Skip to content

Commit 42ec088

Browse files
Sean-Derpaullouisageneau
Sean-Der
and
paullouisageneau
committed
Support all Certificate Fingerprint Algorithms
Before was hardcoded to sha256 Resolves #1076 Co-authored-by: Paul-Louis Ageneau <paul-louis@ageneau.org>
1 parent 715e296 commit 42ec088

10 files changed

+252
-94
lines changed

include/rtc/description.hpp

+16-4
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,17 @@ const string DEFAULT_OPUS_AUDIO_PROFILE =
2828
const string DEFAULT_H264_VIDEO_PROFILE =
2929
"profile-level-id=42e01f;packetization-mode=1;level-asymmetry-allowed=1";
3030

31+
struct CertificateFingerprint {
32+
enum class Algorithm { Sha1, Sha224, Sha256, Sha384, Sha512 };
33+
static string AlgorithmIdentifier(Algorithm algorithm);
34+
static size_t AlgorithmSize(Algorithm algorithm);
35+
36+
bool isValid() const;
37+
38+
Algorithm algorithm;
39+
string value;
40+
};
41+
3142
class RTC_CPP_EXPORT Description {
3243
public:
3344
enum class Type { Unspec, Offer, Answer, Pranswer, Rollback };
@@ -51,11 +62,11 @@ class RTC_CPP_EXPORT Description {
5162
std::vector<string> iceOptions() const;
5263
optional<string> iceUfrag() const;
5364
optional<string> icePwd() const;
54-
optional<string> fingerprint() const;
65+
optional<CertificateFingerprint> fingerprint() const;
5566
bool ended() const;
5667

5768
void hintType(Type type);
58-
void setFingerprint(string fingerprint);
69+
void setFingerprint(CertificateFingerprint f);
5970
void addIceOption(string option);
6071
void removeIceOption(const string &option);
6172

@@ -291,7 +302,7 @@ class RTC_CPP_EXPORT Description {
291302
string mSessionId;
292303
std::vector<string> mIceOptions;
293304
optional<string> mIceUfrag, mIcePwd;
294-
optional<string> mFingerprint;
305+
optional<CertificateFingerprint> mFingerprint;
295306
std::vector<string> mAttributes; // other attributes
296307

297308
// Entries
@@ -308,6 +319,7 @@ class RTC_CPP_EXPORT Description {
308319
RTC_CPP_EXPORT std::ostream &operator<<(std::ostream &out, const rtc::Description &description);
309320
RTC_CPP_EXPORT std::ostream &operator<<(std::ostream &out, rtc::Description::Type type);
310321
RTC_CPP_EXPORT std::ostream &operator<<(std::ostream &out, rtc::Description::Role role);
311-
RTC_CPP_EXPORT std::ostream &operator<<(std::ostream &out, const rtc::Description::Direction &direction);
322+
RTC_CPP_EXPORT std::ostream &operator<<(std::ostream &out,
323+
const rtc::Description::Direction &direction);
312324

313325
#endif

src/description.cpp

+95-36
Original file line numberDiff line numberDiff line change
@@ -33,11 +33,6 @@ inline bool match_prefix(string_view str, string_view prefix) {
3333
std::mismatch(prefix.begin(), prefix.end(), str.begin()).first == prefix.end();
3434
}
3535

36-
inline void trim_begin(string &str) {
37-
str.erase(str.begin(),
38-
std::find_if(str.begin(), str.end(), [](char c) { return !std::isspace(c); }));
39-
}
40-
4136
inline void trim_end(string &str) {
4237
str.erase(
4338
std::find_if(str.rbegin(), str.rend(), [](char c) { return !std::isspace(c); }).base(),
@@ -71,22 +66,6 @@ template <typename T> T to_integer(string_view s) {
7166
}
7267
}
7368

74-
inline bool is_sha256_fingerprint(string_view f) {
75-
if (f.size() != 32 * 3 - 1)
76-
return false;
77-
78-
for (size_t i = 0; i < f.size(); ++i) {
79-
if (i % 3 == 2) {
80-
if (f[i] != ':')
81-
return false;
82-
} else {
83-
if (!std::isxdigit(f[i]))
84-
return false;
85-
}
86-
}
87-
return true;
88-
}
89-
9069
} // namespace
9170

