Index: content/browser/renderer_host/media/dtls_identity_service_host.cc |
diff --git a/content/browser/renderer_host/media/dtls_identity_service_host.cc b/content/browser/renderer_host/media/dtls_identity_service_host.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..36f6a53264247f9efe3fa6dddd737de9c3ce0801 |
--- /dev/null |
+++ b/content/browser/renderer_host/media/dtls_identity_service_host.cc |
@@ -0,0 +1,83 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/browser/renderer_host/media/dtls_identity_service_host.h" |
+ |
+#include "base/bind.h" |
+#include "content/common/media/dtls_identity_messages.h" |
+#include "content/public/browser/render_process_host.h" |
+#include "net/base/net_errors.h" |
+ |
+namespace content { |
+ |
+DTLSIdentityServiceHost::DTLSIdentityServiceHost( |
+ DTLSIdentityStore* dtls_identity_store) |
+ : dtls_identity_store_(dtls_identity_store) {} |
+ |
+DTLSIdentityServiceHost::~DTLSIdentityServiceHost() { |
+ RequestCancelCallbackMap::iterator it; |
+ for (it = pending_request_cancel_callback_map_.begin(); |
+ it != pending_request_cancel_callback_map_.end(); |
+ ++it) { |
+ it->second.Run(); |
+ } |
+} |
+ |
+bool DTLSIdentityServiceHost::OnMessageReceived(const IPC::Message& message, |
+ bool* message_was_ok) { |
+ bool handled = true; |
+ IPC_BEGIN_MESSAGE_MAP_EX(DTLSIdentityServiceHost, message, *message_was_ok) |
+ IPC_MESSAGE_HANDLER(DTLSIdentityMsg_RequestIdentity, OnRequestIdentity) |
+ IPC_MESSAGE_HANDLER(DTLSIdentityMsg_CancelRequest, OnCancelRequest) |
+ IPC_MESSAGE_UNHANDLED(handled = false) |
+ IPC_END_MESSAGE_MAP_EX() |
+ return handled; |
+} |
+ |
+void DTLSIdentityServiceHost::OnRequestIdentity( |
+ int request_id, |
+ const GURL& origin, |
+ const std::string& identity_name, |
+ const std::string& common_name) { |
+ DCHECK(pending_request_cancel_callback_map_.end() == |
+ pending_request_cancel_callback_map_.find(request_id)); |
+ |
+ base::Closure cancel_callback; |
+ bool success = dtls_identity_store_->RequestIdentity( |
+ origin, |
+ identity_name, |
+ common_name, |
+ base::Bind(&DTLSIdentityServiceHost::OnComplete, |
+ base::Unretained(this), |
+ request_id), |
+ &cancel_callback); |
+ if (success) |
+ pending_request_cancel_callback_map_[request_id] = cancel_callback; |
Ryan Sleevi
2013/06/24 23:27:07
As mentioned via e-mail, a hostile renderer could
jiayl
2013/06/25 20:36:32
Changed the DCHECK to if-return.
On 2013/06/24 23:
|
+ else |
+ OnComplete(request_id, net::ERR_UNEXPECTED, std::string(), std::string()); |
+} |
+ |
+void DTLSIdentityServiceHost::OnCancelRequest(int request_id) { |
+ DCHECK(pending_request_cancel_callback_map_.find(request_id) != |
+ pending_request_cancel_callback_map_.end()); |
+ pending_request_cancel_callback_map_[request_id].Run(); |
Ryan Sleevi
2013/06/24 23:27:07
If |request_id| is not a valid request, this will
jiayl
2013/06/25 20:36:32
Changed the DCHECK to if-return
On 2013/06/24 23:2
|
+ pending_request_cancel_callback_map_.erase(request_id); |
+} |
Ryan Sleevi
2013/06/24 19:29:16
It still seems to me that you're trusting the rend
jiayl
2013/06/25 20:36:32
Rate limiting is added to WebRTCIdentityServiceHos
|
+ |
+void DTLSIdentityServiceHost::OnComplete(int request_id, |
+ int error, |
+ const std::string& certificate, |
+ const std::string& private_key) { |
+ DCHECK(pending_request_cancel_callback_map_.find(request_id) != |
+ pending_request_cancel_callback_map_.end()); |
+ pending_request_cancel_callback_map_.erase(request_id); |
+ if (error == net::OK) { |
+ Send(new DTLSIdentityHostMsg_IdentityReady( |
+ request_id, certificate, private_key)); |
+ } else { |
+ Send(new DTLSIdentityHostMsg_RequestFailed(request_id, error)); |
+ } |
+} |
+ |
+} // namespace content |