mirror of
https://github.com/pion/webrtc.git
synced 2025-10-06 07:37:10 +08:00
Return error on certificate fingerprint failure
Instead of printing the error to stdout return the error to the user. This may not be a hard error (as later certificates would have passed) but it never is good to be in a state where you have certificates in a broken state. Resolves #586
This commit is contained in:
Sean DuBois
@@ -93,7 +93,7 @@ func (c Certificate) Expires() time.Time {
|
|||||||
|
|
||||||
// GetFingerprints returns the list of certificate fingerprints, one of which
|
// GetFingerprints returns the list of certificate fingerprints, one of which
|
||||||
// is computed with the digest algorithm used in the certificate signature.
|
// is computed with the digest algorithm used in the certificate signature.
|
||||||
func (c Certificate) GetFingerprints() []DTLSFingerprint {
|
func (c Certificate) GetFingerprints() ([]DTLSFingerprint, error) {
|
||||||
fingerprintAlgorithms := []dtls.HashAlgorithm{dtls.HashAlgorithmSHA256}
|
fingerprintAlgorithms := []dtls.HashAlgorithm{dtls.HashAlgorithmSHA256}
|
||||||
res := make([]DTLSFingerprint, len(fingerprintAlgorithms))
|
res := make([]DTLSFingerprint, len(fingerprintAlgorithms))
|
||||||
|
|
||||||
@@ -101,8 +101,7 @@ func (c Certificate) GetFingerprints() []DTLSFingerprint {
|
|||||||
for _, algo := range fingerprintAlgorithms {
|
for _, algo := range fingerprintAlgorithms {
|
||||||
value, err := dtls.Fingerprint(c.x509Cert, algo)
|
value, err := dtls.Fingerprint(c.x509Cert, algo)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Printf("Failed to create fingerprint: %v\n", err)
|
return nil, fmt.Errorf("failed to create fingerprint: %v", err)
|
||||||
continue
|
|
||||||
}
|
}
|
||||||
res[i] = DTLSFingerprint{
|
res[i] = DTLSFingerprint{
|
||||||
Algorithm: algo.String(),
|
Algorithm: algo.String(),
|
||||||
@@ -110,7 +109,7 @@ func (c Certificate) GetFingerprints() []DTLSFingerprint {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return res[:i+1]
|
return res[:i+1], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GenerateCertificate causes the creation of an X.509 certificate and
|
// GenerateCertificate causes the creation of an X.509 certificate and
|
||||||
|
|||||||
@@ -133,7 +133,10 @@ func (s *testORTCStack) getSignal() (*testORTCSignal, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
dtlsParams := s.dtls.GetLocalParameters()
|
dtlsParams, err := s.dtls.GetLocalParameters()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
sctpCapabilities := s.sctp.GetCapabilities()
|
sctpCapabilities := s.sctp.GetCapabilities()
|
||||||
|
|
||||||
|
|||||||
@@ -82,18 +82,22 @@ func (t *DTLSTransport) ICETransport() *ICETransport {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetLocalParameters returns the DTLS parameters of the local DTLSTransport upon construction.
|
// GetLocalParameters returns the DTLS parameters of the local DTLSTransport upon construction.
|
||||||
func (t *DTLSTransport) GetLocalParameters() DTLSParameters {
|
func (t *DTLSTransport) GetLocalParameters() (DTLSParameters, error) {
|
||||||
fingerprints := []DTLSFingerprint{}
|
fingerprints := []DTLSFingerprint{}
|
||||||
|
|
||||||
for _, c := range t.certificates {
|
for _, c := range t.certificates {
|
||||||
prints := c.GetFingerprints() // TODO: Should be only one?
|
prints, err := c.GetFingerprints() // TODO: Should be only one?
|
||||||
|
if err != nil {
|
||||||
|
return DTLSParameters{}, err
|
||||||
|
}
|
||||||
|
|
||||||
fingerprints = append(fingerprints, prints...)
|
fingerprints = append(fingerprints, prints...)
