1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
use ;
use ;
/// DTLS certificate fingerprint for authentication.
///
/// `RTCDtlsFingerprint` contains a cryptographic hash of a certificate that is
/// used to verify the identity of the remote peer during the DTLS handshake.
/// The fingerprint is exchanged in the SDP and must match the actual certificate
/// presented during the DTLS handshake.
///
/// # Security
///
/// The fingerprint allows WebRTC to verify that the DTLS certificate received
/// during the handshake matches the certificate that was signaled out-of-band
/// via SDP. This prevents man-in-the-middle attacks even if the signaling channel
/// is not encrypted.
///
/// # Common Hash Algorithms
///
/// - `sha-256` - Most commonly used, recommended
/// - `sha-384` - Higher security
/// - `sha-512` - Maximum security
/// - `sha-1` - Deprecated, should not be used
///
/// # Format
///
/// The fingerprint value is a colon-separated sequence of lowercase hexadecimal
/// bytes, for example: `"AB:CD:EF:01:23:45:67:89:..."`
///
/// # Examples
///
/// ## Creating a Fingerprint
///
/// ```
/// use rtc::peer_connection::transport::RTCDtlsFingerprint;
///
/// let fingerprint = RTCDtlsFingerprint {
/// algorithm: "sha-256".to_string(),
/// value: "AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67:89".to_string(),
/// };
///
/// println!("Fingerprint: {} {}", fingerprint.algorithm, fingerprint.value);
/// ```
///
/// ## Serialization for SDP
///
/// ```
/// use rtc::peer_connection::transport::RTCDtlsFingerprint;
///
/// # fn example() -> Result<(), Box<dyn std::error::Error>> {
/// let fingerprint = RTCDtlsFingerprint {
/// algorithm: "sha-256".to_string(),
/// value: "12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF:12:34:56:78:90:AB:CD:EF".to_string(),
/// };
///
/// // Serialize to JSON for signaling
/// let json = serde_json::to_string(&fingerprint)?;
/// println!("Fingerprint JSON: {}", json);
/// # Ok(())
/// # }
/// ```
///
/// ## Verifying Algorithm Support
///
/// ```
/// use rtc::peer_connection::transport::RTCDtlsFingerprint;
///
/// fn is_secure_algorithm(fingerprint: &RTCDtlsFingerprint) -> bool {
/// matches!(
/// fingerprint.algorithm.as_str(),
/// "sha-256" | "sha-384" | "sha-512"
/// )
/// }
///
/// let fp = RTCDtlsFingerprint {
/// algorithm: "sha-256".to_string(),
/// value: "AB:CD:EF:01:...".to_string(),
/// };
///
/// assert!(is_secure_algorithm(&fp));
/// ```
///
/// # Specifications
///
/// - [RFC 4572] - Connection-Oriented Media Transport over TLS
/// - [RFC 8122] - Updates to RFC 4572
/// - [W3C RTCDtlsFingerprint]
///
/// [RFC 4572]: https://datatracker.ietf.org/doc/html/rfc4572
/// [RFC 8122]: https://datatracker.ietf.org/doc/html/rfc8122
/// [W3C RTCDtlsFingerprint]: https://w3c.github.io/webrtc-pc/#rtcdtlsfingerprint