1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
6#define CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
7
8#include <string>
9#include <vector>
10
11#include "base/callback.h"
12#include "base/time/time.h"
13#include "content/common/content_export.h"
14
15class GURL;
16
17namespace base {
18class FilePath;
19class TaskRunner;
20}  // namespace base
21
22namespace storage {
23class SpecialStoragePolicy;
24}  // namespace storage
25
26namespace content {
27class WebRTCIdentityRequest;
28struct WebRTCIdentityRequestResult;
29class WebRTCIdentityStoreBackend;
30class WebRTCIdentityStoreTest;
31
32// A class for creating and fetching DTLS identities, i.e. the private key and
33// the self-signed certificate.
34// It can be created/destroyed on any thread, but the public methods must be
35// called on the IO thread.
36class CONTENT_EXPORT WebRTCIdentityStore
37    : public base::RefCountedThreadSafe<WebRTCIdentityStore> {
38 public:
39  typedef base::Callback<void(int error,
40                              const std::string& certificate,
41                              const std::string& private_key)>
42      CompletionCallback;
43
44  // If |path| is empty, nothing will be saved to disk.
45  WebRTCIdentityStore(const base::FilePath& path,
46                      storage::SpecialStoragePolicy* policy);
47
48  // Retrieve the cached DTLS private key and certificate, i.e. identity, for
49  // the |origin| and |identity_name| pair, or generate a new identity using
50  // |common_name| if such an identity does not exist.
51  // If the given |common_name| is different from the common name in the cached
52  // identity that has the same origin and identity_name, a new private key and
53  // a new certificate will be generated, overwriting the old one.
54  //
55  // |origin| is the origin of the DTLS connection;
56  // |identity_name| is used to identify an identity within an origin; it is
57  // opaque to WebRTCIdentityStore and remains private to the caller, i.e. not
58  // present in the certificate;
59  // |common_name| is the common name used to generate the certificate and will
60  // be shared with the peer of the DTLS connection. Identities created for
61  // different origins or different identity names may have the same common
62  // name.
63  // |callback| is the callback to return the result as DER strings.
64  //
65  // Returns the Closure used to cancel the request if the request is accepted.
66  // The Closure can only be called before the request completes.
67  virtual base::Closure RequestIdentity(const GURL& origin,
68                                        const std::string& identity_name,
69                                        const std::string& common_name,
70                                        const CompletionCallback& callback);
71
72  // Delete the identities created between |delete_begin| and |delete_end|.
73  // |callback| will be called when the operation is done.
74  void DeleteBetween(base::Time delete_begin,
75                     base::Time delete_end,
76                     const base::Closure& callback);
77
78 protected:
79  // Only virtual to allow subclassing for test mock.
80  virtual ~WebRTCIdentityStore();
81
82 private:
83  friend class base::RefCountedThreadSafe<WebRTCIdentityStore>;
84  friend class WebRTCIdentityStoreTest;
85
86  void SetValidityPeriodForTesting(base::TimeDelta validity_period);
87  void SetTaskRunnerForTesting(
88      const scoped_refptr<base::TaskRunner>& task_runner);
89
90  void BackendFindCallback(WebRTCIdentityRequest* request,
91                           int error,
92                           const std::string& certificate,
93                           const std::string& private_key);
94  void GenerateIdentityCallback(WebRTCIdentityRequest* request,
95                                WebRTCIdentityRequestResult* result);
96  WebRTCIdentityRequest* FindRequest(const GURL& origin,
97                                     const std::string& identity_name,
98                                     const std::string& common_name);
99  void PostRequestResult(WebRTCIdentityRequest* request,
100                         const WebRTCIdentityRequestResult& result);
101
102  // The validity period of the certificates.
103  base::TimeDelta validity_period_;
104
105  // The TaskRunner for doing work on a worker thread.
106  scoped_refptr<base::TaskRunner> task_runner_;
107
108  // Weak references of the in flight requests. Used to join identical external
109  // requests.
110  std::vector<WebRTCIdentityRequest*> in_flight_requests_;
111
112  scoped_refptr<WebRTCIdentityStoreBackend> backend_;
113
114  DISALLOW_COPY_AND_ASSIGN(WebRTCIdentityStore);
115};
116
117}  // namespace content
118
119#endif  // CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_
120