9271
namespace rtc {
@@ -131,12 +110,35 @@ Description::Description(const string &sdp, Type type, Role role)
131110
// media-level SDP attribute. If it is a session-level attribute, it applies to all
132111
// TLS sessions for which no media-level fingerprint attribute is defined.
133112
if (!mFingerprint || index == 0) { // first media overrides session-level
134-
if (match_prefix(value, "sha-256 ") || match_prefix(value, "SHA-256 ")) {
135-
string fingerprint{value.substr(8)};
136-
trim_begin(fingerprint);
137-
setFingerprint(std::move(fingerprint));
138-
} else {
113+
auto fingerprintExploded = utils::explode(string(value), ' ');
114+
if (fingerprintExploded.size() != 2) {
139115
PLOG_WARNING << "Unknown SDP fingerprint format: " << value;
116+
continue;
117+
}
118+
119+
auto first = fingerprintExploded.at(0);
120+
std::transform(first.begin(), first.end(), first.begin(),
121+
[](char c) { return char(std::tolower(c)); });
122+
123+
std::optional<CertificateFingerprint::Algorithm> fingerprintAlgorithm;
124+
125+
for (auto a : std::array<CertificateFingerprint::Algorithm, 5>{
126+
CertificateFingerprint::Algorithm::Sha1,
127+
CertificateFingerprint::Algorithm::Sha224,
128+
CertificateFingerprint::Algorithm::Sha256,
129+
CertificateFingerprint::Algorithm::Sha384,
130+
CertificateFingerprint::Algorithm::Sha512}) {
131+
if (first == CertificateFingerprint::AlgorithmIdentifier(a)) {
132+
fingerprintAlgorithm = a;
133+
break;
134+
}
135+
}
136+
137+
if (fingerprintAlgorithm.has_value()) {
138+
setFingerprint(CertificateFingerprint{
139+
fingerprintAlgorithm.value(), std::move(fingerprintExploded.at(1))});
140+
} else {
141+
PLOG_WARNING << "Unknown certificate fingerprint algorithm: " << first;
140142
}
141143
}
142144
} else if (key == "ice-ufrag") {
@@ -205,7 +207,7 @@ std::vector<string> Description::iceOptions() const { return mIceOptions; }
205207

206208
optional<string> Description::icePwd() const { return mIcePwd; }
207209

208-
optional<string> Description::fingerprint() const { return mFingerprint; }
210+
optional<CertificateFingerprint> Description::fingerprint() const { return mFingerprint; }
209211

210212
bool Description::ended() const { return mEnded; }
211213

@@ -214,13 +216,13 @@ void Description::hintType(Type type) {
214216
mType = type;
215217
}
216218

217-
void Description::setFingerprint(string fingerprint) {
218-
if (!is_sha256_fingerprint(fingerprint))
219-
throw std::invalid_argument("Invalid SHA256 fingerprint \"" + fingerprint + "\"");
219+
void Description::setFingerprint(CertificateFingerprint f) {
220+
if (!f.isValid())
221+
throw std::invalid_argument("Invalid " + CertificateFingerprint::AlgorithmIdentifier(f.algorithm) + " fingerprint \"" + f.value + "\"");
220222

221-
std::transform(fingerprint.begin(), fingerprint.end(), fingerprint.begin(),
223+
std::transform(f.value.begin(), f.value.end(), f.value.begin(),
222224
[](char c) { return char(std::toupper(c)); });
223-
mFingerprint.emplace(std::move(fingerprint));
225+
mFingerprint = std::move(f);
224226
}
225227

