An implementation of chrome.socket.secure().

extensions/browser/api/socket/tls_socket.h

+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_SOCKET_TLS_SOCKET_H_
+#define CHROME_BROWSER_EXTENSIONS_API_SOCKET_TLS_SOCKET_H_
+
+#include <string>
+
+#include "extensions/browser/api/socket/socket.h"
+#include "extensions/browser/api/socket/socket_api.h"
+#include "extensions/browser/api/socket/tcp_socket.h"
+#include "net/ssl/ssl_config_service.h"
+
+namespace net {
+class Socket;
+class CertVerifier;
+class TransportSecurityState;
+}
+
+namespace extensions {
+
+class TLSSocket;
+
+// TLS Sockets from the chrome.socket and chrome.socket.tcp APIs. A regular
+// TCPSocket is converted to a TLSSocket via chrome.socket.secure() or
+// chrome.sockets.tcp.secure(). The inheritance here is for interface API
+// compatibility, not for the implementation that comes with it. TLSSocket
+// does not use its superclass's socket state, so all methods are overridden
+// here to prevent any access of ResumableTCPSocket's socket state. Except
+// for the implementation of a write queue in Socket::Write() (a super-super
+// class of ResumableTCPSocket). That implementation only queues and
+// serializes invocations to WriteImpl(), implemented here, and does not
+// touch any socket state.
+class TLSSocket : public ResumableTCPSocket {
+ public:
+  typedef base::Callback<void(scoped_ptr<TLSSocket>, int)> SecureCallback;
+
+  TLSSocket(scoped_ptr<net::StreamSocket> tls_socket,
+            const std::string& owner_extension_id);
+
+  virtual ~TLSSocket();
+
+  // Most of these methods either fail or forward the method call on to the
+  // inner net::StreamSocket. The remaining few do actual TLS work.
+
+  // Fails.
+  virtual void Connect(const std::string& address,
+                       int port,
+                       const CompletionCallback& callback) OVERRIDE;
+  // Forwards.
+  virtual void Disconnect() OVERRIDE;
+
+  // The |callback| will be called with the number of bytes read into the
+  // buffer, or a negative number if an error occurred. Does TLS work.

[Ryan Sleevi, 2014/07/15 00:18:45]

"Does TLS work" should be expanded. At first, I thought this was a question that
had the wrong punctuation.

Perhaps:
// Attempts to read |count| bytes of decrypted data from the TLS socket,
// invoking |callback| with the actual number of bytes read, or a
// network error code if an error occurred.

[lally, 2014/07/16 16:19:45]

Done.

+  virtual void Read(int count, const ReadCompletionCallback& callback) OVERRIDE;
+
+  // Fails. This should have been called on the TCP socket before secure() was
+  // invoked.
+  virtual bool SetKeepAlive(bool enable, int delay) OVERRIDE;
+
+  // Fails. This should have been called on the TCP socket before secure() was
+  // invoked.
+  virtual bool SetNoDelay(bool no_delay) OVERRIDE;
+
+  // Fails. TLSSocket is only a client.
+  virtual int Listen(const std::string& address,
+                     int port,
+                     int backlog,
+                     std::string* error_msg) OVERRIDE;
+
+  // Fails. TLSSocket is only a client.
+  virtual void Accept(const AcceptCompletionCallback& callback) OVERRIDE;
+
+  // Forwards.
+  virtual bool IsConnected() OVERRIDE;
+
+  // Forwards.
+  virtual bool GetPeerAddress(net::IPEndPoint* address) OVERRIDE;
+  // Forwards.
+  virtual bool GetLocalAddress(net::IPEndPoint* address) OVERRIDE;
+
+  // Returns TYPE_TLS.
+  virtual SocketType GetSocketType() const OVERRIDE;
+
+  // Convert |socket| to a TLS socket. |socket| must be an open TCP client
+  // socket. |socket| must not have a pending read. UpgradeSocketToTLS() must
+  // be invoked in the IO thread. |callback| will always be invoked. |options|
+  // may be NULL. Note: |callback| may be synchronously invoked before

[Ryan Sleevi, 2014/07/15 00:18:45]

nit: line break before the Note:

[lally, 2014/07/16 16:19:45]

Done.

+  // UpgradeSocketToTLS() returns. Currently using the older chrome.socket
+  // version of SecureOptions, to avoid having the older API implementation
+  // depend on the newer one.
+  static void UpgradeSocketToTLS(
+      Socket* socket,
+      scoped_refptr<net::SSLConfigService> config_service,
+      net::CertVerifier* cert_verifier,
+      net::TransportSecurityState* transport_security_state,
+      const std::string& extension_id,
+      core_api::socket::SecureOptions* options,
+      const SecureCallback& callback);
+
+ private:
+  virtual int WriteImpl(net::IOBuffer* io_buffer,
+                        int io_buffer_size,
+                        const net::CompletionCallback& callback) OVERRIDE;
+
+  void OnReadComplete(const scoped_refptr<net::IOBuffer>& io_buffer,
+                      int result);
+
+  static void TlsConnectDone(scoped_ptr<net::SSLClientSocket> ssl_socket,
+                             const std::string& extension_id,
+                             const SecureCallback& callback,
+                             int result);
+
+  scoped_ptr<net::StreamSocket> tls_socket_;
+  ReadCompletionCallback read_callback_;
+};
+
+}  // namespace extensions
+
+#endif  // CHROME_BROWSER_EXTENSIONS_API_SOCKET_TLS_SOCKET_H_