Home | History | Annotate | Download | only in socket
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SOCKET_SSL_HOST_INFO_H_
      6 #define NET_SOCKET_SSL_HOST_INFO_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include "base/memory/ref_counted.h"
     12 #include "base/memory/scoped_ptr.h"
     13 #include "base/time.h"
     14 #include "net/base/cert_verifier.h"
     15 #include "net/base/cert_verify_result.h"
     16 #include "net/base/completion_callback.h"
     17 #include "net/base/dnsrr_resolver.h"
     18 #include "net/socket/ssl_client_socket.h"
     19 
     20 namespace net {
     21 
     22 class X509Certificate;
     23 struct SSLConfig;
     24 
     25 // SSLHostInfo is an interface for fetching information about an SSL server.
     26 // This information may be stored on disk so does not include keys or session
     27 // information etc. Primarily it's intended for caching the server's
     28 // certificates.
     29 class SSLHostInfo {
     30  public:
     31   SSLHostInfo(const std::string& hostname,
     32               const SSLConfig& ssl_config,
     33               CertVerifier *certVerifier);
     34   virtual ~SSLHostInfo();
     35 
     36   // Start will commence the lookup. This must be called before any other
     37   // methods. By opportunistically calling this early, it may be possible to
     38   // overlap this object's lookup and reduce latency.
     39   virtual void Start() = 0;
     40 
     41   // WaitForDataReady returns OK if the fetch of the requested data has
     42   // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on
     43   // the current thread when ready.
     44   //
     45   // Only a single callback can be outstanding at a given time and, in the
     46   // event that WaitForDataReady returns OK, it's the caller's responsibility
     47   // to delete |callback|.
     48   //
     49   // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned
     50   // but, obviously, a callback will never be made.
     51   virtual int WaitForDataReady(CompletionCallback* callback) = 0;
     52 
     53   // Persist allows for the host information to be updated for future users.
     54   // This is a fire and forget operation: the caller may drop its reference
     55   // from this object and the store operation will still complete. This can
     56   // only be called once WaitForDataReady has returned OK or called its
     57   // callback.
     58   virtual void Persist() = 0;
     59 
     60   // StartDnsLookup triggers a DNS lookup for the host.
     61   void StartDnsLookup(DnsRRResolver* dnsrr_resolver);
     62 
     63   struct State {
     64     State();
     65     ~State();
     66 
     67     void Clear();
     68 
     69     // certs is a vector of DER encoded X.509 certificates, as the server
     70     // returned them and in the same order.
     71     std::vector<std::string> certs;
     72 
     73    private:
     74     DISALLOW_COPY_AND_ASSIGN(State);
     75   };
     76 
     77   // Once the data is ready, it can be read using the following members. These
     78   // members can then be updated before calling |Persist|.
     79   const State& state() const;
     80   State* mutable_state();
     81 
     82   // If |cert_valid()| returns true, then this contains the result of verifying
     83   // the certificate.
     84   const CertVerifyResult& cert_verify_result() const;
     85 
     86   // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in
     87   // |state().certs| is still being validated and arranges for the given
     88   // callback to be called when the verification completes. If the verification
     89   // has already finished then WaitForCertVerification returns the result of
     90   // that verification.
     91   int WaitForCertVerification(CompletionCallback* callback);
     92 
     93   base::TimeTicks verification_start_time() const {
     94     return verification_start_time_;
     95   }
     96 
     97   base::TimeTicks verification_end_time() const {
     98     return verification_end_time_;
     99   }
    100 
    101  protected:
    102   // Parse parses an opaque blob of data and fills out the public member fields
    103   // of this object. It returns true iff the parse was successful. The public
    104   // member fields will be set to something sane in any case.
    105   bool Parse(const std::string& data);
    106   std::string Serialize() const;
    107   State state_;
    108   bool cert_verification_complete_;
    109   int cert_verification_error_;
    110 
    111  private:
    112   // This is the callback function which the CertVerifier calls via |callback_|.
    113   void VerifyCallback(int rv);
    114 
    115   // ParseInner is a helper function for Parse.
    116   bool ParseInner(const std::string& data);
    117 
    118   // This is the hostname that we'll validate the certificates against.
    119   const std::string hostname_;
    120   bool cert_parsing_failed_;
    121   CompletionCallback* cert_verification_callback_;
    122   // These two members are taken from the SSLConfig.
    123   bool rev_checking_enabled_;
    124   bool verify_ev_cert_;
    125   base::TimeTicks verification_start_time_;
    126   base::TimeTicks verification_end_time_;
    127   CertVerifyResult cert_verify_result_;
    128   SingleRequestCertVerifier verifier_;
    129   scoped_refptr<X509Certificate> cert_;
    130   scoped_refptr<CancelableCompletionCallback<SSLHostInfo> > callback_;
    131 
    132   DnsRRResolver* dnsrr_resolver_;
    133   CompletionCallback* dns_callback_;
    134   DnsRRResolver::Handle dns_handle_;
    135   RRResponse dns_response_;
    136   base::TimeTicks dns_lookup_start_time_;
    137   base::TimeTicks cert_verification_finished_time_;
    138 };
    139 
    140 class SSLHostInfoFactory {
    141  public:
    142   virtual ~SSLHostInfoFactory();
    143 
    144   // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname
    145   // or NULL on failure.
    146   virtual SSLHostInfo* GetForHost(const std::string& hostname,
    147                                   const SSLConfig& ssl_config) = 0;
    148 };
    149 
    150 }  // namespace net
    151 
    152 #endif  // NET_SOCKET_SSL_HOST_INFO_H_
    153