Rename ServerBoundCert => ChannelID to reflect the current name

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 506 matching lines @@
 //
 // In the single-threaded mode (where the network and NSS task runners run on
 // the same thread), these are all attempted synchronously, while in the
 // multi-threaded mode, message passing is used.
 //
 // 1) NSS Task Runner: Execute NSS function (DoPayloadRead, DoPayloadWrite,
 //    DoHandshake)
 // 2) NSS Task Runner: Prepare data to go from NSS to an IO function:
 //    (BufferRecv, BufferSend)
 // 3) Network Task Runner: Perform IO on that data (DoBufferRecv,
-//    DoBufferSend, DoGetDomainBoundCert, OnGetDomainBoundCertComplete)
+//    DoBufferSend, DoGetChannelID, OnGetDomainBoundCertComplete)

[wtc, 2014/07/01 19:50:53]

OnGetDomainBoundCertComplete => OnGetChannelIDComplete

[Ryan Hamilton, 2014/07/21 19:12:09]

Done.

 // 4) Both Task Runners: Callback for asynchronous completion or to marshal
 //    data from the network task runner back to NSS (BufferRecvComplete,
 //    BufferSendComplete, OnHandshakeIOComplete)
 //
 /////////////////////////////////////////////////////////////////////////////
 // Single-threaded example
 //
 // |--------------------------Network Task Runner--------------------------|
 //  SSLClientSocketNSS              Core               (Transport Socket)
 //       Read()
@@ skipping 47 matching lines @@
 class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
  public:
   // Creates a new Core.
   //
   // Any calls to NSS are executed on the |nss_task_runner|, while any calls
   // that need to operate on the underlying transport, net log, or server
   // bound certificate fetching will happen on the |network_task_runner|, so
   // that their lifetimes match that of the owning SSLClientSocketNSS.
   //
   // The caller retains ownership of |transport|, |net_log|, and
-  // |server_bound_cert_service|, and they will not be accessed once Detach()
+  // |channel_id_service|, and they will not be accessed once Detach()
   // has been called.
   Core(base::SequencedTaskRunner* network_task_runner,
        base::SequencedTaskRunner* nss_task_runner,
        ClientSocketHandle* transport,
        const HostPortPair& host_and_port,
        const SSLConfig& ssl_config,
        BoundNetLog* net_log,
-       ServerBoundCertService* server_bound_cert_service);
+       ChannelIDService* channel_id_service);
 
   // Called on the network task runner.
   // Transfers ownership of |socket|, an NSS SSL socket, and |buffers|, the
   // underlying memio implementation, to the Core. Returns true if the Core
   // was successfully registered with the socket.
   bool Init(PRFileDesc* socket, memio_Private* buffers);
 
   // Called on the network task runner.
   //
   // Attempts to perform an SSL handshake. If the handshake cannot be
@@ skipping 133 matching lines @@
   static SECStatus ClientChannelIDHandler(
       void* arg,
       PRFileDesc* socket,
       SECKEYPublicKey **out_public_key,
       SECKEYPrivateKey **out_private_key);
 
   // ImportChannelIDKeys is a helper function for turning a DER-encoded cert and
   // key into a SECKEYPublicKey and SECKEYPrivateKey. Returns OK upon success
   // and an error code otherwise.
   // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been
-  // set by a call to ServerBoundCertService->GetDomainBoundCert. The caller
+  // set by a call to ChannelIDService->GetChannelID. The caller
   // takes ownership of the |*cert| and |*key|.
   int ImportChannelIDKeys(SECKEYPublicKey** public_key, SECKEYPrivateKey** key);
 
   // Updates the NSS and platform specific certificates.
   void UpdateServerCert();
   // Update the nss_handshake_state_ with the SignedCertificateTimestampList
   // received in the handshake via a TLS extension.
   void UpdateSignedCertTimestamps();
   // Update the OCSP response cache with the stapled response received in the
   // handshake, and update nss_handshake_state_ with
   // the SignedCertificateTimestampList received in the stapled OCSP response.
   void UpdateStapledOCSPResponse();
   // Updates the nss_handshake_state_ with the negotiated security parameters.
   void UpdateConnectionStatus();
   // Record histograms for channel id support during full handshakes - resumed
   // handshakes are ignored.
   void RecordChannelIDSupportOnNSSTaskRunner();
   // UpdateNextProto gets any application-layer protocol that may have been
   // negotiated by the TLS connection.
   void UpdateNextProto();
 
   ////////////////////////////////////////////////////////////////////////////
   // Methods that are ONLY called on the network task runner:
   ////////////////////////////////////////////////////////////////////////////
   int DoBufferRecv(IOBuffer* buffer, int len);
   int DoBufferSend(IOBuffer* buffer, int len);
-  int DoGetDomainBoundCert(const std::string& host);
+  int DoGetChannelID(const std::string& host);
 