|
||||||
}
|
}
|
||||||
|
|
||||||
return DTLSParameters{
|
return DTLSParameters{
|
||||||
Role: DTLSRoleAuto, // always returns the default role
|
Role: DTLSRoleAuto, // always returns the default role
|
||||||
Fingerprints: fingerprints,
|
Fingerprints: fingerprints,
|
||||||
}
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetRemoteCertificate returns the certificate chain in use by the remote side
|
// GetRemoteCertificate returns the certificate chain in use by the remote side
|
||||||
|
|||||||
@@ -73,7 +73,10 @@ func main() {
|
|||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
quicParams := qt.GetLocalParameters()
|
quicParams, err := qt.GetLocalParameters()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
s := Signal{
|
s := Signal{
|
||||||
ICECandidates: iceCandidates,
|
ICECandidates: iceCandidates,
|
||||||
|
|||||||
@@ -71,7 +71,10 @@ func main() {
|
|||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
dtlsParams := dtls.GetLocalParameters()
|
dtlsParams, err := dtls.GetLocalParameters()
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
|
||||||
sctpCapabilities := sctp.GetCapabilities()
|
sctpCapabilities := sctp.GetCapabilities()
|
||||||
|
|
||||||
|
|||||||
@@ -446,7 +446,9 @@ func (pc *PeerConnection) CreateOffer(options *OfferOptions) (SessionDescription
|
|||||||
}
|
}
|
||||||
|
|
||||||
d := sdp.NewJSEPSessionDescription(useIdentity)
|
d := sdp.NewJSEPSessionDescription(useIdentity)
|
||||||
pc.addFingerprint(d)
|
if err := pc.addFingerprint(d); err != nil {
|
||||||
|
return SessionDescription{}, err
|
||||||
|
}
|
||||||
|
|
||||||
iceParams, err := pc.iceGatherer.GetLocalParameters()
|
iceParams, err := pc.iceGatherer.GetLocalParameters()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@@ -560,7 +562,9 @@ func (pc *PeerConnection) CreateAnswer(options *AnswerOptions) (SessionDescripti
|
|||||||
}
|
}
|
||||||
|
|
||||||
d := sdp.NewJSEPSessionDescription(useIdentity)
|
d := sdp.NewJSEPSessionDescription(useIdentity)
|
||||||
pc.addFingerprint(d)
|
if err = pc.addFingerprint(d); err != nil {
|
||||||
|
return SessionDescription{}, err
|
||||||
|
}
|
||||||
|
|
||||||
getDirection := func(media *sdp.MediaDescription) RTPTransceiverDirection {
|
getDirection := func(media *sdp.MediaDescription) RTPTransceiverDirection {
|
||||||
for _, a := range media.Attributes {
|
for _, a := range media.Attributes {
|
||||||
@@ -1475,11 +1479,16 @@ func (pc *PeerConnection) iceStateChange(newState ICEConnectionState) {
|
|||||||
pc.onICEConnectionStateChange(newState)
|
pc.onICEConnectionStateChange(newState)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PeerConnection) addFingerprint(d *sdp.SessionDescription) {
|
func (pc *PeerConnection) addFingerprint(d *sdp.SessionDescription) error {
|
||||||
// TODO: Handle multiple certificates
|
// TODO: Handle multiple certificates
|
||||||
for _, fingerprint := range pc.configuration.Certificates[0].GetFingerprints() {
|
fingerprints, err := pc.configuration.Certificates[0].GetFingerprints()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
for _, fingerprint := range fingerprints {
|
||||||
d.WithFingerprint(fingerprint.Algorithm, strings.ToUpper(fingerprint.Value))
|
d.WithFingerprint(fingerprint.Algorithm, strings.ToUpper(fingerprint.Value))
|
||||||
}
|
}
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (pc *PeerConnection) addTransceiverSDP(d *sdp.SessionDescription, t *RTPTransceiver, midOffset int, iceParams ICEParameters, candidates []ICECandidate, dtlsRole sdp.ConnectionRole) {
|
func (pc *PeerConnection) addTransceiverSDP(d *sdp.SessionDescription, t *RTPTransceiver, midOffset int, iceParams ICEParameters, candidates []ICECandidate, dtlsRole sdp.ConnectionRole) {
|
||||||
|
|||||||
@@ -63,18 +63,22 @@ func (api *API) NewQUICTransport(transport *ICETransport, certificates []Certifi
|
|||||||
}
|
}
|
||||||
|
|
||||||
// GetLocalParameters returns the Quic parameters of the local QUICParameters upon construction.
|
// GetLocalParameters returns the Quic parameters of the local QUICParameters upon construction.
|
||||||
func (t *QUICTransport) GetLocalParameters() QUICParameters {
|
func (t *QUICTransport) GetLocalParameters() (QUICParameters, error) {
|
||||||
fingerprints := []DTLSFingerprint{}
|
fingerprints := []DTLSFingerprint{}
|
||||||
|
|
||||||
for _, c := range t.certificates {
|
for _, c := range t.certificates {
|
||||||
prints := c.GetFingerprints() // TODO: Should be only one?
|
prints, err := c.GetFingerprints() // TODO: Should be only one?
|
||||||
|
if err != nil {
|
||||||
|
return QUICParameters{}, err
|
||||||
|
|
||||||
|
}
|
||||||
fingerprints = append(fingerprints, prints...)
|
fingerprints = append(fingerprints, prints...)
|
||||||
}
|
}
|
||||||
|
|
||||||
return QUICParameters{
|
return QUICParameters{
|
||||||
Role: QUICRoleAuto, // always returns the default role
|
Role: QUICRoleAuto, // always returns the default role
|
||||||
Fingerprints: fingerprints,
|
Fingerprints: fingerprints,
|
||||||
}
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Start Quic transport with the parameters of the remote
|
// Start Quic transport with the parameters of the remote
|
||||||
|
|||||||
@@ -126,7 +126,10 @@ func (s *testQuicStack) getSignal() (*testQuicSignal, error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
quicParams := s.quic.GetLocalParameters()
|
quicParams, err := s.quic.GetLocalParameters()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
return &testQuicSignal{
|
return &testQuicSignal{
|
||||||
ICECandidates: iceCandidates,
|
ICECandidates: iceCandidates,
|
||||||
|
|||||||
Reference in New Issue
Block a user