Generates the DTLS identity in browser process and returns it to render process.

content/browser/media/dtls_identity_store.cc

+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/media/dtls_identity_store.h"
+
+#include <cert.h>
+
+#include "base/bind.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/rand_util.h"
+#include "base/task_runner.h"
+#include "base/threading/worker_pool.h"
+#include "content/public/browser/browser_thread.h"
+#include "crypto/ec_private_key.h"
+#include "googleurl/src/gurl.h"
+#include "net/cert/x509_util_nss.h"
+
+namespace {

[jam, 2013/06/06 16:22:32]

put this in the content namespace as well, so that you don't need to use
content:: here

[jiayl, 2013/06/06 17:07:37]

Done.

+
+static void GenerateIdentityWorker(
+    const GURL& origin,
+    const std::string& identity_name,
+    const std::string& common_name,
+    const content::DTLSIdentityStore::OnCompleteCallback& callback) {
+  std::string certificate;
+  std::vector<uint8> private_key_info;
+
+  int serial_number = base::RandInt(0, std::numeric_limits<int>::max());
+  base::Time not_valid_before = base::Time::Now();
+  base::Time not_valid_after = not_valid_before + base::TimeDelta::FromDays(30);
+
+  scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create());
+  if (!key.get()) {
+    DLOG(ERROR) << "Unable to create key pair for client";
+    return;
+  }
+
+  CERTCertificate* cert =
+      net::x509_util::CreateSelfSignedCert(key->public_key(),
+                                           key->key(),
+                                           "CN=" + common_name,
+                                           serial_number,
+                                           not_valid_before,
+                                           not_valid_after);
+  if (cert == NULL) {
+    DLOG(ERROR) << "Unable to create x509 cert for client";
+    return;
+  }
+  certificate.append(reinterpret_cast<char*>(cert->derCert.data),
+                     cert->derCert.len);
+  CERT_DestroyCertificate(cert);
+  cert = NULL;
+
+  if (!key->ExportEncryptedPrivateKey("", 1, &private_key_info)) {
+    DLOG(ERROR) << "Unable to export private key";
+    return;
+  }
+
+  std::string priveta_key(private_key_info.begin(), private_key_info.end());
+
+  LOG(INFO) << "DTLSIdentityStore: a new identity is gnerated.";

[jam, 2013/06/06 16:22:32]

here and below, does this need to be LOG and not DLOG? all the LOG strings get
added to release builds

[jiayl, 2013/06/06 17:07:37]

Done.

+  content::BrowserThread::PostTask(
+      content::BrowserThread::IO,
+      FROM_HERE,
+      base::Bind(callback, certificate, priveta_key));
+}
+
+}  // namespace
+
+namespace content {
+
+DTLSIdentityStore* DTLSIdentityStore::GetInstance() {
+  return Singleton<DTLSIdentityStore>::get();
+}
+
+DTLSIdentityStore::DTLSIdentityStore()
+    : task_runner_(base::WorkerPool::GetTaskRunner(true)) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+}
+
+DTLSIdentityStore::DTLSIdentityStore(
+    const scoped_refptr<base::TaskRunner>& task_runner)
+    : task_runner_(task_runner) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+}
+
+DTLSIdentityStore::~DTLSIdentityStore() {}
+
+void DTLSIdentityStore::GetOrGenerateIdentity(
+    const GURL& origin,
+    const std::string& identity_name,
+    const std::string& common_name,
+    const OnCompleteCallback& callback) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+
+  LOG(INFO) << "DTLSIdentityStore: start generating identity.";
+  // TODO(jiayl): find the cert in the persistent store and generate a new one
+  // only when not found.
+  task_runner_->PostTask(
+      FROM_HERE,
+      base::Bind(&GenerateIdentityWorker,
+                 origin, identity_name, common_name, callback));
+}
+
+}  // namespace content