| Index: content/browser/renderer_host/pepper_tcp_socket.cc
|
| diff --git a/content/browser/renderer_host/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper_tcp_socket.cc
|
| index 3c85c811e431d496d8b0e7279730ed9e70528e0a..b8c76180a972e8d2c779040d75a7efb6e64b2b5f 100644
|
| --- a/content/browser/renderer_host/pepper_tcp_socket.cc
|
| +++ b/content/browser/renderer_host/pepper_tcp_socket.cc
|
| @@ -103,8 +103,11 @@ void PepperTCPSocket::ConnectWithNetAddress(
|
| StartConnect(address_list_);
|
| }
|
|
|
| -void PepperTCPSocket::SSLHandshake(const std::string& server_name,
|
| - uint16_t server_port) {
|
| +void PepperTCPSocket::SSLHandshake(
|
| + const std::string& server_name,
|
| + uint16_t server_port,
|
| + const std::vector<std::vector<char> >& trusted_certs,
|
| + const std::vector<std::vector<char> >& untrusted_certs) {
|
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
|
|
|
| // Allow to do SSL handshake only if currently the socket has been connected
|
| @@ -118,6 +121,17 @@ void PepperTCPSocket::SSLHandshake(const std::string& server_name,
|
| }
|
|
|
| connection_state_ = SSL_HANDSHAKE_IN_PROGRESS;
|
| + std::vector<scoped_refptr<net::X509Certificate> > parsed_trusted_certs;
|
| + std::vector<scoped_refptr<net::X509Certificate> > parsed_untrusted_certs;
|
| + bool success = ParseCertificates(trusted_certs, &parsed_trusted_certs) &&
|
| + ParseCertificates(untrusted_certs, &parsed_untrusted_certs);
|
| + if (!success) {
|
| + LOG(WARNING) << "Failed to parse socket-specific certificates.";
|
| + OnSSLHandshakeCompleted(net::ERR_CERT_CONTAINS_ERRORS);
|
| + return;
|
| + }
|
| + // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting.
|
| +
|
| net::ClientSocketHandle* handle = new net::ClientSocketHandle();
|
| handle->set_socket(socket_.release());
|
| net::ClientSocketFactory* factory =
|
| @@ -235,8 +249,24 @@ void PepperTCPSocket::SendWriteACKError() {
|
| }
|
|
|
| void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) {
|
| + ppapi::PPB_X509Certificate_Fields certificate_fields;
|
| + if (succeeded) {
|
| + CHECK(socket_.get());
|
| + // Our socket is guaranteed to be an SSL socket if we get here.
|
| + net::SSLClientSocket* ssl_socket =
|
| + static_cast<net::SSLClientSocket*>(socket_.get());
|
| + net::SSLInfo ssl_info;
|
| + ssl_socket->GetSSLInfo(&ssl_info);
|
| + bool success = GetCertificateFields(*ssl_info.cert,
|
| + &certificate_fields);
|
| + CHECK(success);
|
| + }
|
| manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK(
|
| - routing_id_, plugin_dispatcher_id_, socket_id_, succeeded));
|
| + routing_id_,
|
| + plugin_dispatcher_id_,
|
| + socket_id_,
|
| + succeeded,
|
| + certificate_fields));
|
| }
|
|
|
| void PepperTCPSocket::OnResolveCompleted(int result) {
|
| @@ -322,3 +352,18 @@ void PepperTCPSocket::OnWriteCompleted(int result) {
|
| bool PepperTCPSocket::IsConnected() const {
|
| return connection_state_ == CONNECTED || connection_state_ == SSL_CONNECTED;
|
| }
|
| +
|
| +bool PepperTCPSocket::ParseCertificates(
|
| + const std::vector<std::vector<char> >& certs,
|
| + std::vector<scoped_refptr<net::X509Certificate> >* result) {
|
| + for (size_t i = 0; i < certs.size(); ++i) {
|
| + if (certs[i].size() == 0) {
|
| + return false;
|
| + }
|
| + scoped_refptr<net::X509Certificate> cert =
|
| + net::X509Certificate::CreateFromBytes(&certs[i][0],
|
| + certs[i].size());
|
| + result->push_back(cert);
|
| + }
|
| + return true;
|
| +}
|
|
|