ptr<TransportDescription> old_desc(f1_.CreateOffer( 196 TransportOptions(), NULL)); 197 ASSERT_TRUE(old_desc.get() != NULL); 198 f1_.set_protocol(cricket::ICEPROTO_RFC5245); 199 scoped_ptr<TransportDescription> desc( 200 f1_.CreateOffer(TransportOptions(), old_desc.get())); 201 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", 202 old_desc->ice_ufrag, old_desc->ice_pwd, digest_alg); 203} 204 205// Test that we can answer a GICE offer with GICE. 206TEST_F(TransportDescriptionFactoryTest, TestAnswerGiceToGice) { 207 f1_.set_protocol(cricket::ICEPROTO_GOOGLE); 208 f2_.set_protocol(cricket::ICEPROTO_GOOGLE); 209 scoped_ptr<TransportDescription> offer(f1_.CreateOffer( 210 TransportOptions(), NULL)); 211 ASSERT_TRUE(offer.get() != NULL); 212 scoped_ptr<TransportDescription> desc(f2_.CreateAnswer( 213 offer.get(), TransportOptions(), NULL)); 214 CheckDesc(desc.get(), cricket::NS_GINGLE_P2P, "", "", "", ""); 215 // Should get the same result when answering as hybrid. 216 f2_.set_protocol(cricket::ICEPROTO_HYBRID); 217 desc.reset(f2_.CreateAnswer(offer.get(), TransportOptions(), 218 NULL)); 219 CheckDesc(desc.get(), cricket::NS_GINGLE_P2P, "", "", "", ""); 220} 221 222// Test that we can answer a hybrid offer with GICE. 223TEST_F(TransportDescriptionFactoryTest, TestAnswerGiceToHybrid) { 224 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 225 f2_.set_protocol(cricket::ICEPROTO_GOOGLE); 226 scoped_ptr<TransportDescription> offer(f1_.CreateOffer( 227 TransportOptions(), NULL)); 228 ASSERT_TRUE(offer.get() != NULL); 229 scoped_ptr<TransportDescription> desc( 230 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 231 CheckDesc(desc.get(), cricket::NS_GINGLE_P2P, "", "", "", ""); 232} 233 234// Test that we can answer a hybrid offer with ICE. 235TEST_F(TransportDescriptionFactoryTest, TestAnswerIceToHybrid) { 236 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 237 f2_.set_protocol(cricket::ICEPROTO_RFC5245); 238 scoped_ptr<TransportDescription> offer(f1_.CreateOffer( 239 TransportOptions(), NULL)); 240 ASSERT_TRUE(offer.get() != NULL); 241 scoped_ptr<TransportDescription> desc( 242 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 243 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 244 // Should get the same result when answering as hybrid. 245 f2_.set_protocol(cricket::ICEPROTO_HYBRID); 246 desc.reset(f2_.CreateAnswer(offer.get(), TransportOptions(), 247 NULL)); 248 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 249} 250 251// Test that we can answer an ICE offer with ICE. 252TEST_F(TransportDescriptionFactoryTest, TestAnswerIceToIce) { 253 f1_.set_protocol(cricket::ICEPROTO_RFC5245); 254 f2_.set_protocol(cricket::ICEPROTO_RFC5245); 255 scoped_ptr<TransportDescription> offer(f1_.CreateOffer( 256 TransportOptions(), NULL)); 257 ASSERT_TRUE(offer.get() != NULL); 258 scoped_ptr<TransportDescription> desc(f2_.CreateAnswer( 259 offer.get(), TransportOptions(), NULL)); 260 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 261 // Should get the same result when answering as hybrid. 262 f2_.set_protocol(cricket::ICEPROTO_HYBRID); 263 desc.reset(f2_.CreateAnswer(offer.get(), TransportOptions(), 264 NULL)); 265 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 266} 267 268// Test that we can't answer a GICE offer with ICE. 269TEST_F(TransportDescriptionFactoryTest, TestAnswerIceToGice) { 270 f1_.set_protocol(cricket::ICEPROTO_GOOGLE); 271 f2_.set_protocol(cricket::ICEPROTO_RFC5245); 272 scoped_ptr<TransportDescription> offer( 273 f1_.CreateOffer(TransportOptions(), NULL)); 274 ASSERT_TRUE(offer.get() != NULL); 275 scoped_ptr<TransportDescription> desc( 276 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 277 ASSERT_TRUE(desc.get() == NULL); 278} 279 280// Test that we can't answer an ICE offer with GICE. 281TEST_F(TransportDescriptionFactoryTest, TestAnswerGiceToIce) { 282 f1_.set_protocol(cricket::ICEPROTO_RFC5245); 283 f2_.set_protocol(cricket::ICEPROTO_GOOGLE); 284 scoped_ptr<TransportDescription> offer( 285 f1_.CreateOffer(TransportOptions(), NULL)); 286 ASSERT_TRUE(offer.get() != NULL); 287 scoped_ptr<TransportDescription> desc(f2_.CreateAnswer( 288 offer.get(), TransportOptions(), NULL)); 289 ASSERT_TRUE(desc.get() == NULL); 290} 291 292// Test that we can update an answer properly; ICE credentials shouldn't change. 