content/browser/media/dtls_identity_store.cc - Issue 15969025: Generates the DTLS identity in browser process and returns it to render process.

Side by Side Diff: content/browser/media/dtls_identity_store.cc

Issue 15969025: Generates the DTLS identity in browser process and returns it to render process. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/browser/media/dtls_identity_store.h ('K') | « content/browser/media/dtls_identity_store.h ('k') | content/browser/media/dtls_identity_store_unittest.cc » ('j') | content/browser/media/dtls_identity_store_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5

	6 #include "content/browser/media/dtls_identity_store.h"

	7

	8 #include <cert.h>
	Ryan Sleevi 2013/06/04 19:13:52 BUG: You cannot depend on this header directly in BUG: You cannot depend on this header directly in content/. This can ONLY be used in NSS-only files. Same with all types used beyond. That is, it MAY be acceptable to separate the design into dtls_identity_store, dtls_identity_store_nss, and dtls_identity_store_openssl, but please think carefully about the design before doing so. We have intentional abstractions like crypto/ and net/ to give you implementation-agnostic types.
	9

	10 #include "base/bind.h"

	11 #include "base/location.h"

	12 #include "base/logging.h"

	13 #include "base/rand_util.h"

	14 #include "base/task_runner.h"

	15 #include "base/threading/worker_pool.h"

	16 #include "content/public/browser/browser_thread.h"

	17 #include "crypto/ec_private_key.h"

	18 #include "googleurl/src/gurl.h"

	19 #include "net/cert/x509_util_nss.h"
	Ryan Sleevi 2013/06/04 19:13:52 BUG: You cannot depend on this header directly in BUG: You cannot depend on this header directly in content/. This can ONLY be used in NSS-only files. jiayl 2013/06/04 20:23:10 Can I add a new method similar to CreateDomainBoun Show quoted text On 2013/06/04 19:13:52, Ryan Sleevi wrote: > BUG: You cannot depend on this header directly in content/. This can ONLY be > used in NSS-only files. Can I add a new method similar to CreateDomainBoundCertEC to x509_util.h and put the implementation in x509_util_nss.cc calling the existing CreateSelfSignedCert? Ryan Sleevi 2013/06/04 21:14:59 We'll want to tackle that in a separate CL. Show quoted text On 2013/06/04 20:23:10, jiayl wrote: > On 2013/06/04 19:13:52, Ryan Sleevi wrote: > > BUG: You cannot depend on this header directly in content/. This can ONLY be > > used in NSS-only files. > > Can I add a new method similar to CreateDomainBoundCertEC to x509_util.h and put > the implementation in x509_util_nss.cc calling the existing > CreateSelfSignedCert? > > > > We'll want to tackle that in a separate CL.
	20

	21 namespace {

	22

	23 static void GenerateIdentityWorker(

	24 const GURL& url,

	25 const std::string& identity_name,

	26 const std::string& common_name,

	27 const content::DTLSIdentityStore::OnCompleteCallback& callback) {

	28 std::string certificate;

	29 std::vector<uint8> private_key_info;

	30

	31 int serial_number = base::RandInt(0, std::numeric_limits<int>::max());

	32 base::Time not_valid_before = base::Time::Now();

	33 base::Time not_valid_after =

	34 not_valid_before + base::TimeDelta::FromDays(30);

	35

	36 scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create());

	37 if (!key.get()) {

	38 DLOG(ERROR) << "Unable to create key pair for client";

	39 return;

	40 }

	41

	42 CERTCertificate* cert = net::x509_util::CreateSelfSignedCert(

	43 key->public_key(), key->key(), "CN=" + identity_name,

	44 serial_number, not_valid_before, not_valid_after);

	45 if (cert == NULL) {

	46 DLOG(ERROR) << "Unable to create x509 cert for client";

	47 return;

	48 }

	49 certificate.append(reinterpret_cast<char*>(cert->derCert.data),

	50 cert->derCert.len);

	51 CERT_DestroyCertificate(cert);

	52 cert = NULL;

	53

	54 if (!key->ExportEncryptedPrivateKey("", 1, &private_key_info)) {

	55 DLOG(ERROR) << "Unable to export private key";

	56 return;

	57 }

	58

	59 std::string priveta_key(private_key_info.begin(), private_key_info.end());

	60

	61 content::BrowserThread::PostTask(

	62 content::BrowserThread::UI,

	63 FROM_HERE,

	64 base::Bind(callback, certificate, priveta_key));

	65 }

	66

	67 } // namespace

	68

	69 namespace content {

	70

	71 DTLSIdentityStore* DTLSIdentityStore::GetInstance() {

	72 return Singleton<DTLSIdentityStore>::get();

	73 }

	74

	75 DTLSIdentityStore::DTLSIdentityStore() :

	76 task_runner_(base::WorkerPool::GetTaskRunner(true)) {

	77 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

	78 }

	79

	80 DTLSIdentityStore::DTLSIdentityStore(

	81 const scoped_refptr<base::TaskRunner>& task_runner) :

	82 task_runner_(task_runner) {

	83 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

	84 }

	85

	86 DTLSIdentityStore::~DTLSIdentityStore() {

	87 }

	88

	89 void DTLSIdentityStore::GetOrGenerateIdentity(

	90 const GURL& url,

	91 const std::string& identity_name,

	92 const std::string& common_name,

	93 const OnCompleteCallback& callback) {

	94 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));

	95

	96 // TODO(jiayl): find the cert in the persistent store and generate a new one

	97 // only when not found.

	98 task_runner_->PostTask(

	99 FROM_HERE,

	100 base::Bind(&GenerateIdentityWorker,

	101 url, identity_name, common_name, callback));

	102 }

	103

	104 } // namespace content

OLD	NEW