-  void OnGetDomainBoundCertComplete(int result);
+  void OnGetChannelIDComplete(int result);
   void OnHandshakeStateUpdated(const HandshakeState& state);
   void OnNSSBufferUpdated(int amount_in_read_buffer);
   void DidNSSRead(int result);
   void DidNSSWrite(int result);
   void RecordChannelIDSupportOnNetworkTaskRunner(
       bool negotiated_channel_id,
       bool channel_id_enabled,
       bool supports_ecc) const;
 
   ////////////////////////////////////////////////////////////////////////////
@@ skipping 28 matching lines @@
   bool detached_;
 
   // The underlying transport to use for network IO.
   ClientSocketHandle* transport_;
   base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_;
 
   // The current handshake state. Mirrors |nss_handshake_state_|.
   HandshakeState network_handshake_state_;
 
   // The service for retrieving Channel ID keys.  May be NULL.
-  ServerBoundCertService* server_bound_cert_service_;
-  ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;
+  ChannelIDService* channel_id_service_;
+  ChannelIDService::RequestHandle domain_bound_cert_request_handle_;
 
   // The information about NSS task runner.
   int unhandled_buffer_size_;
   bool nss_waiting_read_;
   bool nss_waiting_write_;
   bool nss_is_closed_;
 
   // Set when Read() or Write() successfully reads or writes data to or from the
   // network.
   bool was_ever_used_;
@@ skipping 60 matching lines @@
   // Members that are accessed on both the network task runner and the NSS
   // task runner.
   ////////////////////////////////////////////////////////////////////////////
   scoped_refptr<base::SequencedTaskRunner> network_task_runner_;
   scoped_refptr<base::SequencedTaskRunner> nss_task_runner_;
 
   // Dereferenced only on the network task runner, but bound to tasks destined
   // for the network task runner from the NSS task runner.
   base::WeakPtr<BoundNetLog> weak_net_log_;
 
-  // Written on the network task runner by the |server_bound_cert_service_|,
+  // Written on the network task runner by the |channel_id_service_|,
   // prior to invoking OnHandshakeIOComplete.
   // Read on the NSS task runner when once OnHandshakeIOComplete is invoked
   // on the NSS task runner.
   std::string domain_bound_private_key_;
   std::string domain_bound_cert_;
 
   DISALLOW_COPY_AND_ASSIGN(Core);
 };
 
 SSLClientSocketNSS::Core::Core(
     base::SequencedTaskRunner* network_task_runner,
     base::SequencedTaskRunner* nss_task_runner,
     ClientSocketHandle* transport,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     BoundNetLog* net_log,
-    ServerBoundCertService* server_bound_cert_service)
+    ChannelIDService* channel_id_service)
     : detached_(false),
       transport_(transport),
       weak_net_log_factory_(net_log),
-      server_bound_cert_service_(server_bound_cert_service),
+      channel_id_service_(channel_id_service),
       unhandled_buffer_size_(0),
       nss_waiting_read_(false),
       nss_waiting_write_(false),
       nss_is_closed_(false),
       was_ever_used_(false),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       nss_fd_(NULL),
       nss_bufs_(NULL),
       pending_read_result_(kNoPendingReadResult),
@@ skipping 82 matching lines @@
       this);
 #else
   rv = SSL_GetClientAuthDataHook(
       nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this);
 #endif
   if (rv != SECSuccess) {
     LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", "");
     return false;
   }
 
-  if (IsChannelIDEnabled(ssl_config_, server_bound_cert_service_)) {
+  if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
     rv = SSL_SetClientChannelIDCallback(
         nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this);
     if (rv != SECSuccess) {
       LogFailedNSSFunction(
           *weak_net_log_, "SSL_SetClientChannelIDCallback", "");
     }
   }
 
   rv = SSL_SetCanFalseStartCallback(
       nss_fd_, SSLClientSocketNSS::Core::CanFalseStartCallback, this);
@@ skipping 1256 matching lines @@
   core->PostOrRunCallback(
       FROM_HERE,
       base::Bind(&AddLogEvent, core->weak_net_log_,
                  NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED));
 
   // We have negotiated the TLS channel ID extension.
   core->channel_id_xtn_negotiated_ = true;
   std::string host = core->host_and_port_.host();
   int error = ERR_UNEXPECTED;
   if (core->OnNetworkTaskRunner()) {
-    error = core->DoGetDomainBoundCert(host);
+    error = core->DoGetChannelID(host);
   } else {
     bool posted = core->network_task_runner_->PostTask(
         FROM_HERE,
         base::Bind(
-            IgnoreResult(&Core::DoGetDomainBoundCert),
+            IgnoreResult(&Core::DoGetChannelID),
             core, host));
     error = posted ? ERR_IO_PENDING : ERR_ABORTED;
   }
 
   if (error == ERR_IO_PENDING) {
     // Asynchronous case.
     core->channel_id_needed_ = true;
     return SECWouldBlock;
   }
 
@@ skipping 27 matching lines @@
                                                      NULL,
                                                      PR_FALSE,
                                                      PR_TRUE));
   if (cert == NULL)
     return MapNSSError(PORT_GetError());
 
