NetLogEventParameter to Callback refactoring 9.

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 364 matching lines @@
   // TODO(wtc,mattm): this is temporary while DBC support is changed into
   // Channel ID.
   return false;
 }
 
 void DestroyCertificates(CERTCertificate** certs, size_t len) {
   for (size_t i = 0; i < len; i++)
     CERT_DestroyCertificate(certs[i]);
 }
 
+// Helper functions to make it possible to log events from within the
+// SSLClientSocketNSS::Core.
+void AddLogEvent(BoundNetLog* net_log,
+                 NetLog::EventType event_type) {

[eroman, 2012/06/14 17:45:50]

Might fit on one line

[mmenke, 2012/06/14 18:03:45]

Done.

+  if (!net_log)
+    return;
+  net_log->AddEvent(event_type);
+}
+
 // Helper function to make it possible to log events from within the
-// SSLClientSocketNSS::Core.  Can't use Bind with BoundNetLog::AddEntry directly
-// on Windows because it is overloaded.
-// TODO(mmenke):  Other than shutdown, NetLog is threadsafe.  Figure out if this
-//                is needed.
+// SSLClientSocketNSS::Core.
 void AddLogEventWithCallback(BoundNetLog* net_log,
                              NetLog::EventType event_type,
                              const NetLog::ParametersCallback& callback) {
   if (!net_log)
     return;
   net_log->AddEvent(event_type, callback);
 }
 
-// Helper functions to make it possible to log events from within the
-// SSLClientSocketNSS::Core.  Can't use Bind with BoundNetLog::AddEntry directly
-// on Windows because it is overloaded.
-// TODO(mmenke):  This function is deprecated, delete it.
-void AddLogEvent(BoundNetLog* net_log,
-                 NetLog::EventType event_type,
-                 const scoped_refptr<NetLog::EventParameters>& event_params) {
-  if (!net_log)
-    return;
-  net_log->AddEvent(event_type, event_params);
-}
-
 // Helper function to make it easier to call BoundNetLog::AddByteTransferEvent
 // from within the SSLClientSocketNSS::Core.
 // AddByteTransferEvent expects to receive a const char*, which within the
 // Core is backed by an IOBuffer. If the "const char*" is bound via
 // base::Bind and posted to another thread, and the IOBuffer that backs that
 // pointer then goes out of scope on the origin thread, this would result in
 // an invalid read of a stale pointer.
 // Instead, provide a signature that accepts an IOBuffer*, so that a reference
 // to the owning IOBuffer can be bound to the Callback. This ensures that the
 // IOBuffer will stay alive long enough to cross threads if needed.
@@ skipping 891 matching lines @@
     CERTCertList** result_certs,
     void** result_private_key,
     CERTCertificate** result_nss_certificate,
     SECKEYPrivateKey** result_nss_private_key) {
   Core* core = reinterpret_cast<Core*>(arg);
   DCHECK(core->OnNSSTaskRunner());
 
   core->PostOrRunCallback(
       FROM_HERE,
       base::Bind(&AddLogEvent, core->weak_net_log_,
-                 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED,
-                 scoped_refptr<NetLog::EventParameters>()));
+                 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
 
   const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
 
   // Check if a domain-bound certificate is requested.
   if (DomainBoundCertNegotiated(socket)) {
     return core->DomainBoundClientAuthHandler(cert_types,
                                               result_nss_certificate,
                                               result_nss_private_key);
   }
 
@@ skipping 24 matching lines @@
 
         // TODO(rsleevi): Error checking for NSS allocation errors.
         CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB();
         CERTCertificate* user_cert = CERT_NewTempCertificate(
             db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE);
         if (!user_cert) {
           // Importing the certificate can fail for reasons including a serial
           // number collision. See crbug.com/97355.
           core->PostOrRunCallback(
               FROM_HERE,
-              base::Bind(&AddLogEvent, core->weak_net_log_,
+              base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                          NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                         make_scoped_refptr(
-                             new NetLogIntegerParameter("cert_count", 0))));
+                         NetLog::IntegerCallback("cert_count", 0)));

[eroman, 2012/06/14 17:45:50]

[optional]: "cert_count" is repeated several times. Might consider extracting
this snippet of code to a helper. (the whole PostOrRunCallback swathe of code).

