1 /*
2  * libjingle
3  * Copyright 2015 Google Inc.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  *  1. Redistributions of source code must retain the above copyright notice,
9  *     this list of conditions and the following disclaimer.
10  *  2. Redistributions in binary form must reproduce the above copyright notice,
11  *     this list of conditions and the following disclaimer in the documentation
12  *     and/or other materials provided with the distribution.
13  *  3. The name of the author may not be used to endorse or promote products
14  *     derived from this software without specific prior written permission.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19  * EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "talk/app/webrtc/dtlsidentitystore.h"
29 
30 #include <utility>
31 
32 #include "talk/app/webrtc/webrtcsessiondescriptionfactory.h"
33 #include "webrtc/base/logging.h"
34 
35 using webrtc::DtlsIdentityRequestObserver;
36 
37 namespace webrtc {
38 
39 // Passed to SSLIdentity::Generate, "WebRTC". Used for the certificates'
40 // subject and issuer name.
41 const char kIdentityName[] = "WebRTC";
42 
43 namespace {
44 
45 enum {
46   MSG_DESTROY,
47   MSG_GENERATE_IDENTITY,
48   MSG_GENERATE_IDENTITY_RESULT
49 };
50 
51 }  // namespace
52 
53 // This class runs on the worker thread to generate the identity. It's necessary
54 // to separate this class from DtlsIdentityStore so that it can live on the
55 // worker thread after DtlsIdentityStore is destroyed.
56 class DtlsIdentityStoreImpl::WorkerTask : public sigslot::has_slots<>,
57                                           public rtc::MessageHandler {
58  public:
WorkerTask(DtlsIdentityStoreImpl * store,rtc::KeyType key_type)59   WorkerTask(DtlsIdentityStoreImpl* store, rtc::KeyType key_type)
60       : signaling_thread_(rtc::Thread::Current()),
61         store_(store),
62         key_type_(key_type) {
63     store_->SignalDestroyed.connect(this, &WorkerTask::OnStoreDestroyed);
64   }
65 
~WorkerTask()66   virtual ~WorkerTask() { RTC_DCHECK(signaling_thread_->IsCurrent()); }
67 
68  private:
GenerateIdentity_w()69   void GenerateIdentity_w() {
70     LOG(LS_INFO) << "Generating identity, using keytype " << key_type_;
71     rtc::scoped_ptr<rtc::SSLIdentity> identity(
72         rtc::SSLIdentity::Generate(kIdentityName, key_type_));
73 
74     // Posting to |this| avoids touching |store_| on threads other than
75     // |signaling_thread_| and thus avoids having to use locks.
76     IdentityResultMessageData* msg = new IdentityResultMessageData(
77         new IdentityResult(key_type_, std::move(identity)));
78     signaling_thread_->Post(this, MSG_GENERATE_IDENTITY_RESULT, msg);
79   }
80 
OnMessage(rtc::Message * msg)81   void OnMessage(rtc::Message* msg) override {
82     switch (msg->message_id) {
83       case MSG_GENERATE_IDENTITY:
84         // This message always runs on the worker thread.
85         GenerateIdentity_w();
86 
87         // Must delete |this|, owned by msg->pdata, on the signaling thread to
88         // avoid races on disconnecting the signal.
89         signaling_thread_->Post(this, MSG_DESTROY, msg->pdata);
90         break;
91       case MSG_GENERATE_IDENTITY_RESULT:
92         RTC_DCHECK(signaling_thread_->IsCurrent());
93         {
94           rtc::scoped_ptr<IdentityResultMessageData> pdata(
95               static_cast<IdentityResultMessageData*>(msg->pdata));
96           if (store_) {
97             store_->OnIdentityGenerated(pdata->data()->key_type_,
98                                         std::move(pdata->data()->identity_));
99           }
100         }
101         break;
102       case MSG_DESTROY:
103         RTC_DCHECK(signaling_thread_->IsCurrent());
104         delete msg->pdata;
105         // |this| has now been deleted. Don't touch member variables.
106         break;
107       default:
108         RTC_CHECK(false) << "Unexpected message type";
109     }
110   }
111 
OnStoreDestroyed()112   void OnStoreDestroyed() {
113     RTC_DCHECK(signaling_thread_->IsCurrent());
114     store_ = nullptr;
115   }
116 
117   rtc::Thread* const signaling_thread_;
118   DtlsIdentityStoreImpl* store_;  // Only touched on |signaling_thread_|.
119   const rtc::KeyType key_type_;
120 };
121 
DtlsIdentityStoreImpl(rtc::Thread * signaling_thread,rtc::Thread * worker_thread)122 DtlsIdentityStoreImpl::DtlsIdentityStoreImpl(rtc::Thread* signaling_thread,
123                                              rtc::Thread* worker_thread)
124     : signaling_thread_(signaling_thread),
125       worker_thread_(worker_thread),
126       request_info_() {
127   RTC_DCHECK(signaling_thread_->IsCurrent());
128   // Preemptively generate identities unless the worker thread and signaling
129   // thread are the same (only do preemptive work in the background).
130   if (worker_thread_ != signaling_thread_) {
131     // Only necessary for RSA.