   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
   // Set the private key.
   if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
           slot.get(),
-          ServerBoundCertService::kEPKIPassword,
+          ChannelIDService::kEPKIPassword,
           reinterpret_cast<const unsigned char*>(
               domain_bound_private_key_.data()),
           domain_bound_private_key_.size(),
           &cert->subjectPublicKeyInfo,
           false,
           false,
           key,
           public_key)) {
     int error = MapNSSError(PORT_GetError());
     return error;
@@ skipping 199 matching lines @@
                  ssl_config_.channel_id_enabled,
                  crypto::ECPrivateKey::IsSupported()));
 }
 
 void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNetworkTaskRunner(
     bool negotiated_channel_id,
     bool channel_id_enabled,
     bool supports_ecc) const {
   DCHECK(OnNetworkTaskRunner());
 
-  RecordChannelIDSupport(server_bound_cert_service_,
+  RecordChannelIDSupport(channel_id_service_,
                          negotiated_channel_id,
                          channel_id_enabled,
                          supports_ecc);
 }
 
 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) {
   DCHECK(OnNetworkTaskRunner());
   DCHECK_GT(len, 0);
 
   if (detached_)
@@ skipping 29 matching lines @@
   if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
     nss_task_runner_->PostTask(
         FROM_HERE,
         base::Bind(&Core::BufferSendComplete, this, rv));
     return rv;
   }
 
   return rv;
 }
 
-int SSLClientSocketNSS::Core::DoGetDomainBoundCert(const std::string& host) {
+int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) {
   DCHECK(OnNetworkTaskRunner());
 
   if (detached_)
     return ERR_ABORTED;
 
   weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT);
 
-  int rv = server_bound_cert_service_->GetOrCreateDomainBoundCert(
+  int rv = channel_id_service_->GetOrCreateChannelID(
       host,
       &domain_bound_private_key_,
       &domain_bound_cert_,
-      base::Bind(&Core::OnGetDomainBoundCertComplete, base::Unretained(this)),
+      base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)),
       &domain_bound_cert_request_handle_);
 
   if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) {
     nss_task_runner_->PostTask(
         FROM_HERE,
         base::Bind(&Core::OnHandshakeIOComplete, this, rv));
     return ERR_IO_PENDING;
   }
 
   return rv;
@@ skipping 59 matching lines @@
     return;
   }
 
   DCHECK(OnNSSTaskRunner());
 
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING)
     DoConnectCallback(rv);
 }
 
-void SSLClientSocketNSS::Core::OnGetDomainBoundCertComplete(int result) {
+void SSLClientSocketNSS::Core::OnGetChannelIDComplete(int result) {
   DVLOG(1) << __FUNCTION__ << " " << result;
   DCHECK(OnNetworkTaskRunner());
 
   OnHandshakeIOComplete(result);
 }
 
 void SSLClientSocketNSS::Core::BufferRecvComplete(
     IOBuffer* read_buffer,
     int result) {
   DCHECK(read_buffer);
@@ skipping 64 matching lines @@
     scoped_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
     const SSLClientSocketContext& context)
     : nss_task_runner_(nss_task_runner),
       transport_(transport_socket.Pass()),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       cert_verifier_(context.cert_verifier),
       cert_transparency_verifier_(context.cert_transparency_verifier),
-      server_bound_cert_service_(context.server_bound_cert_service),
+      channel_id_service_(context.channel_id_service),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       completed_handshake_(false),
       next_handshake_state_(STATE_NONE),
       nss_fd_(NULL),
       net_log_(transport_->socket()->NetLog()),
       transport_security_state_(context.transport_security_state),
       valid_thread_id_(base::kInvalidThreadId) {
   EnterFunction("");
   InitCore();
   LeaveFunction("");
@@ skipping 290 matching lines @@
   return OK;
 }
 
 void SSLClientSocketNSS::InitCore() {
   core_ = new Core(base::ThreadTaskRunnerHandle::Get().get(),
                    nss_task_runner_.get(),
                    transport_.get(),
                    host_and_port_,
                    ssl_config_,
                    &net_log_,
-                   server_bound_cert_service_);
+                   channel_id_service_);
 }
 
 int SSLClientSocketNSS::InitializeSSLOptions() {
   // Transport connected, now hook it up to nss
   nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize);
   if (nss_fd_ == NULL) {
     return ERR_OUT_OF_MEMORY;  // TODO(port): map NSPR error code.
   }
 
   // Grab pointer to buffers
@@ skipping 475 matching lines @@
         SignedCertificateTimestampAndStatus(*iter,
                                             ct::SCT_STATUS_LOG_UNKNOWN));
   }
 }
 
 scoped_refptr<X509Certificate>
 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
   return core_->state().server_cert.get();
 }
 
-ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
-  return server_bound_cert_service_;
+ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
+  return channel_id_service_;
 }
 
 }  // namespace net