Issue 1373023002: RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added.

Issue 1373023002: RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added. (Closed)

Created:
5 years, 2 months ago by hbos_chromium

Modified:
5 years, 2 months ago

Reviewers:
Guido Urdaneta, eroman, jochen (gone - plz use gerrit), torbjorng, philipj_slow

CC:
chromium-reviews, darin-cc_chromium.org, feature-media-reviews_chromium.org, jam, mcasas+watch_chromium.org, mkwst+moarreviews-renderer_chromium.org, mlamouri+watch-content_chromium.org, posciak+watch_chromium.org, Ryan Sleevi

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added. (This is a re-upload of https://codereview.chromium.org/1311853005/ after blink merged with chrome.) Primary changes: New Blink JavaScript (idl) - blink::RTCCertificate added. - RTCPeerConnection.generateCertificate added. - RTCPeerConnection::parseConfiguration, used to parse RTCConfiguration dictionaries, updated to support optional sequence<RTCCertificate> certificates member. Blink layer interfaces added (abstraction level between blink and chromium-using-webrtc) - blink::WebRTCCertificate, the heart of a javascript blink::RTCCertificate. - blink::WebRTCCertificateGenerator, something that generates a blink::WebRTCCertificate. Chromium implementations - content::RTCCertificate (impl blink::WebRTCCertificate), basically a wrapper/container for the WebRTC layer certificate rtc::RTCCertificate. - content::RTCCertificateGenerator (impl blink::WebRTCCertificateGenerator), creates content::RTCCertificate. It generates the rtc::RTCCertificate using the already existing PeerConnectionIdentityStore. Other changes: - Platform gets createRTCCertificateGenerator(), RendererBlinkPlatformImpl implements it to create a new content::RTCCertificateGenerator. Briges blink with chromium implementation. - blink::WebRTCCertificate added to blink::RTCConfiguration. When converted to WebRTC layer configuration the certificates are retreived, meaning the peerconnection will end up with the certificates as input. - PeerConnectionIdentityStore calling WebRTC code (SSLIdentity::Generate) when request is made to generate non-RSA certificates. Previously only RSA was supported and non-RSA would DCHECK crash. blink-dev@ intent to implement: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/3Pps95Q6zRQ BUG=528250, webrtc:4927 Committed: https://crrev.com/ef4ab6012fddc80992b8848cfc6700e731dc39b1 Cr-Commit-Position: refs/heads/master@{#355520}

Patch Set 1 #

Total comments: 20

Patch Set 2 : Addressed comments. Added JavaScript unittests. #

Patch Set 3 : WebRTCKeyType -> WebRTCKeyParams to closely match the about-to-land rtc::KeyParams #

Patch Set 4 : Rebase with master #

Patch Set 5 : Make trybots compile (WebRTCCertificate not including wtf/Noncopyable) #

Total comments: 68

Patch Set 6 : Addressed comments #

Patch Set 7 : Rebase with master #

Patch Set 8 : Resolve WebRTCKeyParams->KeyParams TODOs #

Total comments: 12

Patch Set 9 : Rebase with master #

Patch Set 10 : Addressed nits + Pass webkit_tests (updated global-interface-listing-expected.txt) #

