Generates the DTLS identity in browser process and returns it to render process.

content/browser/media/webrtc_identity_store.h

Index: content/browser/media/webrtc_identity_store.h
diff --git a/content/browser/media/webrtc_identity_store.h b/content/browser/media/webrtc_identity_store.h
new file mode 100644
index 0000000000000000000000000000000000000000..514d157bcb785c9e62ce57e4aa60af84c155710e
--- /dev/null
+++ b/content/browser/media/webrtc_identity_store.h
@@ -0,0 +1,79 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
+#define CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
+
+#include "base/callback.h"
+
+class GURL;
+
+namespace base {
+class TaskRunner;
+}  // namespace base
+
+namespace content {
+
+class WebRTCIdentityRequest;
+class WebRTCIdentityRequestHandle;
+class WebRTCIdentityStoreTest;
+
+// A class for creating and fetching DTLS identities, i.e. the private key and
+// the self-signed certificate.
+class WebRTCIdentityStore {
+ public:
+  typedef base::Callback<void(int error,
+                              const std::string& certificate,
+                              const std::string& private_key)>
+      CompletionCallback;
+
+  WebRTCIdentityStore();
+  ~WebRTCIdentityStore();
+
+  // Retrieve the cached DTLS private key and certificate, i.e. identity, for
+  // the |origin| and |identity_name| pair, or generate a new identity using
+  // |common_name| if such an identity does not exist.
+  // If the given |common_name| is different from the common name in the cached
+  // identity that has the same origin and identity_name, a new private key and
+  // a new certificate will be generated, overwriting the old one.
+  // TODO(jiayl): implement identity caching through a persistent storage.
+  //
+  // |origin| is the origin of the DTLS connection;
+  // |identity_name| is used to identify an identity within an origin; it is
+  // opaque to WebRTCIdentityStore and remains private to the caller, i.e. not
+  // present in the certificate;
+  // |common_name| is the common name used to generate the certificate and will
+  // be shared with the peer of the DTLS connection. Identities created for
+  // different origins or different identity names may have the same common
+  // name.
+  // |callback| is the callback to return the result.
+  // |cancel_callback| will be set to the Closure used to cancel the request
+  // if the request is accepted. The Closure can only be called before the
+  // request completes.
+  //
+  // Returns true if the request is accepted.
+  bool RequestIdentity(const GURL& origin,
+                       const std::string& identity_name,
+                       const std::string& common_name,
+                       const CompletionCallback& callback,
+                       base::Closure* cancel_callback);
+
+ private:
+  friend class WebRTCIdentityRequestHandle;
+  friend class WebRTCIdentityStoreTest;
+
+  explicit WebRTCIdentityStore(

[Ami GONE FROM CHROMIUM, 2013/06/27 20:05:18]

Is this ctor only used for testing?  If so, might be useful to mark it as such
in a comment, or, better yet, have an explicit private
void SetTaskRunnerForTest(const scoped_refptr<base::TaskRunner>& task_runner);
method that modifies an already-constructed object.

[jiayl, 2013/06/27 21:08:37]

Done.

+      const scoped_refptr<base::TaskRunner>& task_runner);
+
+  void CancelRequestInternal(WebRTCIdentityRequest* request);
+
+  // The TaskRunner for doing work on a worker thread.
+  scoped_refptr<base::TaskRunner> task_runner_;
+
+  DISALLOW_COPY_AND_ASSIGN(WebRTCIdentityStore);
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_