Remove //net (except for Android test stuff) and sdch

net/socket/ssl_client_socket_nss.h

-// Copyright (c) 2012 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
-#define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_
-
-#include <certt.h>
-#include <keyt.h>
-#include <nspr.h>
-#include <nss.h>
-
-#include <string>
-#include <vector>
-
-#include "base/memory/scoped_ptr.h"
-#include "base/synchronization/lock.h"
-#include "base/threading/platform_thread.h"
-#include "base/time/time.h"
-#include "net/base/completion_callback.h"
-#include "net/base/host_port_pair.h"
-#include "net/base/net_export.h"
-#include "net/base/net_log.h"
-#include "net/base/nss_memio.h"
-#include "net/cert/cert_verify_result.h"
-#include "net/cert/ct_verify_result.h"
-#include "net/cert/x509_certificate.h"
-#include "net/socket/ssl_client_socket.h"
-#include "net/ssl/channel_id_service.h"
-#include "net/ssl/ssl_config_service.h"
-
-namespace base {
-class SequencedTaskRunner;
-}
-
-namespace net {
-
-class BoundNetLog;
-class CertPolicyEnforcer;
-class CertVerifier;
-class ChannelIDService;
-class CTVerifier;
-class ClientSocketHandle;
-class SingleRequestCertVerifier;
-class TransportSecurityState;
-class X509Certificate;
-
-// An SSL client socket implemented with Mozilla NSS.
-class SSLClientSocketNSS : public SSLClientSocket {
- public:
-  // Takes ownership of the |transport_socket|, which must already be connected.
-  // The hostname specified in |host_and_port| will be compared with the name(s)
-  // in the server's certificate during the SSL handshake.  If SSL client
-  // authentication is requested, the host_and_port field of SSLCertRequestInfo
-  // will be populated with |host_and_port|.  |ssl_config| specifies
-  // the SSL settings.
-  //
-  // Because calls to NSS may block, such as due to needing to access slow
-  // hardware or needing to synchronously unlock protected tokens, calls to
-  // NSS may optionally be run on a dedicated thread. If synchronous/blocking
-  // behaviour is desired, for performance or compatibility, the current task
-  // runner should be supplied instead.
-  SSLClientSocketNSS(base::SequencedTaskRunner* nss_task_runner,
-                     scoped_ptr<ClientSocketHandle> transport_socket,
-                     const HostPortPair& host_and_port,
-                     const SSLConfig& ssl_config,
-                     const SSLClientSocketContext& context);
-  ~SSLClientSocketNSS() override;
-
-  // SSLClientSocket implementation.
-  std::string GetSessionCacheKey() const override;
-  bool InSessionCache() const override;
-  void SetHandshakeCompletionCallback(const base::Closure& callback) override;
-  void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override;
-  NextProtoStatus GetNextProto(std::string* proto) override;
-
-  // SSLSocket implementation.
-  int ExportKeyingMaterial(const base::StringPiece& label,
-                           bool has_context,
-                           const base::StringPiece& context,
-                           unsigned char* out,
-                           unsigned int outlen) override;
-  int GetTLSUniqueChannelBinding(std::string* out) override;
-
-  // StreamSocket implementation.
-  int Connect(const CompletionCallback& callback) override;
-  void Disconnect() override;
-  bool IsConnected() const override;
-  bool IsConnectedAndIdle() const override;
-  int GetPeerAddress(IPEndPoint* address) const override;
-  int GetLocalAddress(IPEndPoint* address) const override;
-  const BoundNetLog& NetLog() const override;
-  void SetSubresourceSpeculation() override;
-  void SetOmniboxSpeculation() override;
-  bool WasEverUsed() const override;
-  bool UsingTCPFastOpen() const override;
-  bool GetSSLInfo(SSLInfo* ssl_info) override;
-
-  // Socket implementation.
-  int Read(IOBuffer* buf,
-           int buf_len,
-           const CompletionCallback& callback) override;
-  int Write(IOBuffer* buf,
-            int buf_len,
-            const CompletionCallback& callback) override;
-  int SetReceiveBufferSize(int32 size) override;
-  int SetSendBufferSize(int32 size) override;
-  ChannelIDService* GetChannelIDService() const override;
-
- protected:
-  // SSLClientSocket implementation.