Total comments: 20

Patch Set 11 : Addressed jochen's comments #

Total comments: 9

Created: 5 years, 2 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+767 lines, -138 lines)			Patch
M	content/content_renderer.gypi	View	1 2 3 4 5 6 7 8	1 chunk	+4 lines, -0 lines	0 comments	Download
M	content/renderer/media/peer_connection_identity_store.cc	View	1 2 3 4 5 6 7 8 9	4 chunks	+56 lines, -9 lines	0 comments	Download
A	content/renderer/media/rtc_certificate.h	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+41 lines, -0 lines	0 comments	Download
A	content/renderer/media/rtc_certificate.cc	View	1 2 3 4 5	1 chunk	+39 lines, -0 lines	0 comments	Download
A	content/renderer/media/rtc_certificate_generator.h	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+37 lines, -0 lines	0 comments	Download
A	content/renderer/media/rtc_certificate_generator.cc	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+120 lines, -0 lines	0 comments	Download
M	content/renderer/media/rtc_peer_connection_handler.cc	View	1 2 3 4 5 6 7 8 9 10	3 chunks	+7 lines, -1 line	0 comments	Download
M	content/renderer/renderer_blink_platform_impl.h	View	1 2 3 4 5 6 7 8	1 chunk	+1 line, -0 lines	0 comments	Download
M	content/renderer/renderer_blink_platform_impl.cc	View	1 2 3 4 5 6 7 8 9 10	2 chunks	+12 lines, -0 lines	0 comments	Download
M	third_party/WebKit/LayoutTests/fast/mediastream/RTCPeerConnection.html	View	1 2 3 4 5	1 chunk	+41 lines, -0 lines	0 comments	Download
M	third_party/WebKit/LayoutTests/fast/mediastream/RTCPeerConnection-expected.txt	View	1	1 chunk	+6 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/fast/mediastream/RTCPeerConnection-generateCertificate.html	View	1 2 3 4 5 6	1 chunk	+72 lines, -0 lines	0 comments	Download
A	third_party/WebKit/LayoutTests/fast/mediastream/RTCPeerConnection-generateCertificate-expected.txt	View	1	1 chunk	+13 lines, -0 lines	0 comments	Download
M	third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt	View	1 2 3 4 5 6 7 8 9	1 chunk	+3 lines, -0 lines	0 comments	Download
A +	third_party/WebKit/Source/modules/mediastream/RTCCertificate.h	View	1 2 3 4 5	2 chunks	+21 lines, -23 lines	0 comments	Download
A +	third_party/WebKit/Source/modules/mediastream/RTCCertificate.cpp	View	1 2 3 4 5 6	2 chunks	+17 lines, -14 lines	0 comments	Download
A +	third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl	View	1 2 3 4 5 6 7 8 9	2 chunks	+8 lines, -9 lines	0 comments	Download
M	third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.h	View	1 2 3 4 5 6	2 chunks	+3 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp	View	1 2 3 4 5 6 7 8 9 10	5 chunks	+122 lines, -0 lines	7 comments	Download
M	third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl	View	1 2 3 4 5 6 7 8 9	1 chunk	+5 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/modules/modules.gypi	View	1 2 3 4 5 6	2 chunks	+3 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/platform/RuntimeEnabledFeatures.in	View	1 2 3 4 5 6 7 8	1 chunk	+1 line, -0 lines	0 comments	Download
M	third_party/WebKit/Source/platform/exported/WebRTCConfiguration.cpp	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+12 lines, -0 lines	0 comments	Download
M	third_party/WebKit/Source/platform/mediastream/RTCConfiguration.h	View		5 chunks	+8 lines, -2 lines	0 comments	Download
M	third_party/WebKit/public/blink_headers.gypi	View	1 2 3 4 5 6 7 8	2 chunks	+3 lines, -0 lines	0 comments	Download
M	third_party/WebKit/public/platform/Platform.h	View	1 2 3 4 5 6 7 8	3 chunks	+5 lines, -1 line	0 comments	Download
A	third_party/WebKit/public/platform/WebRTCCertificate.h	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+40 lines, -0 lines	0 comments	Download
A +	third_party/WebKit/public/platform/WebRTCCertificateGenerator.h	View	1 2 3 4 5 6 7 8	2 chunks	+23 lines, -27 lines	0 comments	Download
M	third_party/WebKit/public/platform/WebRTCConfiguration.h	View		2 chunks	+4 lines, -0 lines	0 comments	Download
A +	third_party/WebKit/public/platform/WebRTCKeyParams.h	View	1 2	2 chunks	+40 lines, -52 lines	2 comments	Download

Messages

Total messages: 38 (11 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

hbos_chromium

PTAL jochen, guidou. This is a re-upload of https://codereview.chromium.org/1311853005/ due to blink + chromium repository ...

5 years, 2 months ago (2015-09-28 15:46:02 UTC) #2

jochen (gone - plz use gerrit)

some comments. can you add tests please? https://codereview.chromium.org/1373023002/diff/1/content/renderer/media/peer_connection_identity_store.cc File content/renderer/media/peer_connection_identity_store.cc (right): https://codereview.chromium.org/1373023002/diff/1/content/renderer/media/peer_connection_identity_store.cc#newcode78 content/renderer/media/peer_connection_identity_store.cc:78: void CallObserverOnSuccess( ...