[mmenke, 2012/06/14 18:03:45]

Done.

           return SECFailure;
         }
         CERTCertList* cert_chain = CERT_NewCertList();
         CERT_AddCertToListTail(cert_chain, user_cert);
 
         // Add the intermediates.
         X509Certificate::OSCertHandles intermediates =
             core->ssl_config_.client_cert->GetIntermediateCertificates();
         for (X509Certificate::OSCertHandles::const_iterator it =
             intermediates.begin(); it != intermediates.end(); ++it) {
           der_cert.data = (*it)->pbCertEncoded;
           der_cert.len = (*it)->cbCertEncoded;
 
           CERTCertificate* intermediate = CERT_NewTempCertificate(
               db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE);
           if (!intermediate) {
             CERT_DestroyCertList(cert_chain);
             core->PostOrRunCallback(
                 FROM_HERE,
-                base::Bind(&AddLogEvent, core->weak_net_log_,
+                base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                            NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                           make_scoped_refptr(
-                               new NetLogIntegerParameter("cert_count", 0))));
+                           NetLog::IntegerCallback("cert_count", 0)));
             return SECFailure;
           }
           CERT_AddCertToListTail(cert_chain, intermediate);
         }
         PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>(
             PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT)));
         key_context->cbSize = sizeof(*key_context);
         // NSS will free this context when no longer in use, but the
         // |must_free| result from CryptAcquireCertificatePrivateKey was false
         // so we increment the refcount to negate NSS's future decrement.
         CryptContextAddRef(crypt_prov, NULL, 0);
         key_context->hCryptProv = crypt_prov;
         key_context->dwKeySpec = key_spec;
         *result_private_key = key_context;
         *result_certs = cert_chain;
 
         int cert_count = 1 + intermediates.size();
         core->PostOrRunCallback(
             FROM_HERE,
-            base::Bind(&AddLogEvent, core->weak_net_log_,
+            base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                        NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                       make_scoped_refptr(
-                           new NetLogIntegerParameter("cert_count",
-                                                       cert_count))));
+                       NetLog::IntegerCallback("cert_count", cert_count)));
         return SECSuccess;
       }
       LOG(WARNING) << "Client cert found without private key";
     }
 
     // Send no client certificate.
     core->PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, core->weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                    NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                   make_scoped_refptr(
-                       new NetLogIntegerParameter("cert_count", 0))));
+                   NetLog::IntegerCallback("cert_count", 0)));
     return SECFailure;
   }
 
   core->nss_handshake_state_.client_certs.clear();
 
   std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames);
   for (int i = 0; i < ca_names->nnames; ++i) {
     issuer_list[i].cbData = ca_names->names[i].len;
     issuer_list[i].pbData = ca_names->names[i].data;
   }
 
   // Client certificates of the user are in the "MY" system certificate store.
   HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY");
   if (!my_cert_store) {
     PLOG(ERROR) << "Could not open the \"MY\" system certificate store";
 
     core->PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, core->weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                    NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                   make_scoped_refptr(
-                       new NetLogIntegerParameter("cert_count", 0))));
+                   NetLog::IntegerCallback("cert_count", 0)));
     return SECFailure;
   }
 
