An implementation of chrome.socket.secure().

chrome/browser/extensions/api/sockets_tcp/sockets_tcp_api.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/api/sockets_tcp/sockets_tcp_api.h"
 
 #include "chrome/browser/extensions/api/socket/tcp_socket.h"
+#include "chrome/browser/extensions/api/socket/tls_socket.h"
 #include "chrome/browser/extensions/api/sockets_tcp/tcp_socket_event_dispatcher.h"
 #include "chrome/common/extensions/api/sockets/sockets_manifest_data.h"
 #include "content/public/common/socket_permission_request.h"
 #include "net/base/net_errors.h"
+#include "net/url_request/url_request_context_getter.h"
 
 using extensions::ResumableTCPSocket;
 using extensions::api::sockets_tcp::SocketInfo;
 using extensions::api::sockets_tcp::SocketProperties;
 
 namespace {
 
 const char kSocketNotFoundError[] = "Socket not found";
 const char kPermissionError[] = "Does not have permission";
+const char kInvalidSocketStateError[] =
+    "Socket must be a connected client TCP socket.";
+const char kSocketNotConnectedError[] = "Socket not connected";
 
 linked_ptr<SocketInfo> CreateSocketInfo(int socket_id,
                                         ResumableTCPSocket* socket) {
   linked_ptr<SocketInfo> socket_info(new SocketInfo());
   // This represents what we know about the socket, and does not call through
   // to the system.
   socket_info->socket_id = socket_id;
   if (!socket->name().empty()) {
     socket_info->name.reset(new std::string(socket->name()));
   }
@@ skipping 221 matching lines @@
 }
 
 void SocketsTcpConnectFunction::AsyncWorkStart() {
   ResumableTCPSocket* socket = GetTcpSocket(params_->socket_id);
   if (!socket) {
     error_ = kSocketNotFoundError;
     AsyncWorkCompleted();
     return;
   }
 
+  socket->set_hostname(params_->peer_address);
+
   content::SocketPermissionRequest param(
       SocketPermissionRequest::TCP_CONNECT,
       params_->peer_address,
       params_->peer_port);
   if (!SocketsManifestData::CheckRequest(GetExtension(), param)) {
     error_ = kPermissionError;
     AsyncWorkCompleted();
     return;
   }
 
@@ skipping 161 matching lines @@
       int socket_id = *it;
       ResumableTCPSocket* socket = GetTcpSocket(socket_id);
       if (socket) {
         socket_infos.push_back(CreateSocketInfo(socket_id, socket));
       }
     }
   }
   results_ = sockets_tcp::GetSockets::Results::Create(socket_infos);
 }
 
+SocketsTcpSecureFunction::SocketsTcpSecureFunction() {}
+SocketsTcpSecureFunction::~SocketsTcpSecureFunction() {}
+
+bool SocketsTcpSecureFunction::Prepare() {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  params_ = api::socket::Secure::Params::Create(*args_);
+  EXTENSION_FUNCTION_VALIDATE(params_.get());
+  url_request_getter_ = GetProfile()->GetRequestContext();
+  return true;
+}
+
+// Override the regular implementation, which would call AsyncWorkCompleted
+// immediately after Work().
+void SocketsTcpSecureFunction::AsyncWorkStart() {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+
+  ResumableTCPSocket* socket(GetTcpSocket(params_->socket_id));
+  if (!socket) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSocketNotFoundError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  paused_ = socket->paused();
+  persistent_ = socket->persistent();
+
+  // Make sure it's a connected TCP client socket. Error out if it's already
+  // secure()'d.
+  if (socket->GetSocketType() == Socket::TYPE_TLS ||
+      socket->ClientStream() == NULL) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kInvalidSocketStateError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  if (!socket->IsConnected()) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSocketNotConnectedError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  Profile* profile = GetProfile();

[Ryan Sleevi, 2014/02/04 22:28:14]

SECURITY: I don't think it's safe to do this from the IO thread

[lally, 2014/02/11 22:05:35]

This isn't the normal GetProfile() api.  It actually resolves to a static_cast<>
(!).

+  DCHECK(profile);
+
+  TLSSocket::UpgradeSocketToTLS(
+      socket, profile, url_request_getter_, extension_id(),

[Ryan Sleevi, 2014/02/04 22:28:14]

SECURITY: url_request_getter_ may be invalid by the time this runs on the IO
thread, because you didn't take ownership.

[lally, 2014/02/11 22:05:35]

now in a scoped_refptr<>.

+      params_->options.get(),
+      base::Bind(&SocketsTcpSecureFunction::TlsConnectDone,
+                 this));
+}
+
+void SocketsTcpSecureFunction::TlsConnectDone(
+    scoped_ptr<TLSSocket> socket, int result) {

[Ryan Sleevi, 2014/02/04 22:28:14]

STYLE: one parameter per line 

see http://www.chromium.org/developers/coding-style#Code_Formatting

Note: You can run "git cl format" to clean this up, although I recommend doing
that in a *separate* patchset - that is, after addressing all other substantive
issues - so that the diffs are not too unwieldy

[lally, 2014/02/11 22:05:35]

Thanks for the pointer.  I fixed this one.  A general formatting cleanup
patchset sounds pretty good.

+  // |socket| can only be non-null if |result| == net::OK.
+  DCHECK(result == net::OK || socket == NULL);
+
+  if (socket && result == net::OK) {
+    socket->set_persistent(persistent_);
+    socket->set_paused(paused_);
+    SetSocket(params_->socket_id, socket.release());
+  } else {
+    RemoveSocket(params_->socket_id);
+    error_ = net::ErrorToString(result);
+  }
+
+  results_ = api::sockets_tcp::Secure::Results::Create(result);
+  url_request_getter_->Release();

[Ryan Sleevi, 2014/02/04 22:28:14]

SECURITY: manual memory management?

[lally, 2014/02/11 22:05:35]

Fixed.

+  AsyncWorkCompleted();
+}
+
 }  // namespace api
 }  // namespace extensions