226228
void Description::addIceOption(string option) {
@@ -315,7 +317,9 @@ string Description::generateSdp(string_view eol) const {
315317
if (!mIceOptions.empty())
316318
sdp << "a=ice-options:" << utils::implode(mIceOptions, ',') << eol;
317319
if (mFingerprint)
318-
sdp << "a=fingerprint:sha-256 " << *mFingerprint << eol;
320+
sdp << "a=fingerprint:"
321+
<< CertificateFingerprint::AlgorithmIdentifier(mFingerprint->algorithm) << " "
322+
<< mFingerprint->value << eol;
319323

320324
for (const auto &attr : mAttributes)
321325
sdp << "a=" << attr << eol;
@@ -378,7 +382,9 @@ string Description::generateApplicationSdp(string_view eol) const {
378382
if (!mIceOptions.empty())
379383
sdp << "a=ice-options:" << utils::implode(mIceOptions, ',') << eol;
380384
if (mFingerprint)
381-
sdp << "a=fingerprint:sha-256 " << *mFingerprint << eol;
385+
sdp << "a=fingerprint:"
386+
<< CertificateFingerprint::AlgorithmIdentifier(mFingerprint->algorithm) << " "
387+
<< mFingerprint->value << eol;
382388

383389
for (const auto &attr : mAttributes)
384390
sdp << "a=" << attr << eol;
@@ -876,8 +882,7 @@ void Description::Application::parseSdpLine(string_view line) {
876882
}
877883
}
878884

879-
Description::Media::Media(const string &sdp)
880-
: Entry(get_first_line(sdp), "", Direction::Unknown) {
885+
Description::Media::Media(const string &sdp) : Entry(get_first_line(sdp), "", Direction::Unknown) {
881886
string line;
882887
std::istringstream ss(sdp);
883888
std::getline(ss, line); // discard first line
@@ -1288,6 +1293,60 @@ string Description::typeToString(Type type) {
12881293
}
12891294
}
12901295

1296+
size_t
1297+
CertificateFingerprint::AlgorithmSize(CertificateFingerprint::Algorithm fingerprintAlgorithm) {
1298+
switch (fingerprintAlgorithm) {
1299+
case CertificateFingerprint::Algorithm::Sha1:
1300+
return 20;
1301+
case CertificateFingerprint::Algorithm::Sha224:
1302+
return 28;
1303+
case CertificateFingerprint::Algorithm::Sha256:
1304+
return 32;
1305+
case CertificateFingerprint::Algorithm::Sha384:
1306+
return 48;
1307+
case CertificateFingerprint::Algorithm::Sha512:
1308+
return 64;
1309+
default:
1310+
return 0;
1311+
}
1312+
}
1313+
1314+
std::string CertificateFingerprint::AlgorithmIdentifier(
1315+
CertificateFingerprint::Algorithm fingerprintAlgorithm) {
1316+
switch (fingerprintAlgorithm) {
1317+
case CertificateFingerprint::Algorithm::Sha1:
1318+
return "sha-1";
1319+
case CertificateFingerprint::Algorithm::Sha224:
1320+
return "sha-224";
1321+
case CertificateFingerprint::Algorithm::Sha256:
1322+
return "sha-256";
1323+
case CertificateFingerprint::Algorithm::Sha384:
1324+
return "sha-256";
1325+
case CertificateFingerprint::Algorithm::Sha512:
1326+
return "sha-512";
1327+
default:
1328+
return "unknown";
1329+
}
1330+
}
1331+
1332+
bool CertificateFingerprint::isValid() const {
1333+
size_t expectedSize = AlgorithmSize(this->algorithm);
1334+
if (expectedSize == 0 || this->value.size() != expectedSize * 3 - 1) {
1335+
return false;
1336+
}
1337+
1338+
for (size_t i = 0; i < this->value.size(); ++i) {
1339+
if (i % 3 == 2) {
1340+
if (this->value[i] != ':')
1341+
return false;
1342+
} else {
1343+
if (!std::isxdigit(this->value[i]))
1344+
return false;
1345+
}
1346+
}
1347+
return true;
1348+
}
1349+
12911350
} // namespace rtc
12921351

12931352
std::ostream &operator<<(std::ostream &out, const rtc::Description &description) {

0 commit comments

Comments
 (0)