   // Enumerate the client certificates.
   CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para;
   memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para));
   find_by_issuer_para.cbSize = sizeof(find_by_issuer_para);
   find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH;
   find_by_issuer_para.cIssuer = ca_names->nnames;
   find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL;
@@ skipping 121 matching lines @@
         }
       }
       if (os_error == noErr) {
         int cert_count = 0;
         if (chain) {
           cert_count = CFArrayGetCount(chain);
           CFRelease(chain);
         }
         core->PostOrRunCallback(
             FROM_HERE,
-            base::Bind(&AddLogEvent, core->weak_net_log_,
+            base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                        NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                       make_scoped_refptr(
-                           new NetLogIntegerParameter("cert_count",
-                                                      cert_count))));
+                       NetLog::IntegerCallback("cert_count", cert_count)));
         return SECSuccess;
       }
       OSSTATUS_LOG(WARNING, os_error)
           << "Client cert found, but could not be used";
       if (*result_certs) {
         CERT_DestroyCertList(*result_certs);
         *result_certs = NULL;
       }
       if (*result_private_key)
         *result_private_key = NULL;
       if (private_key)
         CFRelease(private_key);
       if (chain)
         CFRelease(chain);
     }
 
     // Send no client certificate.
     core->PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, core->weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                    NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                   make_scoped_refptr(
-                       new NetLogIntegerParameter("cert_count", 0))));
+                   NetLog::IntegerCallback("cert_count", 0)));
     return SECFailure;
   }
 
   core->nss_handshake_state_.client_certs.clear();
 
   // First, get the cert issuer names allowed by the server.
   std::vector<CertPrincipal> valid_issuers;
   int n = ca_names->nnames;
   for (int i = 0; i < n; i++) {
     // Parse each name into a CertPrincipal object.
@@ skipping 32 matching lines @@
     PRFileDesc* socket,
     CERTDistNames* ca_names,
     CERTCertificate** result_certificate,
     SECKEYPrivateKey** result_private_key) {
   Core* core = reinterpret_cast<Core*>(arg);
   DCHECK(core->OnNSSTaskRunner());
 
   core->PostOrRunCallback(
       FROM_HERE,
       base::Bind(&AddLogEvent, core->weak_net_log_,
-                 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED,
-                 scoped_refptr<NetLog::EventParameters>()));
+                 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
 
   const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
 
   // Check if a domain-bound certificate is requested.
   if (DomainBoundCertNegotiated(socket)) {
     return core->DomainBoundClientAuthHandler(
         cert_types, result_certificate, result_private_key);
   }
 
   // Regular client certificate requested.
   core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
   void* wincx  = SSL_RevealPinArg(socket);
 
   // Second pass: a client certificate should have been selected.
   if (core->ssl_config_.send_client_cert) {
     if (core->ssl_config_.client_cert) {
       CERTCertificate* cert = CERT_DupCertificate(
           core->ssl_config_.client_cert->os_cert_handle());
       SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx);
       if (privkey) {
         // TODO(jsorianopastor): We should wait for server certificate
         // verification before sending our credentials.  See
         // http://crbug.com/13934.
         *result_certificate = cert;
         *result_private_key = privkey;
         // A cert_count of -1 means the number of certificates is unknown.
         // NSS will construct the certificate chain.
         core->PostOrRunCallback(
             FROM_HERE,
-            base::Bind(&AddLogEvent, core->weak_net_log_,
+            base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                        NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                       make_scoped_refptr(
-                           new NetLogIntegerParameter("cert_count", -1))));
+                       NetLog::IntegerCallback("cert_count", -1)));
 
         return SECSuccess;
       }
       LOG(WARNING) << "Client cert found without private key";
     }
     // Send no client certificate.
     core->PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, core->weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, core->weak_net_log_,
                    NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                   make_scoped_refptr(
-                       new NetLogIntegerParameter("cert_count", 0))));
+                   NetLog::IntegerCallback("cert_count", 0)));
     return SECFailure;
   }
 
   core->nss_handshake_state_.client_certs.clear();
 
