commit 51bc43dd1c45110af243e5295c7d15883653294a
author Philipp Hancke <phancke@microsoft.com> Thu Sep 28 08:41:08 2023
committer Blink WPT Bot <blink-w3c-test-autoroller@chromium.org> Thu Sep 28 09:07:59 2023
tree b12778d336607169257f692a189aab00af0aabba
parent 5c393203fbbb7490ea9ba9268789304564cb944a

webrtc wpt: assert support for various certificate fingerprint algorithms

sha-1 (which is still mentioned in RFC 8827) as well as sha-256,
sha-384 and sha-512

BUG=None

Change-Id: I04681472818e645aab3c16e0d6f0e61423568969
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4887486
Reviewed-by: Harald Alvestrand <hta@chromium.org>
Commit-Queue: Philipp Hancke <phancke@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#1202426}

webrtc/protocol/dtls-fingerprint-validation.html

diff --git a/webrtc/protocol/dtls-fingerprint-validation.html b/webrtc/protocol/dtls-fingerprint-validation.html
index 0ddc848..9d17392 100644
--- a/webrtc/protocol/dtls-fingerprint-validation.html
+++ b/webrtc/protocol/dtls-fingerprint-validation.html
@@ -9,29 +9,55 @@
 <body>
 <script>
 
+function makeZeroFingerprint(algorithm) {
+  const length = algorithm === 'sha-1' ? 160 : parseInt(algorithm.split('-')[1], 10);
+  let zeros = [];
+  for (let i = 0; i < length; i += 8) {
+    zeros.push('00');
+  }
+  return 'a=fingerprint:' + algorithm + ' ' + zeros.join(':');
+}
+
 // Tests that an invalid fingerprint leads to a connectionState 'failed'.
 promise_test(async t => {
   const pc1 = new RTCPeerConnection();
-  const pc2 = new RTCPeerConnection();
   t.add_cleanup(() => pc1.close());
+  const pc2 = new RTCPeerConnection();
   t.add_cleanup(() => pc2.close());
   pc1.createDataChannel('datachannel');
   exchangeIceCandidates(pc1, pc2);
-  const offer = await pc1.createOffer();
-  await pc2.setRemoteDescription(offer);
-  await pc1.setLocalDescription(offer);
+  await pc1.setLocalDescription();
+  await pc2.setRemoteDescription(pc1.localDescription);
   const answer = await pc2.createAnswer();
-  await pc1.setRemoteDescription(new RTCSessionDescription({
+  await pc1.setRemoteDescription({
     type: answer.type,
-    sdp: answer.sdp.replace(/a=fingerprint:sha-256 .*/g,
-      'a=fingerprint:sha-256 00:00:00:00:00:00:00:00:00:00:00:00:00:' +
-      '00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00'),
-  }));
+    sdp: answer.sdp.replace(/a=fingerprint:sha-256 .*/g, makeZeroFingerprint('sha-256')),
+  });
   await pc2.setLocalDescription(answer);
 
   await waitForConnectionStateChange(pc1, ['failed']);
   await waitForConnectionStateChange(pc2, ['failed']);
 }, 'Connection fails if one side provides a wrong DTLS fingerprint');
+
+['sha-1', 'sha-256', 'sha-384', 'sha-512'].forEach(hashFunc => {
+  promise_test(async t => {
+    const pc1 = new RTCPeerConnection();
+    t.add_cleanup(() => pc1.close());
+    const pc2 = new RTCPeerConnection();
+    t.add_cleanup(() => pc2.close());
+    pc1.createDataChannel('datachannel');
+
+    await pc1.setLocalDescription();
+    await pc2.setRemoteDescription(pc1.localDescription);
+    const answer = await pc2.createAnswer();
+    await pc1.setRemoteDescription({
+      type: answer.type,
+      sdp: answer.sdp.replace(/a=fingerprint:sha-256 .*/g, makeZeroFingerprint(hashFunc)),
+    });
+    await pc2.setLocalDescription(answer);
+  }, 'SDP negotiation with a ' + hashFunc + ' fingerprint succeds');
+});
+
 </script>
 </body>
 </html>