Handle certificate generation errors in chromoting host.

Sometimes self-signed cert generation may fail. In that case it's better to shutdown
host instead of crashing.

BUG=146839


Review URL: https://chromiumcodereview.appspot.com/10919277

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156736 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 25 insertions, 4 deletions

diff --git a/remoting/host/host_key_pair.cc b/remoting/host/host_key_pair.cc
index 704f8f8..ff0f2cf 100644
--- a/remoting/host/host_key_pair.cc
+++ b/remoting/host/host_key_pair.cc
@@ -105,6 +105,9 @@ std::string HostKeyPair::GenerateCertificate() const {
           key_.get(), "CN=chromoting",
           base::RandInt(1, std::numeric_limits<int>::max()),
           base::TimeDelta::FromDays(1));
+  if (!cert)
+    return std::string();
+
   std::string encoded;
   bool result = net::X509Certificate::GetDEREncoded(cert->os_cert_handle(),
                                                     &encoded);
diff --git a/remoting/host/host_key_pair.h b/remoting/host/host_key_pair.h
index 8af41d9..f7aa651 100644
--- a/remoting/host/host_key_pair.h
+++ b/remoting/host/host_key_pair.h
@@ -37,6 +37,9 @@ class HostKeyPair {
 
   // Make a new copy of private key. Caller will own the generated private key.
   crypto::RSAPrivateKey* CopyPrivateKey() const;
+
+  // Generates self-signed certificate using the key pair. Returns empty string
+  // if cert generation fails (e.g. it may happen when the system clock is off).
   std::string GenerateCertificate() const;
 
  private:
diff --git a/remoting/host/plugin/host_script_object.cc b/remoting/host/plugin/host_script_object.cc
index c4989c6..043bc75 100644
--- a/remoting/host/plugin/host_script_object.cc
+++ b/remoting/host/plugin/host_script_object.cc
@@ -1002,10 +1002,18 @@ void HostNPScriptObject::OnReceivedSupportID(
 
   std::string host_secret = GenerateSupportHostSecret();
   std::string access_code = support_id + host_secret;
+
+  std::string local_certificate = host_key_pair_.GenerateCertificate();
+  if (local_certificate.empty()) {
+    LOG(ERROR) << "Failed to generate host certificate.";
+    SetState(kError);
+    DisconnectInternal();
+    return;
+  }
+
   scoped_ptr<protocol::AuthenticatorFactory> factory(
       new protocol::It2MeHostAuthenticatorFactory(
-          host_key_pair_.GenerateCertificate(), *host_key_pair_.private_key(),
-          access_code));
+          local_certificate, *host_key_pair_.private_key(), access_code));
   host_->SetAuthenticatorFactory(factory.Pass());
 
   {
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc
index 6dcad1b..1e518af 100644
--- a/remoting/host/remoting_me2me_host.cc
+++ b/remoting/host/remoting_me2me_host.cc
@@ -255,10 +255,17 @@ class HostProcess
 
   void CreateAuthenticatorFactory() {
     DCHECK(context_->network_task_runner()->BelongsToCurrentThread());
+
+    std::string local_certificate = key_pair_.GenerateCertificate();
+    if (local_certificate.empty()) {
+      LOG(ERROR) << "Failed to generate host certificate.";
+      Shutdown(kHostInitializationFailed);
+      return;
+    }
+
     scoped_ptr<protocol::AuthenticatorFactory> factory(
         new protocol::Me2MeHostAuthenticatorFactory(
-            key_pair_.GenerateCertificate(),
-            *key_pair_.private_key(), host_secret_hash_));
+            local_certificate, *key_pair_.private_key(), host_secret_hash_));
     host_->SetAuthenticatorFactory(factory.Pass());
   }