   // Iterate over all client certificates.
   CERTCertList* client_certs = CERT_FindUserCertsByUsage(
       CERT_GetDefaultCertDB(), certUsageSSLClient,
       PR_FALSE, PR_FALSE, wincx);
   if (client_certs) {
@@ skipping 227 matching lines @@
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
 
   if (result < 0)
     return result;
 
   if (!nss_bufs_) {
     LOG(DFATAL) << "!nss_bufs_";
     int rv = ERR_UNEXPECTED;
     PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, weak_net_log_,
                    NetLog::TYPE_SSL_READ_ERROR,
-                   make_scoped_refptr(new SSLErrorParams(rv, 0))));
+                   CreateNetLogSSLErrorCallback(rv, 0)));
     return rv;
   }
 
   bool network_moved;
   int rv;
   do {
     rv = DoPayloadRead();
     network_moved = DoTransportIO();
   } while (rv == ERR_IO_PENDING && network_moved);
 
   return rv;
 }
 
 int SSLClientSocketNSS::Core::DoWriteLoop(int result) {
   DCHECK(OnNSSTaskRunner());
   DCHECK(handshake_callback_called_);
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
 
   if (result < 0)
     return result;
 
   if (!nss_bufs_) {
     LOG(DFATAL) << "!nss_bufs_";
     int rv = ERR_UNEXPECTED;
     PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, weak_net_log_,
                    NetLog::TYPE_SSL_READ_ERROR,
-                   make_scoped_refptr(new SSLErrorParams(rv, 0))));
+                   CreateNetLogSSLErrorCallback(rv, 0)));
     return rv;
   }
 
   bool network_moved;
   int rv;
   do {
     rv = DoPayloadWrite();
     network_moved = DoTransportIO();
   } while (rv == ERR_IO_PENDING && network_moved);
 
@@ skipping 12 matching lines @@
   // code so that the higher level code will attempt to delete the socket and
   // redo the handshake.
   if (client_auth_cert_needed_) {
     if (domain_bound_cert_xtn_negotiated_) {
       GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE);
       net_error = ERR_IO_PENDING;
     } else {
       net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
       PostOrRunCallback(
           FROM_HERE,
-          base::Bind(&AddLogEvent, weak_net_log_,
+          base::Bind(&AddLogEventWithCallback, weak_net_log_,
                      NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-                     make_scoped_refptr(new SSLErrorParams(net_error, 0))));
+                     CreateNetLogSSLErrorCallback(net_error, 0)));
 
       // If the handshake already succeeded (because the server requests but
       // doesn't require a client cert), we need to invalidate the SSL session
       // so that we won't try to resume the non-client-authenticated session in
       // the next handshake.  This will cause the server to ask for a client
       // cert again.
       if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess)
         LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError();
     }
   } else if (rv == SECSuccess) {
     if (!handshake_callback_called_) {
       // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 -
       // SSL_ForceHandshake returned SECSuccess prematurely.
       rv = SECFailure;
       net_error = ERR_SSL_PROTOCOL_ERROR;
       PostOrRunCallback(
           FROM_HERE,
-          base::Bind(&AddLogEvent, weak_net_log_,
+          base::Bind(&AddLogEventWithCallback, weak_net_log_,
                      NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-                     make_scoped_refptr(
-                         new SSLErrorParams(net_error, 0))));
+                     CreateNetLogSSLErrorCallback(net_error, 0)));
     } else {
   #if defined(SSL_ENABLE_OCSP_STAPLING)
       // TODO(agl): figure out how to plumb an OCSP response into the Mac
       // system library and update IsOCSPStaplingSupported for Mac.
       if (!nss_handshake_state_.predicted_cert_chain_correct &&
           IsOCSPStaplingSupported()) {
         unsigned int len = 0;
         SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len);
         if (len) {
           const unsigned int orig_len = len;
@@ skipping 54 matching lines @@
         ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) {
       net_error = ERR_SSL_PROTOCOL_ERROR;
     }
 
