Blimp: add support for SSL connections.

blimp/net/ssl_client_transport.cc

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "blimp/net/ssl_client_transport.h"
+
+#include "base/callback.h"
+#include "base/callback_helpers.h"
+#include "blimp/net/exact_match_cert_verifier.h"
+#include "blimp/net/stream_socket_connection.h"
+#include "net/base/host_port_pair.h"
+#include "net/cert/x509_certificate.h"
+#include "net/socket/client_socket_factory.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/ssl_client_socket.h"
+#include "net/socket/stream_socket.h"
+#include "net/socket/tcp_client_socket.h"
+#include "net/ssl/ssl_config.h"
+
+namespace blimp {
+
+SSLClientTransport::SSLClientTransport(const net::IPEndPoint& ip_endpoint,
+                                       scoped_refptr<net::X509Certificate> cert,
+                                       net::NetLog* net_log)
+    : TCPClientTransport(ip_endpoint, net_log),
+      ip_endpoint_(ip_endpoint),
+      cert_verifier_(std::move(cert)) {}
+
+SSLClientTransport::~SSLClientTransport() {}
+
+const std::string SSLClientTransport::GetName() const {

[Ryan Sleevi, 2016/02/23 21:01:32]

random API nit:
1) Any reason this is returning std::string rather than char*
2) The "const std::string" is forcing a copy any time someone does std::string
... = GetName() - is that intentional? It seems rather useless to const-qualify
the return value since you're not returning a const-ref

[Kevin M, 2016/02/24 00:31:42]

No reason, returning a const char* is fine. (Done; all BlimpTransport subclasses
are changed accordingly.)

+  return "SSL";
+}
+
+void SSLClientTransport::OnTCPConnectComplete(int result) {
+  DCHECK_NE(net::ERR_IO_PENDING, result);
+
+  scoped_ptr<net::StreamSocket> tcp_socket = TCPClientTransport::TakeSocket();

[Ryan Sleevi, 2016/02/23 21:01:32]

Acknowledged that you're going to investigate re-designing, but it's something
like this that highlights the layering challenges - you could concievably be
building a TLS socket atop an HTTP proxy (or an HTTP/2 proxy's STREAM
abstraction), hence it's not always guaranteed that the underlying
implementation will be a TCPClientTransport :)

[Kevin M, 2016/02/24 00:31:42]

Acknowledged.

+
+  DVLOG(1) << "TCP connection result=" << result;
+  if (result != net::OK) {
+    OnConnectComplete(result);
+    return;
+  }
+
+  // Construct arguments to use for the SSL socket factory.
+  scoped_ptr<net::ClientSocketHandle> socket_handle(
+      new net::ClientSocketHandle);
+  socket_handle->SetSocket(std::move(tcp_socket));
+
+  net::HostPortPair host_port_pair =
+      net::HostPortPair::FromIPEndPoint(ip_endpoint_);
+
+  net::SSLClientSocketContext create_context;
+  create_context.cert_verifier = &cert_verifier_;
+  create_context.transport_security_state = &transport_security_state_;
+
+  scoped_ptr<net::StreamSocket> ssl_socket(
+      socket_factory()->CreateSSLClientSocket(std::move(socket_handle),
+                                              host_port_pair, net::SSLConfig(),
+                                              create_context));
+
+  if (!ssl_socket) {
+    OnConnectComplete(net::ERR_SSL_PROTOCOL_ERROR);
+    return;
+  }
+
+  result = ssl_socket->Connect(base::Bind(
+      &SSLClientTransport::OnSSLConnectComplete, base::Unretained(this)));
+  SetSocket(std::move(ssl_socket));
+
+  if (result == net::ERR_IO_PENDING) {
+    // SSL connection will complete asynchronously.
+    return;
+  }
+
+  OnSSLConnectComplete(result);
+}
+
+void SSLClientTransport::OnSSLConnectComplete(int result) {
+  DCHECK_NE(net::ERR_IO_PENDING, result);
+  DVLOG(1) << "SSL connection result=" << result;
+
+  OnConnectComplete(result);
+}
+
+}  // namespace blimp