RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added.

content/renderer/media/rtc_certificate_generator.cc

+// Copyright (c) 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/renderer/media/rtc_certificate_generator.h"
+
+#include "content/renderer/media/peer_connection_identity_store.h"
+#include "content/renderer/media/rtc_certificate.h"
+#include "third_party/webrtc/base/rtccertificate.h"
+#include "third_party/webrtc/base/scoped_ref_ptr.h"
+#include "url/gurl.h"
+
+namespace content {
+namespace {
+
+class RTCCertificateIdentityObserver
+    : public webrtc::DtlsIdentityRequestObserver {
+ public:
+  RTCCertificateIdentityObserver(
+      const blink::WebRTCKeyParams& key_params,
+      webrtc::DtlsIdentityStoreInterface* store,
+      blink::WebCallbacks<blink::WebRTCCertificate*, void>* observer)
+      : key_params_(key_params), store_(store), observer_(observer) {
+  }
+
+  ~RTCCertificateIdentityObserver() override {
+  }
+
+  void Init(const rtc::scoped_refptr<RTCCertificateIdentityObserver>& self) {
+    this_ = self;

[Guido Urdaneta, 2015/10/08 11:13:03]

Would it be much more complex to handle ownership of this object without the
"delete this" approach?

[hbos_chromium, 2015/10/14 13:00:49]

I have to protect it with reference counting because it's a ref counted object
(due to webrtc interface).

Added comments and cleaned up code though. Like doing self_ref_ = this (which
you could not due in the constructor as discussed offline) and putting the
RequestIdentity logic here in one place.

+  }
+
+ private:
+  void OnFailure(int error) override {
+    DCHECK(this_) << "Not initialized.";
+    observer_->onError();
+    // Stop protecting against destruction. This could result in "delete this".
+    this_ = nullptr;
+  }
+
+  void OnSuccess(const std::string& der_cert,
+                 const std::string& der_private_key) override {
+    DCHECK(this_) << "Not initialized.";
+    std::string pem_cert = rtc::SSLIdentity::DerToPem(
+        rtc::kPemTypeCertificate,
+        reinterpret_cast<const unsigned char*>(der_cert.data()),
+        der_cert.length());
+    std::string pem_key = rtc::SSLIdentity::DerToPem(
+        rtc::kPemTypeRsaPrivateKey,
+        reinterpret_cast<const unsigned char*>(der_private_key.data()),
+        der_private_key.length());

[Ryan Sleevi, 2015/10/10 04:04:48]

This seems quite inefficient to be converting; why is PEM involved at all?

[torbjorng, 2015/10/14 13:02:48]

We don't currently provide any DER format conversions in the underlying OpenSSL
class.
However, this conversion is not slow, although DER might be a tad bit faster.

+    rtc::scoped_ptr<rtc::SSLIdentity> identity(
+        rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert));
+    OnSuccess(identity.Pass());
+  }
+
+  void OnSuccess(rtc::scoped_ptr<rtc::SSLIdentity> identity) override {
+    DCHECK(this_) << "Not initialized.";
+    rtc::scoped_refptr<rtc::RTCCertificate> certificate =
+        rtc::RTCCertificate::Create(identity.Pass());
+    observer_->onSuccess(new RTCCertificate(key_params_, certificate));
+    // Stop protecting against destruction. This could result in "delete this".
+    this_ = nullptr;
+  }
+
+  rtc::scoped_refptr<RTCCertificateIdentityObserver> this_;
+  blink::WebRTCKeyParams key_params_;
+  rtc::scoped_ptr<webrtc::DtlsIdentityStoreInterface> store_;
+  blink::WebCallbacks<blink::WebRTCCertificate*, void>* observer_;
+
+  DISALLOW_COPY_AND_ASSIGN(RTCCertificateIdentityObserver);
+};
+
+}  // namespace
+
+void RTCCertificateGenerator::generateCertificate(
+    const blink::WebRTCKeyParams& key_params,
+    const blink::WebURL& url,
+    const blink::WebURL& first_party_for_cookies,
+    blink::WebCallbacks<blink::WebRTCCertificate*, void>* observer) {
+  // TODO(hbos): Convert blink::WebRTCKeyParams -> rtc::KeyParams and use that
+  // in RequestIdentity when rtc::KeyParams CL has landed.

[Guido Urdaneta, 2015/10/08 11:13:03]

Reference a crbug

[hbos_chromium, 2015/10/14 13:00:49]

Bug resolved.

+  rtc::KeyType rtc_key_type = rtc::IntKeyTypeFamilyToKeyType(
+      static_cast<int>(key_params.keyType()));
+
+  PeerConnectionIdentityStore* store =
+      new PeerConnectionIdentityStore(url, first_party_for_cookies);

[Ryan Sleevi, 2015/10/10 04:04:48]

BUG? How does this not leak store?

[hbos_chromium, 2015/10/14 13:00:49]

The ownership of |store| was passed to |identity_observer|, didn't use a
scoped_ptr due to invoking store->RequestIdentity afterwards.

But nvm that, there's was no need to pass the ownership. Using scoped_ptr now
and cleaned some stuff up.

+
+  rtc::scoped_refptr<RTCCertificateIdentityObserver> identity_observer(
+      new rtc::RefCountedObject<RTCCertificateIdentityObserver>(
+          key_params, store, observer));
+  identity_observer->Init(identity_observer);
+  store->RequestIdentity(rtc_key_type, identity_observer);
+}
+
+bool RTCCertificateGenerator::isValidKeyParams(
+    const blink::WebRTCKeyParams& key_params) {
+  // TODO(hbos): Convert to rtc::KeyParams and check KeyParams::IsValid instead
+  // of having parameter validation code in multiple places.

[Guido Urdaneta, 2015/10/08 11:13:03]

Reference a crbug

[hbos_chromium, 2015/10/14 13:00:49]

Bug resolved.

+  if (key_params.keyType() == blink::WebRTCKeyTypeRSA) {
+    // Smaller |modLength| insecure, greater |modLength| slow and redundant.
+    // 65537 is the only supported |pubExp|.
+    return key_params.rsaParams().modLength >= 1024 &&
+           key_params.rsaParams().modLength <= 8192 &&
+           key_params.rsaParams().pubExp == 65537;
+  }
+  if (key_params.keyType() == blink::WebRTCKeyTypeECDSA) {
+    return key_params.ecCurve() == blink::WebRTCECCurveNistP256;
+  }
+  return false;
+}
+
+}  // namespace content