• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SOCKET_SSL_HOST_INFO_H_
6 #define NET_SOCKET_SSL_HOST_INFO_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include "base/memory/ref_counted.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/time.h"
14 #include "net/base/cert_verifier.h"
15 #include "net/base/cert_verify_result.h"
16 #include "net/base/completion_callback.h"
17 #include "net/base/dnsrr_resolver.h"
18 #include "net/socket/ssl_client_socket.h"
19 
20 namespace net {
21 
22 class X509Certificate;
23 struct SSLConfig;
24 
25 // SSLHostInfo is an interface for fetching information about an SSL server.
26 // This information may be stored on disk so does not include keys or session
27 // information etc. Primarily it's intended for caching the server's
28 // certificates.
29 class SSLHostInfo {
30  public:
31   SSLHostInfo(const std::string& hostname,
32               const SSLConfig& ssl_config,
33               CertVerifier *certVerifier);
34   virtual ~SSLHostInfo();
35 
36   // Start will commence the lookup. This must be called before any other
37   // methods. By opportunistically calling this early, it may be possible to
38   // overlap this object's lookup and reduce latency.
39   virtual void Start() = 0;
40 
41   // WaitForDataReady returns OK if the fetch of the requested data has
42   // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on
43   // the current thread when ready.
44   //
45   // Only a single callback can be outstanding at a given time and, in the
46   // event that WaitForDataReady returns OK, it's the caller's responsibility
47   // to delete |callback|.
48   //
49   // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned
50   // but, obviously, a callback will never be made.
51   virtual int WaitForDataReady(CompletionCallback* callback) = 0;
52 
53   // Persist allows for the host information to be updated for future users.
54   // This is a fire and forget operation: the caller may drop its reference
55   // from this object and the store operation will still complete. This can
56   // only be called once WaitForDataReady has returned OK or called its
57   // callback.
58   virtual void Persist() = 0;
59 
60   // StartDnsLookup triggers a DNS lookup for the host.
61   void StartDnsLookup(DnsRRResolver* dnsrr_resolver);
62 
63   struct State {
64     State();
65     ~State();
66 
67     void Clear();
68 
69     // certs is a vector of DER encoded X.509 certificates, as the server
70     // returned them and in the same order.
71     std::vector<std::string> certs;
72 
73    private:
74     DISALLOW_COPY_AND_ASSIGN(State);
75   };
76 
77   // Once the data is ready, it can be read using the following members. These
78   // members can then be updated before calling |Persist|.
79   const State& state() const;
80   State* mutable_state();
81 
82   // If |cert_valid()| returns true, then this contains the result of verifying
83   // the certificate.
84   const CertVerifyResult& cert_verify_result() const;
85 
86   // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in
87   // |state().certs| is still being validated and arranges for the given
88   // callback to be called when the verification completes. If the verification
89   // has already finished then WaitForCertVerification returns the result of
90   // that verification.
91   int WaitForCertVerification(CompletionCallback* callback);
92 
verification_start_time()93   base::TimeTicks verification_start_time() const {
94     return verification_start_time_;
95   }
96 
verification_end_time()97   base::TimeTicks verification_end_time() const {
98     return verification_end_time_;
99   }
100 
101  protected:
102   // Parse parses an opaque blob of data and fills out the public member fields
103   // of this object. It returns true iff the parse was successful. The public
104   // member fields will be set to something sane in any case.
105   bool Parse(const std::string& data);
106   std::string Serialize() const;
107   State state_;
108   bool cert_verification_complete_;
109   int cert_verification_error_;
110 
111  private:
112   // This is the callback function which the CertVerifier calls via |callback_|.
113   void VerifyCallback(int rv);
114 
115   // ParseInner is a helper function for Parse.
116   bool ParseInner(const std::string& data);
117 
118   // This is the hostname that we'll validate the certificates against.
119   const std::string hostname_;
120   bool cert_parsing_failed_;
121   CompletionCallback* cert_verification_callback_;
122   // These two members are taken from the SSLConfig.
123   bool rev_checking_enabled_;
124   bool verify_ev_cert_;
125   base::TimeTicks verification_start_time_;
126   base::TimeTicks verification_end_time_;
127   CertVerifyResult cert_verify_result_;
128   SingleRequestCertVerifier verifier_;
129   scoped_refptr<X509Certificate> cert_;
130   scoped_refptr<CancelableCompletionCallback<SSLHostInfo> > callback_;
131 
132   DnsRRResolver* dnsrr_resolver_;
133   CompletionCallback* dns_callback_;
134   DnsRRResolver::Handle dns_handle_;
135   RRResponse dns_response_;
136   base::TimeTicks dns_lookup_start_time_;
137   base::TimeTicks cert_verification_finished_time_;
138 };
139 
140 class SSLHostInfoFactory {
141  public:
142   virtual ~SSLHostInfoFactory();
143 
144   // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname
145   // or NULL on failure.
146   virtual SSLHostInfo* GetForHost(const std::string& hostname,
147                                   const SSLConfig& ssl_config) = 0;
148 };
149 
150 }  // namespace net
151 
152 #endif  // NET_SOCKET_SSL_HOST_INFO_H_
153