5 years, 2 months ago (2015-09-29 07:47:10 UTC) #4

hbos_chromium

Sorry for not rebasing before leaving office (patch failure). Time zone diffs etc. Addressed comments ...

5 years, 2 months ago (2015-10-02 15:43:18 UTC) #5

jochen (gone - plz use gerrit)

On 2015/10/05 at 15:34:53, jochen wrote: > lgtm oops, ignore that, sorry

5 years, 2 months ago (2015-10-05 15:39:00 UTC) #7

jochen (gone - plz use gerrit)

+philipj who knows more about media than me sorry for being so slow with comments ...

5 years, 2 months ago (2015-10-05 15:39:55 UTC) #9

philipj_slow

hbos@, which bits would you like me to review? For modules/mediastream you have tommi@ right ...

5 years, 2 months ago (2015-10-05 16:30:48 UTC) #10

hbos_chromium

PTAL guidou, jochen. jochen/philipj: With guidou giving a second opinion, do you want philipj to ...

5 years, 2 months ago (2015-10-06 15:56:35 UTC) #12

philipj_slow

I've taken a closer look at the IDL files, as that's kind of my thing. ...

5 years, 2 months ago (2015-10-08 08:32:31 UTC) #13

Guido Urdaneta

https://codereview.chromium.org/1373023002/diff/1/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp (right): https://codereview.chromium.org/1373023002/diff/1/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp#newcode96 third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:96: // which is ensured to invoke one of these. ...

5 years, 2 months ago (2015-10-08 11:13:03 UTC) #14

Ryan Sleevi

I'd say my biggest remark is to take a second pass through the comments/documentation. There's ...

5 years, 2 months ago (2015-10-10 04:04:48 UTC) #17

hbos_chromium

PTAL everyone. I want this and follow-up CLs if possible to land before 48 feature ...

5 years, 2 months ago (2015-10-14 13:00:50 UTC) #19

PTAL everyone.

I want this and follow-up CLs if possible to land before 48 feature freeze.

If you want me to update any more comments/documentation or think something
needs to be better explained please be more specific as to what to update.

https://codereview.chromium.org/1373023002/diff/1/third_party/WebKit/Source/m...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
(right):

https://codereview.chromium.org/1373023002/diff/1/third_party/WebKit/Source/m...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:96: // which
is ensured to invoke one of these. Takes ownership of |resolver|.
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> Would it be much more complex to handle ownership of this object without 
> "delete this"? (e.g., by declaring that generateCertificate() takes ownership
of
> the object, and using a smartpointer in its implementation)

Due the different layers (Blink, Chromium) I'd probably have to pass a raw
pointer even if I wanted to give ownership of the observer to
generateCertificate implementations which could use something like scoped_ptr
internally and do the deleting for us. Would that be better than "delete this"?

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
File content/renderer/media/peer_connection_identity_store.cc (right):

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:15: const char
kIdentityName[] = "WebRTC";
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> style nit: newline before this.

Done.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:75: // Used to invokes
|observer|->OnSuccess in a PostTask.
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> s/invokes/invoke

Done.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:77: : public
base::RefCountedThreadSafe<ObserverOnSuccessCaller> {
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> Does it have to be refcounted?

Yes, TaskRunner code uses ref counting.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:82:
rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer,
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> Why are you passing a ref-counted object by-value? This should be const-ref to
> avoid churn.

Done.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:83: rtc::SSLIdentity*
identity) {
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> if rtc::scoped_ptr<> supports .Pass() (as shown by line 84), why isn't this
also
> provided as a scoped_ptr<> to make the ownership explicit?

This is problematic due to PostTask/base::Bind (see line 141) with template code
that that invokes by passing arguments the standard way, not using Pass().
Using scoped_ptr (without rtc namespace) and base::Passed I got around this, but
still had to use a helper function to convert from scoped_ptr to rtc::scoped_ptr
before OnSuccess call.

Class replaced by smaller helper function.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:117: // Use Chromium
identity generation code for RSA.
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> Why split between these two?

Ideally we would only use WebRTC code for certificate generation for use in
WebRTC. For performance reasons, Chromium implemented its own generation for RSA
(I believe to allow caching, perhaps even generation, in the browser outside of
the WebRTC world).