     // If not done, stay in this state
     if (net_error == ERR_IO_PENDING) {
       GotoState(STATE_HANDSHAKE);
     } else {
       PostOrRunCallback(
           FROM_HERE,
-          base::Bind(&AddLogEvent, weak_net_log_,
+          base::Bind(&AddLogEventWithCallback, weak_net_log_,
                      NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-                     make_scoped_refptr(
-                         new SSLErrorParams(net_error, prerr))));
+                     CreateNetLogSSLErrorCallback(net_error, prerr)));
     }
   }
 
   return net_error;
 }
 
 int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) {
   SECStatus rv;
   PostOrRunCallback(
       FROM_HERE,
@@ skipping 17 matching lines @@
   SECKEYPrivateKey* key;
   int error = ImportDBCertAndKey(&cert, &key);
   if (error != OK)
     return error;
 
   CERTCertificateList* cert_chain =
       CERT_CertChainFromCert(cert, certUsageSSLClient, PR_FALSE);
 
   PostOrRunCallback(
       FROM_HERE,
-      base::Bind(&AddLogEvent, weak_net_log_,
+      base::Bind(&AddLogEventWithCallback, weak_net_log_,
                  NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                 make_scoped_refptr(
-                     new NetLogIntegerParameter("cert_count",
-                                                cert_chain->len))));
+                 NetLog::IntegerCallback("cert_count", cert_chain->len)));
 
   rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain);
   if (rv != SECSuccess)
     return MapNSSError(PORT_GetError());
 
   GotoState(STATE_HANDSHAKE);
   return OK;
 }
 
 int SSLClientSocketNSS::Core::DoPayloadRead() {
   DCHECK(OnNSSTaskRunner());
   DCHECK(user_read_buf_);
   DCHECK_GT(user_read_buf_len_, 0);
 
   int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_);
   if (client_auth_cert_needed_) {
     // We don't need to invalidate the non-client-authenticated SSL session
     // because the server will renegotiate anyway.
     rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
     PostOrRunCallback(
         FROM_HERE,
-        base::Bind(&AddLogEvent, weak_net_log_,
+        base::Bind(&AddLogEventWithCallback, weak_net_log_,
                    NetLog::TYPE_SSL_READ_ERROR,
-                   make_scoped_refptr(new SSLErrorParams(rv, 0))));
+                   CreateNetLogSSLErrorCallback(rv, 0)));
     return rv;
   }
   if (rv >= 0) {
     PostOrRunCallback(
         FROM_HERE,
         base::Bind(&LogByteTransferEvent, weak_net_log_,
                    NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
                    scoped_refptr<IOBuffer>(user_read_buf_)));
     return rv;
   }
   PRErrorCode prerr = PR_GetError();
   if (prerr == PR_WOULD_BLOCK_ERROR)
     return ERR_IO_PENDING;
 
   rv = HandleNSSError(prerr, false);
   PostOrRunCallback(
       FROM_HERE,
-      base::Bind(&AddLogEvent, weak_net_log_,
+      base::Bind(&AddLogEventWithCallback, weak_net_log_,
                  NetLog::TYPE_SSL_READ_ERROR,
-                 make_scoped_refptr(new SSLErrorParams(rv, prerr))));
+                 CreateNetLogSSLErrorCallback(rv, prerr)));
   return rv;
 }
 
 int SSLClientSocketNSS::Core::DoPayloadWrite() {
   DCHECK(OnNSSTaskRunner());
 
   DCHECK(user_write_buf_);
 
   int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
   if (rv >= 0) {
     PostOrRunCallback(
         FROM_HERE,
         base::Bind(&LogByteTransferEvent, weak_net_log_,
                    NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
                    scoped_refptr<IOBuffer>(user_write_buf_)));
     return rv;
   }
   PRErrorCode prerr = PR_GetError();
   if (prerr == PR_WOULD_BLOCK_ERROR)
     return ERR_IO_PENDING;
 
   rv = HandleNSSError(prerr, false);
   PostOrRunCallback(
       FROM_HERE,
-      base::Bind(&AddLogEvent, weak_net_log_,
+      base::Bind(&AddLogEventWithCallback, weak_net_log_,
                  NetLog::TYPE_SSL_WRITE_ERROR,
-                 make_scoped_refptr(new SSLErrorParams(rv, prerr))));
+                 CreateNetLogSSLErrorCallback(rv, prerr)));
   return rv;
 }
 
