Chromium Code Reviews Chromium Code Reviews
Issue 1373023002:
RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/renderer/media/rtc_certificate_generator.cc |
| diff --git a/content/renderer/media/rtc_certificate_generator.cc b/content/renderer/media/rtc_certificate_generator.cc |
| new file mode 100644 |
| index 0000000000000000000000000000000000000000..559dc95122bc187fee2fb25ad209f38d94af9817 |
| --- /dev/null |
| +++ b/content/renderer/media/rtc_certificate_generator.cc |
| @@ -0,0 +1,113 @@ |
| +// Copyright (c) 2015 The Chromium Authors. All rights reserved. |
| +// Use of this source code is governed by a BSD-style license that can be |
| +// found in the LICENSE file. |
| + |
| +#include "content/renderer/media/rtc_certificate_generator.h" |
| + |
| +#include "content/renderer/media/peer_connection_identity_store.h" |
| +#include "content/renderer/media/rtc_certificate.h" |
| +#include "third_party/webrtc/base/rtccertificate.h" |
| +#include "third_party/webrtc/base/scoped_ref_ptr.h" |
| +#include "url/gurl.h" |
| + |
| +namespace content { |
| +namespace { |
| + |
| +class RTCCertificateIdentityObserver |
| + : public webrtc::DtlsIdentityRequestObserver { |
| + public: |
| + RTCCertificateIdentityObserver( |
| + const blink::WebRTCKeyParams& key_params, |
| + webrtc::DtlsIdentityStoreInterface* store, |
| + blink::WebCallbacks<blink::WebRTCCertificate*, void>* observer) |
| + : key_params_(key_params), store_(store), observer_(observer) { |
| + } |
| + |
| + ~RTCCertificateIdentityObserver() override { |
| + } |
| + |
| + void Init(const rtc::scoped_refptr<RTCCertificateIdentityObserver>& self) { |
| + this_ = self; |
|
Guido Urdaneta
2015/10/08 11:13:03
Would it be much more complex to handle ownership
hbos_chromium
2015/10/14 13:00:49
I have to protect it with reference counting becau
|
| + } |
| + |
| + private: |
| + void OnFailure(int error) override { |
| + DCHECK(this_) << "Not initialized."; |
| + observer_->onError(); |
| + // Stop protecting against destruction. This could result in "delete this". |
| + this_ = nullptr; |
| + } |
| + |
| + void OnSuccess(const std::string& der_cert, |
| + const std::string& der_private_key) override { |
| + DCHECK(this_) << "Not initialized."; |
| + std::string pem_cert = rtc::SSLIdentity::DerToPem( |
| + rtc::kPemTypeCertificate, |
| + reinterpret_cast<const unsigned char*>(der_cert.data()), |
| + der_cert.length()); |
| + std::string pem_key = rtc::SSLIdentity::DerToPem( |
| + rtc::kPemTypeRsaPrivateKey, |
| + reinterpret_cast<const unsigned char*>(der_private_key.data()), |
| + der_private_key.length()); |
|
Ryan Sleevi
2015/10/10 04:04:48
This seems quite inefficient to be converting; why
torbjorng
2015/10/14 13:02:48
We don't currently provide any DER format conversi
|
| + rtc::scoped_ptr<rtc::SSLIdentity> identity( |
| + rtc::SSLIdentity::FromPEMStrings(pem_key, pem_cert)); |
| + OnSuccess(identity.Pass()); |
| + } |
| + |
| + void OnSuccess(rtc::scoped_ptr<rtc::SSLIdentity> identity) override { |
| + DCHECK(this_) << "Not initialized."; |
| + rtc::scoped_refptr<rtc::RTCCertificate> certificate = |
| + rtc::RTCCertificate::Create(identity.Pass()); |
| + observer_->onSuccess(new RTCCertificate(key_params_, certificate)); |
| + // Stop protecting against destruction. This could result in "delete this". |
| + this_ = nullptr; |
| + } |
| + |
| + rtc::scoped_refptr<RTCCertificateIdentityObserver> this_; |
| + blink::WebRTCKeyParams key_params_; |
| + rtc::scoped_ptr<webrtc::DtlsIdentityStoreInterface> store_; |
| + blink::WebCallbacks<blink::WebRTCCertificate*, void>* observer_; |
| + |
| + DISALLOW_COPY_AND_ASSIGN(RTCCertificateIdentityObserver); |
| +}; |
| + |
| +} // namespace |
| + |
| +void RTCCertificateGenerator::generateCertificate( |
| + const blink::WebRTCKeyParams& key_params, |
| + const blink::WebURL& url, |
| + const blink::WebURL& first_party_for_cookies, |
| + blink::WebCallbacks<blink::WebRTCCertificate*, void>* observer) { |
| + // TODO(hbos): Convert blink::WebRTCKeyParams -> rtc::KeyParams and use that |
| + // in RequestIdentity when rtc::KeyParams CL has landed. |
|
Guido Urdaneta
2015/10/08 11:13:03
Reference a crbug
hbos_chromium
2015/10/14 13:00:49
Bug resolved.
|
| + rtc::KeyType rtc_key_type = rtc::IntKeyTypeFamilyToKeyType( |
| + static_cast<int>(key_params.keyType())); |
| + |
| + PeerConnectionIdentityStore* store = |
| + new PeerConnectionIdentityStore(url, first_party_for_cookies); |
|
Ryan Sleevi
2015/10/10 04:04:48
BUG? How does this not leak store?
hbos_chromium
2015/10/14 13:00:49
The ownership of |store| was passed to |identity_o
|
| + |
| + rtc::scoped_refptr<RTCCertificateIdentityObserver> identity_observer( |
| + new rtc::RefCountedObject<RTCCertificateIdentityObserver>( |
| + key_params, store, observer)); |
| + identity_observer->Init(identity_observer); |
| + store->RequestIdentity(rtc_key_type, identity_observer); |
| +} |
| + |
| +bool RTCCertificateGenerator::isValidKeyParams( |
| + const blink::WebRTCKeyParams& key_params) { |
| + // TODO(hbos): Convert to rtc::KeyParams and check KeyParams::IsValid instead |
| + // of having parameter validation code in multiple places. |
|
Guido Urdaneta
2015/10/08 11:13:03
Reference a crbug
hbos_chromium
2015/10/14 13:00:49
Bug resolved.
|
| + if (key_params.keyType() == blink::WebRTCKeyTypeRSA) { |
| + // Smaller |modLength| insecure, greater |modLength| slow and redundant. |
| + // 65537 is the only supported |pubExp|. |
| + return key_params.rsaParams().modLength >= 1024 && |
| + key_params.rsaParams().modLength <= 8192 && |
| + key_params.rsaParams().pubExp == 65537; |
| + } |
| + if (key_params.keyType() == blink::WebRTCKeyTypeECDSA) { |
| + return key_params.ecCurve() == blink::WebRTCECCurveNistP256; |
| + } |
| + return false; |
| +} |
| + |
| +} // namespace content |
