Inject CanAddURLToHistory into TopSitesImpl

remoting/protocol/ssl_hmac_channel_authenticator.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
+#include "base/callback_helpers.h"
+#include "base/logging.h"
 #include "crypto/secure_util.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/cert_verifier.h"
 #include "net/cert/x509_certificate.h"
 #include "net/http/transport_security_state.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/ssl_client_socket_openssl.h"
 #include "net/socket/ssl_server_socket.h"
 #include "net/ssl/ssl_config_service.h"
 #include "remoting/base/rsa_key_pair.h"
 #include "remoting/protocol/auth_util.h"
 
 namespace remoting {
 namespace protocol {
 
+namespace {
+
+// A CertVerifier which rejects every certificate.
+class FailingCertVerifier : public net::CertVerifier {
+ public:
+  FailingCertVerifier() {}
+  ~FailingCertVerifier() override {}
+
+  int Verify(net::X509Certificate* cert,
+             const std::string& hostname,
+             int flags,
+             net::CRLSet* crl_set,
+             net::CertVerifyResult* verify_result,
+             const net::CompletionCallback& callback,
+             RequestHandle* out_req,
+             const net::BoundNetLog& net_log) override {
+    verify_result->verified_cert = cert;
+    verify_result->cert_status = net::CERT_STATUS_INVALID;
+    return net::ERR_CERT_INVALID;
+  }
+
+  void CancelRequest(RequestHandle req) override {
+    NOTIMPLEMENTED();
+  }
+};
+
+}  // namespace
+
 // static
 scoped_ptr<SslHmacChannelAuthenticator>
 SslHmacChannelAuthenticator::CreateForClient(
       const std::string& remote_cert,
       const std::string& auth_key) {
   scoped_ptr<SslHmacChannelAuthenticator> result(
       new SslHmacChannelAuthenticator(auth_key));
   result->remote_cert_ = remote_cert;
   return result.Pass();
 }
@@ skipping 51 matching lines @@
                                    local_key_pair_->private_key(),
                                    ssl_config);
     net::SSLServerSocket* raw_server_socket = server_socket.get();
     socket_ = server_socket.Pass();
     result = raw_server_socket->Handshake(
         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
                    base::Unretained(this)));
 #endif
   } else {
     transport_security_state_.reset(new net::TransportSecurityState);
+    cert_verifier_.reset(new FailingCertVerifier);
 
     net::SSLConfig::CertAndStatus cert_and_status;
     cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
     cert_and_status.der_cert = remote_cert_;
 
     net::SSLConfig ssl_config;
     // Certificate verification and revocation checking are not needed
     // because we use self-signed certs. Disable it so that the SSL
     // layer doesn't try to initialize OCSP (OCSP works only on the IO
     // thread).
     ssl_config.cert_io_enabled = false;
     ssl_config.rev_checking_enabled = false;
     ssl_config.allowed_bad_certs.push_back(cert_and_status);
 
     net::HostPortPair host_and_port(kSslFakeHostName, 0);
     net::SSLClientSocketContext context;
     context.transport_security_state = transport_security_state_.get();
+    context.cert_verifier = cert_verifier_.get();
     scoped_ptr<net::ClientSocketHandle> socket_handle(
         new net::ClientSocketHandle);
     socket_handle->SetSocket(socket.Pass());
 
 #if defined(OS_NACL)
     // net_nacl doesn't include ClientSocketFactory.
     socket_.reset(new net::SSLClientSocketOpenSSL(
         socket_handle.Pass(), host_and_port, ssl_config, context));
 #else
     socket_ =
@@ skipping 148 matching lines @@
   return crypto::SecureMemEqual(received_auth_bytes.data(),
                                 &(auth_bytes[0]), kAuthDigestLength);
 }
 
 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {
   if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) {
     DCHECK(socket_.get() != nullptr);
     if (callback_called)
       *callback_called = true;
 
-    CallDoneCallback(net::OK, socket_.Pass());
+    base::ResetAndReturn(&done_callback_).Run(net::OK, socket_.Pass());
   }
 }
 
 void SslHmacChannelAuthenticator::NotifyError(int error) {
-  CallDoneCallback(error, nullptr);
-}
-
-void SslHmacChannelAuthenticator::CallDoneCallback(
-    int error,
-    scoped_ptr<net::StreamSocket> socket) {
-  DoneCallback callback = done_callback_;
-  done_callback_.Reset();
-  callback.Run(error, socket.Pass());
+  base::ResetAndReturn(&done_callback_).Run(error, nullptr);
 }
 
 }  // namespace protocol
 }  // namespace remoting