1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef _DNS_DNSTLSTRANSPORT_H 18 #define _DNS_DNSTLSTRANSPORT_H 19 20 #include <future> 21 #include <map> 22 #include <mutex> 23 #include <vector> 24 25 #include <android-base/thread_annotations.h> 26 #include <android-base/unique_fd.h> 27 #include <netdutils/Slice.h> 28 29 #include "DnsTlsQueryMap.h" 30 #include "DnsTlsServer.h" 31 #include "DnsTlsSessionCache.h" 32 #include "IDnsTlsSocket.h" 33 #include "IDnsTlsSocketObserver.h" 34 35 namespace android { 36 namespace net { 37 38 class IDnsTlsSocketFactory; 39 40 // Manages at most one DnsTlsSocket at a time. This class handles socket lifetime issues, 41 // such as reopening the socket and reissuing pending queries. 42 class DnsTlsTransport : public IDnsTlsSocketObserver { 43 public: DnsTlsTransport(const DnsTlsServer & server,unsigned mark,IDnsTlsSocketFactory * _Nonnull factory)44 DnsTlsTransport(const DnsTlsServer& server, unsigned mark, 45 IDnsTlsSocketFactory* _Nonnull factory) 46 : mMark(mark), mServer(server), mFactory(factory) {} 47 ~DnsTlsTransport(); 48 49 typedef DnsTlsServer::Response Response; 50 typedef DnsTlsServer::Result Result; 51 52 // Given a |query|, this method sends it to the server and returns the result asynchronously. 53 std::future<Result> query(const netdutils::Slice query) EXCLUDES(mLock); 54 55 // Check that a given TLS server is fully working on the specified netid, and has the 56 // provided SHA-256 fingerprint (if nonempty). This function is used in ResolverController 57 // to ensure that we don't enable DNS over TLS on networks where it doesn't actually work. 58 static bool validate(const DnsTlsServer& server, unsigned netid, uint32_t mark); 59 60 // Implement IDnsTlsSocketObserver 61 void onResponse(std::vector<uint8_t> response) override; 62 void onClosed() override EXCLUDES(mLock); 63 64 private: 65 std::mutex mLock; 66 67 DnsTlsSessionCache mCache; 68 DnsTlsQueryMap mQueries; 69 70 const unsigned mMark; // Socket mark 71 const DnsTlsServer mServer; 72 IDnsTlsSocketFactory* _Nonnull const mFactory; 73 74 void doConnect() REQUIRES(mLock); 75 76 // doReconnect is used by onClosed. It runs on the reconnect thread. 77 void doReconnect() EXCLUDES(mLock); 78 std::unique_ptr<std::thread> mReconnectThread GUARDED_BY(mLock); 79 80 // Used to prevent onClosed from starting a reconnect during the destructor. 81 bool mClosing GUARDED_BY(mLock) = false; 82 83 // Sending queries on the socket is thread-safe, but construction/destruction is not. 84 std::unique_ptr<IDnsTlsSocket> mSocket GUARDED_BY(mLock); 85 86 // Send a query to the socket. 87 bool sendQuery(const DnsTlsQueryMap::Query q) REQUIRES(mLock); 88 }; 89 90 } // end of namespace net 91 } // end of namespace android 92 93 #endif // _DNS_DNSTLSTRANSPORT_H 94