content/browser/media/webrtc_identity_store.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
   6 #define CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/callback.h"
  12 #include "base/time/time.h"
  13 #include "content/common/content_export.h"
  14
  15 class GURL;
  16
  17 namespace base {
  18 class FilePath;
  19 class TaskRunner;
  20 }  // namespace base
  21
  22 namespace storage {
  23 class SpecialStoragePolicy;
  24 }  // namespace storage
  25
  26 namespace content {
  27 class WebRTCIdentityRequest;
  28 struct WebRTCIdentityRequestResult;
  29 class WebRTCIdentityStoreBackend;
  30 class WebRTCIdentityStoreTest;
  31
  32 // A class for creating and fetching DTLS identities, i.e. the private key and
  33 // the self-signed certificate.
  34 // It can be created/destroyed on any thread, but the public methods must be
  35 // called on the IO thread.
  36 class CONTENT_EXPORT WebRTCIdentityStore
  37     : public base::RefCountedThreadSafe<WebRTCIdentityStore> {
  38  public:
  39   typedef base::Callback<void(int error,
  40                               const std::string& certificate,
  41                               const std::string& private_key)>
  42       CompletionCallback;
  43
  44   // If |path| is empty, nothing will be saved to disk.
  45   WebRTCIdentityStore(const base::FilePath& path,
  46                       storage::SpecialStoragePolicy* policy);
  47
  48   // Retrieve the cached DTLS private key and certificate, i.e. identity, for
  49   // the |origin| and |identity_name| pair if such an identity exists and
  50   // |enable_cache| is true. Otherwise, generate a new identity using
  51   // |common_name|.
  52   // If the given |common_name| is different from the common name in the cached
  53   // identity that has the same origin and identity_name, a new private key and
  54   // a new certificate will be generated, overwriting the old one.
  55   //
  56   // |origin| is the origin of the DTLS connection;
  57   // |identity_name| is used to identify an identity within an origin; it is
  58   // opaque to WebRTCIdentityStore and remains private to the caller, i.e. not
  59   // present in the certificate;
  60   // |common_name| is the common name used to generate the certificate and will
  61   // be shared with the peer of the DTLS connection. Identities created for
  62   // different origins or different identity names may have the same common
  63   // name.
  64   // |callback| is the callback to return the result as DER strings.
  65   // |enable_cache| is true if the persistent cache should be used to return the
  66   // certificate. If a new identity is generated, it will be not saved in the
  67   // cache if |enable_cache| is false.
  68   // Returns the Closure used to cancel the request if the request is accepted.
  69   // The Closure can only be called before the request completes.
  70   virtual base::Closure RequestIdentity(const GURL& origin,
  71                                         const std::string& identity_name,
  72                                         const std::string& common_name,
  73                                         const CompletionCallback& callback,
  74                                         bool enable_cache);
  75
  76   // Delete the identities created between |delete_begin| and |delete_end|.
  77   // |callback| will be called when the operation is done.
  78   void DeleteBetween(base::Time delete_begin,
  79                      base::Time delete_end,
  80                      const base::Closure& callback);
  81
  82  protected:
  83   // Only virtual to allow subclassing for test mock.
  84   virtual ~WebRTCIdentityStore();
  85
  86  private:
  87   friend class base::RefCountedThreadSafe<WebRTCIdentityStore>;
  88   friend class WebRtcIdentityStoreTest;
  89
  90   void SetValidityPeriodForTesting(base::TimeDelta validity_period);
  91   void SetTaskRunnerForTesting(
  92       const scoped_refptr<base::TaskRunner>& task_runner);
  93
  94   void BackendFindCallback(WebRTCIdentityRequest* request,
  95                            int error,
  96                            const std::string& certificate,
  97                            const std::string& private_key);
  98   void GenerateIdentityCallback(WebRTCIdentityRequest* request,
  99                                 WebRTCIdentityRequestResult* result);
 100   WebRTCIdentityRequest* FindRequest(const GURL& origin,
 101                                      const std::string& identity_name,
 102                                      const std::string& common_name);
 103   void PostRequestResult(WebRTCIdentityRequest* request,
 104                          const WebRTCIdentityRequestResult& result);
 105
 106   void GenerateNewIdentity(WebRTCIdentityRequest* request);
 107
 108   // The validity period of the certificates.
 109   base::TimeDelta validity_period_;
 110
 111   // The TaskRunner for doing work on a worker thread.
 112   scoped_refptr<base::TaskRunner> task_runner_;
 113
 114   // Weak references of the in flight requests. Used to join identical external
 115   // requests.
 116   std::vector<WebRTCIdentityRequest*> in_flight_requests_;
 117
 118   scoped_refptr<WebRTCIdentityStoreBackend> backend_;
 119
 120   DISALLOW_COPY_AND_ASSIGN(WebRTCIdentityStore);
 121 };
 122
 123 }  // namespace content
 124
 125 #endif  // CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_