1eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Copyright 2013 The Chromium Authors. All rights reserved. 2eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// Use of this source code is governed by a BSD-style license that can be 3eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// found in the LICENSE file. 4eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 5eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#ifndef CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_ 6eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#define CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_ 7eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 8eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include <string> 9ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include <vector> 10eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 11eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "base/callback.h" 12ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch#include "base/time/time.h" 13eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#include "content/common/content_export.h" 14eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 15eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass GURL; 16eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 17eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochnamespace base { 18ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochclass FilePath; 19eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass TaskRunner; 20eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} // namespace base 21eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 2203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)namespace storage { 23ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochclass SpecialStoragePolicy; 2403b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles)} // namespace storage 25eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 26ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochnamespace content { 27ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochclass WebRTCIdentityRequest; 28ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochstruct WebRTCIdentityRequestResult; 29ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochclass WebRTCIdentityStoreBackend; 30eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdochclass WebRTCIdentityStoreTest; 31eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 32eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// A class for creating and fetching DTLS identities, i.e. the private key and 33eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// the self-signed certificate. 34ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// It can be created/destroyed on any thread, but the public methods must be 35ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch// called on the IO thread. 36ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdochclass CONTENT_EXPORT WebRTCIdentityStore 37ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch : public base::RefCountedThreadSafe<WebRTCIdentityStore> { 38eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch public: 39eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch typedef base::Callback<void(int error, 40eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& certificate, 41eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const std::string& private_key)> 42eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch CompletionCallback; 43eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 44ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // If |path| is empty, nothing will be saved to disk. 45ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch WebRTCIdentityStore(const base::FilePath& path, 4603b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) storage::SpecialStoragePolicy* policy); 47eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 48eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Retrieve the cached DTLS private key and certificate, i.e. identity, for 49eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // the |origin| and |identity_name| pair, or generate a new identity using 50eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |common_name| if such an identity does not exist. 51eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // If the given |common_name| is different from the common name in the cached 52eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // identity that has the same origin and identity_name, a new private key and 53eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // a new certificate will be generated, overwriting the old one. 54eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 55eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |origin| is the origin of the DTLS connection; 56eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |identity_name| is used to identify an identity within an origin; it is 57eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // opaque to WebRTCIdentityStore and remains private to the caller, i.e. not 58eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // present in the certificate; 59eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // |common_name| is the common name used to generate the certificate and will 60eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // be shared with the peer of the DTLS connection. Identities created for 61eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // different origins or different identity names may have the same common 62eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // name. 63ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // |callback| is the callback to return the result as DER strings. 64eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // 65eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // Returns the Closure used to cancel the request if the request is accepted. 66eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // The Closure can only be called before the request completes. 67ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch virtual base::Closure RequestIdentity(const GURL& origin, 68ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch const std::string& identity_name, 69ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch const std::string& common_name, 70ca12bfac764ba476d6cd062bf1dde12cc64c3f40Ben Murdoch const CompletionCallback& callback); 71eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 72ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Delete the identities created between |delete_begin| and |delete_end|. 73ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // |callback| will be called when the operation is done. 74ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch void DeleteBetween(base::Time delete_begin, 75ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch base::Time delete_end, 76ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const base::Closure& callback); 77ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 78ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch protected: 79ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Only virtual to allow subclassing for test mock. 80ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch virtual ~WebRTCIdentityStore(); 81ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 82eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch private: 83ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch friend class base::RefCountedThreadSafe<WebRTCIdentityStore>; 84eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch friend class WebRTCIdentityStoreTest; 85eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 864e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) void SetValidityPeriodForTesting(base::TimeDelta validity_period); 87eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch void SetTaskRunnerForTesting( 88eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch const scoped_refptr<base::TaskRunner>& task_runner); 89eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 90ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch void BackendFindCallback(WebRTCIdentityRequest* request, 91ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch int error, 92ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const std::string& certificate, 93ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const std::string& private_key); 94ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch void GenerateIdentityCallback(WebRTCIdentityRequest* request, 95ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch WebRTCIdentityRequestResult* result); 96ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch WebRTCIdentityRequest* FindRequest(const GURL& origin, 97ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const std::string& identity_name, 98ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const std::string& common_name); 99ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch void PostRequestResult(WebRTCIdentityRequest* request, 100ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch const WebRTCIdentityRequestResult& result); 101ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 1024e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // The validity period of the certificates. 1034e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) base::TimeDelta validity_period_; 1044e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) 105eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch // The TaskRunner for doing work on a worker thread. 106eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch scoped_refptr<base::TaskRunner> task_runner_; 1074e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) 108ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // Weak references of the in flight requests. Used to join identical external 109ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch // requests. 110ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch std::vector<WebRTCIdentityRequest*> in_flight_requests_; 111ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch 112ba5b9a6411cb1792fd21f0a078d7a25cd1ceec16Ben Murdoch scoped_refptr<WebRTCIdentityStoreBackend> backend_; 113eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 114eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch DISALLOW_COPY_AND_ASSIGN(WebRTCIdentityStore); 115eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch}; 116eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 117eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch} // namespace content 118eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 119eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch#endif // CONTENT_BROWSER_MEDIA_WEBRTC_IDENTITY_STORE_H_ 120