Generates the DTLS identity in browser process and returns it to render process.

content/browser/media/dtls_identity_store.cc

Index: content/browser/media/dtls_identity_store.cc
diff --git a/content/browser/media/dtls_identity_store.cc b/content/browser/media/dtls_identity_store.cc
new file mode 100644
index 0000000000000000000000000000000000000000..18641dd6837b5b7b3984f970ac379d705c4dee09
--- /dev/null
+++ b/content/browser/media/dtls_identity_store.cc
@@ -0,0 +1,163 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/media/dtls_identity_store.h"
+
+#include "base/bind.h"
+#include "base/callback_helpers.h"
+#include "base/location.h"
+#include "base/logging.h"
+#include "base/rand_util.h"
+#include "base/task_runner.h"
+#include "base/threading/worker_pool.h"
+#include "content/public/browser/browser_thread.h"
+#include "crypto/rsa_private_key.h"
+#include "googleurl/src/gurl.h"
+#include "net/base/net_errors.h"
+#include "net/cert/x509_certificate.h"
+
+namespace content {
+
+namespace {

[Ryan Sleevi, 2013/06/13 22:36:47]

STYLE: Linebreak

[jiayl, 2013/06/14 00:37:01]

Done.

+struct DTLSIdentityRequestResult {
+  int error;
+  std::string certificate;
+  std::string private_key;
+};
+
+static void GenerateIdentityWorker(const std::string& common_name,
+                                   DTLSIdentityRequestResult* result) {
+  result->error = net::OK;
+  std::string certificate;
+  std::vector<uint8> private_key_info;
+
+  int serial_number = base::RandInt(0, std::numeric_limits<int>::max());
+
+  scoped_ptr<crypto::RSAPrivateKey> key(crypto::RSAPrivateKey::Create(1024));
+  if (!key.get()) {
+    DLOG(ERROR) << "Unable to create key pair for client";
+    result->error = net::ERR_KEY_GENERATION_FAILED;
+    return;
+  }
+
+   scoped_refptr<net::X509Certificate> cert =
+      net::X509Certificate::CreateSelfSigned(key.get(),
+                                             "CN=" + common_name,
+                                             serial_number,
+                                             base::TimeDelta::FromDays(30));
+  if (!cert) {
+    DLOG(ERROR) << "Unable to create x509 cert for client";
+    result->error = net::ERR_SELF_SIGNED_CERT_GENERATION_FAILED;
+    return;
+  }
+  if (!net::X509Certificate::GetDEREncoded(cert->os_cert_handle(),
+                                           &result->certificate)) {
+    DLOG(ERROR) << "Unable to get the DER decoded data from the cert.";
+    result->error = net::ERR_SELF_SIGNED_CERT_GENERATION_FAILED;
+    return;
+  }
+
+  if (!key->ExportPrivateKey(&private_key_info)) {
+    DLOG(ERROR) << "Unable to export private key";
+    result->error = net::ERR_PRIVATE_KEY_EXPORT_FAILED;
+    return;
+  }
+
+  result->private_key =
+      std::string(private_key_info.begin(), private_key_info.end());
+}
+
+class DTLSIdentityRequest {
+ public:
+  DTLSIdentityRequest(const DTLSIdentityStore::CompletionCallback& callback)
+      : callback_(callback) {}
+
+  void Cancel() {
+    callback_.Reset();
+  }
+
+  void Post(DTLSIdentityRequestResult* result) {
+    if (callback_.is_null())
+      return;
+    callback_.Run(result->error, result->certificate, result->private_key);
+  }
+
+ private:
+  DTLSIdentityStore::CompletionCallback callback_;
+};
+
+}  // namespace
+
+DTLSIdentityStore::RequestHandle::RequestHandle()
+    : store_(NULL),
+      request_(NULL) {}
+
+DTLSIdentityStore::RequestHandle::~RequestHandle() {
+  Cancel();
+}
+
+void DTLSIdentityStore::RequestHandle::Cancel() {
+  if (request_) {
+    store_->CancelRequest(request_);
+    request_ = NULL;
+    callback_.Reset();
+  }
+}
+
+void DTLSIdentityStore::RequestHandle::RequestStarted(
+    DTLSIdentityStore* store,
+    DTLSIdentityRequest* request,
+    const CompletionCallback& callback) {
+  DCHECK(request_ == NULL);

[Ryan Sleevi, 2013/06/13 22:36:47]

DCHECK(!request_)

[jiayl, 2013/06/14 00:37:01]

Done.

+  store_ = store;
+  request_ = request;
+  callback_ = callback;
+}
+
+void DTLSIdentityStore::RequestHandle::OnRequestComplete(
+    int error,
+    const std::string& certificate,
+    const std::string& private_key) {
+  request_ = NULL;
+  base::ResetAndReturn(&callback_).Run(error, certificate, private_key);
+}
+
+DTLSIdentityStore::DTLSIdentityStore()
+    : task_runner_(base::WorkerPool::GetTaskRunner(true)) {
+}
+
+DTLSIdentityStore::DTLSIdentityStore(
+    const scoped_refptr<base::TaskRunner>& task_runner)
+    : task_runner_(task_runner) {
+}
+
+DTLSIdentityStore::~DTLSIdentityStore() {}
+
+void DTLSIdentityStore::RequestIdentity(const GURL& origin,
+                                        const std::string& identity_name,
+                                        const std::string& common_name,
+                                        const CompletionCallback& callback,
+                                        RequestHandle* out_request) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  // TODO(jiayl): find the cert in the persistent store and generate a new one
+  // only when not found.
+  DTLSIdentityRequest* request = new DTLSIdentityRequest(
+      base::Bind(&RequestHandle::OnRequestComplete,
+                 base::Unretained(out_request)));
+  out_request->RequestStarted(this, request, callback);
+
+  DTLSIdentityRequestResult* result = new DTLSIdentityRequestResult;
+  task_runner_->PostTaskAndReply(
+      FROM_HERE,
+      base::Bind(&GenerateIdentityWorker, common_name, result),
+      base::Bind(&DTLSIdentityRequest::Post,
+                 base::Owned(request), base::Owned(result)));
+}
+
+void DTLSIdentityStore::CancelRequest(DTLSIdentityRequest* request) {
+  DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
+  request->Cancel();
+}
+
+}  // namespace content