• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef _DNS_DNSTLSTRANSPORT_H
18 #define _DNS_DNSTLSTRANSPORT_H
19 
20 #include <future>
21 #include <map>
22 #include <mutex>
23 #include <vector>
24 
25 #include <android-base/thread_annotations.h>
26 #include <android-base/unique_fd.h>
27 
28 #include "dns/DnsTlsSessionCache.h"
29 #include "dns/DnsTlsQueryMap.h"
30 #include "dns/DnsTlsServer.h"
31 #include "dns/IDnsTlsSocket.h"
32 #include "dns/IDnsTlsSocketObserver.h"
33 
34 #include <netdutils/Slice.h>
35 
36 namespace android {
37 namespace net {
38 
39 class IDnsTlsSocketFactory;
40 
41 // Manages at most one DnsTlsSocket at a time.  This class handles socket lifetime issues,
42 // such as reopening the socket and reissuing pending queries.
43 class DnsTlsTransport : public IDnsTlsSocketObserver {
44 public:
DnsTlsTransport(const DnsTlsServer & server,unsigned mark,IDnsTlsSocketFactory * _Nonnull factory)45     DnsTlsTransport(const DnsTlsServer& server, unsigned mark,
46                     IDnsTlsSocketFactory* _Nonnull factory) :
47             mMark(mark), mServer(server), mFactory(factory) {}
48     ~DnsTlsTransport();
49 
50     typedef DnsTlsServer::Response Response;
51     typedef DnsTlsServer::Result Result;
52 
53     // Given a |query|, this method sends it to the server and returns the result asynchronously.
54     std::future<Result> query(const netdutils::Slice query) EXCLUDES(mLock);
55 
56     // Check that a given TLS server is fully working on the specified netid, and has the
57     // provided SHA-256 fingerprint (if nonempty).  This function is used in ResolverController
58     // to ensure that we don't enable DNS over TLS on networks where it doesn't actually work.
59     static bool validate(const DnsTlsServer& server, unsigned netid);
60 
61     // Implement IDnsTlsSocketObserver
62     void onResponse(std::vector<uint8_t> response) override;
63     void onClosed() override EXCLUDES(mLock);
64 
65 private:
66     std::mutex mLock;
67 
68     DnsTlsSessionCache mCache;
69     DnsTlsQueryMap mQueries;
70 
71     const unsigned mMark;  // Socket mark
72     const DnsTlsServer mServer;
73     IDnsTlsSocketFactory* _Nonnull const mFactory;
74 
75     void doConnect() REQUIRES(mLock);
76 
77     // doReconnect is used by onClosed.  It runs on the reconnect thread.
78     void doReconnect() EXCLUDES(mLock);
79     std::unique_ptr<std::thread> mReconnectThread GUARDED_BY(mLock);
80 
81     // Used to prevent onClosed from starting a reconnect during the destructor.
82     bool mClosing GUARDED_BY(mLock) = false;
83 
84     // Sending queries on the socket is thread-safe, but construction/destruction is not.
85     std::unique_ptr<IDnsTlsSocket> mSocket GUARDED_BY(mLock);
86 
87     // Send a query to the socket.
88     bool sendQuery(const DnsTlsQueryMap::Query q) REQUIRES(mLock);
89 };
90 
91 }  // end of namespace net
92 }  // end of namespace android
93 
94 #endif  // _DNS_DNSTLSTRANSPORT_H
95