1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/socket/client_socket_factory.h"
6
7 #include "base/lazy_instance.h"
8 #include "build/build_config.h"
9 #include "net/base/cert_database.h"
10 #include "net/socket/client_socket_handle.h"
11 #if defined(OS_WIN)
12 #include "net/socket/ssl_client_socket_nss.h"
13 #include "net/socket/ssl_client_socket_win.h"
14 #elif defined(USE_OPENSSL)
15 #include "net/socket/ssl_client_socket_openssl.h"
16 #elif defined(USE_NSS)
17 #include "net/socket/ssl_client_socket_nss.h"
18 #elif defined(OS_MACOSX)
19 #include "net/socket/ssl_client_socket_mac.h"
20 #include "net/socket/ssl_client_socket_nss.h"
21 #endif
22 #include "net/socket/ssl_host_info.h"
23 #include "net/socket/tcp_client_socket.h"
24
25 namespace net {
26
27 class X509Certificate;
28
29 namespace {
30
31 bool g_use_system_ssl = false;
32
33 class DefaultClientSocketFactory : public ClientSocketFactory,
34 public CertDatabase::Observer {
35 public:
DefaultClientSocketFactory()36 DefaultClientSocketFactory() {
37 CertDatabase::AddObserver(this);
38 }
39
~DefaultClientSocketFactory()40 virtual ~DefaultClientSocketFactory() {
41 CertDatabase::RemoveObserver(this);
42 }
43
OnUserCertAdded(const X509Certificate * cert)44 virtual void OnUserCertAdded(const X509Certificate* cert) {
45 ClearSSLSessionCache();
46 }
47
OnCertTrustChanged(const X509Certificate * cert)48 virtual void OnCertTrustChanged(const X509Certificate* cert) {
49 // Per wtc, we actually only need to flush when trust is reduced.
50 // Always flush now because OnCertTrustChanged does not tell us this.
51 // See comments in ClientSocketPoolManager::OnCertTrustChanged.
52 ClearSSLSessionCache();
53 }
54
CreateTransportClientSocket(const AddressList & addresses,NetLog * net_log,const NetLog::Source & source)55 virtual ClientSocket* CreateTransportClientSocket(
56 const AddressList& addresses,
57 NetLog* net_log,
58 const NetLog::Source& source) {
59 return new TCPClientSocket(addresses, net_log, source);
60 }
61
CreateSSLClientSocket(ClientSocketHandle * transport_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config,SSLHostInfo * ssl_host_info,CertVerifier * cert_verifier,DnsCertProvenanceChecker * dns_cert_checker)62 virtual SSLClientSocket* CreateSSLClientSocket(
63 ClientSocketHandle* transport_socket,
64 const HostPortPair& host_and_port,
65 const SSLConfig& ssl_config,
66 SSLHostInfo* ssl_host_info,
67 CertVerifier* cert_verifier,
68 DnsCertProvenanceChecker* dns_cert_checker) {
69 scoped_ptr<SSLHostInfo> shi(ssl_host_info);
70 #if defined(OS_WIN)
71 if (g_use_system_ssl) {
72 return new SSLClientSocketWin(transport_socket, host_and_port,
73 ssl_config, cert_verifier);
74 }
75 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
76 shi.release(), cert_verifier,
77 dns_cert_checker);
78 #elif defined(USE_OPENSSL)
79 return new SSLClientSocketOpenSSL(transport_socket, host_and_port,
80 ssl_config, cert_verifier);
81 #elif defined(USE_NSS)
82 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
83 shi.release(), cert_verifier,
84 dns_cert_checker);
85 #elif defined(OS_MACOSX)
86 if (g_use_system_ssl) {
87 return new SSLClientSocketMac(transport_socket, host_and_port,
88 ssl_config, cert_verifier);
89 }
90 return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
91 shi.release(), cert_verifier,
92 dns_cert_checker);
93 #else
94 NOTIMPLEMENTED();
95 return NULL;
96 #endif
97 }
98
99 // TODO(rch): This is only implemented for the NSS SSL library, which is the
100 /// default for Windows, Mac and Linux, but we should implement it everywhere.
ClearSSLSessionCache()101 void ClearSSLSessionCache() {
102 #if defined(OS_WIN)
103 if (!g_use_system_ssl)
104 SSLClientSocketNSS::ClearSessionCache();
105 #elif defined(USE_OPENSSL)
106 // no-op
107 #elif defined(USE_NSS)
108 SSLClientSocketNSS::ClearSessionCache();
109 #elif defined(OS_MACOSX)
110 if (!g_use_system_ssl)
111 SSLClientSocketNSS::ClearSessionCache();
112 #else
113 NOTIMPLEMENTED();
114 #endif
115 }
116
117 };
118
119 static base::LazyInstance<DefaultClientSocketFactory>
120 g_default_client_socket_factory(base::LINKER_INITIALIZED);
121
122 } // namespace
123
124 // Deprecated function (http://crbug.com/37810) that takes a ClientSocket.
CreateSSLClientSocket(ClientSocket * transport_socket,const HostPortPair & host_and_port,const SSLConfig & ssl_config,SSLHostInfo * ssl_host_info,CertVerifier * cert_verifier)125 SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(
126 ClientSocket* transport_socket,
127 const HostPortPair& host_and_port,
128 const SSLConfig& ssl_config,
129 SSLHostInfo* ssl_host_info,
130 CertVerifier* cert_verifier) {
131 ClientSocketHandle* socket_handle = new ClientSocketHandle();
132 socket_handle->set_socket(transport_socket);
133 return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config,
134 ssl_host_info, cert_verifier,
135 NULL /* DnsCertProvenanceChecker */);
136 }
137
138 // static
GetDefaultFactory()139 ClientSocketFactory* ClientSocketFactory::GetDefaultFactory() {
140 return g_default_client_socket_factory.Pointer();
141 }
142
143 // static
UseSystemSSL()144 void ClientSocketFactory::UseSystemSSL() {
145 g_use_system_ssl = true;
146 }
147
148 } // namespace net
149