Support for client certs in ssl_server_socket.

net/socket/ssl_client_socket.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_
 
 #include <string>
 
 #include "base/gtest_prod_util.h"
 #include "net/base/completion_callback.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/socket/ssl_socket.h"
 #include "net/socket/stream_socket.h"
 #include "net/ssl/ssl_failure_state.h"
 
 namespace net {
 
 class CertPolicyEnforcer;
 class CertVerifier;
 class ChannelIDService;
 class CTVerifier;
 class SSLCertRequestInfo;
 struct SSLConfig;
 class SSLInfo;
+class SSLPrivateKey;
 class TransportSecurityState;
 class X509Certificate;
 
 // This struct groups together several fields which are used by various
 // classes related to SSLClientSocket.
 struct SSLClientSocketContext {
   SSLClientSocketContext()
       : cert_verifier(NULL),
         channel_id_service(NULL),
         transport_security_state(NULL),
@@ skipping 137 matching lines @@
   // Determine if the TLS version required by Section 9.2 of the HTTP/2
   // specification is enabled.  Note that the server might still pick an
   // inadequate TLS version.
   static bool IsTLSVersionAdequateForHTTP2(const SSLConfig& ssl_config);
 
   // Serialize |next_protos| in the wire format for ALPN and NPN: protocols are
   // listed in order, each prefixed by a one-byte length.
   static std::vector<uint8_t> SerializeNextProtos(
       const NextProtoVector& next_protos);
 
+  // For unit testing only.
+  // Specify a client certificate and the RSA private key to be used with it.
+  virtual void ForceClientCertificateAndKeyForTesting(
+      const scoped_refptr<X509Certificate>& client_cert,
+      scoped_ptr<SSLPrivateKey> client_private_key) {}

[davidben, 2015/12/01 22:35:17]

This should no longer be necessary if you rebase.

[ryanchung, 2015/12/02 23:57:03]

Awesome. Done.

+
  private:
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos);
   // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_.
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
                            ConnectSignedCertTimestampsEnabledTLSExtension);
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
                            ConnectSignedCertTimestampsEnabledOCSP);
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
                            ConnectSignedCertTimestampsDisabled);
   FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
                            VerifyServerChainProperlyOrdered);
+  friend class SSLServerSocketTest;
 
   // True if SCTs were received via a TLS extension.
   bool signed_cert_timestamps_received_;
   // True if a stapled OCSP response was received.
   bool stapled_ocsp_response_received_;
   // Protocol negotiation extension used.
   SSLNegotiationExtension negotiation_extension_;
 };
 
 }  // namespace net
 
 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_H_