Set Token-Binding HTTP header

net/http/http_network_transaction.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_HTTP_HTTP_NETWORK_TRANSACTION_H_
 #define NET_HTTP_HTTP_NETWORK_TRANSACTION_H_
 
 #include <stdint.h>
 
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/time/time.h"
+#include "crypto/ec_private_key.h"

[davidben, 2015/11/18 20:49:00]

I think you can still forward-decl this.

[nharper, 2015/12/04 01:42:19]

Yes I can. Done.

 #include "net/base/request_priority.h"
 #include "net/http/http_auth.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_stream_factory.h"
 #include "net/http/http_transaction.h"
 #include "net/log/net_log.h"
 #include "net/proxy/proxy_service.h"
 #include "net/socket/connection_attempts.h"
+#include "net/ssl/channel_id_service.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/ssl/ssl_failure_state.h"
 #include "net/websockets/websocket_handshake_stream_base.h"
 
 namespace net {
 
 class ClientSocketHandle;
 class HttpAuthController;
 class HttpNetworkSession;
 class HttpStream;
@@ skipping 94 matching lines @@
   enum State {
     STATE_NOTIFY_BEFORE_CREATE_STREAM,
     STATE_CREATE_STREAM,
     STATE_CREATE_STREAM_COMPLETE,
     STATE_INIT_STREAM,
     STATE_INIT_STREAM_COMPLETE,
     STATE_GENERATE_PROXY_AUTH_TOKEN,
     STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE,
     STATE_GENERATE_SERVER_AUTH_TOKEN,
     STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE,
+    STATE_GET_TOKEN_BINDING_KEY,
+    STATE_GET_TOKEN_BINDING_KEY_COMPLETE,
     STATE_INIT_REQUEST_BODY,
     STATE_INIT_REQUEST_BODY_COMPLETE,
     STATE_BUILD_REQUEST,
     STATE_BUILD_REQUEST_COMPLETE,
     STATE_SEND_REQUEST,
     STATE_SEND_REQUEST_COMPLETE,
     STATE_READ_HEADERS,
     STATE_READ_HEADERS_COMPLETE,
     STATE_READ_BODY,
     STATE_READ_BODY_COMPLETE,
     STATE_DRAIN_BODY_FOR_AUTH_RESTART,
     STATE_DRAIN_BODY_FOR_AUTH_RESTART_COMPLETE,
     STATE_NONE
   };
 
   bool IsSecureRequest() const;
+  bool IsTokenBindingEnabled() const;
+  void RecordTokenBindingSupport() const;
 
   // Returns true if the request is using an HTTP(S) proxy without being
   // tunneled via the CONNECT method.
   bool UsingHttpProxyWithoutTunnel() const;
 
   void DoCallback(int result);
   void OnIOComplete(int result);
 
   // Runs the state transition loop.
   int DoLoop(int result);
 
   // Each of these methods corresponds to a State value.  Those with an input
   // argument receive the result from the previous state.  If a method returns
   // ERR_IO_PENDING, then the result from OnIOComplete will be passed to the
   // next state method as the result arg.
   int DoNotifyBeforeCreateStream();
   int DoCreateStream();
   int DoCreateStreamComplete(int result);
   int DoInitStream();
   int DoInitStreamComplete(int result);
   int DoGenerateProxyAuthToken();
   int DoGenerateProxyAuthTokenComplete(int result);
   int DoGenerateServerAuthToken();
   int DoGenerateServerAuthTokenComplete(int result);
+  int DoGetTokenBindingKey();
+  int DoGetTokenBindingKeyComplete(int result);
   int DoInitRequestBody();
   int DoInitRequestBodyComplete(int result);
   int DoBuildRequest();
   int DoBuildRequestComplete(int result);
   int DoSendRequest();
   int DoSendRequestComplete(int result);
   int DoReadHeaders();
   int DoReadHeadersComplete(int result);
   int DoReadBody();
   int DoReadBodyComplete(int result);
   int DoDrainBodyForAuthRestart();
   int DoDrainBodyForAuthRestartComplete(int result);
 
   void BuildRequestHeaders(bool using_http_proxy_without_tunnel);
+  std::string BuildTokenBindingHeader();
 
   // Writes a log message to help debugging in the field when we block a proxy
   // response to a CONNECT request.
   void LogBlockedTunnelResponse(int response_code) const;
 
   // Called to handle a client certificate request.
   int HandleCertificateRequest(int error);
 
   // Called wherever ERR_HTTP_1_1_REQUIRED or
   // ERR_PROXY_HTTP_1_1_REQUIRED has to be handled.
@@ skipping 101 matching lines @@
   SSLFailureState server_ssl_failure_state_;
   // fallback_error_code contains the error code that caused the last TLS
   // fallback. If the fallback connection results in
   // ERR_SSL_INAPPROPRIATE_FALLBACK (i.e. the server indicated that the
   // fallback should not have been needed) then we use this value to return the
   // original error that triggered the fallback.
   int fallback_error_code_;
   // The SSLFailureState which caused the last TLS version fallback.
   SSLFailureState fallback_failure_state_;
 
+  // Key to use for signing message in Token Binding header.
+  scoped_ptr<crypto::ECPrivateKey> token_binding_key_;
+  // Object to manage lookup of |token_binding_key_|.
+  ChannelIDService::Request token_binding_request_;
+
   HttpRequestHeaders request_headers_;
 
   // The size in bytes of the buffer we use to drain the response body that
   // we want to throw away.  The response body is typically a small error
   // page just a few hundred bytes long.
   static const int kDrainBodyBufferSize = 1024;
 
   // User buffer and length passed to the Read method.
   scoped_refptr<IOBuffer> read_buf_;
   int read_buf_len_;
@@ skipping 28 matching lines @@
 
   ConnectionAttempts connection_attempts_;
   IPEndPoint remote_endpoint_;
 
   DISALLOW_COPY_AND_ASSIGN(HttpNetworkTransaction);
 };
 
 }  // namespace net
 
 #endif  // NET_HTTP_HTTP_NETWORK_TRANSACTION_H_