132     GenerateIdentity(rtc::KT_RSA, nullptr);
133   }
134 }
135 
~DtlsIdentityStoreImpl()136 DtlsIdentityStoreImpl::~DtlsIdentityStoreImpl() {
137   RTC_DCHECK(signaling_thread_->IsCurrent());
138   SignalDestroyed();
139 }
140 
RequestIdentity(rtc::KeyType key_type,const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> & observer)141 void DtlsIdentityStoreImpl::RequestIdentity(
142     rtc::KeyType key_type,
143     const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>& observer) {
144   RTC_DCHECK(signaling_thread_->IsCurrent());
145   RTC_DCHECK(observer);
146 
147   GenerateIdentity(key_type, observer);
148 }
149 
OnMessage(rtc::Message * msg)150 void DtlsIdentityStoreImpl::OnMessage(rtc::Message* msg) {
151   RTC_DCHECK(signaling_thread_->IsCurrent());
152   switch (msg->message_id) {
153     case MSG_GENERATE_IDENTITY_RESULT: {
154       rtc::scoped_ptr<IdentityResultMessageData> pdata(
155           static_cast<IdentityResultMessageData*>(msg->pdata));
156       OnIdentityGenerated(pdata->data()->key_type_,
157                           std::move(pdata->data()->identity_));
158       break;
159     }
160   }
161 }
162 
HasFreeIdentityForTesting(rtc::KeyType key_type) const163 bool DtlsIdentityStoreImpl::HasFreeIdentityForTesting(
164     rtc::KeyType key_type) const {
165   RTC_DCHECK(signaling_thread_->IsCurrent());
166   return request_info_[key_type].free_identity_.get() != nullptr;
167 }
168 
GenerateIdentity(rtc::KeyType key_type,const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> & observer)169 void DtlsIdentityStoreImpl::GenerateIdentity(
170     rtc::KeyType key_type,
171     const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>& observer) {
172   RTC_DCHECK(signaling_thread_->IsCurrent());
173 
174   // Enqueue observer to be informed when generation of |key_type| is completed.
175   if (observer.get()) {
176     request_info_[key_type].request_observers_.push(observer);
177 
178     // Already have a free identity generated?
179     if (request_info_[key_type].free_identity_.get()) {
180       // Return identity async - post even though we are on |signaling_thread_|.
181       LOG(LS_VERBOSE) << "Using a free DTLS identity.";
182       ++request_info_[key_type].gen_in_progress_counts_;
183       IdentityResultMessageData* msg =
184           new IdentityResultMessageData(new IdentityResult(
185               key_type, std::move(request_info_[key_type].free_identity_)));
186       signaling_thread_->Post(this, MSG_GENERATE_IDENTITY_RESULT, msg);
187       return;
188     }
189 
190     // Free identity in the process of being generated?
191     if (request_info_[key_type].gen_in_progress_counts_ ==
192             request_info_[key_type].request_observers_.size()) {
193       // No need to do anything, the free identity will be returned to the
194       // observer in a MSG_GENERATE_IDENTITY_RESULT.
195       return;
196     }
197   }
198 
199   // Enqueue/Post a worker task to do the generation.
200   ++request_info_[key_type].gen_in_progress_counts_;
201   WorkerTask* task = new WorkerTask(this, key_type);  // Post 1 task/request.
202   // The WorkerTask is owned by the message data to make sure it will not be
203   // leaked even if the task does not get run.
204   WorkerTaskMessageData* msg = new WorkerTaskMessageData(task);
205   worker_thread_->Post(task, MSG_GENERATE_IDENTITY, msg);
206 }
207 
OnIdentityGenerated(rtc::KeyType key_type,rtc::scoped_ptr<rtc::SSLIdentity> identity)208 void DtlsIdentityStoreImpl::OnIdentityGenerated(
209     rtc::KeyType key_type, rtc::scoped_ptr<rtc::SSLIdentity> identity) {
210   RTC_DCHECK(signaling_thread_->IsCurrent());
211 
212   RTC_DCHECK(request_info_[key_type].gen_in_progress_counts_);
213   --request_info_[key_type].gen_in_progress_counts_;
214 
215   rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer;
216   if (!request_info_[key_type].request_observers_.empty()) {
217     observer = request_info_[key_type].request_observers_.front();
218     request_info_[key_type].request_observers_.pop();
219   }
220 
221   if (observer.get() == nullptr) {
222     // No observer - store result in |free_identities_|.
223     RTC_DCHECK(!request_info_[key_type].free_identity_.get());
224     request_info_[key_type].free_identity_.swap(identity);
225     if (request_info_[key_type].free_identity_.get())
226       LOG(LS_VERBOSE) << "A free DTLS identity was saved.";
227     else
228       LOG(LS_WARNING) << "Failed to generate DTLS identity (preemptively).";
229   } else {
230     // Return the result to the observer.
231     if (identity.get()) {
232       LOG(LS_VERBOSE) << "A DTLS identity is returned to an observer.";
233       observer->OnSuccess(std::move(identity));
234     } else {
235       LOG(LS_WARNING) << "Failed to generate DTLS identity.";
236       observer->OnFailure(0);
237     }
238 
239     // Preemptively generate another identity of the same type?
240     if (worker_thread_ != signaling_thread_ && // Only do in background thread.
241         key_type == rtc::KT_RSA &&             // Only necessary for RSA.
242         !request_info_[key_type].free_identity_.get() &&
243         request_info_[key_type].request_observers_.size() <=
244             request_info_[key_type].gen_in_progress_counts_) {
245       GenerateIdentity(key_type, nullptr);
246     }
247   }
248 }
249 
250 }  // namespace webrtc
251