Update CastSocket connection flow to check for receiver credentials.

chrome/browser/extensions/api/cast_channel/cast_socket.h

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_EXTENSIONS_API_CAST_CHANNEL_CAST_SOCKET_H_
 #define CHROME_BROWSER_EXTENSIONS_API_CAST_CHANNEL_CAST_SOCKET_H_
 
 #include <queue>
 #include <string>
 
@@ skipping 98 matching lines @@
 
  protected:
   // Creates an instance of TCPClientSocket.
   virtual scoped_ptr<net::TCPClientSocket> CreateTcpSocket();
   // Creates an instance of SSLClientSocket.
   virtual scoped_ptr<net::SSLClientSocket> CreateSslSocket();
   // Extracts peer certificate from SSLClientSocket instance when the socket
   // is in cert error state.
   // Returns whether certificate is successfully extracted.
   virtual bool ExtractPeerCert(std::string* cert);
+  // Sends a challenge request to the receiver.
+  virtual void SendAuthChallenge();
+  // Verifies whether the challenge reply received from the peer is valid:
+  // 1. Signature in the reply is valid.
+  // 2. Certificate is rooted to a trusted CA.
+  virtual bool VerifyChallengeReply();
 
  private:
   friend class ApiResourceManager<CastSocket>;
   static const char* service_name() {
     return "CastSocketManager";
   }
 
   // Internal connection states.
   enum ConnectionState {
     CONN_STATE_NONE,
     CONN_STATE_TCP_CONNECT,
     CONN_STATE_TCP_CONNECT_COMPLETE,
     CONN_STATE_SSL_CONNECT,
     CONN_STATE_SSL_CONNECT_COMPLETE,
+    CONN_STATE_AUTH_CHALLENGE_SEND,
+    CONN_STATE_AUTH_CHALLENGE_SEND_COMPLETE,
+    CONN_STATE_AUTH_CHALLENGE_REPLY_COMPLETE,
   };
 
   /////////////////////////////////////////////////////////////////////////////
   // Following methods work together to implement the following flow:
   // 1. Create a new TCP socket and connect to it
   // 2. Create a new SSL socket and try connecting to it
   // 3. If connection fails due to invalid cert authority, then extract the
   //    peer certificate from the error.
   // 4. Whitelist the peer certificate and try #1 and #2 again.
+  // 5. If SSL socket is connected successfully, and if protocol is casts://
+  //    then issue an auth challenge request.
+  // 6. Validate the auth challenge response.
 
   // Main method that performs connection state transitions.
   int DoConnectLoop(int result);
   // Each of the below Do* method is executed in the corresponding
   // connection state. For e.g. when connection state is TCP_CONNECT
   // DoTcpConnect is called, and so on.
   int DoTcpConnect();
   int DoTcpConnectComplete(int result);
   int DoSslConnect();
   int DoSslConnectComplete(int result);
-  int DoSslConnectRetry();
+  int DoAuthChallengeSend();
+  int DoAuthChallengeSendComplete(int result);
+  int DoAuthChallengeReplyComplete(int result);
   /////////////////////////////////////////////////////////////////////////////
 
   // Callback method for callbacks from underlying sockets.
   void OnConnectComplete(int result);
 
+  // Callback method when a challenge request is sent or a reply is received.
+  void OnChallengeEvent(int result);
+
   // Runs the external connection callback and resets it.
   void DoConnectCallback(int result);
 
   // Verifies that the URL is a valid cast:// or casts:// URL and sets url_ to
   // the result.
   bool ParseChannelUrl(const GURL& url);
 
+  // Verify that |certificate| is rooted to a trusted CA and that |signature|
+  // matches |data|.
+  bool VerifyCredentials(const std::string& certificate,
+                         const std::string& signature,
+                         const std::string& data);
+
+  // Sends the given |message| and invokes the given callback when done.
+  void SendMessageInternal(const CastMessage& message,
+                           const net::CompletionCallback& callback);
+
   // Writes data to the socket from the WriteRequest at the head of the queue.
   // Calls OnWriteData() on completion.
   void WriteData();
   void OnWriteData(int result);
 
   // Reads data from the socket into one of the read buffers. Calls
   // OnReadData() on completion.
   void ReadData();
   void OnReadData(int result);
 
@@ skipping 52 matching lines @@
   ConnectionState next_state_;
   // Owned ptr to the underlying TCP socket.
   scoped_ptr<net::TCPClientSocket> tcp_socket_;
   // Owned ptr to the underlying SSL socket.
   scoped_ptr<net::SSLClientSocket> socket_;
   // Certificate of the peer. This field may be empty if the peer
   // certificate is not yet fetched.
   std::string peer_cert_;
   scoped_ptr<net::CertVerifier> cert_verifier_;
   scoped_ptr<net::TransportSecurityState> transport_security_state_;
+  // Reply received from the receiver to a challenge request.
+  scoped_ptr<CastMessage> challenge_reply_;
 
   // Callback invoked when the socket is connected.
   net::CompletionCallback connect_callback_;
 
   // Message header struct. If fields are added, be sure to update
   // kMessageHeaderSize in the .cc.
   struct MessageHeader {
     MessageHeader();
     // Sets the message size.
     void SetMessageSize(size_t message_size);
@@ skipping 27 matching lines @@
   FRIEND_TEST_ALL_PREFIXES(CastSocketTest, TestRead);
   FRIEND_TEST_ALL_PREFIXES(CastSocketTest, TestReadMany);
   DISALLOW_COPY_AND_ASSIGN(CastSocket);
 };
 
 }  // namespace cast_channel
 }  // namespace api
 }  // namespace extensions
 
 #endif  // CHROME_BROWSER_EXTENSIONS_API_CAST_CHANNEL_CAST_SOCKET_H_