Hide ChromeDnsCertProvenanceChecker behind a factory.

Directly calling NSS code from a .cc file which is linked into both
Chrome and Chrome Frame causes a bad reference to libnspr.dll to be
emitted on Windows. wtc informs me that the `solution' to this is to
break the code up so that there's no direct chain from common code to
NSS code.

This change puts ChromeDnsCertProvenanceChecker into its own file and
adds a factory for it. The factory is modeled after the SSLClientSocket
factory in net/socket (which was added for the some of the same
reasons).

BUG=none
TEST=compiles on Chrome Frame builders.

http://codereview.chromium.org/5260001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67098 0039d316-1c4b-4281-b951-d872f2087c98

5 files changed, 140 insertions, 46 deletions

diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker.cc b/chrome/browser/net/chrome_dns_cert_provenance_checker.cc
new file mode 100644
index 0000000..2f6ebc5
--- /dev/null
+++ b/chrome/browser/net/chrome_dns_cert_provenance_checker.cc
@@ -0,0 +1,46 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/chrome_dns_cert_provenance_checker.h"
+
+namespace {
+
+class ChromeDnsCertProvenanceChecker :
+    public net::DnsCertProvenanceChecker,
+    public net::DnsCertProvenanceChecker::Delegate {
+ public:
+  ChromeDnsCertProvenanceChecker(
+      net::DnsRRResolver* dnsrr_resolver,
+      ChromeURLRequestContext* url_req_context)
+      : dnsrr_resolver_(dnsrr_resolver),
+        url_req_context_(url_req_context) {
+  }
+
+  // DnsCertProvenanceChecker interface
+  virtual void DoAsyncVerification(
+      const std::string& hostname,
+      const std::vector<base::StringPiece>& der_certs) {
+    net::DnsCertProvenanceChecker::DoAsyncLookup(hostname, der_certs,
+                                                 dnsrr_resolver_, this);
+  }
+
+  // DnsCertProvenanceChecker::Delegate interface
+  virtual void OnDnsCertLookupFailed(
+      const std::string& hostname,
+      const std::vector<std::string>& der_certs) {
+    // Currently unimplemented.
+  }
+
+ private:
+  net::DnsRRResolver* const dnsrr_resolver_;
+  ChromeURLRequestContext* const url_req_context_;
+};
+
+}  // namespace
+
+net::DnsCertProvenanceChecker* CreateChromeDnsCertProvenanceChecker(
+    net::DnsRRResolver* dnsrr_resolver,
+    ChromeURLRequestContext* url_req_context) {
+  return new ChromeDnsCertProvenanceChecker(dnsrr_resolver, url_req_context);
+}
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker.h b/chrome/browser/net/chrome_dns_cert_provenance_checker.h
new file mode 100644
index 0000000..304a5ef
--- /dev/null
+++ b/chrome/browser/net/chrome_dns_cert_provenance_checker.h
@@ -0,0 +1,33 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER
+#define CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER
+#pragma once
+
+#include "net/socket/dns_cert_provenance_checker.h"
+
+#include <string>
+#include <vector>
+
+#include "base/string_piece.h"
+
+namespace net {
+class DnsRRResolver;
+}
+
+class ChromeURLRequestContext;
+
+// Factory function which creates ChromeDnsCertProvenanceChecker objects.
+//
+// WARNING: do not use this with anything other than the main
+// ChromeURLRequestContext. Eventually we'll want to have the other contexts
+// point to the main ChromeURLRequestContext, which then causes lifetime
+// ordering issues wrt ChromeURLRequestContexts, since we're using a raw
+// pointer, and we'll get shutdown ordering problems.
+net::DnsCertProvenanceChecker* CreateChromeDnsCertProvenanceChecker(
+    net::DnsRRResolver* dnsrr_resolver,
+    ChromeURLRequestContext* url_req_context);
+
+#endif  // CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.cc b/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.cc
new file mode 100644
index 0000000..5206a24
--- /dev/null
+++ b/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.cc
@@ -0,0 +1,20 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h"
+
+static DnsCertProvenanceCheckerFactory g_factory;
+
+net::DnsCertProvenanceChecker* CreateDnsCertProvenanceChecker(
+    net::DnsRRResolver* dnsrr_resolver,
+    ChromeURLRequestContext* url_req_context) {
+  if (!g_factory)
+    return NULL;
+
+  return g_factory(dnsrr_resolver, url_req_context);
+}
+
+void SetDnsCertProvenanceCheckerFactory(DnsCertProvenanceCheckerFactory f) {
+  g_factory = f;
+}
diff --git a/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h b/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h
new file mode 100644
index 0000000..36cdc59
--- /dev/null
+++ b/chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h
@@ -0,0 +1,38 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER_FACTORY
+#define CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER_FACTORY
+#pragma once
+
+#include "net/socket/dns_cert_provenance_checker.h"
+
+// WARNING: This factory abstraction is needed because we cannot link NSS code
+// into a .cc file which is included by both Chrome and Chrome Frame. This
+// factory exists so that common code links only against the factory code.
+// Chrome specific code will link against the NSS using code in
+// chrome_dns_cert_provenance_checker.cc and hand a function pointer to this
+// code.
+
+namespace net {
+class DnsRRResolver;
+}
+
+class ChromeURLRequestContext;
+
+// A DnsCertProvenanceCheckerFactory is a function pointer to a factory
+// function for DnsCertProvenanceCheckerFactory objects.
+typedef net::DnsCertProvenanceChecker* (*DnsCertProvenanceCheckerFactory) (
+    net::DnsRRResolver* dnsrr_resolver,
+    ChromeURLRequestContext* url_req_context);
+
+// Return a new DnsCertProvenanceChecker. Caller takes ownership. May return
+// NULL if no factory function has been set.
+net::DnsCertProvenanceChecker* CreateDnsCertProvenanceChecker(
+    net::DnsRRResolver* dnsrr_resolver,
+    ChromeURLRequestContext* url_req_context);
+
+void SetDnsCertProvenanceCheckerFactory(DnsCertProvenanceCheckerFactory);
+
+#endif  // CHROME_BROWSER_NET_CHROME_DNS_CERT_PROVENANCE_CHECKER_FACTORY
diff --git a/chrome/browser/net/chrome_url_request_context.cc b/chrome/browser/net/chrome_url_request_context.cc
index 4ec3939..e5c1c92 100644
--- a/chrome/browser/net/chrome_url_request_context.cc
+++ b/chrome/browser/net/chrome_url_request_context.cc
@@ -16,6 +16,7 @@
 #include "chrome/browser/io_thread.h"
 #include "chrome/browser/net/chrome_cookie_notification_details.h"
 #include "chrome/browser/net/chrome_net_log.h"
+#include "chrome/browser/net/chrome_dns_cert_provenance_checker_factory.h"
 #include "chrome/browser/net/sqlite_persistent_cookie_store.h"
 #include "chrome/browser/net/predictor_api.h"
 #include "chrome/browser/profile.h"
@@ -33,7 +34,6 @@
 #include "net/proxy/proxy_config_service_fixed.h"
 #include "net/proxy/proxy_script_fetcher.h"
 #include "net/proxy/proxy_service.h"
-#include "net/socket/dns_cert_provenance_checker.h"
 #include "net/url_request/url_request.h"
 #include "webkit/glue/webkit_glue.h"
 
