RTCCertificate, RTCPeerConnection.generateCertificate (WebRTC JavaScript) added.

third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp

Index: third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
diff --git a/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp b/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
index 8fcfb151c7501c01ccecb154045756c3262678ec..5dcf61e6ea105d298fd09c0997c1561b7d54c7fb 100644
--- a/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
+++ b/third_party/WebKit/Source/modules/mediastream/RTCPeerConnection.cpp
@@ -34,6 +34,9 @@
 #include "bindings/core/v8/ArrayValue.h"
 #include "bindings/core/v8/ExceptionMessages.h"
 #include "bindings/core/v8/ExceptionState.h"
+#include "bindings/core/v8/Nullable.h"
+#include "bindings/core/v8/ScriptPromiseResolver.h"
+#include "bindings/modules/v8/V8RTCCertificate.h"
 #include "core/dom/Document.h"
 #include "core/dom/ExceptionCode.h"
 #include "core/dom/ExecutionContext.h"
@@ -58,10 +61,13 @@
 #include "platform/mediastream/RTCOfferOptions.h"
 #include "public/platform/Platform.h"
 #include "public/platform/WebMediaStream.h"
+#include "public/platform/WebRTCCertificate.h"
+#include "public/platform/WebRTCCertificateGenerator.h"
 #include "public/platform/WebRTCConfiguration.h"
 #include "public/platform/WebRTCDataChannelHandler.h"
 #include "public/platform/WebRTCDataChannelInit.h"
 #include "public/platform/WebRTCICECandidate.h"
+#include "public/platform/WebRTCKeyParams.h"
 #include "public/platform/WebRTCOfferOptions.h"
 #include "public/platform/WebRTCSessionDescription.h"
 #include "public/platform/WebRTCSessionDescriptionRequest.h"
@@ -82,6 +88,40 @@ static bool throwExceptionIfSignalingStateClosed(RTCPeerConnection::SignalingSta
     return false;
 }
 
+// Helper class for RTCPeerConnection::generateCertificate.
+class WebRTCCertificateObserver : public WebCallbacks<WebRTCCertificate*, void> {
+public:
+    // The created observer is responsible for deleting itself after onSuccess/onError. To avoid memory
+    // leak the observer should therefore be used in a WebRTCCertificateGenerator::generateCertificate call
+    // which is ensured to invoke one of these. Takes ownership of |resolver|.
+    static WebRTCCertificateObserver* create(ScriptPromiseResolver* resolver)
+    {
+        return new WebRTCCertificateObserver(resolver);
+    }
+
+    DEFINE_INLINE_TRACE() { visitor->trace(m_resolver); }
+
+private:
+    WebRTCCertificateObserver(ScriptPromiseResolver* resolver)
+        : m_resolver(resolver) {}
+
+    ~WebRTCCertificateObserver() override {}
+
+    void onSuccess(WebRTCCertificate* certificate) override
+    {
+        m_resolver->resolve(new RTCCertificate(certificate));
+        delete this;
+    }
+
+    void onError() override
+    {
+        m_resolver->reject();
+        delete this;
+    }
+
+    Persistent<ScriptPromiseResolver> m_resolver;
+};
+
 } // namespace
 
 RTCConfiguration* RTCPeerConnection::parseConfiguration(const Dictionary& configuration, ExceptionState& exceptionState)
@@ -207,6 +247,28 @@ RTCConfiguration* RTCPeerConnection::parseConfiguration(const Dictionary& config
         }
     }
 
+    ArrayValue certificates;
+    if (DictionaryHelper::get(configuration, "certificates", certificates) && !certificates.isUndefinedOrNull()) {
+        size_t numberOfCertificates;
+        certificates.length(numberOfCertificates);
+        for (size_t i = 0; i < numberOfCertificates; ++i) {
+            RTCCertificate* certificate = nullptr;
+
+            Dictionary dictCert;
+            certificates.get(i, dictCert);
+            v8::Local<v8::Value> valCert = dictCert.v8Value();
+            if (!valCert.IsEmpty()) {
+                certificate = V8RTCCertificate::toImplWithTypeCheck(configuration.isolate(), valCert);
+            }
+            if (!certificate) {
+                exceptionState.throwTypeError("Malformed sequence<RTCCertificate>");
+                return 0;
+            }
+
+            rtcConfiguration->appendCertificate(certificate->certificateShallowCopy());
+        }
+    }
+
     return rtcConfiguration;
 }
 
@@ -411,6 +473,66 @@ void RTCPeerConnection::updateIce(const Dictionary& rtcConfiguration, const Dict
         exceptionState.throwDOMException(SyntaxError, "Could not update the ICE Agent with the given configuration.");
 }
 
+ScriptPromise RTCPeerConnection::generateCertificate(ScriptState* scriptState, const Dictionary& keygenAlgorithm, ExceptionState& exceptionState)
+{
+    // Validate and interpret input |keygenAlgorithm|.
+    // TODO(hbos): Use WebCrypto normalization process to validate and interpret |keygenAlgorithm|.
+    // This may create a dependency between the Blink and WebCrypto modules? crbug.com/544917

[eroman, 2015/10/21 22:55:50]

As discussed over email, depending on NormalizeAlgorithm.h is fine.