WebRTC has now been updated to support other key types and parameters. These
other options are only supported by WebRTC code. Luckily, generating ECDSA is so
fast we can simply do it in the else-clause on the fly. But for performance
reasons we still use the Chromium code for of generating RSA.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:135: // Helper class
necessary because OnSuccess takes a scoped_ptr argument
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> You can probably use base::Passed() instead of the helper class.
>
https://code.google.com/p/chromium/codesearch#chromium/src/base/bind_helpers....

Done.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
File content/renderer/media/rtc_certificate.h (right):

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate.h:18: // not have direct access to the
WebRTC stuff.
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> comment nit: "stuff" seems a bit... colloquial

Done.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate.h:29: const
rtc::scoped_refptr<rtc::RTCCertificate>*
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> Why are you returning a pointer to a scoped pointer?

The interface being implemented, blink::WebRTCCertificate, exists in blink which
does not "know" about webrtc code. I cannot return by value without introducing
a real dependency on webrtc from blink which is not allowed.

I resorted to returning a const ptr to the raw member data. This would otherwise
be bad practice, but I think it is an acceptable solution considering
alternatives (such as static_casting from blink interface to chromium
implementation with hidden assumptions about which implementation is used).

On second thought I'll return const reference instead of const pointer. Similar
but better style.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
File content/renderer/media/rtc_certificate_generator.cc (right):

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate_generator.cc:30: this_ = self;
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> Would it be much more complex to handle ownership of this object without the
> "delete this" approach?

I have to protect it with reference counting because it's a ref counted object
(due to webrtc interface).

Added comments and cleaned up code though. Like doing self_ref_ = this (which
you could not due in the constructor as discussed offline) and putting the
RequestIdentity logic here in one place.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate_generator.cc:82: // in RequestIdentity
when rtc::KeyParams CL has landed.
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> Reference a crbug

Bug resolved.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate_generator.cc:87: new
PeerConnectionIdentityStore(url, first_party_for_cookies);
On 2015/10/10 04:04:48, Ryan Sleevi (OOO) wrote:
> BUG? How does this not leak store?

The ownership of |store| was passed to |identity_observer|, didn't use a
scoped_ptr due to invoking store->RequestIdentity afterwards.

But nvm that, there's was no need to pass the ownership. Using scoped_ptr now
and cleaned some stuff up.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate_generator.cc:99: // of having parameter
validation code in multiple places.
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> Reference a crbug

Bug resolved.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
File content/renderer/media/rtc_certificate_generator.h (right):

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media...
content/renderer/media/rtc_certificate_generator.h:21:
~RTCCertificateGenerator() override { }
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> inconsistent spacing

Done.

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/rende...
File content/renderer/renderer_blink_platform_impl.cc (right):

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/rende...
content/renderer/renderer_blink_platform_impl.cc:921: return NULL;
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> https://chromium-cpp.appspot.com/ says nullptr?

Updated all places in file as to use nullptr consistently.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCCertificate.h (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.h:44: // Visible to
the JavaScript world in accordance with the .idl file:
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> Is this common in Blink? I'm not accustomed to seeing comments like this.

Not sure, but the JavaScript object as defined in the specs is opaque. What
defines a certificate is obviously more than an expires field though.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.h:54:
RTCCertificate(WebRTCCertificate* /*certificate*/);
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> Don't put |certificate| inside /**/ comments.
> Leave it empty and rewrite the comment above to not use the variable name.

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:31: [
On 2015/10/08 08:32:31, philipj wrote:
> Can you link to http://w3c.github.io/webrtc-pc/#rtccertificate-interface above
> the interface?

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:33:
NoInterfaceObject,
On 2015/10/08 08:32:31, philipj wrote:
> The spec doesn't have [NoInterfaceObject].

Done. Nice catch.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:38: readonly
attribute Date expires;
On 2015/10/08 08:32:31, philipj wrote:
> I've filed a spec bug here: https://github.com/w3c/webrtc-pc/issues/324
> 
> The way it's implemented, I think this will return a new Date object every
time.
> Can you verify if this is the case?

