1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 7 #pragma once 8 9 #include <string> 10 11 #include "base/memory/scoped_ptr.h" 12 #include "net/base/cert_verify_result.h" 13 #include "net/base/completion_callback.h" 14 #include "net/base/io_buffer.h" 15 #include "net/base/ssl_config_service.h" 16 #include "net/socket/ssl_client_socket.h" 17 #include "net/socket/client_socket_handle.h" 18 19 typedef struct bio_st BIO; 20 typedef struct evp_pkey_st EVP_PKEY; 21 typedef struct ssl_st SSL; 22 typedef struct x509_st X509; 23 24 namespace net { 25 26 class CertVerifier; 27 class SingleRequestCertVerifier; 28 class SSLCertRequestInfo; 29 class SSLConfig; 30 class SSLInfo; 31 32 // An SSL client socket implemented with OpenSSL. 33 class SSLClientSocketOpenSSL : public SSLClientSocket { 34 public: 35 // Takes ownership of the transport_socket, which may already be connected. 36 // The given hostname will be compared with the name(s) in the server's 37 // certificate during the SSL handshake. ssl_config specifies the SSL 38 // settings. 39 SSLClientSocketOpenSSL(ClientSocketHandle* transport_socket, 40 const HostPortPair& host_and_port, 41 const SSLConfig& ssl_config, 42 CertVerifier* cert_verifier); 43 ~SSLClientSocketOpenSSL(); 44 45 const HostPortPair& host_and_port() const { return host_and_port_; } 46 47 // Callback from the SSL layer that indicates the remote server is requesting 48 // a certificate for this client. 49 int ClientCertRequestCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey); 50 51 // Callback from the SSL layer to check which NPN protocol we are supporting 52 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, 53 const unsigned char* in, unsigned int inlen); 54 55 // SSLClientSocket methods: 56 virtual void GetSSLInfo(SSLInfo* ssl_info); 57 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); 58 virtual NextProtoStatus GetNextProto(std::string* proto); 59 60 // ClientSocket methods: 61 virtual int Connect(CompletionCallback* callback 62 #ifdef ANDROID 63 , bool wait_for_connect 64 , bool valid_uid 65 , uid_t calling_uid 66 #endif 67 ); 68 virtual void Disconnect(); 69 virtual bool IsConnected() const; 70 virtual bool IsConnectedAndIdle() const; 71 virtual int GetPeerAddress(AddressList* address) const; 72 virtual int GetLocalAddress(IPEndPoint* address) const; 73 virtual const BoundNetLog& NetLog() const; 74 virtual void SetSubresourceSpeculation(); 75 virtual void SetOmniboxSpeculation(); 76 virtual bool WasEverUsed() const; 77 virtual bool UsingTCPFastOpen() const; 78 79 // Socket methods: 80 virtual int Read(IOBuffer* buf, int buf_len, CompletionCallback* callback); 81 virtual int Write(IOBuffer* buf, int buf_len, CompletionCallback* callback); 82 virtual bool SetReceiveBufferSize(int32 size); 83 virtual bool SetSendBufferSize(int32 size); 84 85 private: 86 bool Init(); 87 void DoReadCallback(int result); 88 void DoWriteCallback(int result); 89 90 bool DoTransportIO(); 91 int DoHandshake(); 92 int DoVerifyCert(int result); 93 int DoVerifyCertComplete(int result); 94 void DoConnectCallback(int result); 95 X509Certificate* UpdateServerCert(); 96 97 void OnHandshakeIOComplete(int result); 98 void OnSendComplete(int result); 99 void OnRecvComplete(int result); 100 101 int DoHandshakeLoop(int last_io_result); 102 int DoReadLoop(int result); 103 int DoWriteLoop(int result); 104 int DoPayloadRead(); 105 int DoPayloadWrite(); 106 107 int BufferSend(); 108 int BufferRecv(); 109 void BufferSendComplete(int result); 110 void BufferRecvComplete(int result); 111 void TransportWriteComplete(int result); 112 void TransportReadComplete(int result); 113 114 CompletionCallbackImpl<SSLClientSocketOpenSSL> buffer_send_callback_; 115 CompletionCallbackImpl<SSLClientSocketOpenSSL> buffer_recv_callback_; 116 bool transport_send_busy_; 117 scoped_refptr<DrainableIOBuffer> send_buffer_; 118 bool transport_recv_busy_; 119 scoped_refptr<IOBuffer> recv_buffer_; 120 121 CompletionCallback* user_connect_callback_; 122 CompletionCallback* user_read_callback_; 123 CompletionCallback* user_write_callback_; 124 125 // Used by Read function. 126 scoped_refptr<IOBuffer> user_read_buf_; 127 int user_read_buf_len_; 128 129 // Used by Write function. 130 scoped_refptr<IOBuffer> user_write_buf_; 131 int user_write_buf_len_; 132 133 // Set when handshake finishes. 134 scoped_refptr<X509Certificate> server_cert_; 135 CertVerifyResult server_cert_verify_result_; 136 bool completed_handshake_; 137 138 // Stores client authentication information between ClientAuthHandler and 139 // GetSSLCertRequestInfo calls. 140 std::vector<scoped_refptr<X509Certificate> > client_certs_; 141 bool client_auth_cert_needed_; 142 143 CertVerifier* const cert_verifier_; 144 scoped_ptr<SingleRequestCertVerifier> verifier_; 145 CompletionCallbackImpl<SSLClientSocketOpenSSL> handshake_io_callback_; 146 147 // OpenSSL stuff 148 SSL* ssl_; 149 BIO* transport_bio_; 150 151 scoped_ptr<ClientSocketHandle> transport_; 152 const HostPortPair host_and_port_; 153 SSLConfig ssl_config_; 154 155 // Used for session cache diagnostics. 156 bool trying_cached_session_; 157 158 enum State { 159 STATE_NONE, 160 STATE_HANDSHAKE, 161 STATE_VERIFY_CERT, 162 STATE_VERIFY_CERT_COMPLETE, 163 }; 164 State next_handshake_state_; 165 NextProtoStatus npn_status_; 166 std::string npn_proto_; 167 BoundNetLog net_log_; 168 }; 169 170 } // namespace net 171 172 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 173
