Generates the DTLS identity in browser process and returns it to render process.

content/browser/media/dtls_identity_store.h

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_MEDIA_DTLS_IDENTITY_STORE_H_
+#define CONTENT_BROWSER_MEDIA_DTLS_IDENTITY_STORE_H_
+
+#include "base/callback.h"
+
+class GURL;
+
+namespace base {
+class TaskRunner;
+}  // namespace base
+
+namespace content {
+
+class DTLSIdentityRequest;
+class DTLSIdentityRequestHandle;
+class DTLSIdentityStoreTest;
+
+// A class for creating and fetching DTLS identities, i.e. the private key and
+// the self-signed certificate.
+class DTLSIdentityStore {

[Ryan Sleevi, 2013/06/24 19:29:16]

I'm still concerned about the naming here, in that "DTLS" is a very broad space,
particularly within content.

If there was content::media:: namespace, I suppose this would be less of a
concern - but I would rather see a more specific name (eg: reflecting its
purpose) rather than something generic like "DTLS", since this is intended to
only be used in a very specific context (WebRTC)

[jiayl, 2013/06/25 20:36:32]

Renamed to WebRTCIdentity*
On 2013/06/24 19:29:16, Ryan Sleevi wrote:

+ public:
+  typedef base::Callback<void(int error,
+                              const std::string& certificate,
+                              const std::string& private_key)>
+      CompletionCallback;
+
+  DTLSIdentityStore();
+  virtual ~DTLSIdentityStore();

[Ryan Sleevi, 2013/06/24 19:29:16]

unnecessary virtual dtor.

[jiayl, 2013/06/25 20:36:32]

Done.

+
+  // Retrieve the DTLS identity for the |origin| and |identity_name| pair, or
+  // generate a new one using |common_name| if such identity does not exist, or
+  // if the given |common_name| does not match the common name in the existing
+  // identity's certificate.

[Ryan Sleevi, 2013/06/24 19:29:16]

From reading this comment, I'm still not sure I understand your model of
handling conflicts.

If I make two requests for identity "a", for site "example.com", but with CN
"Foo" and "Bar", what is reflected in the underlying storage?

1) Two unique private keys, "a-foo" and "a-bar", with two unique certificates?
2) One unique private key "a", with two unique certificates ("a-foo" and
"a-bar")
3) One unique private key and certificate generated for "a-foo", and then
replaced (eg: a-foo fully destroyed) by "a-bar"

It should be abundantly clear from reading this header what the contract is, and
there should be unittests to ensure this contract.

[jiayl, 2013/06/25 20:36:32]

Done.

+  //
+  // Asynchronous.

[Ryan Sleevi, 2013/06/24 19:29:16]

"// Asynchronous" is unnecessary, and it's also not consistent with the remark
on line 53.

[jiayl, 2013/06/25 20:36:32]

Done.

+  // |origin| is the origin of the DTLS connection;
+  // |identity_name| is used to identify an identity within an origin; it is
+  // opaque to DTLSIdentityStore and remains private to the caller, i.e. not
+  // presetnt in the certificate;
+  // |common_name| is the common name used to generate the certificate and will
+  // be shared with the peer of the DTLS connection. Identities created for
+  // different origins or different identity names may have the same common
+  // name.
+  // |callback| is the callback to return the result.
+  // |cancel_callback| will be set to the Closure used to cancel the request
+  // if the request is accepted. The Closure can only be called before the
+  // request completes.
+  //
+  // Returns true if the request is accepted.
+  bool RequestIdentity(const GURL& origin,
+                       const std::string& identity_name,
+                       const std::string& common_name,
+                       const CompletionCallback& callback,
+                       base::Closure* cancel_callback);
+
+ private:
+  friend class DTLSIdentityRequestHandle;
+  friend class DTLSIdentityStoreTest;
+
+  explicit DTLSIdentityStore(
+      const scoped_refptr<base::TaskRunner>& task_runner);
+
+  void CancelRequestInternal(DTLSIdentityRequest* request);
+
+  // The TaskRunner for doing work on a worker thread.
+  scoped_refptr<base::TaskRunner> task_runner_;
+
+  DISALLOW_COPY_AND_ASSIGN(DTLSIdentityStore);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_MEDIA_DTLS_IDENTITY_STORE_H_