1 /*
2 * libjingle
3 * Copyright 2015 Google Inc.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice,
11 * this list of conditions and the following disclaimer in the documentation
12 * and/or other materials provided with the distribution.
13 * 3. The name of the author may not be used to endorse or promote products
14 * derived from this software without specific prior written permission.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19 * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "talk/app/webrtc/dtlsidentitystore.h"
29
30 #include <utility>
31
32 #include "talk/app/webrtc/webrtcsessiondescriptionfactory.h"
33 #include "webrtc/base/logging.h"
34
35 using webrtc::DtlsIdentityRequestObserver;
36
37 namespace webrtc {
38
39 // Passed to SSLIdentity::Generate, "WebRTC". Used for the certificates'
40 // subject and issuer name.
41 const char kIdentityName[] = "WebRTC";
42
43 namespace {
44
45 enum {
46 MSG_DESTROY,
47 MSG_GENERATE_IDENTITY,
48 MSG_GENERATE_IDENTITY_RESULT
49 };
50
51 } // namespace
52
53 // This class runs on the worker thread to generate the identity. It's necessary
54 // to separate this class from DtlsIdentityStore so that it can live on the
55 // worker thread after DtlsIdentityStore is destroyed.
56 class DtlsIdentityStoreImpl::WorkerTask : public sigslot::has_slots<>,
57 public rtc::MessageHandler {
58 public:
WorkerTask(DtlsIdentityStoreImpl * store,rtc::KeyType key_type)59 WorkerTask(DtlsIdentityStoreImpl* store, rtc::KeyType key_type)
60 : signaling_thread_(rtc::Thread::Current()),
61 store_(store),
62 key_type_(key_type) {
63 store_->SignalDestroyed.connect(this, &WorkerTask::OnStoreDestroyed);
64 }
65
~WorkerTask()66 virtual ~WorkerTask() { RTC_DCHECK(signaling_thread_->IsCurrent()); }
67
68 private:
GenerateIdentity_w()69 void GenerateIdentity_w() {
70 LOG(LS_INFO) << "Generating identity, using keytype " << key_type_;
71 rtc::scoped_ptr<rtc::SSLIdentity> identity(
72 rtc::SSLIdentity::Generate(kIdentityName, key_type_));
73
74 // Posting to |this| avoids touching |store_| on threads other than
75 // |signaling_thread_| and thus avoids having to use locks.
76 IdentityResultMessageData* msg = new IdentityResultMessageData(
77 new IdentityResult(key_type_, std::move(identity)));
78 signaling_thread_->Post(this, MSG_GENERATE_IDENTITY_RESULT, msg);
79 }
80
OnMessage(rtc::Message * msg)81 void OnMessage(rtc::Message* msg) override {
82 switch (msg->message_id) {
83 case MSG_GENERATE_IDENTITY:
84 // This message always runs on the worker thread.
85 GenerateIdentity_w();
86
87 // Must delete |this|, owned by msg->pdata, on the signaling thread to
88 // avoid races on disconnecting the signal.
89 signaling_thread_->Post(this, MSG_DESTROY, msg->pdata);
90 break;
91 case MSG_GENERATE_IDENTITY_RESULT:
92 RTC_DCHECK(signaling_thread_->IsCurrent());
93 {
94 rtc::scoped_ptr<IdentityResultMessageData> pdata(
95 static_cast<IdentityResultMessageData*>(msg->pdata));
96 if (store_) {
97 store_->OnIdentityGenerated(pdata->data()->key_type_,
98 std::move(pdata->data()->identity_));
99 }
100 }
101 break;
102 case MSG_DESTROY:
103 RTC_DCHECK(signaling_thread_->IsCurrent());
104 delete msg->pdata;
105 // |this| has now been deleted. Don't touch member variables.
106 break;
107 default:
108 RTC_CHECK(false) << "Unexpected message type";
109 }
110 }
111
OnStoreDestroyed()112 void OnStoreDestroyed() {
113 RTC_DCHECK(signaling_thread_->IsCurrent());
114 store_ = nullptr;
115 }
116
117 rtc::Thread* const signaling_thread_;
118 DtlsIdentityStoreImpl* store_; // Only touched on |signaling_thread_|.
119 const rtc::KeyType key_type_;
120 };
121
DtlsIdentityStoreImpl(rtc::Thread * signaling_thread,rtc::Thread * worker_thread)122 DtlsIdentityStoreImpl::DtlsIdentityStoreImpl(rtc::Thread* signaling_thread,
123 rtc::Thread* worker_thread)
124 : signaling_thread_(signaling_thread),
125 worker_thread_(worker_thread),
126 request_info_() {
127 RTC_DCHECK(signaling_thread_->IsCurrent());
128 // Preemptively generate identities unless the worker thread and signaling
129 // thread are the same (only do preemptive work in the background).
130 if (worker_thread_ != signaling_thread_) {
131 // Only necessary for RSA.
