1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ 6 #define NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ 7 8 #include <certt.h> 9 #include <keyt.h> 10 #include <nspr.h> 11 #include <nss.h> 12 13 #include "base/memory/scoped_ptr.h" 14 #include "net/base/completion_callback.h" 15 #include "net/base/host_port_pair.h" 16 #include "net/base/net_log.h" 17 #include "net/base/nss_memio.h" 18 #include "net/socket/ssl_server_socket.h" 19 #include "net/ssl/ssl_config_service.h" 20 21 namespace net { 22 23 class SSLServerSocketNSS : public SSLServerSocket { 24 public: 25 // See comments on CreateSSLServerSocket for details of how these 26 // parameters are used. 27 SSLServerSocketNSS(scoped_ptr<StreamSocket> socket, 28 scoped_refptr<X509Certificate> certificate, 29 crypto::RSAPrivateKey* key, 30 const SSLConfig& ssl_config); 31 virtual ~SSLServerSocketNSS(); 32 33 // SSLServerSocket interface. 34 virtual int Handshake(const CompletionCallback& callback) OVERRIDE; 35 36 // SSLSocket interface. 37 virtual int ExportKeyingMaterial(const base::StringPiece& label, 38 bool has_context, 39 const base::StringPiece& context, 40 unsigned char* out, 41 unsigned int outlen) OVERRIDE; 42 virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; 43 44 // Socket interface (via StreamSocket). 45 virtual int Read(IOBuffer* buf, int buf_len, 46 const CompletionCallback& callback) OVERRIDE; 47 virtual int Write(IOBuffer* buf, int buf_len, 48 const CompletionCallback& callback) OVERRIDE; 49 virtual int SetReceiveBufferSize(int32 size) OVERRIDE; 50 virtual int SetSendBufferSize(int32 size) OVERRIDE; 51 52 // StreamSocket implementation. 53 virtual int Connect(const CompletionCallback& callback) OVERRIDE; 54 virtual void Disconnect() OVERRIDE; 55 virtual bool IsConnected() const OVERRIDE; 56 virtual bool IsConnectedAndIdle() const OVERRIDE; 57 virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE; 58 virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE; 59 virtual const BoundNetLog& NetLog() const OVERRIDE; 60 virtual void SetSubresourceSpeculation() OVERRIDE; 61 virtual void SetOmniboxSpeculation() OVERRIDE; 62 virtual bool WasEverUsed() const OVERRIDE; 63 virtual bool UsingTCPFastOpen() const OVERRIDE; 64 virtual bool WasNpnNegotiated() const OVERRIDE; 65 virtual NextProto GetNegotiatedProtocol() const OVERRIDE; 66 virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; 67 68 private: 69 enum State { 70 STATE_NONE, 71 STATE_HANDSHAKE, 72 }; 73 74 int InitializeSSLOptions(); 75 76 void OnSendComplete(int result); 77 void OnRecvComplete(int result); 78 void OnHandshakeIOComplete(int result); 79 80 int BufferSend(); 81 void BufferSendComplete(int result); 82 int BufferRecv(); 83 void BufferRecvComplete(int result); 84 bool DoTransportIO(); 85 int DoPayloadRead(); 86 int DoPayloadWrite(); 87 88 int DoHandshakeLoop(int last_io_result); 89 int DoReadLoop(int result); 90 int DoWriteLoop(int result); 91 int DoHandshake(); 92 void DoHandshakeCallback(int result); 93 void DoReadCallback(int result); 94 void DoWriteCallback(int result); 95 96 static SECStatus OwnAuthCertHandler(void* arg, 97 PRFileDesc* socket, 98 PRBool checksig, 99 PRBool is_server); 100 static void HandshakeCallback(PRFileDesc* socket, void* arg); 101 102 int Init(); 103 104 // Members used to send and receive buffer. 105 bool transport_send_busy_; 106 bool transport_recv_busy_; 107 108 scoped_refptr<IOBuffer> recv_buffer_; 109 110 BoundNetLog net_log_; 111 112 CompletionCallback user_handshake_callback_; 113 CompletionCallback user_read_callback_; 114 CompletionCallback user_write_callback_; 115 116 // Used by Read function. 117 scoped_refptr<IOBuffer> user_read_buf_; 118 int user_read_buf_len_; 119 120 // Used by Write function. 121 scoped_refptr<IOBuffer> user_write_buf_; 122 int user_write_buf_len_; 123 124 // The NSS SSL state machine 125 PRFileDesc* nss_fd_; 126 127 // Buffers for the network end of the SSL state machine 128 memio_Private* nss_bufs_; 129 130 // StreamSocket for sending and receiving data. 131 scoped_ptr<StreamSocket> transport_socket_; 132 133 // Options for the SSL socket. 134 SSLConfig ssl_config_; 135 136 // Certificate for the server. 137 scoped_refptr<X509Certificate> cert_; 138 139 // Private key used by the server. 140 scoped_ptr<crypto::RSAPrivateKey> key_; 141 142 State next_handshake_state_; 143 bool completed_handshake_; 144 145 DISALLOW_COPY_AND_ASSIGN(SSLServerSocketNSS); 146 }; 147 148 } // namespace net 149 150 #endif // NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ 151