You're right, that's kind of blargh. cert.expires == cert.expires is false.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
(right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:501: }
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> Eric can comment, but I'm fairly certain that the implementation described
here
> is not aligned with the spec, because it's not aligned with WebCrypto, which
was
> invoked.
> 
> For example, name is not case-sensitive.  And there were also the IDL
conversion
> rules at play here that I don't believe are being followed.

You're right. The proper way to address this is to use WebCrypto, but the
modules are not allowed to depend on each other. I've already written code for
this that uses the WebCrypto normalization process but I found myself unable to
upload it due to the dependency it introduced. There is already a TODO(hbos) for
this in the .idl file, but I'll add another one here.

This will be addressed in a follow-up CL. In the meantime I think this is fine
considering this is a test feature and I don't think it is worth writing more
advanced argument parsing code that will be replaced by WebCrypto normalization
code soon anyway.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.h (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.h:39: #include
"modules/mediastream/RTCCertificate.h"
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> It looks like you don't need this include here.

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl
(right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl:54: //
TODO(hbos): Use AlgorithmIdentifier and the WebCryptoAPI normalization process.
On 2015/10/08 08:32:31, philipj wrote:
> Are there any difficulties in just using the existing AlgorithmIdentifier type
> right now? That should remove a bunch of custom code, and actually handle the
> "or DOMString" part of the type, which looks like it currently doesn't work.

Yes, I can't readily depend on the WebCrypto code that handles all cases
correctly (dependency between two modules), and until I do in a follow-up CL I
don't think it's worth the time updating the argument parser code that is only
temporary considering this is a "test" feature.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl:55:
[RuntimeEnabled=RTCCertificate, RaisesException, CallWith=ScriptState] static
Promise<RTCCertificate> generateCertificate(Dictionary keygenAlgorithm);
On 2015/10/08 08:32:31, philipj wrote:
> Since this is in a partial interface in the spec, could you either implement
it
> as a partial interface or put it at the end of this interface with a link to
> http://w3c.github.io/webrtc-pc/#sec.cert-mgmt ? (This is how the many
> partial-in-spec-but-not-implementation bits of Document and other interfaces
are
> done.)

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
File third_party/WebKit/public/platform/WebRTCCertificate.h (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCCertificate.h:44: // Interface defining
what blink needs to know about certificates (abstracting away
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> comment nit: Shouldn't this be Blink?

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCCertificate.h:45: // Chromium and
WebRTC layer implementation details). You can create shallow copies of the
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> This doesn't seem like proper grammar, nor in line with our comment styles. It
> seems colloquial, but also "abstracting way" should be "abstracting away"

Acknowledged.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCCertificate.h:65: // Gets a raw pointer
to a member value referencing the WebRTC layer version
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> s/Gets/Returns

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCCertificate.h:68: virtual const
rtc::scoped_refptr<rtc::RTCCertificate>* rtcCertificate() const = 0;
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> What if you return constant ref instead of constant pointer?

Done. Yeah that feels better!

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
File third_party/WebKit/public/platform/WebRTCCertificateGenerator.h (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCCertificateGenerator.h:47: //
|observer| when the operation completes is implementation-specific.
On 2015/10/10 04:04:48, Ryan Sleevi (OOO) wrote:
> That seems like an _extremely_ dangerous API contract.
> 
> Making code multi-threaded like this is a huge cause of crashes and abuse. You
> should make the contract very clear (that it's the same thread)

Good point, I'll say it must be the same thread.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCCertificateGenerator.h:50: const
WebURL& /*url*/,
On 2015/10/08 11:13:03, Guido Urdaneta wrote:
> don't put the parameter names inside /**/ comments. 

Done.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
File third_party/WebKit/public/platform/WebRTCKeyParams.h (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCKeyParams.h:44: unsigned pubExp;
On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) wrote:
> See https://www.chromium.org/developers/coding-style#TOC-Types

Making this mirror the types of rtc::RSAParams,
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/webrtc...

torbjorng

https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media/rtc_certificate_generator.cc File content/renderer/media/rtc_certificate_generator.cc (right): https://codereview.chromium.org/1373023002/diff/100001/content/renderer/media/rtc_certificate_generator.cc#newcode51 content/renderer/media/rtc_certificate_generator.cc:51: der_private_key.length()); On 2015/10/10 04:04:48, Ryan Sleevi (busy till 10-12) ...

