An implementation of chrome.socket.secure().

extensions/browser/api/socket/tls_socket.h

Index: extensions/browser/api/socket/tls_socket.h
diff --git a/extensions/browser/api/socket/tls_socket.h b/extensions/browser/api/socket/tls_socket.h
new file mode 100644
index 0000000000000000000000000000000000000000..b9db3cad378767263ef6e2a0073e43641aad5cee
--- /dev/null
+++ b/extensions/browser/api/socket/tls_socket.h
@@ -0,0 +1,116 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_EXTENSIONS_API_SOCKET_TLS_SOCKET_H_
+#define CHROME_BROWSER_EXTENSIONS_API_SOCKET_TLS_SOCKET_H_
+
+#include <string>
+
+#include "extensions/browser/api/socket/socket.h"
+#include "extensions/browser/api/socket/socket_api.h"
+#include "extensions/browser/api/socket/tcp_socket.h"
+#include "net/ssl/ssl_config_service.h"
+
+namespace net {
+class Socket;
+}
+
+namespace extensions {
+class TLSSocket;
+typedef base::Callback<void(scoped_ptr<TLSSocket>, int)> SecureCallback;
+
+// TLS Sockets from the chrome.socket and chrome.socket.tcp APIs. A regular
+// TCPSocket is converted to a TLSSocket via chrome.socket.secure() or
+// chrome.sockets.tcp.secure().  The inheritance here is for interface API
+// compatibility, not for the implementation that comes with it. TLSSocket
+// does not use its superclass's socket state, so all methods are overridden
+// here to prevent any access of ResumableTCPSocket's socket state. Except
+// for the implementation of a write queue in Socket::Write() (a super-super
+// class of ResumableTCPSocket). That implementation only queues and
+// serializes invocations to WriteImpl(), implemented here, and does not
+// touch any socket state.
+class TLSSocket : public ResumableTCPSocket {
+ public:
+  TLSSocket(scoped_ptr<net::StreamSocket> tls_socket,
+            const std::string& owner_extension_id);
+
+  virtual ~TLSSocket();
+
+  // Most of these methods either fail or forward the method call on to the
+  // inner net::StreamSocket. The remaining few do actual TLS work.
+
+  // Fails.
+  virtual void Connect(const std::string& address,
+                       int port,
+                       const CompletionCallback& callback) OVERRIDE;
+  // Forwards.
+  virtual void Disconnect() OVERRIDE;
+
+  // The |callback| will be called with the number of bytes read into the
+  // buffer, or a negative number if an error occurred. Does TLS work.
+  virtual void Read(int count, const ReadCompletionCallback& callback) OVERRIDE;
+
+  // Fails. This should have been called on the TCP socket before secure() was
+  // invoked.
+  virtual bool SetKeepAlive(bool enable, int delay) OVERRIDE;
+
+  // Fails. This should have been called on the TCP socket before secure() was
+  // invoked.
+  virtual bool SetNoDelay(bool no_delay) OVERRIDE;
+
+  // Fails. TLSSocket is only a client.
+  virtual int Listen(const std::string& address,
+                     int port,
+                     int backlog,
+                     std::string* error_msg) OVERRIDE;
+
+  // Fails. TLSSocket is only a client.
+  virtual void Accept(const AcceptCompletionCallback& callback) OVERRIDE;
+
+  // Forwards.
+  virtual bool IsConnected() OVERRIDE;
+
+  // Forwards.
+  virtual bool GetPeerAddress(net::IPEndPoint* address) OVERRIDE;
+  // Forwards.
+  virtual bool GetLocalAddress(net::IPEndPoint* address) OVERRIDE;
+
+  // Returns TYPE_TLS.
+  virtual SocketType GetSocketType() const OVERRIDE;
+
+  // Convert |socket| to a TLS socket. |socket| must be an open TCP client
+  // socket. |socket| must not have a pending read. UpgradeSocketToTLS() must
+  // be invoked in the IO thread. |callback| will always be invoked. |options|
+  // may be NULL. Note: |callback| may be synchronously invoked before
+  // UpgradeSocketToTLS() returns. Currently using the older chrome.socket
+  // version of SecureOptions, to avoid having the older API implementation
+  // depend on the newer one.
+  static void UpgradeSocketToTLS(
+      Socket* socket,
+      scoped_refptr<net::SSLConfigService> config_service,
+      scoped_refptr<net::URLRequestContextGetter> url_request_getter,

[Ryan Sleevi, 2014/03/26 19:57:40]

DESIGN: Apologies that I just now noticed this (this is what happens with
long/big reviews :/), but shouldn't we be instead passing CertVerifier and
TransportSecurityState directly (eg: not forcing a dependency on
URLRequestContextGetter here)

We're already passing the SSLConfigService, and passing the CV/TSS (which may
come from the URC, but that's an "implementation detail") seems to be a looser
coupling to the necessary set of dependencies.

[lally, 2014/03/28 16:22:51]

No worries; Done. In the future I'll have to start thinking more strategically
about CL sizes to make this easier for reviewers.

+      const std::string& extension_id,
+      core_api::socket::SecureOptions* options,
+      const SecureCallback& callback);
+
+ private:
+  virtual int WriteImpl(net::IOBuffer* io_buffer,
+                        int io_buffer_size,
+                        const net::CompletionCallback& callback) OVERRIDE;
+
+  void OnReadComplete(const scoped_refptr<net::IOBuffer>& io_buffer,
+                      int result);
+
+  static void TlsConnectDone(scoped_ptr<net::SSLClientSocket> ssl_socket,
+                             const std::string& extension_id,
+                             const SecureCallback& callback,
+                             int result);
+
+  scoped_ptr<net::StreamSocket> tls_socket_;
+  ReadCompletionCallback read_callback_;
+};
+
+}  // namespace extensions
+
+#endif  // CHROME_BROWSER_EXTENSIONS_API_SOCKET_TLS_SOCKET_H_