 // Do as much network I/O as possible between the buffer and the
 // transport socket. Return true if some I/O performed, false
 // otherwise (error or ERR_IO_PENDING).
 bool SSLClientSocketNSS::Core::DoTransportIO() {
   DCHECK(OnNSSTaskRunner());
 
   bool network_moved = false;
@@ skipping 225 matching lines @@
       domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE;
       rv = SECFailure;
     }
   } else {
     rv = SECFailure;
   }
 
   int cert_count = (rv == SECSuccess) ? 1 : 0;
   PostOrRunCallback(
       FROM_HERE,
-      base::Bind(&AddLogEvent, weak_net_log_,
+      base::Bind(&AddLogEventWithCallback, weak_net_log_,
                  NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
-                 make_scoped_refptr(
-                     new NetLogIntegerParameter("cert_count",
-                                                cert_count))));
+                 NetLog::IntegerCallback("cert_count", cert_count)));
   return rv;
 }
 
 int SSLClientSocketNSS::Core::ImportDBCertAndKey(CERTCertificate** cert,
                                                  SECKEYPrivateKey** key) {
   // Set the certificate.
   SECItem cert_item;
   cert_item.data = (unsigned char*) domain_bound_cert_.data();
   cert_item.len = domain_bound_cert_.size();
   *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
@@ skipping 184 matching lines @@
 }
 
 int SSLClientSocketNSS::Core::DoGetDomainBoundCert(
     const std::string& origin,
     const std::vector<uint8>& requested_cert_types) {
   DCHECK(OnNetworkTaskRunner());
 
   if (detached_)
     return ERR_FAILED;
 
-  weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL);
+  weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT);
 
   int rv = server_bound_cert_service_->GetDomainBoundCert(
       origin,
       requested_cert_types,
       &domain_bound_cert_type_,
       &domain_bound_private_key_,
       &domain_bound_cert_,
       base::Bind(&Core::OnGetDomainBoundCertComplete, base::Unretained(this)),
       &domain_bound_cert_request_handle_);
 
@@ skipping 224 matching lines @@
 
 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) {
   EnterFunction("");
   DCHECK(transport_.get());
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
   DCHECK(user_connect_callback_.is_null());
   DCHECK(!callback.is_null());
 
   EnsureThreadIdAssigned();
 
-  net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL);
+  net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT);
 
   int rv = Init();
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     return rv;
   }
 
   rv = InitializeSSLOptions();
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
@@ skipping 566 matching lines @@
   }
 
   start_cert_verification_time_ = base::TimeTicks::Now();
 
   if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() &&
       core_->state().predicted_cert_chain_correct) {
     // If the SSLHostInfo had a prediction for the certificate chain of this
     // server then it will have optimistically started a verification of that
     // chain. So, if the prediction was correct, we should wait for that
     // verification to finish rather than start our own.
-    net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL);
+    net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED);
     UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2);
     base::TimeTicks end_time = ssl_host_info_->verification_end_time();
     if (end_time.is_null())
       end_time = base::TimeTicks::Now();
     UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved",
                         end_time - ssl_host_info_->verification_start_time());
     server_cert_verify_result_ = &ssl_host_info_->cert_verify_result();
     return ssl_host_info_->WaitForCertVerification(
         base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
                    base::Unretained(this)));
@@ skipping 172 matching lines @@
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
   return valid_thread_id_ == base::PlatformThread::CurrentId();
 }
 
 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
   return server_bound_cert_service_;
 }
 
 }  // namespace net