Added SSLHostInfo. Storing of server host info to our standard disk cache.

net/socket/ssl_client_socket_nss.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
 
 #include <certt.h>
 #include <keyt.h>
 #include <nspr.h>
@@ skipping 24 matching lines @@
 }
 
 namespace net {
 
 class BoundNetLog;
 class CertVerifier;
 class CTVerifier;
 class ClientSocketHandle;
 class ServerBoundCertService;
 class SingleRequestCertVerifier;
+class SSLHostInfo;

[wtc, 2014/01/15 19:08:59]

This forward declaration is not necessary because it is in ssl_client_socket.h.

[ramant (doing other things), 2014/01/18 00:21:56]

Done.

 class TransportSecurityState;
 class X509Certificate;
 
 // An SSL client socket implemented with Mozilla NSS.
 class SSLClientSocketNSS : public SSLClientSocket {
  public:
   // Takes ownership of the |transport_socket|, which must already be connected.
   // The hostname specified in |host_and_port| will be compared with the name(s)
   // in the server's certificate during the SSL handshake.  If SSL client
   // authentication is requested, the host_and_port field of SSLCertRequestInfo
   // will be populated with |host_and_port|.  |ssl_config| specifies
   // the SSL settings.
   //
   // Because calls to NSS may block, such as due to needing to access slow
   // hardware or needing to synchronously unlock protected tokens, calls to
   // NSS may optionally be run on a dedicated thread. If synchronous/blocking
   // behaviour is desired, for performance or compatibility, the current task
   // runner should be supplied instead.
   SSLClientSocketNSS(base::SequencedTaskRunner* nss_task_runner,
                      scoped_ptr<ClientSocketHandle> transport_socket,
                      const HostPortPair& host_and_port,
                      const SSLConfig& ssl_config,
+                     SSLHostInfo* ssl_host_info,
                      const SSLClientSocketContext& context);
   virtual ~SSLClientSocketNSS();
 
   // SSLClientSocket implementation.
   virtual void GetSSLCertRequestInfo(
       SSLCertRequestInfo* cert_request_info) OVERRIDE;
   virtual NextProtoStatus GetNextProto(std::string* proto,
                                        std::string* server_protos) OVERRIDE;
 
   // SSLSocket implementation.
@@ skipping 29 matching lines @@
   virtual bool SetSendBufferSize(int32 size) OVERRIDE;
   virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
 
  private:
   // Helper class to handle marshalling any NSS interaction to and from the
   // NSS and network task runners. Not every call needs to happen on the Core
   class Core;
 
   enum State {
     STATE_NONE,
+    STATE_LOAD_SSL_HOST_INFO,
     STATE_HANDSHAKE,
     STATE_HANDSHAKE_COMPLETE,
     STATE_VERIFY_CERT,
     STATE_VERIFY_CERT_COMPLETE,
   };
 
   int Init();
   void InitCore();
 
   // Initializes NSS SSL options.  Returns a net error code.
   int InitializeSSLOptions();
 
   // Initializes the socket peer name in SSL.  Returns a net error code.
   int InitializeSSLPeerName();
 
   void DoConnectCallback(int result);
   void OnHandshakeIOComplete(int result);
 
+  void LoadSSLHostInfo();
+  int DoLoadSSLHostInfo();
+
   int DoHandshakeLoop(int last_io_result);
   int DoHandshake();
   int DoHandshakeComplete(int result);
   int DoVerifyCert(int result);
   int DoVerifyCertComplete(int result);
+  void SaveSSLHostInfo();
 
   void VerifyCT();
 
   void LogConnectionTypeMetrics() const;
 
   // The following methods are for debugging bug 65948. Will remove this code
   // after fixing bug 65948.
   void EnsureThreadIdAssigned() const;
   bool CalledOnValidThread() const;
 
   // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
   // SCTs are held in three separate vectors in ct_verify_result, each
   // vetor representing a particular verification state, this method associates
   // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
   // the |ssl_info|.signed_certificate_timestamps list.
   void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const;
 
   // The task runner used to perform NSS operations.
   scoped_refptr<base::SequencedTaskRunner> nss_task_runner_;
   scoped_ptr<ClientSocketHandle> transport_;
   HostPortPair host_and_port_;
   SSLConfig ssl_config_;
 
   scoped_refptr<Core> core_;
 
   CompletionCallback user_connect_callback_;
 
-  CertVerifyResult server_cert_verify_result_;
+  // |server_cert_verify_result_| points at the verification result, which may,
+  // or may not be, |&local_server_cert_verify_result_|, depending on whether
+  // we used an SSLHostInfo's verification.
+  const CertVerifyResult* server_cert_verify_result_;
+  CertVerifyResult local_server_cert_verify_result_;
 
   CertVerifier* const cert_verifier_;
   scoped_ptr<SingleRequestCertVerifier> verifier_;
 
   // Certificate Transparency: Verifier and result holder.
   ct::CTVerifyResult ct_verify_result_;
   CTVerifier* cert_transparency_verifier_;
 
   // The service for retrieving Channel ID keys.  May be NULL.
   ServerBoundCertService* server_bound_cert_service_;
@@ skipping 10 matching lines @@
 
   // The NSS SSL state machine. This is owned by |core_|.
   // TODO(rsleevi): http://crbug.com/130616 - Remove this member once
   // ExportKeyingMaterial is updated to be asynchronous.
   PRFileDesc* nss_fd_;
 
   BoundNetLog net_log_;
 
   base::TimeTicks start_cert_verification_time_;
 
+  scoped_ptr<SSLHostInfo> ssl_host_info_;
+
   TransportSecurityState* transport_security_state_;
 
   // The following two variables are added for debugging bug 65948. Will
   // remove this code after fixing bug 65948.
   // Added the following code Debugging in release mode.
   mutable base::Lock lock_;
   // This is mutable so that CalledOnValidThread can set it.
   // It's guarded by |lock_|.
   mutable base::PlatformThreadId valid_thread_id_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_