5 years, 2 months ago (2015-10-14 13:02:48 UTC) #21

philipj_slow

The IDL files now LGTM. https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl File third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl (right): https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl#newcode38 third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:38: readonly attribute Date expires; ...

5 years, 2 months ago (2015-10-16 13:32:32 UTC) #22

The IDL files now LGTM.

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:38: readonly
attribute Date expires;
On 2015/10/14 13:00:50, hbos_chromium wrote:
> On 2015/10/08 08:32:31, philipj wrote:
> > I've filed a spec bug here: https://github.com/w3c/webrtc-pc/issues/324
> > 
> > The way it's implemented, I think this will return a new Date object every
> time.
> > Can you verify if this is the case?
> 
> You're right, that's kind of blargh. cert.expires == cert.expires is false.

Given that this is behind a flag I think this does not need to be blocked, but
if you just want to go ahead and rename it getExpirationDate() getExpiryDate() I
will cheer you on to get the same change in the spec :)

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl
(right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl:54: //
TODO(hbos): Use AlgorithmIdentifier and the WebCryptoAPI normalization process.
On 2015/10/14 13:00:50, hbos_chromium wrote:
> On 2015/10/08 08:32:31, philipj wrote:
> > Are there any difficulties in just using the existing AlgorithmIdentifier
type
> > right now? That should remove a bunch of custom code, and actually handle
the
> > "or DOMString" part of the type, which looks like it currently doesn't work.
> 
> Yes, I can't readily depend on the WebCrypto code that handles all cases
> correctly (dependency between two modules), and until I do in a follow-up CL I
> don't think it's worth the time updating the argument parser code that is only
> temporary considering this is a "test" feature.

Acknowledged.

Guido Urdaneta

lgtm % nits https://codereview.chromium.org/1373023002/diff/180001/content/renderer/media/peer_connection_identity_store.cc File content/renderer/media/peer_connection_identity_store.cc (right): https://codereview.chromium.org/1373023002/diff/180001/content/renderer/media/peer_connection_identity_store.cc#newcode83 content/renderer/media/peer_connection_identity_store.cc:83: } micro-nit: put blank line before ...

5 years, 2 months ago (2015-10-19 10:41:17 UTC) #24

hbos_chromium

Addressed nits. Bump jochen ;) https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl File third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl (right): https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl#newcode38 third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:38: readonly attribute Date expires; ...

5 years, 2 months ago (2015-10-19 15:21:35 UTC) #25

Addressed nits. Bump jochen ;)

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl (right):

https://codereview.chromium.org/1373023002/diff/100001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:38: readonly
attribute Date expires;
On 2015/10/16 13:32:31, philipj wrote:
> On 2015/10/14 13:00:50, hbos_chromium wrote:
> > On 2015/10/08 08:32:31, philipj wrote:
> > > I've filed a spec bug here: https://github.com/w3c/webrtc-pc/issues/324
> > > 
> > > The way it's implemented, I think this will return a new Date object every
> > time.
> > > Can you verify if this is the case?
> > 
> > You're right, that's kind of blargh. cert.expires == cert.expires is false.
> 
> Given that this is behind a flag I think this does not need to be blocked, but
> if you just want to go ahead and rename it getExpirationDate() getExpiryDate()
I
> will cheer you on to get the same change in the spec :)

The spec bug discussion has changed, right now it looks like it will become
"DOMTimeStamp expires". I added a TODO and created a bug that I'm referencing.
When that discussion has settled I'll update expires accordingly.

https://codereview.chromium.org/1373023002/diff/180001/content/renderer/media...
File content/renderer/media/peer_connection_identity_store.cc (right):

https://codereview.chromium.org/1373023002/diff/180001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:83: }
On 2015/10/19 10:41:17, Guido Urdaneta wrote:
> micro-nit: put blank line before namespace closing brace

Done.

https://codereview.chromium.org/1373023002/diff/180001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:112: //
TODO(torbjorng): Update store to use rtc::KeyParams.
On 2015/10/19 10:41:17, Guido Urdaneta wrote:
> put crbugs  in these TODOs

Done.

https://codereview.chromium.org/1373023002/diff/180001/content/renderer/media...
content/renderer/media/peer_connection_identity_store.cc:130: //
DtlsIdentityStoreInterface implementations have to be async.
On 2015/10/19 10:41:17, Guido Urdaneta wrote:
> if you can find a reference for why this is the case, it would be good to
> mention it in the comment.

