diff --git a/include/rtc/peerconnection.hpp b/include/rtc/peerconnection.hpp index 9e49f80e1..597d792c4 100644 --- a/include/rtc/peerconnection.hpp +++ b/include/rtc/peerconnection.hpp @@ -113,6 +113,7 @@ class RTC_CPP_EXPORT PeerConnection final : CheshireCat { void onSignalingStateChange(std::function callback); void resetCallbacks(); + CertificateFingerprint remoteFingerprint(); // Stats void clearStats(); diff --git a/src/impl/peerconnection.cpp b/src/impl/peerconnection.cpp index 1d3611b2b..c305384aa 100644 --- a/src/impl/peerconnection.cpp +++ b/src/impl/peerconnection.cpp @@ -234,6 +234,8 @@ shared_ptr PeerConnection::initDtlsTransport() { fingerprintAlgorithm = remote->fingerprint()->algorithm; } + mRemoteFingerprintAlgorithm = fingerprintAlgorithm; + auto lower = std::atomic_load(&mIceTransport); if (!lower) throw std::logic_error("No underlying ICE transport for DTLS transport"); @@ -439,17 +441,21 @@ void PeerConnection::rollbackLocalDescription() { } } -bool PeerConnection::checkFingerprint(const std::string &fingerprint) const { +bool PeerConnection::checkFingerprint(const std::string &fingerprint) { std::lock_guard lock(mRemoteDescriptionMutex); if (!mRemoteDescription || !mRemoteDescription->fingerprint()) return false; - if (config.disableFingerprintVerification) + if (config.disableFingerprintVerification) { + PLOG_VERBOSE << "Skipping fingerprint validation"; + mRemoteFingerprint = fingerprint; return true; + } auto expectedFingerprint = mRemoteDescription->fingerprint()->value; - if (expectedFingerprint == fingerprint) { + if (expectedFingerprint == fingerprint) { PLOG_VERBOSE << "Valid fingerprint \"" << fingerprint << "\""; + mRemoteFingerprint = fingerprint; return true; } @@ -1301,6 +1307,13 @@ void PeerConnection::resetCallbacks() { trackCallback = nullptr; } +CertificateFingerprint PeerConnection::remoteFingerprint() { + if (mRemoteFingerprint) + return {CertificateFingerprint{mRemoteFingerprintAlgorithm, *mRemoteFingerprint}}; + else + return {}; +} + void PeerConnection::updateTrackSsrcCache(const Description &description) { std::unique_lock lock(mTracksMutex); // for safely writing to mTracksBySsrc diff --git a/src/impl/peerconnection.hpp b/src/impl/peerconnection.hpp index 33dba4408..37e07cbd7 100644 --- a/src/impl/peerconnection.hpp +++ b/src/impl/peerconnection.hpp @@ -53,7 +53,7 @@ struct PeerConnection : std::enable_shared_from_this { void endLocalCandidates(); void rollbackLocalDescription(); - bool checkFingerprint(const std::string &fingerprint) const; + bool checkFingerprint(const std::string &fingerprint); void forwardMessage(message_ptr message); void forwardMedia(message_ptr message); void forwardBufferedAmount(uint16_t stream, size_t amount); @@ -98,6 +98,7 @@ struct PeerConnection : std::enable_shared_from_this { bool changeSignalingState(SignalingState newState); void resetCallbacks(); + CertificateFingerprint remoteFingerprint(); // Helper method for asynchronous callback invocation template void trigger(synchronized_callback *cb, Args... args) { @@ -157,6 +158,9 @@ struct PeerConnection : std::enable_shared_from_this { Queue> mPendingDataChannels; Queue> mPendingTracks; + + CertificateFingerprint::Algorithm mRemoteFingerprintAlgorithm = CertificateFingerprint::Algorithm::Sha256; + optional mRemoteFingerprint; }; } // namespace rtc::impl diff --git a/src/peerconnection.cpp b/src/peerconnection.cpp index 0e146834b..495cd1c3d 100644 --- a/src/peerconnection.cpp +++ b/src/peerconnection.cpp @@ -367,6 +367,10 @@ optional PeerConnection::rtt() { return sctpTransport ? sctpTransport->rtt() : nullopt; } +CertificateFingerprint PeerConnection::remoteFingerprint() { + return impl()->remoteFingerprint(); +} + std::ostream &operator<<(std::ostream &out, PeerConnection::State state) { using State = PeerConnection::State; const char *str;