Support for client certs in ssl_server_socket.

net/socket/ssl_client_socket_openssl.cc

Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 00ccb3f90585b94068516f96b63448acb02bc683..6baf0e581e432abdcea6286041a7e3a373037020 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -94,64 +94,6 @@ const uint8_t kTbProtocolVersionMinor = 3;
 const uint8_t kTbMinProtocolVersionMajor = 0;
 const uint8_t kTbMinProtocolVersionMinor = 2;
 
-void FreeX509Stack(STACK_OF(X509)* ptr) {
-  sk_X509_pop_free(ptr, X509_free);
-}
-
-using ScopedX509Stack = crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>;
-
-// Used for encoding the |connection_status| field of an SSLInfo object.
-int EncodeSSLConnectionStatus(uint16 cipher_suite,
-                              int compression,
-                              int version) {
-  return cipher_suite |
-         ((compression & SSL_CONNECTION_COMPRESSION_MASK) <<
-          SSL_CONNECTION_COMPRESSION_SHIFT) |
-         ((version & SSL_CONNECTION_VERSION_MASK) <<
-          SSL_CONNECTION_VERSION_SHIFT);
-}
-
-// Returns the net SSL version number (see ssl_connection_status_flags.h) for
-// this SSL connection.
-int GetNetSSLVersion(SSL* ssl) {
-  switch (SSL_version(ssl)) {
-    case TLS1_VERSION:
-      return SSL_CONNECTION_VERSION_TLS1;
-    case TLS1_1_VERSION:
-      return SSL_CONNECTION_VERSION_TLS1_1;
-    case TLS1_2_VERSION:
-      return SSL_CONNECTION_VERSION_TLS1_2;
-    default:
-      NOTREACHED();
-      return SSL_CONNECTION_VERSION_UNKNOWN;
-  }
-}
-
-ScopedX509 OSCertHandleToOpenSSL(
-    X509Certificate::OSCertHandle os_handle) {
-#if defined(USE_OPENSSL_CERTS)
-  return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));
-#else  // !defined(USE_OPENSSL_CERTS)
-  std::string der_encoded;
-  if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))
-    return ScopedX509();
-  const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
-  return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));
-#endif  // defined(USE_OPENSSL_CERTS)
-}
-
-ScopedX509Stack OSCertHandlesToOpenSSL(
-    const X509Certificate::OSCertHandles& os_handles) {
-  ScopedX509Stack stack(sk_X509_new_null());
-  for (size_t i = 0; i < os_handles.size(); i++) {
-    ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);
-    if (!x509)
-      return ScopedX509Stack();
-    sk_X509_push(stack.get(), x509.release());
-  }
-  return stack.Pass();
-}
-
 int LogErrorCallback(const char* str, size_t len, void* context) {
   LOG(ERROR) << base::StringPiece(str, len);
   return 1;
@@ -1873,9 +1815,11 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
 #else
     // TODO(davidben): Lift this call up to the embedder so we can actually test
     // this code. https://crbug.com/394131
-    private_key_ = FetchClientCertPrivateKey(
-        ssl_config_.client_cert.get(),
-        g_platform_key_task_runner.Get().task_runner());
+    if (!private_key_) {
+      private_key_ = FetchClientCertPrivateKey(
+          ssl_config_.client_cert.get(),
+          g_platform_key_task_runner.Get().task_runner());
+    }
     if (!private_key_) {
       // Could not find the private key. Fail the handshake and surface an
       // appropriate error to the caller.
@@ -2314,4 +2258,12 @@ int SSLClientSocketOpenSSL::TokenBindingParse(const uint8_t* contents,
   return 0;
 }
 
+void SSLClientSocketOpenSSL::ForceClientCertificateAndKeyForTesting(
+    const scoped_refptr<X509Certificate>& client_cert,
+    scoped_ptr<SSLPrivateKey> client_private_key) {
+  ssl_config_.send_client_cert = true;
+  ssl_config_.client_cert = client_cert;
+  private_key_ = client_private_key.Pass();
+}
+
 }  // namespace net