OLD | NEW |
---|---|
1 /* | 1 /* |
2 * libjingle | 2 * libjingle |
3 * Copyright 2015 Google Inc. | 3 * Copyright 2015 Google Inc. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions are met: | 6 * modification, are permitted provided that the following conditions are met: |
7 * | 7 * |
8 * 1. Redistributions of source code must retain the above copyright notice, | 8 * 1. Redistributions of source code must retain the above copyright notice, |
9 * this list of conditions and the following disclaimer. | 9 * this list of conditions and the following disclaimer. |
10 * 2. Redistributions in binary form must reproduce the above copyright notice, | 10 * 2. Redistributions in binary form must reproduce the above copyright notice, |
(...skipping 10 matching lines...) Expand all Loading... | |
21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; | 21 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; |
22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | 22 * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR | 23 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | 24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF |
25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 25 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
26 */ | 26 */ |
27 | 27 |
28 #ifndef TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_ | 28 #ifndef TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_ |
29 #define TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_ | 29 #define TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_ |
30 | 30 |
31 #include <queue> | 31 #include <list> |
32 #include <string> | 32 #include <string> |
33 | 33 |
34 #include "talk/app/webrtc/peerconnectioninterface.h" | 34 #include "talk/app/webrtc/peerconnectioninterface.h" |
35 #include "webrtc/base/messagehandler.h" | 35 #include "webrtc/base/messagehandler.h" |
36 #include "webrtc/base/messagequeue.h" | 36 #include "webrtc/base/messagequeue.h" |
37 #include "webrtc/base/scoped_ptr.h" | 37 #include "webrtc/base/scoped_ptr.h" |
38 #include "webrtc/base/scoped_ref_ptr.h" | 38 #include "webrtc/base/scoped_ref_ptr.h" |
39 #include "webrtc/base/sslidentity.h" | |
40 #include "webrtc/base/thread.h" | |
39 | 41 |
40 namespace webrtc { | 42 namespace webrtc { |
41 class DTLSIdentityRequestObserver; | 43 |
42 class SSLIdentity; | 44 class SSLIdentity; |
43 class Thread; | 45 class Thread; |
44 | 46 |
45 // This class implements an in-memory DTLS identity store, which generates the | 47 // Used to receive callbacks of DTLS identity requests. |
46 // DTLS identity on the worker thread. | 48 class DtlsIdentityRequestObserver : public rtc::RefCountInterface { |
hbos
2015/06/15 10:10:34
Previously DTLSIdentityRequestObserver in peerconn
| |
49 public: | |
50 virtual void OnFailure(int error) = 0; | |
51 // TODO(jiayl): Unify the OnSuccess method once Chrome code is updated. | |
52 virtual void OnSuccess(const std::string& der_cert, | |
53 const std::string& der_private_key) = 0; | |
54 // |identity| is a scoped_ptr because rtc::SSLIdentity is not copyable and the | |
55 // client has to get the ownership of the object to make use of it. | |
56 virtual void OnSuccessWithIdentityObj( | |
57 rtc::scoped_ptr<rtc::SSLIdentity> identity) = 0; | |
58 | |
59 protected: | |
60 virtual ~DtlsIdentityRequestObserver() {} | |
61 }; | |
62 | |
63 // This interface defines an in-memory DTLS identity store, which generates DTLS | |
64 // identities. | |
47 // APIs calls must be made on the signaling thread and the callbacks are also | 65 // APIs calls must be made on the signaling thread and the callbacks are also |
48 // called on the signaling thread. | 66 // called on the signaling thread. |
49 class DtlsIdentityStore : public rtc::MessageHandler { | 67 class DtlsIdentityStoreInterface { |
50 public: | 68 public: |
51 static const char kIdentityName[]; | 69 virtual ~DtlsIdentityStoreInterface() { } |
52 | 70 |
53 DtlsIdentityStore(rtc::Thread* signaling_thread, | 71 // Initializes the store. |
54 rtc::Thread* worker_thread); | 72 virtual void Initialize() = 0; |
55 virtual ~DtlsIdentityStore(); | |
56 | |
57 // Initialize will start generating the free identity in the background. | |
58 void Initialize(); | |
59 | 73 |
60 // The |observer| will be called when the requested identity is ready, or when | 74 // The |observer| will be called when the requested identity is ready, or when |
61 // identity generation fails. | 75 // identity generation fails. |
62 void RequestIdentity(webrtc::DTLSIdentityRequestObserver* observer); | 76 virtual void RequestIdentity( |
