Support for server session cache.

remoting/protocol/ssl_hmac_channel_authenticator.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
 
 #include <stdint.h>
 
 #include <utility>
 
@@ skipping 172 matching lines @@
 
 scoped_ptr<SslHmacChannelAuthenticator>
 SslHmacChannelAuthenticator::CreateForHost(
     const std::string& local_cert,
     scoped_refptr<RsaKeyPair> key_pair,
     const std::string& auth_key) {
   scoped_ptr<SslHmacChannelAuthenticator> result(
       new SslHmacChannelAuthenticator(auth_key));
   result->local_cert_ = local_cert;
   result->local_key_pair_ = key_pair;
+  result->InitializeSSLServerContext();
   return result;
 }
 
 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(
     const std::string& auth_key)
     : auth_key_(auth_key) {
 }
 
 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {
 }
 
-void SslHmacChannelAuthenticator::SecureAndAuthenticate(
-    scoped_ptr<P2PStreamSocket> socket,
-    const DoneCallback& done_callback) {
-  DCHECK(CalledOnValidThread());
-
-  done_callback_ = done_callback;
-
-  int result;
+void SslHmacChannelAuthenticator::InitializeSSLServerContext() {
   if (is_ssl_server()) {
 #if defined(OS_NACL)
     // Client plugin doesn't use server SSL sockets, and so SSLServerSocket
     // implementation is not compiled for NaCl as part of net_nacl.
     NOTREACHED();
-    result = net::ERR_FAILED;
 #else
     scoped_refptr<net::X509Certificate> cert =
         net::X509Certificate::CreateFromBytes(
             local_cert_.data(), local_cert_.length());
     if (!cert.get()) {
       LOG(ERROR) << "Failed to parse X509Certificate";
       NotifyError(net::ERR_FAILED);
       return;
     }
 
     net::SSLServerConfig ssl_config;
     ssl_config.require_ecdhe = true;
 
-    scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket(
-        make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))),
+    server_context_ = net::CreateSSLServerContext(
         cert.get(), *local_key_pair_->private_key(), ssl_config);
+#endif
+  }
+}
+
+void SslHmacChannelAuthenticator::SecureAndAuthenticate(

[davidben, 2016/02/24 21:01:26]

It looks like this only gets called once[*] for each SslHmacChannelAuthenticator
object, which means you don't actually need to separate out
InitializeSSLServerContext from creating the SSLServerSocket. Might be a bit
less churn.

[*]
https://code.google.com/p/chromium/codesearch#chromium/src/remoting/protocol/...

Also it saves all kinds of state and would probably explode if you called it
multiple times. :-)

[ryanchung, 2016/02/25 00:46:39]

Done.

+    scoped_ptr<P2PStreamSocket> socket,
+    const DoneCallback& done_callback) {
+  DCHECK(CalledOnValidThread());
+
+  done_callback_ = done_callback;
+
+  int result;
+  if (is_ssl_server()) {
+#if defined(OS_NACL)
+    // Client plugin doesn't use server SSL sockets, and so SSLServerSocket
+    // implementation is not compiled for NaCl as part of net_nacl.
+    NOTREACHED();
+    result = net::ERR_FAILED;
+#else
+    scoped_ptr<net::SSLServerSocket> server_socket =
+        server_context_->CreateSSLServerSocket(
+            make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))));
     net::SSLServerSocket* raw_server_socket = server_socket.get();
     socket_ = std::move(server_socket);
     result = raw_server_socket->Handshake(
         base::Bind(&SslHmacChannelAuthenticator::OnConnected,
                    base::Unretained(this)));
 #endif
   } else {
     transport_security_state_.reset(new net::TransportSecurityState);
     cert_verifier_.reset(new FailingCertVerifier);
 
@@ skipping 190 matching lines @@
              make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_))));
   }
 }
 
 void SslHmacChannelAuthenticator::NotifyError(int error) {
   base::ResetAndReturn(&done_callback_).Run(error, nullptr);
 }
 
 }  // namespace protocol
 }  // namespace remoting