| Index: remoting/protocol/pepper_stream_channel.cc
|
| diff --git a/remoting/protocol/pepper_stream_channel.cc b/remoting/protocol/pepper_stream_channel.cc
|
| index 84abe257489743633feb4aee0c823edda4666e0f..e51d265f6d79fd0f607b41cf2305b895ff17dd7b 100644
|
| --- a/remoting/protocol/pepper_stream_channel.cc
|
| +++ b/remoting/protocol/pepper_stream_channel.cc
|
| @@ -35,33 +35,6 @@ const int kTcpAckDelayMilliseconds = 10;
|
| const int kTcpReceiveBufferSize = 256 * 1024;
|
| const int kTcpSendBufferSize = kTcpReceiveBufferSize + 30 * 1024;
|
|
|
| -// Helper method to create a SSL client socket.
|
| -net::SSLClientSocket* CreateSSLClientSocket(
|
| - net::StreamSocket* socket, const std::string& der_cert,
|
| - net::CertVerifier* cert_verifier) {
|
| - net::SSLConfig ssl_config;
|
| -
|
| - // Certificate provided by the host doesn't need authority.
|
| - net::SSLConfig::CertAndStatus cert_and_status;
|
| - cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
|
| - cert_and_status.der_cert = der_cert;
|
| - ssl_config.allowed_bad_certs.push_back(cert_and_status);
|
| -
|
| - // Revocation checking is not needed because we use self-signed
|
| - // certs. Disable it so that SSL layer doesn't try to initialize
|
| - // OCSP (OCSP works only on IO thread).
|
| - ssl_config.rev_checking_enabled = false;
|
| -
|
| - // SSLClientSocket takes ownership of the |socket|.
|
| - net::HostPortPair host_and_port("chromoting", 0);
|
| - net::SSLClientSocketContext context;
|
| - context.cert_verifier = cert_verifier;
|
| - net::SSLClientSocket* ssl_socket =
|
| - net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
|
| - socket, host_and_port, ssl_config, NULL, context);
|
| - return ssl_socket;
|
| -}
|
| -
|
| } // namespace
|
|
|
| PepperStreamChannel::PepperStreamChannel(
|
| @@ -73,11 +46,8 @@ PepperStreamChannel::PepperStreamChannel(
|
| callback_(callback),
|
| channel_(NULL),
|
| connected_(false),
|
| - ssl_client_socket_(NULL),
|
| ALLOW_THIS_IN_INITIALIZER_LIST(p2p_connect_callback_(
|
| - this, &PepperStreamChannel::OnP2PConnect)),
|
| - ALLOW_THIS_IN_INITIALIZER_LIST(ssl_connect_callback_(
|
| - this, &PepperStreamChannel::OnSSLConnect)) {
|
| + this, &PepperStreamChannel::OnP2PConnect)) {
|
| }
|
|
|
| PepperStreamChannel::~PepperStreamChannel() {
|
| @@ -90,10 +60,10 @@ PepperStreamChannel::~PepperStreamChannel() {
|
|
|
| void PepperStreamChannel::Connect(pp::Instance* pp_instance,
|
| const TransportConfig& transport_config,
|
| - const std::string& remote_cert) {
|
| + ChannelAuthenticator* authenticator) {
|
| DCHECK(CalledOnValidThread());
|
|
|
| - remote_cert_ = remote_cert;
|
| + authenticator_.reset(authenticator);
|
|
|
| pp::Transport_Dev* transport =
|
| new pp::Transport_Dev(pp_instance, name_.c_str(),
|
| @@ -197,69 +167,23 @@ void PepperStreamChannel::OnChannelNewLocalCandidate(
|
| void PepperStreamChannel::OnP2PConnect(int result) {
|
| DCHECK(CalledOnValidThread());
|
|
|
| - if (result != net::OK || !EstablishSSLConnection())
|
| + if (result != net::OK)
|
| NotifyConnectFailed();
|
| -}
|
| -
|
| -bool PepperStreamChannel::EstablishSSLConnection() {
|
| - DCHECK(CalledOnValidThread());
|
| -
|
| - cert_verifier_.reset(new net::CertVerifier());
|
| -
|
| - // Create client SSL socket.
|
| - ssl_client_socket_ = CreateSSLClientSocket(
|
| - owned_channel_.release(), remote_cert_, cert_verifier_.get());
|
| - socket_.reset(ssl_client_socket_);
|
|
|
| - int result = ssl_client_socket_->Connect(&ssl_connect_callback_);
|
| -
|
| - if (result == net::ERR_IO_PENDING) {
|
| - return true;
|
| - } else if (result != net::OK) {
|
| - LOG(ERROR) << "Failed to establish SSL connection";
|
| - return false;
|
| - }
|
| -
|
| - // Reach here if net::OK is received.
|
| - ssl_connect_callback_.Run(net::OK);
|
| - return true;
|
| + authenticator_->SecureAndAuthenticate(owned_channel_.release(), base::Bind(
|
| + &PepperStreamChannel::OnAuthenticationDone, base::Unretained(this)));
|
| }
|
|
|
| -void PepperStreamChannel::OnSSLConnect(int result) {
|
| - DCHECK(CalledOnValidThread());
|
|
|
| - if (result != net::OK) {
|
| - LOG(ERROR) << "Error during SSL connection: " << result;
|
| +void PepperStreamChannel::OnAuthenticationDone(
|
| + net::Error error, net::StreamSocket* socket) {
|
| + DCHECK(CalledOnValidThread());
|
| + if (error != net::OK) {
|
| NotifyConnectFailed();
|
| return;
|
| }
|
|
|
| - DCHECK(socket_->IsConnected());
|
| - AuthenticateChannel();
|
| -}
|
| -
|
| -void PepperStreamChannel::AuthenticateChannel() {
|
| - DCHECK(CalledOnValidThread());
|
| -
|
| - authenticator_.reset(
|
| - new ClientChannelAuthenticator(session_->shared_secret()));
|
| - authenticator_->Authenticate(ssl_client_socket_, base::Bind(
|
| - &PepperStreamChannel::OnAuthenticationDone, base::Unretained(this)));
|
| -}
|
| -
|
| -void PepperStreamChannel::OnAuthenticationDone(
|
| - ChannelAuthenticator::Result result) {
|
| - DCHECK(CalledOnValidThread());
|
| -
|
| - switch (result) {
|
| - case ChannelAuthenticator::SUCCESS:
|
| - NotifyConnected(socket_.release());
|
| - break;
|
| -
|
| - case ChannelAuthenticator::FAILURE:
|
| - NotifyConnectFailed();
|
| - break;
|
| - }
|
| + NotifyConnected(socket);
|
| }
|
|
|
| void PepperStreamChannel::NotifyConnected(net::StreamSocket* socket) {
|
| @@ -271,7 +195,7 @@ void PepperStreamChannel::NotifyConnected(net::StreamSocket* socket) {
|
| void PepperStreamChannel::NotifyConnectFailed() {
|
| channel_ = NULL;
|
| owned_channel_.reset();
|
| - socket_.reset();
|
| + authenticator_.reset();
|
|
|
| NotifyConnected(NULL);
|
| }
|
|
|
Chromium Code Reviews
Issue 8604001:
Move SSL layer initialization into ChannelAuthenticator implementations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src