Generates the DTLS identity in browser process and returns it to render process.

content/browser/renderer_host/media/webrtc_identity_service_host.cc

Index: content/browser/renderer_host/media/webrtc_identity_service_host.cc
diff --git a/content/browser/renderer_host/media/webrtc_identity_service_host.cc b/content/browser/renderer_host/media/webrtc_identity_service_host.cc
new file mode 100644
index 0000000000000000000000000000000000000000..07404ed21f449067d466472d6e1fb3ea2eb3fcd5
--- /dev/null
+++ b/content/browser/renderer_host/media/webrtc_identity_service_host.cc
@@ -0,0 +1,112 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/renderer_host/media/webrtc_identity_service_host.h"
+
+#include "base/bind.h"
+#include "content/common/media/webrtc_identity_messages.h"
+#include "content/public/browser/render_process_host.h"
+#include "net/base/net_errors.h"
+
+namespace content {
+
+const int WebRTCIdentityServiceHost::MAX_REQUESTS_PER_SECOND = 5;
+
+WebRTCIdentityServiceHost::WebRTCIdentityServiceHost(
+    WebRTCIdentityStore* identity_store)
+    : identity_store_(identity_store) {}
+
+WebRTCIdentityServiceHost::~WebRTCIdentityServiceHost() {
+  RequestCancelCallbackMap::iterator it;
+  for (it = pending_request_cancel_callback_map_.begin();
+       it != pending_request_cancel_callback_map_.end();
+       ++it) {
+    it->second.Run();
+  }
+}
+
+bool WebRTCIdentityServiceHost::OnMessageReceived(const IPC::Message& message,
+                                                  bool* message_was_ok) {
+  bool handled = true;
+  IPC_BEGIN_MESSAGE_MAP_EX(WebRTCIdentityServiceHost, message, *message_was_ok)
+    IPC_MESSAGE_HANDLER(WebRTCIdentityMsg_RequestIdentity, OnRequestIdentity)
+    IPC_MESSAGE_HANDLER(WebRTCIdentityMsg_CancelRequest, OnCancelRequest)
+    IPC_MESSAGE_UNHANDLED(handled = false)
+  IPC_END_MESSAGE_MAP_EX()
+  return handled;
+}
+
+void WebRTCIdentityServiceHost::OnRequestIdentity(
+    int request_id,
+    const GURL& origin,
+    const std::string& identity_name,
+    const std::string& common_name) {
+  if (pending_request_cancel_callback_map_.end() !=
+          pending_request_cancel_callback_map_.find(request_id))
+    return;
+
+  if (!IsRequestAllowed()) {
+    DLOG(WARNING) << "The request is rejected due to too many requests.";
+    OnComplete(request_id, net::ERR_INSUFFICIENT_RESOURCES, std::string(),
+               std::string());
+    return;
+  }
+
+  base::Closure cancel_callback;
+  bool success = identity_store_->RequestIdentity(
+      origin,
+      identity_name,
+      common_name,
+      base::Bind(&WebRTCIdentityServiceHost::OnComplete,
+                 base::Unretained(this),
+                 request_id),
+      &cancel_callback);
+  if (success) {
+    pending_request_cancel_callback_map_[request_id] = cancel_callback;
+    UpdateRequestTime();
+  } else {
+    OnComplete(request_id, net::ERR_UNEXPECTED, std::string(), std::string());
+  }
+}
+
+void WebRTCIdentityServiceHost::OnCancelRequest(int request_id) {
+  if (pending_request_cancel_callback_map_.find(request_id) ==
+         pending_request_cancel_callback_map_.end())
+    return;
+  pending_request_cancel_callback_map_[request_id].Run();
+  pending_request_cancel_callback_map_.erase(request_id);
+}
+
+void WebRTCIdentityServiceHost::OnComplete(int request_id,
+                                           int error,
+                                           const std::string& certificate,
+                                           const std::string& private_key) {
+  if (pending_request_cancel_callback_map_.find(request_id) !=
+         pending_request_cancel_callback_map_.end())
+    pending_request_cancel_callback_map_.erase(request_id);
+
+  if (error == net::OK) {
+    Send(new WebRTCIdentityHostMsg_IdentityReady(
+        request_id, certificate, private_key));
+  } else {
+    Send(new WebRTCIdentityHostMsg_RequestFailed(request_id, error));
+  }
+}
+
+bool WebRTCIdentityServiceHost::IsRequestAllowed() {
+  if (recent_request_time_.size() < MAX_REQUESTS_PER_SECOND)
+    return true;
+
+  base::Time now = base::Time::NowFromSystemTime();

[Ryan Sleevi, 2013/06/27 00:14:55]

If you continue to want a time, do not use base::Time - use base::TimeTicks,
which is a monotonic clock.

+  base::Time last_n_request_time = recent_request_time_.front();
+  return (now - last_n_request_time) > base::TimeDelta::FromSeconds(1);
+}
+
+void WebRTCIdentityServiceHost::UpdateRequestTime() {
+  if (recent_request_time_.size() == MAX_REQUESTS_PER_SECOND)
+    recent_request_time_.pop();
+  recent_request_time_.push(base::Time::NowFromSystemTime());
+}
+
+}  // namespace content