RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added.

content/renderer/media/peer_connection_identity_store.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/media/peer_connection_identity_store.h"
 
 #include "base/bind.h"
+#include "base/macros.h"
 #include "base/thread_task_runner_handle.h"
 #include "content/renderer/media/webrtc_identity_service.h"
 #include "content/renderer/render_thread_impl.h"
 
 namespace content {
 namespace {
+const char kIdentityName[] = "WebRTC";

[Ryan Sleevi, 2015/10/10 04:04:48]

style nit: newline before this.

[hbos_chromium, 2015/10/14 13:00:49]

Done.

+
 // Bridges identity requests between the main render thread and libjingle's
 // signaling thread.
 class RequestHandler : public base::RefCountedThreadSafe<RequestHandler> {
  public:
   explicit RequestHandler(webrtc::DtlsIdentityRequestObserver* observer)
       : signaling_thread_(base::ThreadTaskRunnerHandle::Get()),
         observer_(observer) {}
 
   void RequestIdentityOnUIThread(const GURL& url,
                                  const GURL& first_party_for_cookies) {
     int request_id =
         RenderThreadImpl::current()
             ->get_webrtc_identity_service()
             ->RequestIdentity(
-                url, first_party_for_cookies, "WebRTC", "WebRTC",
+                url, first_party_for_cookies, kIdentityName, kIdentityName,
                 base::Bind(&RequestHandler::OnIdentityReady, this),
                 base::Bind(&RequestHandler::OnRequestFailed, this));
     DCHECK_NE(request_id, 0);
   }
 
  private:
   friend class base::RefCountedThreadSafe<RequestHandler>;
   ~RequestHandler() {
     DCHECK(!observer_.get());
   }
@@ skipping 21 matching lines @@
   }
 
   void EnsureReleaseObserverOnSignalingThread() {
     DCHECK(signaling_thread_->BelongsToCurrentThread());
     observer_ = nullptr;
   }
 
   const scoped_refptr<base::SingleThreadTaskRunner> signaling_thread_;
   scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer_;
 };
+
+// PeerConnectionIdentityStore::RequestIdentity helper class.
+// Used to invokes |observer|->OnSuccess in a PostTask.

[Guido Urdaneta, 2015/10/08 11:13:03]

s/invokes/invoke

[hbos_chromium, 2015/10/14 13:00:49]

Done.

+class ObserverOnSuccessCaller
+    : public base::RefCountedThreadSafe<ObserverOnSuccessCaller> {

[Guido Urdaneta, 2015/10/08 11:13:03]

Does it have to be refcounted?

[hbos_chromium, 2015/10/14 13:00:49]

Yes, TaskRunner code uses ref counting.

+ public:
+  ObserverOnSuccessCaller() {}
+
+  void CallObserverOnSuccess(
+      rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer,

[Ryan Sleevi, 2015/10/10 04:04:48]

Why are you passing a ref-counted object by-value? This should be const-ref to
avoid churn.

[hbos_chromium, 2015/10/14 13:00:49]

Done.

+      rtc::SSLIdentity* identity) {

[Ryan Sleevi, 2015/10/10 04:04:48]

if rtc::scoped_ptr<> supports .Pass() (as shown by line 84), why isn't this also
provided as a scoped_ptr<> to make the ownership explicit?

[hbos_chromium, 2015/10/14 13:00:49]

This is problematic due to PostTask/base::Bind (see line 141) with template code
that that invokes by passing arguments the standard way, not using Pass().
Using scoped_ptr (without rtc namespace) and base::Passed I got around this, but
still had to use a helper function to convert from scoped_ptr to rtc::scoped_ptr
before OnSuccess call.

Class replaced by smaller helper function.

