Home | History | Annotate | Download | only in media 
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
      6 #define CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/callback.h"
     12 #include "base/time/time.h"
     13 #include "content/common/content_export.h"
     14 
     15 class GURL;
     16 
     17 namespace base {
     18 class FilePath;
     19 class TaskRunner;
     20 }  // namespace base
     21 
     22 namespace quota {
     23 class SpecialStoragePolicy;
     24 }  // namespace quota
     25 
     26 namespace content {
     27 class WebRTCIdentityRequest;
     28 struct WebRTCIdentityRequestResult;
     29 class WebRTCIdentityStoreBackend;
     30 class WebRTCIdentityStoreTest;
     31 
     32 // A class for creating and fetching DTLS identities, i.e. the private key and
     33 // the self-signed certificate.
     34 // It can be created/destroyed on any thread, but the public methods must be
     35 // called on the IO thread.
     36 class CONTENT_EXPORT WebRTCIdentityStore
     37     : public base::RefCountedThreadSafe<WebRTCIdentityStore> {
     38  public:
     39   typedef base::Callback<void(int error,
     40                               const std::string& certificate,
     41                               const std::string& private_key)>
     42       CompletionCallback;
     43 
     44   // If |path| is empty, nothing will be saved to disk.
     45   WebRTCIdentityStore(const base::FilePath& path,
     46                       quota::SpecialStoragePolicy* policy);
     47 
     48   // Retrieve the cached DTLS private key and certificate, i.e. identity, for
     49   // the |origin| and |identity_name| pair, or generate a new identity using
     50   // |common_name| if such an identity does not exist.
     51   // If the given |common_name| is different from the common name in the cached
     52   // identity that has the same origin and identity_name, a new private key and
     53   // a new certificate will be generated, overwriting the old one.
     54   //
     55   // |origin| is the origin of the DTLS connection;
     56   // |identity_name| is used to identify an identity within an origin; it is
     57   // opaque to WebRTCIdentityStore and remains private to the caller, i.e. not
     58   // present in the certificate;
     59   // |common_name| is the common name used to generate the certificate and will
     60   // be shared with the peer of the DTLS connection. Identities created for
     61   // different origins or different identity names may have the same common
     62   // name.
     63   // |callback| is the callback to return the result as DER strings.
     64   //
     65   // Returns the Closure used to cancel the request if the request is accepted.
     66   // The Closure can only be called before the request completes.
     67   virtual base::Closure RequestIdentity(const GURL& origin,
     68                                         const std::string& identity_name,
     69                                         const std::string& common_name,
     70                                         const CompletionCallback& callback);
     71 
     72   // Delete the identities created between |delete_begin| and |delete_end|.
     73   // |callback| will be called when the operation is done.
     74   void DeleteBetween(base::Time delete_begin,
     75                      base::Time delete_end,
     76                      const base::Closure& callback);
     77 
     78  protected:
     79   // Only virtual to allow subclassing for test mock.
     80   virtual ~WebRTCIdentityStore();
     81 
     82  private:
     83   friend class base::RefCountedThreadSafe<WebRTCIdentityStore>;
     84   friend class WebRTCIdentityStoreTest;
     85 
     86   void SetValidityPeriodForTesting(base::TimeDelta validity_period);
     87   void SetTaskRunnerForTesting(
     88       const scoped_refptr<base::TaskRunner>& task_runner);
     89 
     90   void BackendFindCallback(WebRTCIdentityRequest* request,
     91                            int error,
     92                            const std::string& certificate,
     93                            const std::string& private_key);
     94   void GenerateIdentityCallback(WebRTCIdentityRequest* request,
     95                                 WebRTCIdentityRequestResult* result);
     96   WebRTCIdentityRequest* FindRequest(const GURL& origin,
     97                                      const std::string& identity_name,
     98                                      const std::string& common_name);
     99   void PostRequestResult(WebRTCIdentityRequest* request,
    100                          const WebRTCIdentityRequestResult& result);
    101 
    102   // The validity period of the certificates.
    103   base::TimeDelta validity_period_;
    104 
    105   // The TaskRunner for doing work on a worker thread.
    106   scoped_refptr<base::TaskRunner> task_runner_;
    107 
    108   // Weak references of the in flight requests. Used to join identical external
    109   // requests.
    110   std::vector<WebRTCIdentityRequest*> in_flight_requests_;
    111 
    112   scoped_refptr<WebRTCIdentityStoreBackend> backend_;
    113 
    114   DISALLOW_COPY_AND_ASSIGN(WebRTCIdentityStore);
    115 };
    116 
    117 }  // namespace content
    118 
    119 #endif  // CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
    120