Convert SignedCertificateClass to be ref_counted, and add an SCTStore in which to store them. Add S…

net/socket/ssl_client_socket_nss.cc

Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 7fee91b5e2c5d485f9a69c17cec3dffcbd55a4ab..d06c38a0ade43cebf184362554f592194fdff4d3 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -94,6 +94,7 @@
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/ct_verifier.h"
+#include "net/cert/sct_status_flags.h"
 #include "net/cert/single_request_cert_verifier.h"
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/cert/x509_util.h"
@@ -2775,6 +2776,21 @@ void SSLClientSocket::ClearSessionCache() {
   SSL_ClearSessionCache();
 }
 
+void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const {
+  // XXX(alcutter): set status properly for unknown logs etc. too.
+  for (ct::SCTList::const_iterator iter =
+       ct_verify_result_.verified_scts.begin();
+       iter != ct_verify_result_.verified_scts.end(); ++iter) {
+    ssl_info->scts.push_back(std::make_pair(*iter, net::kSctStatusOk));
+  }
+  for (ct::SCTList::const_iterator iter =
+       ct_verify_result_.unverified_scts.begin();
+       iter != ct_verify_result_.unverified_scts.end(); ++iter) {
+    ssl_info->scts.push_back(std::make_pair(*iter,
+                                            net::kSctStatusInvalid));
+  }
+}
+
 bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   EnterFunction("");
   ssl_info->Reset();
@@ -2785,6 +2801,9 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
 
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
   ssl_info->cert = server_cert_verify_result_.verified_cert;
+
+  AddSCTInfoToSSLInfo(ssl_info);
+
   ssl_info->connection_status =
       core_->state().ssl_connection_status;
   ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;