1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_ 7 8 #include <string> 9 10 #include "net/base/completion_callback.h" 11 #include "net/base/load_flags.h" 12 #include "net/base/net_errors.h" 13 #include "net/socket/ssl_socket.h" 14 #include "net/socket/stream_socket.h" 15 16 namespace net { 17 18 class CertVerifier; 19 class ServerBoundCertService; 20 class SSLCertRequestInfo; 21 class SSLInfo; 22 class TransportSecurityState; 23 24 // This struct groups together several fields which are used by various 25 // classes related to SSLClientSocket. 26 struct SSLClientSocketContext { 27 SSLClientSocketContext() 28 : cert_verifier(NULL), 29 server_bound_cert_service(NULL), 30 transport_security_state(NULL) {} 31 32 SSLClientSocketContext(CertVerifier* cert_verifier_arg, 33 ServerBoundCertService* server_bound_cert_service_arg, 34 TransportSecurityState* transport_security_state_arg, 35 const std::string& ssl_session_cache_shard_arg) 36 : cert_verifier(cert_verifier_arg), 37 server_bound_cert_service(server_bound_cert_service_arg), 38 transport_security_state(transport_security_state_arg), 39 ssl_session_cache_shard(ssl_session_cache_shard_arg) {} 40 41 CertVerifier* cert_verifier; 42 ServerBoundCertService* server_bound_cert_service; 43 TransportSecurityState* transport_security_state; 44 // ssl_session_cache_shard is an opaque string that identifies a shard of the 45 // SSL session cache. SSL sockets with the same ssl_session_cache_shard may 46 // resume each other's SSL sessions but we'll never sessions between shards. 47 const std::string ssl_session_cache_shard; 48 }; 49 50 // A client socket that uses SSL as the transport layer. 51 // 52 // NOTE: The SSL handshake occurs within the Connect method after a TCP 53 // connection is established. If a SSL error occurs during the handshake, 54 // Connect will fail. 55 // 56 class NET_EXPORT SSLClientSocket : public SSLSocket { 57 public: 58 SSLClientSocket(); 59 60 // Next Protocol Negotiation (NPN) allows a TLS client and server to come to 61 // an agreement about the application level protocol to speak over a 62 // connection. 63 enum NextProtoStatus { 64 // WARNING: These values are serialized to disk. Don't change them. 65 66 kNextProtoUnsupported = 0, // The server doesn't support NPN. 67 kNextProtoNegotiated = 1, // We agreed on a protocol. 68 kNextProtoNoOverlap = 2, // No protocols in common. We requested 69 // the first protocol in our list. 70 }; 71 72 // StreamSocket: 73 virtual bool WasNpnNegotiated() const OVERRIDE; 74 virtual NextProto GetNegotiatedProtocol() const OVERRIDE; 75 76 // Gets the SSL CertificateRequest info of the socket after Connect failed 77 // with ERR_SSL_CLIENT_AUTH_CERT_NEEDED. 78 virtual void GetSSLCertRequestInfo( 79 SSLCertRequestInfo* cert_request_info) = 0; 80 81 // Get the application level protocol that we negotiated with the server. 82 // *proto is set to the resulting protocol (n.b. that the string may have 83 // embedded NULs). 84 // kNextProtoUnsupported: *proto is cleared. 85 // kNextProtoNegotiated: *proto is set to the negotiated protocol. 86 // kNextProtoNoOverlap: *proto is set to the first protocol in the 87 // supported list. 88 // *server_protos is set to the server advertised protocols. 89 virtual NextProtoStatus GetNextProto(std::string* proto, 90 std::string* server_protos) = 0; 91 92 static NextProto NextProtoFromString(const std::string& proto_string); 93 94 static const char* NextProtoToString(NextProto next_proto); 95 96 static const char* NextProtoStatusToString(const NextProtoStatus status); 97 98 // Can be used with the second argument(|server_protos|) of |GetNextProto| to 99 // construct a comma separated string of server advertised protocols. 100 static std::string ServerProtosToString(const std::string& server_protos); 101 102 static bool IgnoreCertError(int error, int load_flags); 103 104 // ClearSessionCache clears the SSL session cache, used to resume SSL 105 // sessions. 106 static void ClearSessionCache(); 107 108 virtual bool set_was_npn_negotiated(bool negotiated); 109 110 virtual bool was_spdy_negotiated() const; 111 112 virtual bool set_was_spdy_negotiated(bool negotiated); 113 114 virtual void set_protocol_negotiated(NextProto protocol_negotiated); 115 116 // Returns the ServerBoundCertService used by this socket, or NULL if 117 // server bound certificates are not supported. 118 virtual ServerBoundCertService* GetServerBoundCertService() const = 0; 119 120 // Returns true if a channel ID was sent on this connection. 121 // This may be useful for protocols, like SPDY, which allow the same 122 // connection to be shared between multiple domains, each of which need 123 // a channel ID. 124 virtual bool WasChannelIDSent() const; 125 126 virtual void set_channel_id_sent(bool channel_id_sent); 127 128 private: 129 // True if NPN was responded to, independent of selecting SPDY or HTTP. 130 bool was_npn_negotiated_; 131 // True if NPN successfully negotiated SPDY. 132 bool was_spdy_negotiated_; 133 // Protocol that we negotiated with the server. 134 NextProto protocol_negotiated_; 135 // True if a channel ID was sent. 136 bool channel_id_sent_; 137 }; 138 139 } // namespace net 140 141 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_ 142