feat: add remoteFingerprints method to PeerConnection

achingbrain · achingbrain · commit be5a4d963d07 · 2024-06-11T09:26:16.000+01:00
Returns a vector that contains the certificate fingerprints used by the connection to the remote peer. Closes #1203 Refs #1166
diff --git a/include/rtc/peerconnection.hpp b/include/rtc/peerconnection.hpp
@@ -35,6 +35,11 @@ struct RTC_CPP_EXPORT DataChannelInit {
 	string protocol = "";
 };
 
+struct RTC_CPP_EXPORT RemoteFingerprint {
+	string value;
+	CertificateFingerprint::Algorithm algorithm;
+};
+
 class RTC_CPP_EXPORT PeerConnection final : CheshireCat<impl::PeerConnection> {
 public:
 	enum class State : int {
@@ -113,6 +118,7 @@ class RTC_CPP_EXPORT PeerConnection final : CheshireCat<impl::PeerConnection> {
 	void onSignalingStateChange(std::function<void(SignalingState state)> callback);
 
 	void resetCallbacks();
+	std::vector<struct RemoteFingerprint> remoteFingerprints();
 
 	// Stats
 	void clearStats();
diff --git a/src/impl/peerconnection.cpp b/src/impl/peerconnection.cpp
@@ -239,7 +239,7 @@ shared_ptr<DtlsTransport> PeerConnection::initDtlsTransport() {
 			throw std::logic_error("No underlying ICE transport for DTLS transport");
 
 		auto certificate = mCertificate.get();
-		auto verifierCallback = weak_bind(&PeerConnection::checkFingerprint, this, _1);
+		auto verifierCallback = weak_bind(&PeerConnection::checkFingerprint, this, _1, fingerprintAlgorithm);
 		auto dtlsStateChangeCallback =
 		    [this, weak_this = weak_from_this()](DtlsTransport::State transportState) {
 			    auto shared_this = weak_this.lock();
@@ -439,24 +439,36 @@ void PeerConnection::rollbackLocalDescription() {
 	}
 }
 
-bool PeerConnection::checkFingerprint(const std::string &fingerprint) const {
+bool PeerConnection::checkFingerprint(const std::string &fingerprint, const CertificateFingerprint::Algorithm &algorithm) {
 	std::lock_guard lock(mRemoteDescriptionMutex);
 	if (!mRemoteDescription || !mRemoteDescription->fingerprint())
 		return false;
 
-	if (config.disableFingerprintVerification)
-		return true;
-
 	auto expectedFingerprint = mRemoteDescription->fingerprint()->value;
-	if (expectedFingerprint  == fingerprint) {
+	if (config.disableFingerprintVerification || expectedFingerprint == fingerprint) {
 		PLOG_VERBOSE << "Valid fingerprint \"" << fingerprint << "\"";
+		storeRemoteFingerprint(fingerprint, algorithm);
 		return true;
 	}
 
 	PLOG_ERROR << "Invalid fingerprint \"" << fingerprint << "\", expected \"" << expectedFingerprint << "\"";
 	return false;
 }
 
+void PeerConnection::storeRemoteFingerprint(const std::string &fingerprint, const CertificateFingerprint::Algorithm &algorithm) {
+	auto iter = std::find_if(rFingerprints.begin(), rFingerprints.end(), [&](const RemoteFingerprint& existing){return existing.value == fingerprint;});
+  bool seenPreviously = iter != rFingerprints.end();
+
+	if (seenPreviously) {
+		return;
+	}
+
+	rFingerprints.push_back({
+		.value = fingerprint,
+		algorithm
+	});
+}
+
 void PeerConnection::forwardMessage(message_ptr message) {
 	if (!message) {
 		remoteCloseDataChannels();
@@ -1301,6 +1313,13 @@ void PeerConnection::resetCallbacks() {
 	trackCallback = nullptr;
 }
 
+std::vector<struct RemoteFingerprint> PeerConnection::remoteFingerprints() {
+	std::vector<struct RemoteFingerprint> ret;
+	ret = rFingerprints;
+
+	return ret;
+}
+
 void PeerConnection::updateTrackSsrcCache(const Description &description) {
 	std::unique_lock lock(mTracksMutex); // for safely writing to mTracksBySsrc
 
diff --git a/src/impl/peerconnection.hpp b/src/impl/peerconnection.hpp
@@ -53,7 +53,7 @@ struct PeerConnection : std::enable_shared_from_this<PeerConnection> {
 
 	void endLocalCandidates();
 	void rollbackLocalDescription();
-	bool checkFingerprint(const std::string &fingerprint) const;
+	bool checkFingerprint(const std::string &fingerprint, const CertificateFingerprint::Algorithm &algorithm);
 	void forwardMessage(message_ptr message);
 	void forwardMedia(message_ptr message);
 	void forwardBufferedAmount(uint16_t stream, size_t amount);
@@ -98,6 +98,7 @@ struct PeerConnection : std::enable_shared_from_this<PeerConnection> {
 	bool changeSignalingState(SignalingState newState);
 
 	void resetCallbacks();
+	std::vector<struct RemoteFingerprint> remoteFingerprints();
 
 	// Helper method for asynchronous callback invocation
 	template <typename... Args> void trigger(synchronized_callback<Args...> *cb, Args... args) {
@@ -129,6 +130,7 @@ struct PeerConnection : std::enable_shared_from_this<PeerConnection> {
 private:
 	void dispatchMedia(message_ptr message);
 	void updateTrackSsrcCache(const Description &description);
+	void storeRemoteFingerprint(const std::string &fingerprint, const CertificateFingerprint::Algorithm &algorithm);
 
 	const init_token mInitToken = Init::Instance().token();
 	future_certificate_ptr mCertificate;
@@ -157,6 +159,8 @@ struct PeerConnection : std::enable_shared_from_this<PeerConnection> {
 
 	Queue<shared_ptr<DataChannel>> mPendingDataChannels;
 	Queue<shared_ptr<Track>> mPendingTracks;
+
+	std::vector<struct RemoteFingerprint> rFingerprints;
 };
 
 } // namespace rtc::impl
diff --git a/src/peerconnection.cpp b/src/peerconnection.cpp
@@ -367,6 +367,10 @@ optional<std::chrono::milliseconds> PeerConnection::rtt() {
 	return sctpTransport ? sctpTransport->rtt() : nullopt;
 }
 
+std::vector<struct RemoteFingerprint> PeerConnection::remoteFingerprints() {
+	return impl()->remoteFingerprints();
+}
+
 std::ostream &operator<<(std::ostream &out, PeerConnection::State state) {
 	using State = PeerConnection::State;
 	const char *str;