This is an implementation requirement and should be documented in
DtlsIdentityStoreInterface which is referenced here.
Unfortunately, this is not documented. I can add a comment at
DtlsIdentityStoreInterface (dtlsidentitystore.h) but that's in the WebRTC repo
and would not be part of this CL.

https://codereview.chromium.org/1373023002/diff/180001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl (right):

https://codereview.chromium.org/1373023002/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCCertificate.idl:31: // The
RTCCertificate based on the WebRTC specs, see
On 2015/10/19 10:41:17, Guido Urdaneta wrote:
> nit: The more common style for this in blink is to just use the next line, and
> use https://.

Done.

https://codereview.chromium.org/1373023002/diff/180001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
(right):

https://codereview.chromium.org/1373023002/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:481: // This
creates a dependency between the Blink and WebCrypto modules (currently not
allowed).
On 2015/10/19 10:41:17, Guido Urdaneta wrote:
> reference a crbug

Done.

https://codereview.chromium.org/1373023002/diff/180001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl
(right):

https://codereview.chromium.org/1373023002/diff/180001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.idl:136: //
TODO(hbos): Use AlgorithmIdentifier and the WebCryptoAPI normalization process.
On 2015/10/19 10:41:17, Guido Urdaneta wrote:
> reference crbug

Done.

jochen (gone - plz use gerrit)

https://codereview.chromium.org/1373023002/diff/220001/content/renderer/media/peer_connection_identity_store.cc File content/renderer/media/peer_connection_identity_store.cc (right): https://codereview.chromium.org/1373023002/diff/220001/content/renderer/media/peer_connection_identity_store.cc#newcode138 content/renderer/media/peer_connection_identity_store.cc:138: base::Bind(&ObserverOnSuccess, observer, base::Passed(&identity))); why not just base::Bind(&webrtc::DtlsIdentityRequestObserver::OnSuccess, observer, base::Passed(&identityt)) ...

5 years, 2 months ago (2015-10-20 12:27:35 UTC) #26

hbos_chromium

Thanks for the reviews! Addressed jochen's comments. Sorry for the size of the CL. Ryan, ...

5 years, 2 months ago (2015-10-20 15:42:24 UTC) #28

eroman

LGTM assuming there is follow-up to switching the AlgorithmIdentifier parsing over to blink::normalizeAlgorithm(). https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp File ...

5 years, 2 months ago (2015-10-21 22:55:51 UTC) #31

LGTM assuming there is follow-up to switching the AlgorithmIdentifier parsing
over to blink::normalizeAlgorithm().

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
(right):

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:480: // This
may create a dependency between the Blink and WebCrypto modules?
crbug.com/544917
As discussed over email, depending on NormalizeAlgorithm.h is fine.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:483: if
(DictionaryHelper::get(keygenAlgorithm, "name", name)) {
As-written the AlgorithmIdentifier parsing code here has two main problems:

  (1) publicExponent must be a BigInteger and not a Number
(https://github.com/w3c/webrtc-pc/issues/310)
  (2) Algorithm names must be case-insensitive (so for instance EcDsA should
also be recognized)

If your intention is to submit this changelist as-is as a temporary measure, and
then follow-up quickly with a switchover to calling WebCrypto's parsing
algorithm (which should actually involve less code for more features), that is
fine -- I am happy to review that as a separate CL.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:508:
scriptState, DOMException::create(InvalidAccessError,
ExceptionMessages::argumentNullOrIncorrectType(1, "AlgorithmIdentifier")));
According to the WebRTC spec you should be failing a number of these with
NotSupported error.
(Or if the WebCrypto algorithm normalization failed, then return that error.)

For instance keyParams will be null when using a P-384, and subsequently result
in InvalidAcessError when it should be NotSupported.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/pub...
File third_party/WebKit/public/platform/WebRTCKeyParams.h (right):

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCKeyParams.h:48: enum WebRTCECCurve {
WebRTCECCurveNistP256 };
Is it expected that this will always be fixed to P-256?

Or could this instead use WebCryptoNamedCurve:

https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit...