77 rtc::KeyType key_type, webrtc::DtlsIdentityRequestObserver* observer) = 0; | |
78 | |
79 // Returns true if there is a free RSA identity, used for unit tests. | |
80 virtual bool HasFreeIdentityForTesting() const = 0; | |
81 }; | |
82 | |
83 // The standard implementation of DtlsIdentityStoreInterface. | |
84 // Identity generation is performed on the worker thread. | |
85 class DtlsIdentityStoreImpl : public DtlsIdentityStoreInterface, | |
86 public rtc::MessageHandler { | |
87 public: | |
88 // Passed to SSLIdentity::Generate, "WebRTC". Used for the certificates' | |
89 // subject and issuer name. | |
90 static const char* common_name_; | |
91 | |
92 DtlsIdentityStoreImpl(rtc::Thread* signaling_thread, | |
93 rtc::Thread* worker_thread); | |
94 ~DtlsIdentityStoreImpl() override; | |
95 | |
96 // webrtc::DtlsIdentityStoreInterface override; | |
97 // Initialize will start to preemptively generating an RSA identity in the | |
98 // background, if the worker thread is not the same as the signaling thread. | |
99 void Initialize() override; | |
100 // webrtc::DtlsIdentityStoreInterface override; | |
101 void RequestIdentity(rtc::KeyType key_type, | |
102 webrtc::DtlsIdentityRequestObserver* observer) override; | |
63 | 103 |
64 // rtc::MessageHandler override; | 104 // rtc::MessageHandler override; |
65 void OnMessage(rtc::Message* msg) override; | 105 void OnMessage(rtc::Message* msg) override; |
66 | 106 |
67 // Returns true if there is a free identity, used for unit tests. | 107 // webrtc::DtlsIdentityStoreInterface override; |
68 bool HasFreeIdentityForTesting() const; | 108 bool HasFreeIdentityForTesting() const override; |
69 | 109 |
70 private: | 110 private: |
71 sigslot::signal0<> SignalDestroyed; | 111 sigslot::signal0<> SignalDestroyed; |
72 class WorkerTask; | 112 class WorkerTask; |
73 typedef rtc::ScopedMessageData<DtlsIdentityStore::WorkerTask> | 113 typedef rtc::ScopedMessageData<DtlsIdentityStoreImpl::WorkerTask> |
74 IdentityTaskMessageData; | 114 IdentityTaskMessageData; |
75 | 115 |
76 void GenerateIdentity(); | 116 void GenerateIdentity(rtc::KeyType key_type, |
117 webrtc::DtlsIdentityRequestObserver* observer); | |
77 void OnIdentityGenerated(rtc::scoped_ptr<rtc::SSLIdentity> identity); | 118 void OnIdentityGenerated(rtc::scoped_ptr<rtc::SSLIdentity> identity); |
78 void ReturnIdentity(rtc::scoped_ptr<rtc::SSLIdentity> identity); | |
79 | 119 |
80 void PostGenerateIdentityResult_w(rtc::scoped_ptr<rtc::SSLIdentity> identity); | 120 void PostGenerateIdentityResult_w(rtc::scoped_ptr<rtc::SSLIdentity> identity); |
81 | 121 |
122 bool HasPendingRSARequest(); | |
123 rtc::SSLIdentity* ReleaseFreeRSAIdentity(); | |
124 | |
82 rtc::Thread* const signaling_thread_; | 125 rtc::Thread* const signaling_thread_; |
126 // TODO(hbos): RSA generation can be VERY slow, DtlsIdentityStore should use a | |
127 // new thread and not the "general purpose" worker thread. | |
83 rtc::Thread* const worker_thread_; | 128 rtc::Thread* const worker_thread_; |
84 | 129 |
85 // These members should be accessed on the signaling thread only. | 130 // A request to generate an identity for the specified |key_type_|, the result |
86 int pending_jobs_; | 131 // will be reported back to |observer_|. If |observer_| is null then this is |
87 rtc::scoped_ptr<rtc::SSLIdentity> free_identity_; | 132 // a preemptive RSA request and the result is stored in |free_rsa_identity_|. |
88 typedef std::queue<rtc::scoped_refptr<webrtc::DTLSIdentityRequestObserver>> | 133 struct IdentityRequest { |
89 ObserverList; | 134 IdentityRequest(rtc::KeyType key_type, |
90 ObserverList pending_observers_; | 135 rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer) |
136 : key_type_(key_type), | |
137 observer_(observer) { } | |
138 | |
139 rtc::KeyType key_type_; | |
140 rtc::scoped_refptr<webrtc::DtlsIdentityRequestObserver> observer_; | |
141 }; | |
142 // Requests under processing. Only to be accessed on the signaling thread. | |
143 std::list<IdentityRequest> pending_requests_; | |
144 // Generating an RSA identity can take a long time. When generating it | |
145 // preemptively it is stored in |free_rsa_identity_| until the next request. | |
146 rtc::scoped_ptr<rtc::SSLIdentity> free_rsa_identity_; | |
147 mutable rtc::CriticalSection free_rsa_identity_cs_; | |
91 }; | 148 }; |
92 | 149 |
93 } // namespace webrtc | 150 } // namespace webrtc |
94 | 151 |
95 #endif // TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_ | 152 #endif // TALK_APP_WEBRTC_DTLSIDENTITYSTORE_H_ |
OLD | NEW |