-  scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
-      const override;
-
- private:
-  // Helper class to handle marshalling any NSS interaction to and from the
-  // NSS and network task runners. Not every call needs to happen on the Core
-  class Core;
-
-  enum State {
-    STATE_NONE,
-    STATE_HANDSHAKE,
-    STATE_HANDSHAKE_COMPLETE,
-    STATE_VERIFY_CERT,
-    STATE_VERIFY_CERT_COMPLETE,
-  };
-
-  int Init();
-  void InitCore();
-
-  // Initializes NSS SSL options.  Returns a net error code.
-  int InitializeSSLOptions();
-
-  // Initializes the socket peer name in SSL.  Returns a net error code.
-  int InitializeSSLPeerName();
-
-  void DoConnectCallback(int result);
-  void OnHandshakeIOComplete(int result);
-
-  int DoHandshakeLoop(int last_io_result);
-  int DoHandshake();
-  int DoHandshakeComplete(int result);
-  int DoVerifyCert(int result);
-  int DoVerifyCertComplete(int result);
-
-  void VerifyCT();
-
-  // The following methods are for debugging bug 65948. Will remove this code
-  // after fixing bug 65948.
-  void EnsureThreadIdAssigned() const;
-  bool CalledOnValidThread() const;
-
-  // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
-  // SCTs are held in three separate vectors in ct_verify_result, each
-  // vetor representing a particular verification state, this method associates
-  // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
-  // the |ssl_info|.signed_certificate_timestamps list.
-  void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const;
-
-  // The task runner used to perform NSS operations.
-  scoped_refptr<base::SequencedTaskRunner> nss_task_runner_;
-  scoped_ptr<ClientSocketHandle> transport_;
-  HostPortPair host_and_port_;
-  SSLConfig ssl_config_;
-
-  scoped_refptr<Core> core_;
-
-  CompletionCallback user_connect_callback_;
-
-  CertVerifyResult server_cert_verify_result_;
-
-  CertVerifier* const cert_verifier_;
-  scoped_ptr<SingleRequestCertVerifier> verifier_;
-
-  // Certificate Transparency: Verifier and result holder.
-  ct::CTVerifyResult ct_verify_result_;
-  CTVerifier* cert_transparency_verifier_;
-
-  // The service for retrieving Channel ID keys.  May be NULL.
-  ChannelIDService* channel_id_service_;
-
-  // ssl_session_cache_shard_ is an opaque string that partitions the SSL
-  // session cache. i.e. sessions created with one value will not attempt to
-  // resume on the socket with a different value.
-  const std::string ssl_session_cache_shard_;
-
-  // True if the SSL handshake has been completed.
-  bool completed_handshake_;
-
-  State next_handshake_state_;
-
-  // The NSS SSL state machine. This is owned by |core_|.
-  // TODO(rsleevi): http://crbug.com/130616 - Remove this member once
-  // ExportKeyingMaterial is updated to be asynchronous.
-  PRFileDesc* nss_fd_;
-
-  BoundNetLog net_log_;
-
-  base::TimeTicks start_cert_verification_time_;
-
-  TransportSecurityState* transport_security_state_;
-
-  CertPolicyEnforcer* const policy_enforcer_;
-
-  // pinning_failure_log contains a message produced by
-  // TransportSecurityState::CheckPublicKeyPins in the event of a
-  // pinning failure. It is a (somewhat) human-readable string.
-  std::string pinning_failure_log_;
-
-  // The following two variables are added for debugging bug 65948. Will
-  // remove this code after fixing bug 65948.
-  // Added the following code Debugging in release mode.
-  mutable base::Lock lock_;
-  // This is mutable so that CalledOnValidThread can set it.
-  // It's guarded by |lock_|.
-  mutable base::PlatformThreadId valid_thread_id_;
-};
-
-}  // namespace net
-
-#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_