1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_BROWSER_RENDERER_HOST_PEPPER_PEPPER_MESSAGE_FILTER_H_ 6 #define CONTENT_BROWSER_RENDERER_HOST_PEPPER_PEPPER_MESSAGE_FILTER_H_ 7 8 #include <map> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/compiler_specific.h" 14 #include "base/files/file_path.h" 15 #include "base/memory/linked_ptr.h" 16 #include "base/memory/scoped_ptr.h" 17 #include "base/process/process.h" 18 #include "content/public/browser/browser_message_filter.h" 19 #include "content/public/browser/content_browser_client.h" 20 #include "content/public/common/process_type.h" 21 #include "net/base/net_util.h" 22 #include "net/base/network_change_notifier.h" 23 #include "net/http/transport_security_state.h" 24 #include "net/socket/stream_socket.h" 25 #include "net/ssl/ssl_config_service.h" 26 #include "ppapi/c/pp_resource.h" 27 #include "ppapi/c/pp_stdint.h" 28 #include "ppapi/c/ppb_tcp_socket.h" 29 #include "ppapi/c/private/ppb_flash.h" 30 #include "ppapi/host/ppapi_host.h" 31 #include "ppapi/shared_impl/ppapi_permissions.h" 32 33 struct PP_NetAddress_Private; 34 35 namespace base { 36 class ListValue; 37 } 38 39 namespace net { 40 class CertVerifier; 41 class HostResolver; 42 } 43 44 namespace ppapi { 45 class PPB_X509Certificate_Fields; 46 class SocketOptionData; 47 } 48 49 namespace content { 50 class BrowserContext; 51 class PepperTCPSocket; 52 class ResourceContext; 53 54 // This class is used in two contexts, both supporting PPAPI plugins. The first 55 // is on the renderer->browser channel, to handle requests from in-process 56 // PPAPI plugins and any requests that the PPAPI implementation code in the 57 // renderer needs to make. The second is on the plugin->browser channel to 58 // handle requests that out-of-process plugins send directly to the browser. 59 class PepperMessageFilter 60 : public BrowserMessageFilter, 61 public net::NetworkChangeNotifier::IPAddressObserver { 62 public: 63 // Constructor when used in the context of a render process. 64 PepperMessageFilter(int process_id, 65 BrowserContext* browser_context); 66 67 // Constructor when used in the context of a PPAPI process.. 68 PepperMessageFilter(const ppapi::PpapiPermissions& permissions, 69 net::HostResolver* host_resolver); 70 71 // Constructor when used in the context of an external plugin, i.e. created by 72 // the embedder using BrowserPpapiHost::CreateExternalPluginProcess. 73 PepperMessageFilter(const ppapi::PpapiPermissions& permissions, 74 net::HostResolver* host_resolver, 75 int process_id, 76 int render_view_id); 77 78 // BrowserMessageFilter methods. 79 virtual bool OnMessageReceived(const IPC::Message& message, 80 bool* message_was_ok) OVERRIDE; 81 82 // net::NetworkChangeNotifier::IPAddressObserver interface. 83 virtual void OnIPAddressChanged() OVERRIDE; 84 85 // Returns the host resolver (it may come from the resource context or the 86 // host_resolver_ member). 87 net::HostResolver* GetHostResolver(); 88 89 net::CertVerifier* GetCertVerifier(); 90 net::TransportSecurityState* GetTransportSecurityState(); 91 92 // Adds already accepted socket to the internal TCP sockets table. Takes 93 // ownership over |socket|. In the case of failure (full socket table) 94 // returns 0 and deletes |socket|. Otherwise, returns generated ID for 95 // |socket|. 96 uint32 AddAcceptedTCPSocket(int32 routing_id, 97 uint32 plugin_dispatcher_id, 98 net::StreamSocket* socket); 99 100 const net::SSLConfig& ssl_config() { return ssl_config_; } 101 102 protected: 103 virtual ~PepperMessageFilter(); 104 105 private: 106 struct OnConnectTcpBoundInfo { 107 int routing_id; 108 int request_id; 109 }; 110 111 // Containers for sockets keyed by socked_id. 112 typedef std::map<uint32, linked_ptr<PepperTCPSocket> > TCPSocketMap; 113 114 // Set of disptachers ID's that have subscribed for NetworkMonitor 115 // notifications. 