Implement SSL server socket over OpenSSL.

net/socket/ssl_server_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_server_socket_nss.h"
 
 #if defined(OS_WIN)
 #include <winsock2.h>
 #endif
 
@@ skipping 11 matching lines @@
 #include <nss.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
 #include <ssl.h>
 #include <sslerr.h>
 #include <sslproto.h>
 
 #include <limits>
 
+#include "base/callback_helpers.h"
 #include "base/lazy_instance.h"
 #include "base/memory/ref_counted.h"
 #include "crypto/rsa_private_key.h"
 #include "crypto/nss_util_internal.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/socket/nss_ssl_util.h"
 #include "net/socket/ssl_error_params.h"
 
@@ skipping 198 matching lines @@
 
 int SSLServerSocketNSS::SetReceiveBufferSize(int32 size) {
   return transport_socket_->SetReceiveBufferSize(size);
 }
 
 int SSLServerSocketNSS::SetSendBufferSize(int32 size) {
   return transport_socket_->SetSendBufferSize(size);
 }
 
 bool SSLServerSocketNSS::IsConnected() const {
+  // TODO(wtc): Check transport_socket_->IsConnected() as well.

[wtc, 2014/05/16 19:36:14]

This comment should say: find out if we should check
transport_socket_->IsConnected() as well.

I found that this code was originally added in

    http://codereview.chromium.org/7054010

and it hasn't changed since then.

[byungchul, 2014/05/16 19:50:32]

Done.

   return completed_handshake_;
 }
 
 void SSLServerSocketNSS::Disconnect() {
   transport_socket_->Disconnect();
 }
 
 bool SSLServerSocketNSS::IsConnectedAndIdle() const {
   return completed_handshake_ && transport_socket_->IsConnectedAndIdle();
 }
@@ skipping 24 matching lines @@
 
 bool SSLServerSocketNSS::WasEverUsed() const {
   return transport_socket_->WasEverUsed();
 }
 
 bool SSLServerSocketNSS::UsingTCPFastOpen() const {
   return transport_socket_->UsingTCPFastOpen();
 }
 
 bool SSLServerSocketNSS::WasNpnNegotiated() const {
+  NOTIMPLEMENTED();
   return false;
 }
 
 NextProto SSLServerSocketNSS::GetNegotiatedProtocol() const {
   // NPN is not supported by this class.
   return kProtoUnknown;
 }
 
 bool SSLServerSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   NOTIMPLEMENTED();
@@ skipping 186 matching lines @@
   return OK;
 }
 
 void SSLServerSocketNSS::OnSendComplete(int result) {
   if (next_handshake_state_ == STATE_HANDSHAKE) {
     // In handshake phase.
     OnHandshakeIOComplete(result);
     return;
   }
 
+  // TODO(byungchul): This state machine is not correct. Copy the state machine
+  // of SSLClientSocketNSS::OnSendComplete() which handles it better.
   if (!completed_handshake_)
     return;
 
   if (user_write_buf_.get()) {
     int rv = DoWriteLoop(result);
     if (rv != ERR_IO_PENDING)
       DoWriteCallback(rv);
   } else {
     // Ensure that any queued ciphertext is flushed.
     DoTransportIO();
@@ skipping 12 matching lines @@
   if (!user_read_buf_.get() || !completed_handshake_)
     return;
 
   int rv = DoReadLoop(result);
   if (rv != ERR_IO_PENDING)
     DoReadCallback(rv);
 }
 
 void SSLServerSocketNSS::OnHandshakeIOComplete(int result) {
   int rv = DoHandshakeLoop(result);
-  if (rv != ERR_IO_PENDING) {
-    net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
-    if (!user_handshake_callback_.is_null())
-      DoHandshakeCallback(rv);
-  }
+  if (rv == ERR_IO_PENDING)
+    return;
+
+  net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv);
+  if (!user_handshake_callback_.is_null())
+    DoHandshakeCallback(rv);
 }
 
 // Return 0 for EOF,
 // > 0 for bytes transferred immediately,
 // < 0 for error (or the non-error ERR_IO_PENDING).
 int SSLServerSocketNSS::BufferSend(void) {
   if (transport_send_busy_)
     return ERR_IO_PENDING;
 
   const char* buf1;
@@ skipping 171 matching lines @@
   int rv;
   do {
     rv = DoPayloadRead();
     network_moved = DoTransportIO();
   } while (rv == ERR_IO_PENDING && network_moved);
   return rv;
 }
 
 int SSLServerSocketNSS::DoWriteLoop(int result) {
   DCHECK(completed_handshake_);
-  DCHECK(next_handshake_state_ == STATE_NONE);
+  DCHECK_EQ(next_handshake_state_, STATE_NONE);
 
   if (result < 0)
     return result;
 
   if (!nss_bufs_) {
     LOG(DFATAL) << "!nss_bufs_";
     int rv = ERR_UNEXPECTED;
     net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
                       CreateNetLogSSLErrorCallback(rv, 0));
     return rv;
@@ skipping 26 matching lines @@
                  << ", net_error " << net_error;
       net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
                         CreateNetLogSSLErrorCallback(net_error, prerr));
     }
   }
   return net_error;
 }
 
 void SSLServerSocketNSS::DoHandshakeCallback(int rv) {
   DCHECK_NE(rv, ERR_IO_PENDING);
-
-  CompletionCallback c = user_handshake_callback_;
-  user_handshake_callback_.Reset();
-  c.Run(rv > OK ? OK : rv);
+  ResetAndReturn(&user_handshake_callback_).Run(rv > OK ? OK : rv);
 }
 
 void SSLServerSocketNSS::DoReadCallback(int rv) {
   DCHECK(rv != ERR_IO_PENDING);
   DCHECK(!user_read_callback_.is_null());
 
-  // Since Run may result in Read being called, clear |user_read_callback_|
-  // up front.
-  CompletionCallback c = user_read_callback_;
-  user_read_callback_.Reset();
   user_read_buf_ = NULL;
   user_read_buf_len_ = 0;
-  c.Run(rv);
+  ResetAndReturn(&user_read_callback_).Run(rv);
 }
 
 void SSLServerSocketNSS::DoWriteCallback(int rv) {
   DCHECK(rv != ERR_IO_PENDING);
   DCHECK(!user_write_callback_.is_null());
 
-  // Since Run may result in Write being called, clear |user_write_callback_|
-  // up front.
-  CompletionCallback c = user_write_callback_;
-  user_write_callback_.Reset();
   user_write_buf_ = NULL;
   user_write_buf_len_ = 0;
-  c.Run(rv);
+  ResetAndReturn(&user_write_callback_).Run(rv);
 }
 
 // static
 // NSS calls this if an incoming certificate needs to be verified.
 // Do nothing but return SECSuccess.
 // This is called only in full handshake mode.
 // Peer certificate is retrieved in HandshakeCallback() later, which is called
 // in full handshake mode or in resumption handshake mode.
 SECStatus SSLServerSocketNSS::OwnAuthCertHandler(void* arg,
                                                  PRFileDesc* socket,
@@ skipping 17 matching lines @@
   // initializes the NSS base library.
   EnsureNSSSSLInit();
   if (!NSS_IsInitialized())
     return ERR_UNEXPECTED;
 
   EnableSSLServerSockets();
   return OK;
 }
 
 }  // namespace net