@@ -224,47 +224,6 @@ class ChromeCookieMonsterDelegate : public net::CookieMonster::Delegate {
 };
 
 // ----------------------------------------------------------------------------
-// Implementation of DnsCertProvenanceChecker
-// ----------------------------------------------------------------------------
-
-// WARNING: do not use this with anything other than the main
-// ChromeURLRequestContext. Eventually we'll want to have the other contexts
-// point to the main ChromeURLRequestContext, which then causes lifetime
-// ordering issues wrt ChromeURLRequestContexts, since we're using a raw
-// pointer, and we'll get shutdown ordering problems.
-
-class ChromeDnsCertProvenanceChecker :
-    public net::DnsCertProvenanceChecker,
-    public net::DnsCertProvenanceChecker::Delegate {
- public:
-  ChromeDnsCertProvenanceChecker(
-      net::DnsRRResolver* dnsrr_resolver,
-      ChromeURLRequestContext* url_req_context)
-      : dnsrr_resolver_(dnsrr_resolver),
-        url_req_context_(url_req_context) {
-  }
-
-  // DnsCertProvenanceChecker interface
-  virtual void DoAsyncVerification(
-      const std::string& hostname,
-      const std::vector<base::StringPiece>& der_certs) {
-    net::DnsCertProvenanceChecker::DoAsyncLookup(hostname, der_certs,
-                                                 dnsrr_resolver_, this);
-  }
-
-  // DnsCertProvenanceChecker::Delegate interface
-  virtual void OnDnsCertLookupFailed(
-      const std::string& hostname,
-      const std::vector<std::string>& der_certs) {
-    // Currently unimplemented.
-  }
-
- private:
-  net::DnsRRResolver* const dnsrr_resolver_;
-  ChromeURLRequestContext* const url_req_context_;
-};
-
-// ----------------------------------------------------------------------------
 // Helper factories
 // ----------------------------------------------------------------------------
 
@@ -307,11 +266,9 @@ ChromeURLRequestContext* FactoryForOriginal::Create() {
   context->set_http_auth_handler_factory(
       io_thread_globals->http_auth_handler_factory.get());
 
-  /* Disabled for now due to Chrome Frame linking issues on Windows.
   context->set_dns_cert_checker(
-      new ChromeDnsCertProvenanceChecker(
-          io_thread_globals->dnsrr_resolver.get(),
-          context)); */
+      CreateDnsCertProvenanceChecker(io_thread_globals->dnsrr_resolver.get(),
+                                     context));
 
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();