Index: extensions/browser/api/socket/socket_api.cc |
diff --git a/extensions/browser/api/socket/socket_api.cc b/extensions/browser/api/socket/socket_api.cc |
index 3225827cb88c39f27c2f608c0e855e9f6b44cd59..8a59c1e04654ee59998c1a96862463e5b320b47c 100644 |
--- a/extensions/browser/api/socket/socket_api.cc |
+++ b/extensions/browser/api/socket/socket_api.cc |
@@ -13,6 +13,7 @@ |
#include "extensions/browser/api/dns/host_resolver_wrapper.h" |
#include "extensions/browser/api/socket/socket.h" |
#include "extensions/browser/api/socket/tcp_socket.h" |
+#include "extensions/browser/api/socket/tls_socket.h" |
#include "extensions/browser/api/socket/udp_socket.h" |
#include "extensions/browser/extension_system.h" |
#include "extensions/common/extension.h" |
@@ -24,6 +25,8 @@ |
#include "net/base/net_errors.h" |
#include "net/base/net_log.h" |
#include "net/base/net_util.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
namespace extensions { |
@@ -43,9 +46,29 @@ const char kNetworkListError[] = "Network lookup failed or unsupported"; |
const char kTCPSocketBindError[] = |
"TCP socket does not support bind. For TCP server please use listen."; |
const char kMulticastSocketTypeError[] = "Only UDP socket supports multicast."; |
+const char kSecureSocketTypeError[] = "Only TCP sockets are supported for TLS."; |
+const char kSocketNotConnectedError[] = "Socket not connected"; |
const char kWildcardAddress[] = "*"; |
const int kWildcardPort = 0; |
+namespace { |
+// Returns the SSL protocol version (as a uint16) represented by a string. |
+// Returns 0 if the string is invalid. |
+uint16 SSLProtocolVersionFromString(const std::string& version_str) { |
+ uint16 version = 0; // Invalid. |
+ if (version_str == "ssl3") { |
+ version = net::SSL_PROTOCOL_VERSION_SSL3; |
+ } else if (version_str == "tls1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1; |
+ } else if (version_str == "tls1.1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_1; |
+ } else if (version_str == "tls1.2") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_2; |
+ } |
+ return version; |
+} |
+} // namespace |
+ |
SocketAsyncApiFunction::SocketAsyncApiFunction() {} |
SocketAsyncApiFunction::~SocketAsyncApiFunction() {} |
@@ -71,6 +94,11 @@ Socket* SocketAsyncApiFunction::GetSocket(int api_resource_id) { |
return manager_->Get(extension_->id(), api_resource_id); |
} |
+void SocketAsyncApiFunction::ReplaceSocket(int api_resource_id, |
+ Socket* socket) { |
+ manager_->Replace(extension_->id(), api_resource_id, socket); |
+} |
+ |
base::hash_set<int>* SocketAsyncApiFunction::GetSocketIds() { |
return manager_->GetResourceIds(extension_->id()); |
} |
@@ -195,6 +223,8 @@ void SocketConnectFunction::AsyncWorkStart() { |
return; |
} |
+ socket_->set_hostname(hostname_); |
+ |
SocketPermissionRequest::OperationType operation_type; |
switch (socket_->GetSocketType()) { |
case Socket::TYPE_TCP: |
@@ -888,4 +918,76 @@ void SocketGetJoinedGroupsFunction::Work() { |
SetResult(values); |
} |
+SocketSecureFunction::SocketSecureFunction() { |
+} |
+ |
+SocketSecureFunction::~SocketSecureFunction() { |
+} |
+ |
+bool SocketSecureFunction::Prepare() { |
+ DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
+ params_ = core_api::socket::Secure::Params::Create(*args_); |
+ EXTENSION_FUNCTION_VALIDATE(params_.get()); |
+ url_request_getter_ = browser_context()->GetRequestContext(); |
+ return true; |
+} |
+ |
+// Override the regular implementation, which would call AsyncWorkCompleted |
+// immediately after Work(). |
+void SocketSecureFunction::AsyncWorkStart() { |
+ DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
+ |
+ Socket* socket = GetSocket(params_->socket_id); |
+ if (!socket) { |
+ SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT)); |
+ error_ = kSocketNotFoundError; |
+ AsyncWorkCompleted(); |
+ return; |
+ } |
+ |
+ // Make sure that the socket is a TCP client socket. |
+ if (socket->GetSocketType() != Socket::TYPE_TCP || |
+ static_cast<TCPSocket*>(socket)->ClientStream() == NULL) { |
+ SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT)); |
+ error_ = kSecureSocketTypeError; |
+ AsyncWorkCompleted(); |
+ return; |
+ } |
+ |
+ if (!socket->IsConnected()) { |
+ SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT)); |
+ error_ = kSocketNotConnectedError; |
+ AsyncWorkCompleted(); |
+ return; |
+ } |
+ |
+ net::URLRequestContext* url_request_context = |
+ url_request_getter_->GetURLRequestContext(); |
+ |
+ TLSSocket::UpgradeSocketToTLS( |
+ socket, |
+ url_request_context->ssl_config_service(), |
+ url_request_context->cert_verifier(), |
+ url_request_context->transport_security_state(), |
+ extension_id(), |
+ params_->options.get(), |
+ base::Bind(&SocketSecureFunction::TlsConnectDone, this)); |
+} |
+ |
+void SocketSecureFunction::TlsConnectDone(scoped_ptr<TLSSocket> socket, |
+ int result) { |
+ // |socket| can only be non-null if |result| == net::OK. |
+ DCHECK(result == net::OK || socket == NULL); |
Ryan Sleevi
2014/07/15 00:18:45
This comment documents the inversion of the condit
lally
2014/07/16 16:19:44
I changed the comment as suggested. Thanks.
On 2
|
+ |
+ if (socket && result == net::OK) { |
+ ReplaceSocket(params_->socket_id, socket.release()); |
+ } else { |
+ RemoveSocket(params_->socket_id); |
+ error_ = net::ErrorToString(result); |
+ } |
+ |
+ results_ = core_api::socket::Secure::Results::Create(result); |
+ AsyncWorkCompleted(); |
+} |
+ |
} // namespace extensions |