132 GenerateIdentity(rtc::KT_RSA, nullptr);
133 }
134 }
135
~DtlsIdentityStoreImpl()136 DtlsIdentityStoreImpl::~DtlsIdentityStoreImpl() {
137 RTC_DCHECK(signaling_thread_->IsCurrent());
138 SignalDestroyed();
139 }
140
RequestIdentity(rtc::KeyType key_type,const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> & observer)141 void DtlsIdentityStoreImpl::RequestIdentity(
142 rtc::KeyType key_type,
143 const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>& observer) {
144 RTC_DCHECK(signaling_thread_->IsCurrent());
145 RTC_DCHECK(observer);
146
147 GenerateIdentity(key_type, observer);
148 }
149
OnMessage(rtc::Message * msg)150 void DtlsIdentityStoreImpl::OnMessage(rtc::Message* msg) {
151 RTC_DCHECK(signaling_thread_->IsCurrent());
152 switch (msg->message_id) {
153 case MSG_GENERATE_IDENTITY_RESULT: {
154 rtc::scoped_ptr<IdentityResultMessageData> pdata(
155 static_cast<IdentityResultMessageData*>(msg->pdata));
156 OnIdentityGenerated(pdata->data()->key_type_,
157 std::move(pdata->data()->identity_));
158 break;
159 }
160 }
161 }
162
HasFreeIdentityForTesting(rtc::KeyType key_type) const163 bool DtlsIdentityStoreImpl::HasFreeIdentityForTesting(
164 rtc::KeyType key_type) const {
165 RTC_DCHECK(signaling_thread_->IsCurrent());
166 return request_info_[key_type].free_identity_.get() != nullptr;
167 }
168
GenerateIdentity(rtc::KeyType key_type,const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> & observer)169 void DtlsIdentityStoreImpl::GenerateIdentity(
170 rtc::KeyType key_type,
171 const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>& observer) {
172 RTC_DCHECK(signaling_thread_->IsCurrent());
173
174 // Enqueue observer to be informed when generation of |key_type| is completed.
175 if (observer.get()) {
176 request_info_[key_type].request_observers_.push(observer);
177
178 // Already have a free identity generated?
179 if (request_info_[key_type].free_identity_.get()) {
180 // Return identity async - post even though we are on |signaling_thread_|.
181 LOG(LS_VERBOSE) << "Using a free DTLS identity.";
182 ++request_info_[key_type].gen_in_progress_counts_;
183 IdentityResultMessageData* msg =
184 new IdentityResultMessageData(new IdentityResult(
185 key_type, std::move(request_info_[key_type].free_identity_)));
186 signaling_thread_->Post(this, MSG_GENERATE_IDENTITY_RESULT, msg);
187 return;
188 }
189
190 // Free identity in the process of being generated?
191 if (request_info_[key_type].gen_in_progress_counts_ ==
192 request_info_[key_type].request_observers_.size()) {
193 // No need to do anything, the free identity will be returned to the
194 // observer in a MSG_GENERATE_IDENTITY_RESULT.
195 return;
196 }
197 }
198
199 // Enqueue/Post a worker task to do the generation.
200 ++request_info_[key_type].gen_in_progress_counts_;
201 WorkerTask* task = new WorkerTask(this, key_type); // Post 1 task/request.
202 // The WorkerTask is owned by the message data to make sure it will not be
203 // leaked even if the task does not get run.
204 WorkerTaskMessageData* msg = new WorkerTaskMessageData(task);
205 worker_thread_->Post(task, MSG_GENERATE_IDENTITY, msg);
206 }
207
OnIdentityGenerated(rtc::KeyType key_type,rtc::scoped_ptr<rtc::SSLIdentity> identity)208 void DtlsIdentityStoreImpl::OnIdentityGenerated(
209 rtc::KeyType key_type, rtc::scoped_ptr<rtc::SSLIdentity> identity) {
210 RTC_DCHECK(signaling_thread_->IsCurrent());
211
212 RTC_DCHECK(request_info_[key_type].gen_in_progress_counts_);
213 --request_info_[key_type].gen_in_progress_counts_;
214
215 rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer;
216 if (!request_info_[key_type].request_observers_.empty()) {
217 observer = request_info_[key_type].request_observers_.front();
218 request_info_[key_type].request_observers_.pop();
219 }
220
221 if (observer.get() == nullptr) {
222 // No observer - store result in |free_identities_|.
223 RTC_DCHECK(!request_info_[key_type].free_identity_.get());
224 request_info_[key_type].free_identity_.swap(identity);
225 if (request_info_[key_type].free_identity_.get())
226 LOG(LS_VERBOSE) << "A free DTLS identity was saved.";
227 else
228 LOG(LS_WARNING) << "Failed to generate DTLS identity (preemptively).";
229 } else {
230 // Return the result to the observer.
231 if (identity.get()) {
232 LOG(LS_VERBOSE) << "A DTLS identity is returned to an observer.";
233 observer->OnSuccess(std::move(identity));
234 } else {
235 LOG(LS_WARNING) << "Failed to generate DTLS identity.";
236 observer->OnFailure(0);
237 }
238
239 // Preemptively generate another identity of the same type?
240 if (worker_thread_ != signaling_thread_ && // Only do in background thread.
241 key_type == rtc::KT_RSA && // Only necessary for RSA.
242 !request_info_[key_type].free_identity_.get() &&
243 request_info_[key_type].request_observers_.size() <=
244 request_info_[key_type].gen_in_progress_counts_) {
245 GenerateIdentity(key_type, nullptr);
246 }
247 }
248 }
249
250 } // namespace webrtc
251