Generates the DTLS identity in browser process and returns it to render process.

content/browser/renderer_host/media/dtls_identity_service_host.cc

Index: content/browser/renderer_host/media/dtls_identity_service_host.cc
diff --git a/content/browser/renderer_host/media/dtls_identity_service_host.cc b/content/browser/renderer_host/media/dtls_identity_service_host.cc
new file mode 100644
index 0000000000000000000000000000000000000000..36f6a53264247f9efe3fa6dddd737de9c3ce0801
--- /dev/null
+++ b/content/browser/renderer_host/media/dtls_identity_service_host.cc
@@ -0,0 +1,83 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/renderer_host/media/dtls_identity_service_host.h"
+
+#include "base/bind.h"
+#include "content/common/media/dtls_identity_messages.h"
+#include "content/public/browser/render_process_host.h"
+#include "net/base/net_errors.h"
+
+namespace content {
+
+DTLSIdentityServiceHost::DTLSIdentityServiceHost(
+    DTLSIdentityStore* dtls_identity_store)
+    : dtls_identity_store_(dtls_identity_store) {}
+
+DTLSIdentityServiceHost::~DTLSIdentityServiceHost() {
+  RequestCancelCallbackMap::iterator it;
+  for (it = pending_request_cancel_callback_map_.begin();
+       it != pending_request_cancel_callback_map_.end();
+       ++it) {
+    it->second.Run();
+  }
+}
+
+bool DTLSIdentityServiceHost::OnMessageReceived(const IPC::Message& message,
+                                                bool* message_was_ok) {
+  bool handled = true;
+  IPC_BEGIN_MESSAGE_MAP_EX(DTLSIdentityServiceHost, message, *message_was_ok)
+    IPC_MESSAGE_HANDLER(DTLSIdentityMsg_RequestIdentity, OnRequestIdentity)
+    IPC_MESSAGE_HANDLER(DTLSIdentityMsg_CancelRequest, OnCancelRequest)
+    IPC_MESSAGE_UNHANDLED(handled = false)
+  IPC_END_MESSAGE_MAP_EX()
+  return handled;
+}
+
+void DTLSIdentityServiceHost::OnRequestIdentity(
+    int request_id,
+    const GURL& origin,
+    const std::string& identity_name,
+    const std::string& common_name) {
+  DCHECK(pending_request_cancel_callback_map_.end() ==
+         pending_request_cancel_callback_map_.find(request_id));
+
+  base::Closure cancel_callback;
+  bool success = dtls_identity_store_->RequestIdentity(
+      origin,
+      identity_name,
+      common_name,
+      base::Bind(&DTLSIdentityServiceHost::OnComplete,
+                 base::Unretained(this),
+                 request_id),
+      &cancel_callback);
+  if (success)
+    pending_request_cancel_callback_map_[request_id] = cancel_callback;

[Ryan Sleevi, 2013/06/24 23:27:07]

As mentioned via e-mail, a hostile renderer could spam requests for the same
request_id repeatedly.

This would replace the cancel callbacks, allowing them to request an arbitrary
number of requests that the browser would be unable to cancel (because the
cancel callbacks were overwritten)

[jiayl, 2013/06/25 20:36:32]

Changed the DCHECK to if-return.
On 2013/06/24 23:27:07, Ryan Sleevi wrote:

+  else
+    OnComplete(request_id, net::ERR_UNEXPECTED, std::string(), std::string());
+}
+
+void DTLSIdentityServiceHost::OnCancelRequest(int request_id) {
+  DCHECK(pending_request_cancel_callback_map_.find(request_id) !=
+         pending_request_cancel_callback_map_.end());
+  pending_request_cancel_callback_map_[request_id].Run();

[Ryan Sleevi, 2013/06/24 23:27:07]

If |request_id| is not a valid request, this will cause the browser to crash, by
attempting to run a null callback.

[jiayl, 2013/06/25 20:36:32]

Changed the DCHECK to if-return
On 2013/06/24 23:27:07, Ryan Sleevi wrote:

+  pending_request_cancel_callback_map_.erase(request_id);
+}

[Ryan Sleevi, 2013/06/24 19:29:16]

It still seems to me that you're trusting the renderer to be well behaved and
cancel requests.

It seems like you should be observing if the renderer process disappears while
requests are pending, so that you cancel requests.

I'm also concerned about rate limiting - this gives the renderer a vector to
spawn an arbitrary number of threads

[jiayl, 2013/06/25 20:36:32]

Rate limiting is added to WebRTCIdentityServiceHost with max 5 requests per
second.

When the renderer process disappears, WebRTCIdentityServiceHost detor will
cancel requests.

On 2013/06/24 19:29:16, Ryan Sleevi wrote:

+
+void DTLSIdentityServiceHost::OnComplete(int request_id,
+                                         int error,
+                                         const std::string& certificate,
+                                         const std::string& private_key) {
+  DCHECK(pending_request_cancel_callback_map_.find(request_id) !=
+         pending_request_cancel_callback_map_.end());
+  pending_request_cancel_callback_map_.erase(request_id);
+  if (error == net::OK) {
+    Send(new DTLSIdentityHostMsg_IdentityReady(
+        request_id, certificate, private_key));
+  } else {
+    Send(new DTLSIdentityHostMsg_RequestFailed(request_id, error));
+  }
+}
+
+}  // namespace content