• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
7 #pragma once
8 
9 #include <Security/Security.h>
10 
11 #include <string>
12 #include <vector>
13 
14 #include "base/memory/scoped_ptr.h"
15 #include "net/base/cert_verify_result.h"
16 #include "net/base/completion_callback.h"
17 #include "net/base/host_port_pair.h"
18 #include "net/base/net_log.h"
19 #include "net/base/ssl_config_service.h"
20 #include "net/socket/ssl_client_socket.h"
21 
22 namespace net {
23 
24 class CertVerifier;
25 class ClientSocketHandle;
26 class SingleRequestCertVerifier;
27 
28 // An SSL client socket implemented with Secure Transport.
29 class SSLClientSocketMac : public SSLClientSocket {
30  public:
31   // Takes ownership of the |transport_socket|, which must already be connected.
32   // The hostname specified in |host_and_port| will be compared with the name(s)
33   // in the server's certificate during the SSL handshake.  If SSL client
34   // authentication is requested, the host_and_port field of SSLCertRequestInfo
35   // will be populated with |host_and_port|.  |ssl_config| specifies
36   // the SSL settings.
37   SSLClientSocketMac(ClientSocketHandle* transport_socket,
38                      const HostPortPair& host_and_port,
39                      const SSLConfig& ssl_config,
40                      CertVerifier* cert_verifier);
41   ~SSLClientSocketMac();
42 
43   // SSLClientSocket methods:
44   virtual void GetSSLInfo(SSLInfo* ssl_info);
45   virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info);
46   virtual NextProtoStatus GetNextProto(std::string* proto);
47 
48   // ClientSocket methods:
49   virtual int Connect(CompletionCallback* callback
50 #ifdef ANDROID
51                       , bool wait_for_connect
52 #endif
53                      );
54   virtual void Disconnect();
55   virtual bool IsConnected() const;
56   virtual bool IsConnectedAndIdle() const;
57   virtual int GetPeerAddress(AddressList* address) const;
58   virtual int GetLocalAddress(IPEndPoint* address) const;
59   virtual const BoundNetLog& NetLog() const;
60   virtual void SetSubresourceSpeculation();
61   virtual void SetOmniboxSpeculation();
62   virtual bool WasEverUsed() const;
63   virtual bool UsingTCPFastOpen() const;
64 
65   // Socket methods:
66   virtual int Read(IOBuffer* buf, int buf_len, CompletionCallback* callback);
67   virtual int Write(IOBuffer* buf, int buf_len, CompletionCallback* callback);
68   virtual bool SetReceiveBufferSize(int32 size);
69   virtual bool SetSendBufferSize(int32 size);
70 
71  private:
completed_handshake()72   bool completed_handshake() const {
73     return next_handshake_state_ == STATE_COMPLETED_HANDSHAKE;
74   }
75   // Initializes the SSLContext.  Returns a net error code.
76   int InitializeSSLContext();
77 
78   void DoConnectCallback(int result);
79   void DoReadCallback(int result);
80   void DoWriteCallback(int result);
81   void OnHandshakeIOComplete(int result);
82   void OnTransportReadComplete(int result);
83   void OnTransportWriteComplete(int result);
84 
85   int DoHandshakeLoop(int last_io_result);
86 
87   int DoPayloadRead();
88   int DoPayloadWrite();
89   int DoHandshake();
90   int DoVerifyCert();
91   int DoVerifyCertComplete(int result);
92   int DoCompletedRenegotiation(int result);
93 
94   void DidCompleteRenegotiation();
95   int DidCompleteHandshake();
96 
97   int SetClientCert();
98 
99   static OSStatus SSLReadCallback(SSLConnectionRef connection,
100                                   void* data,
101                                   size_t* data_length);
102   static OSStatus SSLWriteCallback(SSLConnectionRef connection,
103                                    const void* data,
104                                    size_t* data_length);
105 
106   CompletionCallbackImpl<SSLClientSocketMac> handshake_io_callback_;
107   CompletionCallbackImpl<SSLClientSocketMac> transport_read_callback_;
108   CompletionCallbackImpl<SSLClientSocketMac> transport_write_callback_;
109 
110   scoped_ptr<ClientSocketHandle> transport_;
111   HostPortPair host_and_port_;
112   SSLConfig ssl_config_;
113 
114   CompletionCallback* user_connect_callback_;
115   CompletionCallback* user_read_callback_;
116   CompletionCallback* user_write_callback_;
117 
118   // Used by Read function.
119   scoped_refptr<IOBuffer> user_read_buf_;
120   int user_read_buf_len_;
121 
122   // Used by Write function.
123   scoped_refptr<IOBuffer> user_write_buf_;
124   int user_write_buf_len_;
125 
126   enum State {
127     STATE_NONE,
128     STATE_HANDSHAKE,
129     STATE_VERIFY_CERT,
130     STATE_VERIFY_CERT_COMPLETE,
131     STATE_COMPLETED_RENEGOTIATION,
132     STATE_COMPLETED_HANDSHAKE,
133     // After the handshake, the socket remains in the
134     // STATE_COMPLETED_HANDSHAKE state until renegotiation is requested by
135     // the server. When renegotiation is requested, the state machine
136     // restarts at STATE_HANDSHAKE, advances through to
137     // STATE_VERIFY_CERT_COMPLETE, and then continues to
138     // STATE_COMPLETED_RENEGOTIATION. After STATE_COMPLETED_RENEGOTIATION
139     // has been processed, it goes back to STATE_COMPLETED_HANDSHAKE and
140     // will remain there until the server requests renegotiation again.
141     // During the initial handshake, STATE_COMPLETED_RENEGOTIATION is
142     // skipped.
143   };
144   State next_handshake_state_;
145 
146   scoped_refptr<X509Certificate> server_cert_;
147   CertVerifier* const cert_verifier_;
148   scoped_ptr<SingleRequestCertVerifier> verifier_;
149   CertVerifyResult server_cert_verify_result_;
150 
151   // The initial handshake has already completed, and the current handshake
152   // is server-initiated renegotiation.
153   bool renegotiating_;
154   bool client_cert_requested_;
155   SSLContextRef ssl_context_;
156 
157   // During a renegotiation, the amount of application data read following
158   // the handshake's completion.
159   size_t bytes_read_after_renegotiation_;
160 
161   // These buffers hold data retrieved from/sent to the underlying transport
162   // before it's fed to the SSL engine.
163   std::vector<char> send_buffer_;
164   int pending_send_error_;
165   std::vector<char> recv_buffer_;
166 
167   // These are the IOBuffers used for operations on the underlying transport.
168   scoped_refptr<IOBuffer> read_io_buf_;
169   scoped_refptr<IOBuffer> write_io_buf_;
170 
171   BoundNetLog net_log_;
172 };
173 
174 }  // namespace net
175 
176 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_
177