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1373023002/240001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1373023002/240001

5 years, 2 months ago (2015-10-22 08:43:51 UTC) #34

hbos_chromium

Thanks everyone! (Sorry for not splitting the CL up into more easily reviewable pieces.) https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp ...

5 years, 2 months ago (2015-10-22 09:40:57 UTC) #35

Thanks everyone! (Sorry for not splitting the CL up into more easily reviewable
pieces.)

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
(right):

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:480: // This
may create a dependency between the Blink and WebCrypto modules?
crbug.com/544917
On 2015/10/21 22:55:50, eroman wrote:
> As discussed over email, depending on NormalizeAlgorithm.h is fine.

Acknowledged.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:483: if
(DictionaryHelper::get(keygenAlgorithm, "name", name)) {
On 2015/10/21 22:55:50, eroman wrote:
> As-written the AlgorithmIdentifier parsing code here has two main problems:
> 
>   (1) publicExponent must be a BigInteger and not a Number
> (https://github.com/w3c/webrtc-pc/issues/310)
>   (2) Algorithm names must be case-insensitive (so for instance EcDsA should
> also be recognized)
> 
> If your intention is to submit this changelist as-is as a temporary measure,
and
> then follow-up quickly with a switchover to calling WebCrypto's parsing
> algorithm (which should actually involve less code for more features), that is
> fine -- I am happy to review that as a separate CL.

That's what I'll do :) Btw there is a third problem. WebCrypto requires RSA to
have a "hash" value too: https://github.com/w3c/webrtc-pc/issues/322.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:508:
scriptState, DOMException::create(InvalidAccessError,
ExceptionMessages::argumentNullOrIncorrectType(1, "AlgorithmIdentifier")));
On 2015/10/21 22:55:51, eroman wrote:
> According to the WebRTC spec you should be failing a number of these with
> NotSupported error.
> (Or if the WebCrypto algorithm normalization failed, then return that error.)
> 
> For instance keyParams will be null when using a P-384, and subsequently
result
> in InvalidAcessError when it should be NotSupported.

Acknowledged. To be addressed in follow-up.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/pub...
File third_party/WebKit/public/platform/WebRTCKeyParams.h (right):

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/pub...
third_party/WebKit/public/platform/WebRTCKeyParams.h:48: enum WebRTCECCurve {
WebRTCECCurveNistP256 };
On 2015/10/21 22:55:51, eroman wrote:
> Is it expected that this will always be fixed to P-256?
> 
> Or could this instead use WebCryptoNamedCurve:
> 
>
https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit...

The current standard only says we must support P-256. Whether this will change
in the future I do not know. However, the webrtc repo does not know about
webcrypto enums and I'm making this enum correspond to the webrtc enum for easy
conversion.

commit-bot: I haz the power

Patchset 11 (id:??) landed as https://crrev.com/ef4ab6012fddc80992b8848cfc6700e731dc39b1 Cr-Commit-Position: refs/heads/master@{#355520}

5 years, 2 months ago (2015-10-22 10:27:50 UTC) #37

eroman

5 years, 2 months ago (2015-10-22 17:49:49 UTC) #38

Message was sent while issue was closed.

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
File third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
(right):

https://codereview.chromium.org/1373023002/diff/240001/third_party/WebKit/Sou...
third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp:483: if
(DictionaryHelper::get(keygenAlgorithm, "name", name)) {
On 2015/10/22 09:40:56, hbos_chromium wrote:
> On 2015/10/21 22:55:50, eroman wrote:
> > As-written the AlgorithmIdentifier parsing code here has two main problems:
> > 
> >   (1) publicExponent must be a BigInteger and not a Number
> > (https://github.com/w3c/webrtc-pc/issues/310)
> >   (2) Algorithm names must be case-insensitive (so for instance EcDsA should
> > also be recognized)
> > 
> > If your intention is to submit this changelist as-is as a temporary measure,
> and
> > then follow-up quickly with a switchover to calling WebCrypto's parsing
> > algorithm (which should actually involve less code for more features), that
is
> > fine -- I am happy to review that as a separate CL.
> 
> That's what I'll do :) Btw there is a third problem. WebCrypto requires RSA to
> have a "hash" value too: https://github.com/w3c/webrtc-pc/issues/322.

Oh right, that too ... Yuck!

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages