content/browser/media/dtls_identity_store.cc - Issue 15969025: Generates the DTLS identity in browser process and returns it to render process.

Side by Side Diff: content/browser/media/dtls_identity_store.cc

Issue 15969025: Generates the DTLS identity in browser process and returns it to render process. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« content/browser/media/dtls_identity_store.h ('K') | « content/browser/media/dtls_identity_store.h ('k') | content/browser/media/dtls_identity_store_browsertest.cc » ('j') | content/browser/renderer_host/media/dtls_identity_service_host.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "content/browser/media/dtls_identity_store.h"

	6

	7 #include <cert.h>

	8

	9 #include "base/bind.h"

	10 #include "base/location.h"

	11 #include "base/logging.h"

	12 #include "base/rand_util.h"

	13 #include "base/task_runner.h"

	14 #include "base/threading/worker_pool.h"

	15 #include "content/public/browser/browser_thread.h"

	16 #include "crypto/ec_private_key.h"

	17 #include "googleurl/src/gurl.h"

	18 #include "net/cert/x509_util_nss.h"

	19

	20 namespace content {

	21

	22 namespace {

	23

	24 static void GenerateIdentityWorker(

	25 const GURL& origin,

	26 const std::string& identity_name,

	27 const std::string& common_name,

	28 const DTLSIdentityStore::OnCompleteCallback& callback) {

	29 std::string certificate;

	30 std::vector<uint8> private_key_info;

	31

	32 int serial_number = base::RandInt(0, std::numeric_limits<int>::max());

	33 base::Time not_valid_before = base::Time::Now();

	34 base::Time not_valid_after = not_valid_before + base::TimeDelta::FromDays(30);

	35

	36 scoped_ptr<crypto::ECPrivateKey> key(crypto::ECPrivateKey::Create());

	37 if (!key.get()) {

	38 DLOG(ERROR) << "Unable to create key pair for client";

	39 return;
	Ryan Sleevi 2013/06/06 23:57:37 BUG: As highlighted in the PostTaskAndReply commen BUG: As highlighted in the PostTaskAndReply comment below, this actually makes it impossible for the caller to distinguish when creation fails, because their callback is never invoked (line 66). This will lead to hung state machines. jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > BUG: As highlighted in the PostTaskAndReply comment below, this actually makes > it impossible for the caller to distinguish when creation fails, because their > callback is never invoked (line 66). This will lead to hung state machines. Done.
	40 }

	41

	42 CERTCertificate* cert =

	43 net::x509_util::CreateSelfSignedCert(key->public_key(),

	44 key->key(),

	45 "CN=" + common_name,

	46 serial_number,

	47 not_valid_before,

	48 not_valid_after);

	49 if (cert == NULL) {
	Ryan Sleevi 2013/06/06 23:57:37 if (!cert) { if (!cert) { jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > if (!cert) { Done.
	50 DLOG(ERROR) << "Unable to create x509 cert for client";

	51 return;

	52 }

	53 certificate.append(reinterpret_cast<char*>(cert->derCert.data),

	54 cert->derCert.len);

	55 CERT_DestroyCertificate(cert);

	56 cert = NULL;
	Ryan Sleevi 2013/06/06 23:57:37 style: Don't include this = NULL - such assignment style: Don't include this = NULL - such assignments are seen as superflous. jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > style: Don't include this = NULL - such assignments are seen as superflous. Done.
	57

	58 if (!key->ExportEncryptedPrivateKey("", 1, &private_key_info)) {

	59 DLOG(ERROR) << "Unable to export private key";

	60 return;

	61 }

	62

	63 std::string private_key(private_key_info.begin(), private_key_info.end());

	64

	65 DLOG(INFO) << "DTLSIdentityStore: a new identity is gnerated.";
	Ryan Sleevi 2013/06/06 23:57:37 typo: s/gnerated/generated STYLE: Don't log this. typo: s/gnerated/generated STYLE: Don't log this. It provides no real actionable information. If you absolutely, positively believe it should be logged (and I think I'll disagree with you if so), then this should be a DVLOG(3) or something otherwise "unchatty". jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > typo: s/gnerated/generated > STYLE: Don't log this. It provides no real actionable information. If you > absolutely, positively believe it should be logged (and I think I'll disagree > with you if so), then this should be a DVLOG(3) or something otherwise > "unchatty". Done.
	66 BrowserThread::PostTask(BrowserThread::IO,

	67 FROM_HERE,

	68 base::Bind(callback, certificate, private_key));
	Ryan Sleevi 2013/06/06 23:57:37 DESIGN: Do not structure the PostTask interaction DESIGN: Do not structure the PostTask interaction like this. Instead, use PostTaskAndReply/PostTaskAndReplyWithResult to handle the marshalling for ensuring that \|callback\| is invoked on the right thread. jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > DESIGN: Do not structure the PostTask interaction like this. > > Instead, use PostTaskAndReply/PostTaskAndReplyWithResult to handle the > marshalling for ensuring that \|callback\| is invoked on the right thread. Done.
	69 }

	70

	71 } // namespace

	72

	73 DTLSIdentityStore* DTLSIdentityStore::GetInstance() {

	74 return Singleton<DTLSIdentityStore>::get();

	75 }
	Ryan Sleevi 2013/06/06 23:57:37 Again, no go for Singletons. Again, no go for Singletons. jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > Again, no go for Singletons. Done.
	76

	77 DTLSIdentityStore::DTLSIdentityStore()

	78 : task_runner_(base::WorkerPool::GetTaskRunner(true)) {

	79 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));

	80 }

	81

	82 DTLSIdentityStore::DTLSIdentityStore(

	83 const scoped_refptr<base::TaskRunner>& task_runner)

	84 : task_runner_(task_runner) {

	85 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));

	86 }

	87

	88 DTLSIdentityStore::~DTLSIdentityStore() {}

	89

	90 void DTLSIdentityStore::RequestIdentity(const GURL& origin,

	91 const std::string& identity_name,

	92 const std::string& common_name,

	93 const OnCompleteCallback& callback) {

	94 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));

	95

	96 DLOG(INFO) << "DTLSIdentityStore: start generating identity.";

	97 // TODO(jiayl): find the cert in the persistent store and generate a new one

	98 // only when not found.

	99 task_runner_->PostTask(FROM_HERE,

	100 base::Bind(&GenerateIdentityWorker,

	101 origin,

	102 identity_name,

	103 common_name,

	104 callback));
	Ryan Sleevi 2013/06/06 23:57:37 std::string* private_key = new std::string; std::s std::string* private_key = new std::string; std::string* cert = new std::string; PostTaskAndReply( task_runner_.get(), FROM_HERE, base::Bind(&GenerateIdentityWorker, origin, identity_name, common_name, private_key, cert), base::Bind(callback, base::Owned(private_key), base::Owned(cert))); jiayl 2013/06/13 21:50:45 Done. Show quoted text On 2013/06/06 23:57:37, Ryan Sleevi wrote: > std::string* private_key = new std::string; > std::string* cert = new std::string; > PostTaskAndReply( > task_runner_.get(), > FROM_HERE, > base::Bind(&GenerateIdentityWorker, origin, identity_name, common_name, > private_key, cert), > base::Bind(callback, base::Owned(private_key), base::Owned(cert))); > Done.
	105 }

	106

	107 } // namespace content

OLD	NEW