Home | History | Annotate | Download | only in socket 
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
      6 #define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
      7 #pragma once
      8 
      9 #include <Security/Security.h>
     10 
     11 #include <string>
     12 #include <vector>
     13 
     14 #include "base/memory/scoped_ptr.h"
     15 #include "net/base/cert_verify_result.h"
     16 #include "net/base/completion_callback.h"
     17 #include "net/base/host_port_pair.h"
     18 #include "net/base/net_log.h"
     19 #include "net/base/ssl_config_service.h"
     20 #include "net/socket/ssl_client_socket.h"
     21 
     22 namespace net {
     23 
     24 class CertVerifier;
     25 class ClientSocketHandle;
     26 class SingleRequestCertVerifier;
     27 
     28 // An SSL client socket implemented with Secure Transport.
     29 class SSLClientSocketMac : public SSLClientSocket {
     30  public:
     31   // Takes ownership of the |transport_socket|, which must already be connected.
     32   // The hostname specified in |host_and_port| will be compared with the name(s)
     33   // in the server's certificate during the SSL handshake.  If SSL client
     34   // authentication is requested, the host_and_port field of SSLCertRequestInfo
     35   // will be populated with |host_and_port|.  |ssl_config| specifies
     36   // the SSL settings.
     37   SSLClientSocketMac(ClientSocketHandle* transport_socket,
     38                      const HostPortPair& host_and_port,
     39                      const SSLConfig& ssl_config,
     40                      CertVerifier* cert_verifier);
     41   ~SSLClientSocketMac();
     42 
     43   // SSLClientSocket methods:
     44   virtual void GetSSLInfo(SSLInfo* ssl_info);
     45   virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info);
     46   virtual NextProtoStatus GetNextProto(std::string* proto);
     47 
     48   // ClientSocket methods:
     49   virtual int Connect(CompletionCallback* callback
     50 #ifdef ANDROID
     51                       , bool wait_for_connect
     52 #endif
     53                      );
     54   virtual void Disconnect();
     55   virtual bool IsConnected() const;
     56   virtual bool IsConnectedAndIdle() const;
     57   virtual int GetPeerAddress(AddressList* address) const;
     58   virtual int GetLocalAddress(IPEndPoint* address) const;
     59   virtual const BoundNetLog& NetLog() const;
     60   virtual void SetSubresourceSpeculation();
     61   virtual void SetOmniboxSpeculation();
     62   virtual bool WasEverUsed() const;
     63   virtual bool UsingTCPFastOpen() const;
     64 
     65   // Socket methods:
     66   virtual int Read(IOBuffer* buf, int buf_len, CompletionCallback* callback);
     67   virtual int Write(IOBuffer* buf, int buf_len, CompletionCallback* callback);
     68   virtual bool SetReceiveBufferSize(int32 size);
     69   virtual bool SetSendBufferSize(int32 size);
     70 
     71  private:
     72   bool completed_handshake() const {
     73     return next_handshake_state_ == STATE_COMPLETED_HANDSHAKE;
     74   }
     75   // Initializes the SSLContext.  Returns a net error code.
     76   int InitializeSSLContext();
     77 
     78   void DoConnectCallback(int result);
     79   void DoReadCallback(int result);
     80   void DoWriteCallback(int result);
     81   void OnHandshakeIOComplete(int result);
     82   void OnTransportReadComplete(int result);
     83   void OnTransportWriteComplete(int result);
     84 
     85   int DoHandshakeLoop(int last_io_result);
     86 
     87   int DoPayloadRead();
     88   int DoPayloadWrite();
     89   int DoHandshake();
     90   int DoVerifyCert();
     91   int DoVerifyCertComplete(int result);
     92   int DoCompletedRenegotiation(int result);
     93 
     94   void DidCompleteRenegotiation();
     95   int DidCompleteHandshake();
     96 
     97   int SetClientCert();
     98 
     99   static OSStatus SSLReadCallback(SSLConnectionRef connection,
    100                                   void* data,
    101                                   size_t* data_length);
    102   static OSStatus SSLWriteCallback(SSLConnectionRef connection,
    103                                    const void* data,
    104                                    size_t* data_length);
    105 
    106   CompletionCallbackImpl<SSLClientSocketMac> handshake_io_callback_;
    107   CompletionCallbackImpl<SSLClientSocketMac> transport_read_callback_;
    108   CompletionCallbackImpl<SSLClientSocketMac> transport_write_callback_;
    109 
    110   scoped_ptr<ClientSocketHandle> transport_;
    111   HostPortPair host_and_port_;
    112   SSLConfig ssl_config_;
    113 
    114   CompletionCallback* user_connect_callback_;
    115   CompletionCallback* user_read_callback_;
    116   CompletionCallback* user_write_callback_;
    117 
    118   // Used by Read function.
    119   scoped_refptr<IOBuffer> user_read_buf_;
    120   int user_read_buf_len_;
    121 
    122   // Used by Write function.
    123   scoped_refptr<IOBuffer> user_write_buf_;
    124   int user_write_buf_len_;
    125 
    126   enum State {
    127     STATE_NONE,
    128     STATE_HANDSHAKE,
    129     STATE_VERIFY_CERT,
    130     STATE_VERIFY_CERT_COMPLETE,
    131     STATE_COMPLETED_RENEGOTIATION,
    132     STATE_COMPLETED_HANDSHAKE,
    133     // After the handshake, the socket remains in the
    134     // STATE_COMPLETED_HANDSHAKE state until renegotiation is requested by
    135     // the server. When renegotiation is requested, the state machine
    136     // restarts at STATE_HANDSHAKE, advances through to
    137     // STATE_VERIFY_CERT_COMPLETE, and then continues to
    138     // STATE_COMPLETED_RENEGOTIATION. After STATE_COMPLETED_RENEGOTIATION
    139     // has been processed, it goes back to STATE_COMPLETED_HANDSHAKE and
    140     // will remain there until the server requests renegotiation again.
    141     // During the initial handshake, STATE_COMPLETED_RENEGOTIATION is
    142     // skipped.
    143   };
    144   State next_handshake_state_;
    145 
    146   scoped_refptr<X509Certificate> server_cert_;
    147   CertVerifier* const cert_verifier_;
    148   scoped_ptr<SingleRequestCertVerifier> verifier_;
    149   CertVerifyResult server_cert_verify_result_;
    150 
    151   // The initial handshake has already completed, and the current handshake
    152   // is server-initiated renegotiation.
    153   bool renegotiating_;
    154   bool client_cert_requested_;
    155   SSLContextRef ssl_context_;
    156 
    157   // During a renegotiation, the amount of application data read following
    158   // the handshake's completion.
    159   size_t bytes_read_after_renegotiation_;
    160 
    161   // These buffers hold data retrieved from/sent to the underlying transport
    162   // before it's fed to the SSL engine.
    163   std::vector<char> send_buffer_;
    164   int pending_send_error_;
    165   std::vector<char> recv_buffer_;
    166 
    167   // These are the IOBuffers used for operations on the underlying transport.
    168   scoped_refptr<IOBuffer> read_io_buf_;
    169   scoped_refptr<IOBuffer> write_io_buf_;
    170 
    171   BoundNetLog net_log_;
    172 };
    173 
    174 }  // namespace net
    175 
    176 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
    177