An implementation of chrome.socket.secure().

extensions/browser/api/socket/socket_api.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/socket/socket_api.h"
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/containers/hash_tables.h"
 #include "chrome/browser/extensions/api/dns/host_resolver_wrapper.h"
+#include "chrome/browser/io_thread.h"
+#include "chrome/browser/profiles/profile.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/resource_context.h"
 #include "extensions/browser/api/socket/socket.h"
 #include "extensions/browser/api/socket/tcp_socket.h"
+#include "extensions/browser/api/socket/tls_socket.h"
 #include "extensions/browser/api/socket/udp_socket.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/permissions/permissions_data.h"
 #include "extensions/common/permissions/socket_permission.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/io_buffer.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/net_util.h"
+#include "net/url_request/url_request_context_getter.h"
 
 namespace extensions {
 
 using content::SocketPermissionRequest;
 
 const char kAddressKey[] = "address";
 const char kPortKey[] = "port";
 const char kBytesWrittenKey[] = "bytesWritten";
 const char kDataKey[] = "data";
 const char kResultCodeKey[] = "resultCode";
 const char kSocketIdKey[] = "socketId";
 
 const char kSocketNotFoundError[] = "Socket not found";
 const char kDnsLookupFailedError[] = "DNS resolution failed";
 const char kPermissionError[] = "App does not have permission";
 const char kNetworkListError[] = "Network lookup failed or unsupported";
 const char kTCPSocketBindError[] =
     "TCP socket does not support bind. For TCP server please use listen.";
 const char kMulticastSocketTypeError[] = "Only UDP socket supports multicast.";
+const char kSecureSocketTypeError[] =
+    "Only TCP sockets are supported for TLS.";
+const char kSocketNotConnectedError[] = "Socket not connected";
 const char kWildcardAddress[] = "*";
 const int kWildcardPort = 0;
 
+namespace {
+// Returns the SSL protocol version (as a uint16) represented by a string.
+// Returns 0 if the string is invalid.
+uint16 SSLProtocolVersionFromString(const std::string& version_str) {
+  uint16 version = 0;  // Invalid.
+  if (version_str == "ssl3") {
+    version = net::SSL_PROTOCOL_VERSION_SSL3;
+  } else if (version_str == "tls1") {
+    version = net::SSL_PROTOCOL_VERSION_TLS1;
+  } else if (version_str == "tls1.1") {
+    version = net::SSL_PROTOCOL_VERSION_TLS1_1;
+  } else if (version_str == "tls1.2") {
+    version = net::SSL_PROTOCOL_VERSION_TLS1_2;
+  }
+  return version;
+}
+}  // namespace
+
 SocketAsyncApiFunction::SocketAsyncApiFunction() {}
 
 SocketAsyncApiFunction::~SocketAsyncApiFunction() {}
 
 bool SocketAsyncApiFunction::PrePrepare() {
   manager_ = CreateSocketResourceManager();
   return manager_->SetBrowserContext(browser_context());
 }
 
 bool SocketAsyncApiFunction::Respond() { return error_.empty(); }
 
 scoped_ptr<SocketResourceManagerInterface>
 SocketAsyncApiFunction::CreateSocketResourceManager() {
   return scoped_ptr<SocketResourceManagerInterface>(
              new SocketResourceManager<Socket>()).Pass();
 }
 
 int SocketAsyncApiFunction::AddSocket(Socket* socket) {
   return manager_->Add(socket);
 }
 
 Socket* SocketAsyncApiFunction::GetSocket(int api_resource_id) {
   return manager_->Get(extension_->id(), api_resource_id);
 }
 
+void SocketAsyncApiFunction::ReplaceSocket(int api_resource_id,
+                                           Socket* socket) {
+  manager_->Replace(extension_->id(), api_resource_id, socket);
+}
+
 base::hash_set<int>* SocketAsyncApiFunction::GetSocketIds() {
   return manager_->GetResourceIds(extension_->id());
 }
 
 void SocketAsyncApiFunction::RemoveSocket(int api_resource_id) {
   manager_->Remove(extension_->id(), api_resource_id);
 }
 
 SocketExtensionWithDnsLookupFunction::SocketExtensionWithDnsLookupFunction()
     : resource_context_(NULL),
@@ skipping 104 matching lines @@
 
 void SocketConnectFunction::AsyncWorkStart() {
   socket_ = GetSocket(socket_id_);
   if (!socket_) {
     error_ = kSocketNotFoundError;
     SetResult(new base::FundamentalValue(-1));
     AsyncWorkCompleted();
     return;
   }
 
+  socket_->set_hostname(hostname_);
+
   SocketPermissionRequest::OperationType operation_type;
   switch (socket_->GetSocketType()) {
     case Socket::TYPE_TCP:
       operation_type = SocketPermissionRequest::TCP_CONNECT;
       break;
     case Socket::TYPE_UDP:
       operation_type = SocketPermissionRequest::UDP_SEND_TO;
       break;
     default:
       NOTREACHED() << "Unknown socket type.";
@@ skipping 673 matching lines @@
     SetResult(new base::FundamentalValue(result));
     return;
   }
 
   base::ListValue* values = new base::ListValue();
   values->AppendStrings((std::vector<std::string>&)static_cast<UDPSocket*>(
                             socket)->GetJoinedGroups());
   SetResult(values);
 }
 
+SocketSecureFunction::SocketSecureFunction() {}
+SocketSecureFunction::~SocketSecureFunction() {}
+
+bool SocketSecureFunction::Prepare() {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  params_ = core_api::socket::Secure::Params::Create(*args_);
+  EXTENSION_FUNCTION_VALIDATE(params_.get());
+  url_request_getter_ = browser_context()->GetRequestContext();
+  return true;
+}
+
+// Override the regular implementation, which would call AsyncWorkCompleted
+// immediately after Work().
+void SocketSecureFunction::AsyncWorkStart() {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+
+  Socket* socket = GetSocket(params_->socket_id);
+  if (!socket) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSocketNotFoundError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  // Make sure that the socket is a TCP client socket.
+  if (socket->GetSocketType() != Socket::TYPE_TCP ||
+      static_cast<TCPSocket*>(socket)->ClientStream() == NULL) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSecureSocketTypeError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  if (!socket->IsConnected()) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSocketNotConnectedError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  Profile* profile = Profile::FromBrowserContext(browser_context());
+  DCHECK(profile);
+
+  scoped_refptr<net::SSLConfigService> config_service(
+      profile->GetSSLConfigService());
+
+  TLSSocket::UpgradeSocketToTLS(
+      socket,
+      config_service,
+      url_request_getter_,
+      extension_id(),
+      params_->options.get(),
+      base::Bind(&SocketSecureFunction::TlsConnectDone, this));
+}
+
+void SocketSecureFunction::TlsConnectDone(scoped_ptr<TLSSocket> socket,
+                                          int result) {
+  // |socket| can only be non-null if |result| == net::OK.
+  DCHECK(result == net::OK || socket == NULL);
+
+  if (socket && result == net::OK) {
+    ReplaceSocket(params_->socket_id, socket.release());
+  } else {
+    RemoveSocket(params_->socket_id);
+    error_ = net::ErrorToString(result);
+  }
+
+  results_ = core_api::socket::Secure::Results::Create(result);
+  AsyncWorkCompleted();
+}
+
 }  // namespace extensions