Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(479)

Unified Diff: content/browser/renderer_host/pepper_tcp_socket.cc

Issue 9699100: Add functionality to pppapi TCPSocket to support secure sockets in flash (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: . Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/renderer_host/pepper_tcp_socket.cc
diff --git a/content/browser/renderer_host/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper_tcp_socket.cc
index 3c85c811e431d496d8b0e7279730ed9e70528e0a..b8c76180a972e8d2c779040d75a7efb6e64b2b5f 100644
--- a/content/browser/renderer_host/pepper_tcp_socket.cc
+++ b/content/browser/renderer_host/pepper_tcp_socket.cc
@@ -103,8 +103,11 @@ void PepperTCPSocket::ConnectWithNetAddress(
StartConnect(address_list_);
}
-void PepperTCPSocket::SSLHandshake(const std::string& server_name,
- uint16_t server_port) {
+void PepperTCPSocket::SSLHandshake(
+ const std::string& server_name,
+ uint16_t server_port,
+ const std::vector<std::vector<char> >& trusted_certs,
+ const std::vector<std::vector<char> >& untrusted_certs) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
// Allow to do SSL handshake only if currently the socket has been connected
@@ -118,6 +121,17 @@ void PepperTCPSocket::SSLHandshake(const std::string& server_name,
}
connection_state_ = SSL_HANDSHAKE_IN_PROGRESS;
+ std::vector<scoped_refptr<net::X509Certificate> > parsed_trusted_certs;
+ std::vector<scoped_refptr<net::X509Certificate> > parsed_untrusted_certs;
+ bool success = ParseCertificates(trusted_certs, &parsed_trusted_certs) &&
+ ParseCertificates(untrusted_certs, &parsed_untrusted_certs);
+ if (!success) {
+ LOG(WARNING) << "Failed to parse socket-specific certificates.";
+ OnSSLHandshakeCompleted(net::ERR_CERT_CONTAINS_ERRORS);
+ return;
+ }
+ // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting.
+
net::ClientSocketHandle* handle = new net::ClientSocketHandle();
handle->set_socket(socket_.release());
net::ClientSocketFactory* factory =
@@ -235,8 +249,24 @@ void PepperTCPSocket::SendWriteACKError() {
}
void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) {
+ ppapi::PPB_X509Certificate_Fields certificate_fields;
+ if (succeeded) {
+ CHECK(socket_.get());
+ // Our socket is guaranteed to be an SSL socket if we get here.
+ net::SSLClientSocket* ssl_socket =
+ static_cast<net::SSLClientSocket*>(socket_.get());
+ net::SSLInfo ssl_info;
+ ssl_socket->GetSSLInfo(&ssl_info);
+ bool success = GetCertificateFields(*ssl_info.cert,
+ &certificate_fields);
+ CHECK(success);
+ }
manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK(
- routing_id_, plugin_dispatcher_id_, socket_id_, succeeded));
+ routing_id_,
+ plugin_dispatcher_id_,
+ socket_id_,
+ succeeded,
+ certificate_fields));
}
void PepperTCPSocket::OnResolveCompleted(int result) {
@@ -322,3 +352,18 @@ void PepperTCPSocket::OnWriteCompleted(int result) {
bool PepperTCPSocket::IsConnected() const {
return connection_state_ == CONNECTED || connection_state_ == SSL_CONNECTED;
}
+
+bool PepperTCPSocket::ParseCertificates(
+ const std::vector<std::vector<char> >& certs,
+ std::vector<scoped_refptr<net::X509Certificate> >* result) {
+ for (size_t i = 0; i < certs.size(); ++i) {
+ if (certs[i].size() == 0) {
+ return false;
+ }
+ scoped_refptr<net::X509Certificate> cert =
+ net::X509Certificate::CreateFromBytes(&certs[i][0],
+ certs[i].size());
+ result->push_back(cert);
+ }
+ return true;
+}
« no previous file with comments | « content/browser/renderer_host/pepper_tcp_socket.h ('k') | content/renderer/pepper/pepper_plugin_delegate_impl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698