+    observer->OnSuccess(rtc::scoped_ptr<rtc::SSLIdentity>(identity).Pass());
+  }
+
+ private:
+  friend class base::RefCountedThreadSafe<ObserverOnSuccessCaller>;
+  ~ObserverOnSuccessCaller() {}
+
+  DISALLOW_COPY_AND_ASSIGN(ObserverOnSuccessCaller);
+};
 }  // namespace
 
 PeerConnectionIdentityStore::PeerConnectionIdentityStore(
     const GURL& url,
     const GURL& first_party_for_cookies)
     : main_thread_(base::ThreadTaskRunnerHandle::Get()),
       url_(url),
       first_party_for_cookies_(first_party_for_cookies) {
   signaling_thread_.DetachFromThread();
   DCHECK(main_thread_.get());
 }
 
 PeerConnectionIdentityStore::~PeerConnectionIdentityStore() {
   // Typically destructed on libjingle's signaling thread.
 }
 
 void PeerConnectionIdentityStore::RequestIdentity(
     rtc::KeyType key_type,
     const rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver>& observer) {
   DCHECK(signaling_thread_.CalledOnValidThread());
   DCHECK(observer);
-  // This store only supports RSA.
-  DCHECK_EQ(key_type, rtc::KT_RSA);
 
-  scoped_refptr<RequestHandler> handler(new RequestHandler(observer));
-  main_thread_->PostTask(
-      FROM_HERE,
-      base::Bind(&RequestHandler::RequestIdentityOnUIThread, handler, url_,
-                 first_party_for_cookies_));
+  // TODO(hbos): Use modulus length parameter when KeyType is parameterized.
+  if (key_type == rtc::KT_RSA) {
+    // Use Chromium identity generation code for RSA.

[Ryan Sleevi, 2015/10/10 04:04:48]

Why split between these two?

[hbos_chromium, 2015/10/14 13:00:49]

Ideally we would only use WebRTC code for certificate generation for use in
WebRTC. For performance reasons, Chromium implemented its own generation for RSA
(I believe to allow caching, perhaps even generation, in the browser outside of
the WebRTC world).

WebRTC has now been updated to support other key types and parameters. These
other options are only supported by WebRTC code. Luckily, generating ECDSA is so
fast we can simply do it in the else-clause on the fly. But for performance
reasons we still use the Chromium code for of generating RSA.

+    scoped_refptr<RequestHandler> handler(new RequestHandler(observer));
+    main_thread_->PostTask(
+        FROM_HERE,
+        base::Bind(&RequestHandler::RequestIdentityOnUIThread, handler, url_,
+                   first_party_for_cookies_));
+  } else {
+    // Use WebRTC identity generation code for non-RSA.
+    rtc::SSLIdentity* identity = rtc::SSLIdentity::Generate(kIdentityName,
+                                                            key_type);
+
+    scoped_refptr<base::SingleThreadTaskRunner> signaling_thread =
+        base::ThreadTaskRunnerHandle::Get();
+
+    // Invoke |observer| callbacks asynchronously. The callbacks of
+    // DtlsIdentityStoreInterface implementations have to be async.
+    if (identity) {
+      // Async call to observer->OnSuccess.
+      // Helper class necessary because OnSuccess takes a scoped_ptr argument

[Guido Urdaneta, 2015/10/08 11:13:03]

You can probably use base::Passed() instead of the helper class.
https://code.google.com/p/chromium/codesearch#chromium/src/base/bind_helpers....

[hbos_chromium, 2015/10/14 13:00:49]

Done.

+      // and scoped_ptrs can't be passed with = operator, have to use .Pass().
+      scoped_refptr<ObserverOnSuccessCaller> observer_caller(
+          new ObserverOnSuccessCaller());
+      signaling_thread->PostTask(FROM_HERE,
+          base::Bind(&ObserverOnSuccessCaller::CallObserverOnSuccess,
+                     observer_caller, observer, identity));
+    } else {
+      // Async call to observer->OnFailure.
+      signaling_thread->PostTask(FROM_HERE,
+          base::Bind(&webrtc::DtlsIdentityRequestObserver::OnFailure,
+                     observer, 0));
+    }
+  }
 }
 
 }  // namespace content