Defines SSLServerSocket and implements SSLServerSocketNSS

net/socket/ssl_server_socket.h

+// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.

[wtc, 2010/12/17 00:16:26]

Nit: 2006-2009 => 2010

[Alpha Left Google, 2010/12/17 08:30:43]

Done.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SOCKET_SSL_SERVER_SOCKET_H_
+#define NET_SOCKET_SSL_SERVER_SOCKET_H_
+
+#include "base/basictypes.h"
+#include "net/base/completion_callback.h"
+#include "net/socket/socket.h"
+
+namespace base {
+class RSAPrivateKey;
+}  // namespace base
+
+namespace net {
+
+class IOBuffer;
+class X509Certificate;
+
+// SSLServerSocket takes an already connected socket and performs SSL
+// authentication and encryption on top of it.

[wtc, 2010/12/17 00:16:26]

Nit: remove "authentication and encryption".

[Alpha Left Google, 2010/12/17 08:30:43]

Done.

+class SSLServerSocket : public Socket {
+ public:
+  SSLServerSocket() {}

[wtc, 2010/12/17 00:16:26]

Delete the constructor, and the four 'Socket' interface
methods on lines 38-44.  I would also delete the
DISALLOW_COPY_AND_ASSIGN on line 47.

+  virtual ~SSLServerSocket() {}
+
+  // Performs SSL server handshaking on an existing socket. The socket given
+  // to this object has to be already connected.
+  //
+  // This method takes a callback. Return true value of this method is the

[wtc, 2010/12/17 00:16:26]

Nit: Return true value => Return value

[Alpha Left Google, 2010/12/17 08:30:43]

Done.

+  // error code of the handshaking operation. If the return value is
+  // net::ERR_IO_PENDING the given callback will be invoked in the future with
+  // an error code. Other values of error code returned by this method indicate
+  // the handshaking operation has completed synchronously.
+  virtual int Accept(CompletionCallback* callback) = 0;
+
+  // Socket interface.
+  virtual int Read(IOBuffer* buf, int buf_len,
+                   CompletionCallback* callback) = 0;
+  virtual int Write(IOBuffer* buf, int buf_len,
+                    CompletionCallback* callback) = 0;
+  virtual bool SetReceiveBufferSize(int32 size) = 0;
+  virtual bool SetSendBufferSize(int32 size) = 0;
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(SSLServerSocket);
+};
+
+// Creates a SSL server socket using a already connected socket. A signed

[wtc, 2010/12/17 00:16:26]

Nit: a SSL => an SSL
     a already => an already

Nit: remove "signed".  (A certificate is always signed.)

We probably should add a ServerSocketFactory class,
and make CreateSSLServerSocket a method of the factory.
This allows mocking.

[Alpha Left Google, 2010/12/17 08:30:43]

Fixed nits. Added a TODO to define ServerSocketFactory.

+// certificate and private key needs to be provided.
+//
+// This created server socket will take ownership of |socket|. However |key|

[wtc, 2010/12/17 00:16:26]

Since we can't copy a base::RSAPrivateKey easily, it would be
better to have this object take ownership of |key|, or
require that |key| remains valid for the lifetime of this
object.

[Alpha Left Google, 2010/12/17 08:30:43]

In the case of chromoting this is not desirable. Between server and client there
are three SSL connections. So either we define RSAPrivateKey::Clone() or we
assume this constructor will copy the private key.

[wtc, 2010/12/17 16:38:32]

I see.  Perhaps the proper solution is to make RSAPrivateKey
ref-counted?  If you agree, please add a TODO comment.

[Alpha Left Google, 2010/12/17 20:09:57]

Added TODO to RSAPrivateKey.

+// is copied.
+SSLServerSocket* CreateSSLServerSocket(
+    Socket* socket, scoped_refptr<X509Certificate> certificate,

[wtc, 2010/12/17 00:16:26]

Just use X509Certificate* certificate.  No need to pass
scoped_refptr.

[Alpha Left Google, 2010/12/17 08:30:43]

Done.

+    base::RSAPrivateKey* key);
+
+}  // namespace net
+
+#endif  // NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_