ssl_client_socket_mac.h revision 21d179b334e59e9a3bfcaed4c4430bef1bc5759d
1// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_ 6#define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_ 7#pragma once 8 9#include <Security/Security.h> 10 11#include <string> 12#include <vector> 13 14#include "base/scoped_ptr.h" 15#include "net/base/cert_verify_result.h" 16#include "net/base/completion_callback.h" 17#include "net/base/host_port_pair.h" 18#include "net/base/net_log.h" 19#include "net/base/ssl_config_service.h" 20#include "net/socket/ssl_client_socket.h" 21 22namespace net { 23 24class CertVerifier; 25class ClientSocketHandle; 26class SingleRequestCertVerifier; 27 28// An SSL client socket implemented with Secure Transport. 29class SSLClientSocketMac : public SSLClientSocket { 30 public: 31 // Takes ownership of the |transport_socket|, which must already be connected. 32 // The hostname specified in |host_and_port| will be compared with the name(s) 33 // in the server's certificate during the SSL handshake. If SSL client 34 // authentication is requested, the host_and_port field of SSLCertRequestInfo 35 // will be populated with |host_and_port|. |ssl_config| specifies 36 // the SSL settings. 37 SSLClientSocketMac(ClientSocketHandle* transport_socket, 38 const HostPortPair& host_and_port, 39 const SSLConfig& ssl_config, 40 CertVerifier* cert_verifier); 41 ~SSLClientSocketMac(); 42 43 // SSLClientSocket methods: 44 virtual void GetSSLInfo(SSLInfo* ssl_info); 45 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); 46 virtual NextProtoStatus GetNextProto(std::string* proto); 47 48 // ClientSocket methods: 49 virtual int Connect(CompletionCallback* callback 50#ifdef ANDROID 51 , bool wait_for_connect 52#endif 53 ); 54 virtual void Disconnect(); 55 virtual bool IsConnected() const; 56 virtual bool IsConnectedAndIdle() const; 57 virtual int GetPeerAddress(AddressList* address) const; 58 virtual const BoundNetLog& NetLog() const { return net_log_; } 59 virtual void SetSubresourceSpeculation(); 60 virtual void SetOmniboxSpeculation(); 61 virtual bool WasEverUsed() const; 62 virtual bool UsingTCPFastOpen() const; 63 64 // Socket methods: 65 virtual int Read(IOBuffer* buf, int buf_len, CompletionCallback* callback); 66 virtual int Write(IOBuffer* buf, int buf_len, CompletionCallback* callback); 67 virtual bool SetReceiveBufferSize(int32 size); 68 virtual bool SetSendBufferSize(int32 size); 69 70 private: 71 bool completed_handshake() const { 72 return next_handshake_state_ == STATE_COMPLETED_HANDSHAKE; 73 } 74 // Initializes the SSLContext. Returns a net error code. 75 int InitializeSSLContext(); 76 77 void DoConnectCallback(int result); 78 void DoReadCallback(int result); 79 void DoWriteCallback(int result); 80 void OnHandshakeIOComplete(int result); 81 void OnTransportReadComplete(int result); 82 void OnTransportWriteComplete(int result); 83 84 int DoHandshakeLoop(int last_io_result); 85 86 int DoPayloadRead(); 87 int DoPayloadWrite(); 88 int DoHandshake(); 89 int DoVerifyCert(); 90 int DoVerifyCertComplete(int result); 91 int DoCompletedRenegotiation(int result); 92 93 void DidCompleteRenegotiation(); 94 int DidCompleteHandshake(); 95 96 int SetClientCert(); 97 98 static OSStatus SSLReadCallback(SSLConnectionRef connection, 99 void* data, 100 size_t* data_length); 101 static OSStatus SSLWriteCallback(SSLConnectionRef connection, 102 const void* data, 103 size_t* data_length); 104 105 CompletionCallbackImpl<SSLClientSocketMac> handshake_io_callback_; 106 CompletionCallbackImpl<SSLClientSocketMac> transport_read_callback_; 107 CompletionCallbackImpl<SSLClientSocketMac> transport_write_callback_; 108 109 scoped_ptr<ClientSocketHandle> transport_; 110 HostPortPair host_and_port_; 111 SSLConfig ssl_config_; 112 113 CompletionCallback* user_connect_callback_; 114 CompletionCallback* user_read_callback_; 115 CompletionCallback* user_write_callback_; 116 117 // Used by Read function. 118 scoped_refptr<IOBuffer> user_read_buf_; 119 int user_read_buf_len_; 120 121 // Used by Write function. 122 scoped_refptr<IOBuffer> user_write_buf_; 123 int user_write_buf_len_; 124 125 enum State { 126 STATE_NONE, 127 STATE_HANDSHAKE, 128 STATE_VERIFY_CERT, 129 STATE_VERIFY_CERT_COMPLETE, 130 STATE_COMPLETED_RENEGOTIATION, 131 STATE_COMPLETED_HANDSHAKE, 132 // After the handshake, the socket remains in the 133 // STATE_COMPLETED_HANDSHAKE state until renegotiation is requested by 134 // the server. When renegotiation is requested, the state machine 135 // restarts at STATE_HANDSHAKE, advances through to 136 // STATE_VERIFY_CERT_COMPLETE, and then continues to 137 // STATE_COMPLETED_RENEGOTIATION. After STATE_COMPLETED_RENEGOTIATION 138 // has been processed, it goes back to STATE_COMPLETED_HANDSHAKE and 139 // will remain there until the server requests renegotiation again. 140 // During the initial handshake, STATE_COMPLETED_RENEGOTIATION is 141 // skipped. 142 }; 143 State next_handshake_state_; 144 145 scoped_refptr<X509Certificate> server_cert_; 146 CertVerifier* const cert_verifier_; 147 scoped_ptr<SingleRequestCertVerifier> verifier_; 148 CertVerifyResult server_cert_verify_result_; 149 150 // The initial handshake has already completed, and the current handshake 151 // is server-initiated renegotiation. 152 bool renegotiating_; 153 bool client_cert_requested_; 154 SSLContextRef ssl_context_; 155 156 // These buffers hold data retrieved from/sent to the underlying transport 157 // before it's fed to the SSL engine. 158 std::vector<char> send_buffer_; 159 int pending_send_error_; 160 std::vector<char> recv_buffer_; 161 162 // These are the IOBuffers used for operations on the underlying transport. 163 scoped_refptr<IOBuffer> read_io_buf_; 164 scoped_refptr<IOBuffer> write_io_buf_; 165 166 BoundNetLog net_log_; 167}; 168 169} // namespace net 170 171#endif // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_ 172