Add CTVerifier and CTPolicyEnforcer to cast channel ssl socket

extensions/browser/api/cast_channel/cast_socket.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/cast_channel/cast_socket.h"
 
 #include <stdlib.h>
 #include <string.h>
 
 #include <utility>
@@ skipping 16 matching lines @@
 #include "extensions/browser/api/cast_channel/cast_message_util.h"
 #include "extensions/browser/api/cast_channel/cast_transport.h"
 #include "extensions/browser/api/cast_channel/logger.h"
 #include "extensions/browser/api/cast_channel/logger_util.h"
 #include "extensions/common/api/cast_channel/cast_channel.pb.h"
 #include "net/base/address_list.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/net_errors.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
+#include "net/cert/ct_policy_enforcer.h"
+#include "net/cert/multi_log_ct_verifier.h"
 #include "net/cert/x509_certificate.h"
 #include "net/http/transport_security_state.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/stream_socket.h"
 #include "net/socket/tcp_client_socket.h"
 #include "net/ssl/ssl_config_service.h"
 #include "net/ssl/ssl_info.h"
 
@@ skipping 132 matching lines @@
   // Options cannot be set on the TCPClientSocket yet, because the
   // underlying platform socket will not be created until Bind()
   // or Connect() is called.
 }
 
 std::unique_ptr<net::SSLClientSocket> CastSocketImpl::CreateSslSocket(
     std::unique_ptr<net::StreamSocket> socket) {
   net::SSLConfig ssl_config;
   cert_verifier_ = base::WrapUnique(new FakeCertVerifier);
   transport_security_state_.reset(new net::TransportSecurityState);
+  cert_transparency_verifier_.reset(new net::MultiLogCTVerifier());
+  ct_policy_enforcer_.reset(new net::CTPolicyEnforcer());
+
+  // Note that |context| fields remain owned by CastSocketImpl.
   net::SSLClientSocketContext context;
-  // CertVerifier and TransportSecurityState are owned by us, not the
-  // context object.
   context.cert_verifier = cert_verifier_.get();
   context.transport_security_state = transport_security_state_.get();
+  context.cert_transparency_verifier = cert_transparency_verifier_.get();
+  context.ct_policy_enforcer = ct_policy_enforcer_.get();
 
   std::unique_ptr<net::ClientSocketHandle> connection(
       new net::ClientSocketHandle);
   connection->SetSocket(std::move(socket));
   net::HostPortPair host_and_port = net::HostPortPair::FromIPEndPoint(
       ip_endpoint_);
 
   return net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
       std::move(connection), host_and_port, ssl_config, context);
 }
@@ skipping 411 matching lines @@
   VLOG_WITH_CONNECTION(1) << "SetErrorState " << error_state;
   DCHECK_EQ(CHANNEL_ERROR_NONE, error_state_);
   error_state_ = error_state;
   logger_->LogSocketErrorState(channel_id_, ErrorStateToProto(error_state_));
   delegate_->OnError(error_state_);
 }
 }  // namespace cast_channel
 }  // namespace api
 }  // namespace extensions
 #undef VLOG_WITH_CONNECTION