116 typedef std::set<uint32> NetworkMonitorIdSet; 117 118 void OnGetLocalTimeZoneOffset(base::Time t, double* result); 119 120 void OnTCPCreate(int32 routing_id, 121 uint32 plugin_dispatcher_id, 122 uint32* socket_id); 123 void OnTCPCreatePrivate(int32 routing_id, 124 uint32 plugin_dispatcher_id, 125 uint32* socket_id); 126 void OnTCPConnect(int32 routing_id, 127 uint32 socket_id, 128 const std::string& host, 129 uint16_t port); 130 void OnTCPConnectWithNetAddress(int32 routing_id, 131 uint32 socket_id, 132 const PP_NetAddress_Private& net_addr); 133 void OnTCPSSLHandshake( 134 uint32 socket_id, 135 const std::string& server_name, 136 uint16_t server_port, 137 const std::vector<std::vector<char> >& trusted_certs, 138 const std::vector<std::vector<char> >& untrusted_certs); 139 void OnTCPRead(uint32 socket_id, int32_t bytes_to_read); 140 void OnTCPWrite(uint32 socket_id, const std::string& data); 141 void OnTCPDisconnect(uint32 socket_id); 142 void OnTCPSetOption(uint32 socket_id, 143 PP_TCPSocket_Option name, 144 const ppapi::SocketOptionData& value); 145 146 void OnNetworkMonitorStart(uint32 plugin_dispatcher_id); 147 void OnNetworkMonitorStop(uint32 plugin_dispatcher_id); 148 149 void DoTCPConnect(int32 routing_id, 150 uint32 socket_id, 151 const std::string& host, 152 uint16_t port, 153 bool allowed); 154 void DoTCPConnectWithNetAddress(int32 routing_id, 155 uint32 socket_id, 156 const PP_NetAddress_Private& net_addr, 157 bool allowed); 158 void OnX509CertificateParseDER(const std::vector<char>& der, 159 bool* succeeded, 160 ppapi::PPB_X509Certificate_Fields* result); 161 void OnUpdateActivity(); 162 163 uint32 GenerateSocketID(); 164 165 // Return true if render with given ID can use socket APIs. 166 bool CanUseSocketAPIs(int32 render_id, 167 const content::SocketPermissionRequest& params, 168 bool private_api); 169 170 void GetAndSendNetworkList(); 171 void DoGetNetworkList(); 172 void SendNetworkList(scoped_ptr<net::NetworkInterfaceList> list); 173 void CreateTCPSocket(int32 routing_id, 174 uint32 plugin_dispatcher_id, 175 bool private_api, 176 uint32* socket_id); 177 enum PluginType { 178 PLUGIN_TYPE_IN_PROCESS, 179 PLUGIN_TYPE_OUT_OF_PROCESS, 180 // External plugin means it was created through 181 // BrowserPpapiHost::CreateExternalPluginProcess. 182 PLUGIN_TYPE_EXTERNAL_PLUGIN, 183 }; 184 185 PluginType plugin_type_; 186 187 // When attached to an out-of-process plugin (be it native or NaCl) this 188 // will have the Pepper permissions for the plugin. When attached to the 189 // renderer channel, this will have no permissions listed (since there may 190 // be many plugins sharing this channel). 191 ppapi::PpapiPermissions permissions_; 192 193 // Render process ID. 194 int process_id_; 195 196 // External plugin RenderView id to determine private API access. Normally, we 197 // handle messages coming from multiple RenderViews, but external plugins 198 // always creates a new PepperMessageFilter for each RenderView. 199 int external_plugin_render_view_id_; 200 201 // When non-NULL, this should be used instead of the host_resolver_. 202 ResourceContext* const resource_context_; 203 204 // When non-NULL, this should be used instead of the resource_context_. Use 205 // GetHostResolver instead of accessing directly. 206 net::HostResolver* host_resolver_; 207 208 // The default SSL configuration settings are used, as opposed to Chrome's SSL 209 // settings. 210 net::SSLConfig ssl_config_; 211 // This is lazily created. Users should use GetCertVerifier to retrieve it. 212 scoped_ptr<net::CertVerifier> cert_verifier_; 213 // This is lazily created. Users should use GetTransportSecurityState to 214 // retrieve it. 215 scoped_ptr<net::TransportSecurityState> transport_security_state_; 216 217 uint32 next_socket_id_; 218 219 TCPSocketMap tcp_sockets_; 220 221 NetworkMonitorIdSet network_monitor_ids_; 222 223 base::FilePath browser_path_; 224 bool incognito_; 225 226 DISALLOW_COPY_AND_ASSIGN(PepperMessageFilter); 227 }; 228 229 } // namespace content 230 231 #endif // CONTENT_BROWSER_RENDERER_HOST_PEPPER_PEPPER_MESSAGE_FILTER_H_ 232