293TEST_F(TransportDescriptionFactoryTest, TestAnswerIceToIceReanswer) { 294 f1_.set_protocol(cricket::ICEPROTO_RFC5245); 295 f2_.set_protocol(cricket::ICEPROTO_RFC5245); 296 scoped_ptr<TransportDescription> offer( 297 f1_.CreateOffer(TransportOptions(), NULL)); 298 ASSERT_TRUE(offer.get() != NULL); 299 scoped_ptr<TransportDescription> old_desc( 300 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 301 ASSERT_TRUE(old_desc.get() != NULL); 302 scoped_ptr<TransportDescription> desc( 303 f2_.CreateAnswer(offer.get(), TransportOptions(), 304 old_desc.get())); 305 ASSERT_TRUE(desc.get() != NULL); 306 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", 307 old_desc->ice_ufrag, old_desc->ice_pwd, ""); 308} 309 310// Test that we handle answering an offer with DTLS with no DTLS. 311TEST_F(TransportDescriptionFactoryTest, TestAnswerHybridToHybridDtls) { 312 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 313 f1_.set_secure(cricket::SEC_ENABLED); 314 f1_.set_identity(id1_.get()); 315 f2_.set_protocol(cricket::ICEPROTO_HYBRID); 316 scoped_ptr<TransportDescription> offer( 317 f1_.CreateOffer(TransportOptions(), NULL)); 318 ASSERT_TRUE(offer.get() != NULL); 319 scoped_ptr<TransportDescription> desc( 320 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 321 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 322} 323 324// Test that we handle answering an offer without DTLS if we have DTLS enabled, 325// but fail if we require DTLS. 326TEST_F(TransportDescriptionFactoryTest, TestAnswerHybridDtlsToHybrid) { 327 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 328 f2_.set_protocol(cricket::ICEPROTO_HYBRID); 329 f2_.set_secure(cricket::SEC_ENABLED); 330 f2_.set_identity(id2_.get()); 331 scoped_ptr<TransportDescription> offer( 332 f1_.CreateOffer(TransportOptions(), NULL)); 333 ASSERT_TRUE(offer.get() != NULL); 334 scoped_ptr<TransportDescription> desc( 335 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 336 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", ""); 337 f2_.set_secure(cricket::SEC_REQUIRED); 338 desc.reset(f2_.CreateAnswer(offer.get(), TransportOptions(), 339 NULL)); 340 ASSERT_TRUE(desc.get() == NULL); 341} 342 343// Test that we handle answering an DTLS offer with DTLS, both if we have 344// DTLS enabled and required. 345TEST_F(TransportDescriptionFactoryTest, TestAnswerHybridDtlsToHybridDtls) { 346 f1_.set_protocol(cricket::ICEPROTO_HYBRID); 347 f1_.set_secure(cricket::SEC_ENABLED); 348 f1_.set_identity(id1_.get()); 349 350 f2_.set_protocol(cricket::ICEPROTO_HYBRID); 351 f2_.set_secure(cricket::SEC_ENABLED); 352 f2_.set_identity(id2_.get()); 353 // f2_ produces the answer that is being checked in this test, so the 354 // answer must contain fingerprint lines with id2_'s digest algorithm. 355 std::string digest_alg2; 356 ASSERT_TRUE(id2_->certificate().GetSignatureDigestAlgorithm(&digest_alg2)); 357 358 scoped_ptr<TransportDescription> offer( 359 f1_.CreateOffer(TransportOptions(), NULL)); 360 ASSERT_TRUE(offer.get() != NULL); 361 scoped_ptr<TransportDescription> desc( 362 f2_.CreateAnswer(offer.get(), TransportOptions(), NULL)); 363 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", digest_alg2); 364 f2_.set_secure(cricket::SEC_REQUIRED); 365 desc.reset(f2_.CreateAnswer(offer.get(), TransportOptions(), 366 NULL)); 367 CheckDesc(desc.get(), cricket::NS_JINGLE_ICE_UDP, "", "", "", digest_alg2); 368} 369 370// Test that ice ufrag and password is changed in an updated offer and answer 371// if |TransportDescriptionOptions::ice_restart| is true. 372TEST_F(TransportDescriptionFactoryTest, TestIceRestart) { 373 TestIceRestart(false); 374} 375 376// Test that ice ufrag and password is changed in an updated offer and answer 377// if |TransportDescriptionOptions::ice_restart| is true and DTLS is enabled. 378TEST_F(TransportDescriptionFactoryTest, TestIceRestartWithDtls) { 379 TestIceRestart(true); 380} 381