An implementation of chrome.socket.secure().

extensions/browser/api/socket/socket_api.cc

Index: extensions/browser/api/socket/socket_api.cc
diff --git a/extensions/browser/api/socket/socket_api.cc b/extensions/browser/api/socket/socket_api.cc
index 3225827cb88c39f27c2f608c0e855e9f6b44cd59..8a59c1e04654ee59998c1a96862463e5b320b47c 100644
--- a/extensions/browser/api/socket/socket_api.cc
+++ b/extensions/browser/api/socket/socket_api.cc
@@ -13,6 +13,7 @@
 #include "extensions/browser/api/dns/host_resolver_wrapper.h"
 #include "extensions/browser/api/socket/socket.h"
 #include "extensions/browser/api/socket/tcp_socket.h"
+#include "extensions/browser/api/socket/tls_socket.h"
 #include "extensions/browser/api/socket/udp_socket.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/common/extension.h"
@@ -24,6 +25,8 @@
 #include "net/base/net_errors.h"
 #include "net/base/net_log.h"
 #include "net/base/net_util.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
 
 namespace extensions {
 
@@ -43,9 +46,29 @@ const char kNetworkListError[] = "Network lookup failed or unsupported";
 const char kTCPSocketBindError[] =
     "TCP socket does not support bind. For TCP server please use listen.";
 const char kMulticastSocketTypeError[] = "Only UDP socket supports multicast.";
+const char kSecureSocketTypeError[] = "Only TCP sockets are supported for TLS.";
+const char kSocketNotConnectedError[] = "Socket not connected";
 const char kWildcardAddress[] = "*";
 const int kWildcardPort = 0;
 
+namespace {
+// Returns the SSL protocol version (as a uint16) represented by a string.
+// Returns 0 if the string is invalid.
+uint16 SSLProtocolVersionFromString(const std::string& version_str) {
+  uint16 version = 0;  // Invalid.
+  if (version_str == "ssl3") {
+    version = net::SSL_PROTOCOL_VERSION_SSL3;
+  } else if (version_str == "tls1") {
+    version = net::SSL_PROTOCOL_VERSION_TLS1;
+  } else if (version_str == "tls1.1") {
+    version = net::SSL_PROTOCOL_VERSION_TLS1_1;
+  } else if (version_str == "tls1.2") {
+    version = net::SSL_PROTOCOL_VERSION_TLS1_2;
+  }
+  return version;
+}
+}  // namespace
+
 SocketAsyncApiFunction::SocketAsyncApiFunction() {}
 
 SocketAsyncApiFunction::~SocketAsyncApiFunction() {}
@@ -71,6 +94,11 @@ Socket* SocketAsyncApiFunction::GetSocket(int api_resource_id) {
   return manager_->Get(extension_->id(), api_resource_id);
 }
 
+void SocketAsyncApiFunction::ReplaceSocket(int api_resource_id,
+                                           Socket* socket) {
+  manager_->Replace(extension_->id(), api_resource_id, socket);
+}
+
 base::hash_set<int>* SocketAsyncApiFunction::GetSocketIds() {
   return manager_->GetResourceIds(extension_->id());
 }
@@ -195,6 +223,8 @@ void SocketConnectFunction::AsyncWorkStart() {
     return;
   }
 
+  socket_->set_hostname(hostname_);
+
   SocketPermissionRequest::OperationType operation_type;
   switch (socket_->GetSocketType()) {
     case Socket::TYPE_TCP:
@@ -888,4 +918,76 @@ void SocketGetJoinedGroupsFunction::Work() {
   SetResult(values);
 }
 
+SocketSecureFunction::SocketSecureFunction() {
+}
+
+SocketSecureFunction::~SocketSecureFunction() {
+}
+
+bool SocketSecureFunction::Prepare() {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI));
+  params_ = core_api::socket::Secure::Params::Create(*args_);
+  EXTENSION_FUNCTION_VALIDATE(params_.get());
+  url_request_getter_ = browser_context()->GetRequestContext();
+  return true;
+}
+
+// Override the regular implementation, which would call AsyncWorkCompleted
+// immediately after Work().
+void SocketSecureFunction::AsyncWorkStart() {
+  DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+
+  Socket* socket = GetSocket(params_->socket_id);
+  if (!socket) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSocketNotFoundError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  // Make sure that the socket is a TCP client socket.
+  if (socket->GetSocketType() != Socket::TYPE_TCP ||
+      static_cast<TCPSocket*>(socket)->ClientStream() == NULL) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSecureSocketTypeError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  if (!socket->IsConnected()) {
+    SetResult(new base::FundamentalValue(net::ERR_INVALID_ARGUMENT));
+    error_ = kSocketNotConnectedError;
+    AsyncWorkCompleted();
+    return;
+  }
+
+  net::URLRequestContext* url_request_context =
+      url_request_getter_->GetURLRequestContext();
+
+  TLSSocket::UpgradeSocketToTLS(
+      socket,
+      url_request_context->ssl_config_service(),
+      url_request_context->cert_verifier(),
+      url_request_context->transport_security_state(),
+      extension_id(),
+      params_->options.get(),
+      base::Bind(&SocketSecureFunction::TlsConnectDone, this));
+}
+
+void SocketSecureFunction::TlsConnectDone(scoped_ptr<TLSSocket> socket,
+                                          int result) {
+  // |socket| can only be non-null if |result| == net::OK.
+  DCHECK(result == net::OK || socket == NULL);

[Ryan Sleevi, 2014/07/15 00:18:45]

This comment documents the inversion of the conditional.

From the comment, I would expect to read
DCHECK(socket != NULL || result != net::OK)

(which I believe it did, in the past)

// If an error occurred, socket MUST be NULL

alternatively

DCHECK((socket && result == net::OK) || (!socket && result != net::OK));

or
DCHECK((!!socket) == (result == net::OK)); although that's arguably less
readable.

[lally, 2014/07/16 16:19:44]

I changed the comment as suggested.  Thanks.

On 2014/07/15 00:18:45, Ryan Sleevi wrote:

+
+  if (socket && result == net::OK) {
+    ReplaceSocket(params_->socket_id, socket.release());
+  } else {
+    RemoveSocket(params_->socket_id);
+    error_ = net::ErrorToString(result);
+  }
+
+  results_ = core_api::socket::Secure::Results::Create(result);
+  AsyncWorkCompleted();
+}
+
 }  // namespace extensions