[hbos_chromium, 2015/10/22 09:40:56]

Acknowledged.

+    Nullable<WebRTCKeyParams> keyParams;
+    String name;
+    if (DictionaryHelper::get(keygenAlgorithm, "name", name)) {

[eroman, 2015/10/21 22:55:50]

As-written the AlgorithmIdentifier parsing code here has two main problems:

  (1) publicExponent must be a BigInteger and not a Number
(https://github.com/w3c/webrtc-pc/issues/310)
  (2) Algorithm names must be case-insensitive (so for instance EcDsA should
also be recognized)

If your intention is to submit this changelist as-is as a temporary measure, and
then follow-up quickly with a switchover to calling WebCrypto's parsing
algorithm (which should actually involve less code for more features), that is
fine -- I am happy to review that as a separate CL.

[hbos_chromium, 2015/10/22 09:40:56]

That's what I'll do :) Btw there is a third problem. WebCrypto requires RSA to
have a "hash" value too: https://github.com/w3c/webrtc-pc/issues/322.

[eroman, 2015/10/22 17:49:49]

Oh right, that too ... Yuck!

+        if (name == "RSASSA-PKCS1-v1_5") {
+            // RSA - Supported |keygenAlgorithm|:
+            // { name: "RSASSA-PKCS1-v1_5", modulusLength: <int>, publicExponent: 65537 }
+            int modulusLength = -1;
+            int publicExponent = -1;
+            if (DictionaryHelper::get(keygenAlgorithm, "modulusLength", modulusLength)
+                && modulusLength >= 0
+                && DictionaryHelper::get(keygenAlgorithm, "publicExponent", publicExponent)
+                && publicExponent >= 0) {
+                keyParams.set(blink::WebRTCKeyParams::createRSA(modulusLength, publicExponent));
+            }
+        } else if (name == "ECDSA") {
+            // ECDSA - Supported |keygenAlgorithm|:
+            // { name: "ECDSA", namedCurve: "P-256" }
+            String namedCurve;
+            DictionaryHelper::get(keygenAlgorithm, "namedCurve", namedCurve);
+            if (namedCurve == "P-256") {
+                keyParams.set(blink::WebRTCKeyParams::createECDSA(WebRTCECCurveNistP256));
+            }
+        }
+    }
+    if (keyParams.isNull()) {
+        // Invalid argument.
+        return ScriptPromise::rejectWithDOMException(
+            scriptState, DOMException::create(InvalidAccessError, ExceptionMessages::argumentNullOrIncorrectType(1, "AlgorithmIdentifier")));

[eroman, 2015/10/21 22:55:51]

According to the WebRTC spec you should be failing a number of these with
NotSupported error.
(Or if the WebCrypto algorithm normalization failed, then return that error.)

For instance keyParams will be null when using a P-384, and subsequently result
in InvalidAcessError when it should be NotSupported.

[hbos_chromium, 2015/10/22 09:40:56]

Acknowledged. To be addressed in follow-up.

+    }
+
+    OwnPtr<WebRTCCertificateGenerator> certificateGenerator = adoptPtr(
+        Platform::current()->createRTCCertificateGenerator());
+
+    // Check validity of |keyParams|.
+    if (!certificateGenerator->isValidKeyParams(keyParams.get())) {
+        return ScriptPromise::rejectWithDOMException(
+            scriptState, DOMException::create(NotSupportedError, "The 1st argument provided is an AlgorithmIdentifier, but it has unsupported parameter values."));
+    }
+
+    ScriptPromiseResolver* resolver = ScriptPromiseResolver::create(scriptState);
+    ScriptPromise promise = resolver->promise();
+
+    WebRTCCertificateObserver* certificateObserver = WebRTCCertificateObserver::create(resolver);
+
+    // Generate certificate. The |certificateObserver| will resolve the promise asynchronously upon completion.
+    // The observer will manage its own destruction as well as the resolver's destruction.
+    certificateGenerator->generateCertificate(
+        keyParams.get(),
+        toDocument(scriptState->executionContext())->url(),
+        toDocument(scriptState->executionContext())->firstPartyForCookies(),
+        certificateObserver);
+
+    return promise;
+}
+
 void RTCPeerConnection::addIceCandidate(RTCIceCandidate* iceCandidate, ExceptionState& exceptionState)
 {
     if (throwExceptionIfSignalingStateClosed(m_signalingState, exceptionState))