Ability to specify KeyType (RSA, ECDSA) for SSLIdentity generation in libjingle

talk/app/webrtc/dtlsidentitystore.h

 /*
  * libjingle
  * Copyright 2015 Google Inc.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *  1. Redistributions of source code must retain the above copyright notice,
  *     this list of conditions and the following disclaimer.
  *  2. Redistributions in binary form must reproduce the above copyright notice,
@@ skipping 10 matching lines @@
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #ifndef TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_
 #define TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_
 
-#include <queue>
+#include <list>
 #include <string>
 
 #include "talk/app/webrtc/peerconnectioninterface.h"
 #include "webrtc/base/messagehandler.h"
 #include "webrtc/base/messagequeue.h"
 #include "webrtc/base/scoped_ptr.h"
 #include "webrtc/base/scoped_ref_ptr.h"
+#include "webrtc/base/sslidentity.h"
 
 namespace webrtc {
-class DTLSIdentityRequestObserver;
+
 class SSLIdentity;
 class Thread;
 
-// This class implements an in-memory DTLS identity store, which generates the
-// DTLS identity on the worker thread.
+// Used to receive callbacks of DTLS identity requests.
+class DtlsIdentityRequestObserver : public rtc::RefCountInterface {

[hbos, 2015/06/12 12:46:55]

Moved from peerconnetctionfactory.h (and renamed DTLS -> Dtls).

+ public:
+  virtual void OnFailure(int error) = 0;
+  // TODO(jiayl): Unify the OnSuccess method once Chrome code is updated.
+  virtual void OnSuccess(const std::string& der_cert,
+                         const std::string& der_private_key) = 0;
+  // |identity| is a scoped_ptr because rtc::SSLIdentity is not copyable and the
+  // client has to get the ownership of the object to make use of it.
+  virtual void OnSuccessWithIdentityObj(
+      rtc::scoped_ptr<rtc::SSLIdentity> identity) = 0;
+
+ protected:
+  virtual ~DtlsIdentityRequestObserver() {}
+};
+
+// This interface defines an in-memory DTLS identity store, which generates DTLS
+// identities.
 // APIs calls must be made on the signaling thread and the callbacks are also
 // called on the signaling thread.
-class DtlsIdentityStore : public rtc::MessageHandler {
+class DtlsIdentityStoreInterface {
  public:
-  static const char kIdentityName[];
+  virtual ~DtlsIdentityStoreInterface() { }
 
-  DtlsIdentityStore(rtc::Thread* signaling_thread,
-                    rtc::Thread* worker_thread);
-  virtual ~DtlsIdentityStore();
-
-  // Initialize will start generating the free identity in the background.
-  void Initialize();
+  // Initializes the store.
+  virtual void Initialize() = 0;
 
   // The |observer| will be called when the requested identity is ready, or when
   // identity generation fails.
-  void RequestIdentity(webrtc::DTLSIdentityRequestObserver* observer);
+  virtual void RequestIdentity(
+      rtc::KeyType key_type, webrtc::DtlsIdentityRequestObserver* observer) = 0;
+
+  // Returns true if there is a free RSA identity, used for unit tests.
+  virtual bool HasFreeIdentityForTesting() const = 0;
+};
+
+// The standard implementation of DtlsIdentityStoreInterface.
+// Identity generation is performed on the worker thread.
+class DtlsIdentityStoreImpl : public DtlsIdentityStoreInterface,
+                              public rtc::MessageHandler {
+ public:
+  // Passed to SSLIdentity::Generate, "WebRTC". Used for the certificates'
+  // subject and issuer name.
+  static const std::string common_name_;
+
+  DtlsIdentityStoreImpl(rtc::Thread* signaling_thread,
+                        rtc::Thread* worker_thread);
+  ~DtlsIdentityStoreImpl() override;
+
+  // webrtc::DtlsIdentityStoreInterface override;
+  // Initialize will start to preemptively generating an RSA identity in the
+  // background, if the worker thread is not the same as the signaling thread.
+  void Initialize() override;
+  // webrtc::DtlsIdentityStoreInterface override;
+  void RequestIdentity(rtc::KeyType key_type,
+                       webrtc::DtlsIdentityRequestObserver* observer) override;
 
   // rtc::MessageHandler override;
   void OnMessage(rtc::Message* msg) override;
 
-  // Returns true if there is a free identity, used for unit tests.
-  bool HasFreeIdentityForTesting() const;
+  // webrtc::DtlsIdentityStoreInterface override;
+  bool HasFreeIdentityForTesting() const override;
 
  private:
   sigslot::signal0<> SignalDestroyed;
   class WorkerTask;
-  typedef rtc::ScopedMessageData<DtlsIdentityStore::WorkerTask>
+  typedef rtc::ScopedMessageData<DtlsIdentityStoreImpl::WorkerTask>
       IdentityTaskMessageData;
 
-  void GenerateIdentity();
+  void GenerateIdentity(rtc::KeyType key_type,
+                        webrtc::DtlsIdentityRequestObserver* observer);
   void OnIdentityGenerated(rtc::scoped_ptr<rtc::SSLIdentity> identity);
-  void ReturnIdentity(rtc::scoped_ptr<rtc::SSLIdentity> identity);
 
   void PostGenerateIdentityResult_w(rtc::scoped_ptr<rtc::SSLIdentity> identity);
 
+  bool HasPendingRSARequest();
+  rtc::SSLIdentity* ReleaseFreeRSAIdentity();
+
   rtc::Thread* const signaling_thread_;
+  // TODO(hbos): RSA generation can be VERY slow, DtlsIdentityStore should use a
+  // new thread and not the "general purpose" worker thread.
   rtc::Thread* const worker_thread_;
 
-  // These members should be accessed on the signaling thread only.
-  int pending_jobs_;
-  rtc::scoped_ptr<rtc::SSLIdentity> free_identity_;
-  typedef std::queue<rtc::scoped_refptr<webrtc::DTLSIdentityRequestObserver>>
-      ObserverList;
-  ObserverList pending_observers_;
+  // A request to generate an identity for the specified |key_type_|, the result
+  // will be reported back to |observer_|. If |observer_| is null then this is
+  // a preemptive RSA request and the result is stored in |free_rsa_identity_|.
+  struct IdentityRequest {
+    IdentityRequest(rtc::KeyType key_type,
+        rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer)
+        : key_type_(key_type),
+          observer_(observer) { }
+
+    rtc::KeyType key_type_;
+    rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer_;
+  };
+  // Requests under processing. Only to be accessed on the signaling thread.
+  std::list<IdentityRequest> pending_requests_;

[hbos, 2015/06/12 12:46:55]

(Used like a queue, list instead of queue to be able to iterate.)

+  // Generating an RSA identity can take a long time. When generating it
+  // preemptively it is stored in |free_rsa_identity_| until the next request.
+  rtc::scoped_ptr<rtc::SSLIdentity> free_rsa_identity_;
+  mutable rtc::CriticalSection free_rsa_identity_cs_;
 };
 
 }  // namespace webrtc
 
 #endif  // TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_