Change Origin bound certs -> Domain bound certs.

net/socket/ssl_client_socket_nss.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
 #pragma once
 
 #include <certt.h>
 #include <keyt.h>
@@ skipping 17 matching lines @@
 #include "net/base/origin_bound_cert_service.h"
 #include "net/base/ssl_config_service.h"
 #include "net/base/x509_certificate.h"
 #include "net/socket/ssl_client_socket.h"
 
 namespace net {
 
 class BoundNetLog;
 class CertVerifier;
 class ClientSocketHandle;
-class OriginBoundCertService;
+class ServerBoundCertService;
 class SingleRequestCertVerifier;
 class SSLHostInfo;
 class TransportSecurityState;
 class X509Certificate;
 
 // An SSL client socket implemented with Mozilla NSS.
 class SSLClientSocketNSS : public SSLClientSocket {
  public:
   // Takes ownership of the |transport_socket|, which must already be connected.
   // The hostname specified in |host_and_port| will be compared with the name(s)
@@ skipping 36 matching lines @@
 
   // Socket implementation.
   virtual int Read(IOBuffer* buf,
                    int buf_len,
                    const CompletionCallback& callback) OVERRIDE;
   virtual int Write(IOBuffer* buf,
                     int buf_len,
                     const CompletionCallback& callback) OVERRIDE;
   virtual bool SetReceiveBufferSize(int32 size) OVERRIDE;
   virtual bool SetSendBufferSize(int32 size) OVERRIDE;
-  virtual OriginBoundCertService* GetOriginBoundCertService() const OVERRIDE;
+  virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
 
  private:
   enum State {
     STATE_NONE,
     STATE_LOAD_SSL_HOST_INFO,
     STATE_HANDSHAKE,
-    STATE_GET_OB_CERT_COMPLETE,
+    STATE_GET_DB_CERT_COMPLETE,

[wtc, 2012/03/15 23:46:38]

Nit: let's spell out DOMAIN_BOUND because "DB" looks like
the abbreviation for "database".

[mattm, 2012/03/16 22:22:00]

Done.

     STATE_VERIFY_DNSSEC,
     STATE_VERIFY_CERT,
     STATE_VERIFY_CERT_COMPLETE,
   };
 
   int Init();
 
   // Initializes NSS SSL options.  Returns a net error code.
   int InitializeSSLOptions();
 
@@ skipping 11 matching lines @@
 
   int DoHandshakeLoop(int last_io_result);
   int DoReadLoop(int result);
   int DoWriteLoop(int result);
 
   bool LoadSSLHostInfo();
   int DoLoadSSLHostInfo();
 
   int DoHandshake();
 
-  // ImportOBCertAndKey is a helper function for turning a DER-encoded cert and
+  // ImportDBCertAndKey is a helper function for turning a DER-encoded cert and
   // key into a CERTCertificate and SECKEYPrivateKey. Returns OK upon success
   // and an error code otherwise.
-  // Requires |ob_private_key_| and |ob_cert_| to have been set by a call to
-  // OriginBoundCertService->GetOriginBoundCert. The caller takes ownership of
-  // the |*cert| and |*key|.
-  int ImportOBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key);
-  int DoGetOBCertComplete(int result);
+  // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been
+  // set by a call to ServerBoundCertService->GetDomainBoundCert. The caller
+  // takes ownership of the |*cert| and |*key|.
+  int ImportDBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key);
+  int DoGetDBCertComplete(int result);
   int DoVerifyDNSSEC(int result);
   int DoVerifyCert(int result);
   int DoVerifyCertComplete(int result);
   int DoPayloadRead();
   int DoPayloadWrite();
   void LogConnectionTypeMetrics() const;
   void SaveSSLHostInfo();
   void UncorkAfterTimeout();
 
   bool DoTransportIO();
   int BufferSend(void);
   void BufferSendComplete(int result);
   int BufferRecv(void);
   void BufferRecvComplete(int result);
 
   // Handles an NSS error generated while handshaking or performing IO.
   // Returns a network error code mapped from the original NSS error.
   int HandleNSSError(PRErrorCode error, bool handshake_error);
 
   // NSS calls this when checking certificates. We pass 'this' as the first
   // argument.
   static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket,
                                       PRBool checksig, PRBool is_server);
-  // Returns true if connection negotiated the origin bound cert extension.
-  static bool OriginBoundCertNegotiated(PRFileDesc* socket);
-  // Origin bound cert client auth handler.
+  // Returns true if connection negotiated the domain bound cert extension.
+  static bool DomainBoundCertNegotiated(PRFileDesc* socket);
+  // Domain bound cert client auth handler.
   // Returns the value the ClientAuthHandler function should return.
-  SECStatus OriginBoundClientAuthHandler(
+  SECStatus DomainBoundClientAuthHandler(
       const SECItem* cert_types,
       CERTCertificate** result_certificate,
       SECKEYPrivateKey** result_private_key);
 #if defined(NSS_PLATFORM_CLIENT_AUTH)
   // On platforms where we use the native certificate store, NSS calls this
   // instead when client authentication is requested.  At most one of
   // (result_certs, result_private_key) or
   // (result_nss_certificate, result_nss_private_key) should be set.
   static SECStatus PlatformClientAuthHandler(
       void* arg,
@@ skipping 68 matching lines @@
   int ssl_connection_status_;
 
   // Stores client authentication information between ClientAuthHandler and
   // GetSSLCertRequestInfo calls.
   std::vector<scoped_refptr<X509Certificate> > client_certs_;
   bool client_auth_cert_needed_;
 
   CertVerifier* const cert_verifier_;
   scoped_ptr<SingleRequestCertVerifier> verifier_;
 
-  // For origin bound certificates in client auth.
-  bool ob_cert_xtn_negotiated_;
-  OriginBoundCertService* origin_bound_cert_service_;
-  SSLClientCertType ob_cert_type_;
-  std::string ob_private_key_;
-  std::string ob_cert_;
-  OriginBoundCertService::RequestHandle ob_cert_request_handle_;
+  // For domain bound certificates in client auth.
+  bool domain_bound_cert_xtn_negotiated_;
+  ServerBoundCertService* server_bound_cert_service_;
+  SSLClientCertType domain_bound_cert_type_;
+  std::string domain_bound_private_key_;
+  std::string domain_bound_cert_;
+  ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;
 
   // True if NSS has called HandshakeCallback.
   bool handshake_callback_called_;
 
   // True if the SSL handshake has been completed.
   bool completed_handshake_;
 
   // ssl_session_cache_shard_ is an opaque string that partitions the SSL
   // session cache. i.e. sessions created with one value will not attempt to
   // resume on the socket with a different value.
@@ skipping 34 matching lines @@
   // Added the following code Debugging in release mode.
   mutable base::Lock lock_;
   // This is mutable so that CalledOnValidThread can set it.
   // It's guarded by |lock_|.
   mutable base::PlatformThreadId valid_thread_id_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_