ssl_client_socket_openssl.h revision 0dfd56d4192bd442742c9a0205590d7ef7b7f414
1c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick// Copyright (c) 2010 The Chromium Authors. All rights reserved. 2c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick// Use of this source code is governed by a BSD-style license that can be 3c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick// found in the LICENSE file. 400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 7c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick#pragma once 800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#include "base/scoped_ptr.h" 10731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick#include "net/base/cert_verify_result.h" 11c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick#include "net/base/completion_callback.h" 1200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#include "net/base/io_buffer.h" 1300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#include "net/base/ssl_config_service.h" 1400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#include "net/socket/ssl_client_socket.h" 1500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#include "net/socket/client_socket_handle.h" 1600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 17c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merricktypedef struct bio_st BIO; 18c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merricktypedef struct ssl_st SSL; 1900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 2000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdochnamespace net { 2100d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 22731df977c0511bca2206b5f333555b1205ff1f43Iain Merrickclass CertVerifier; 2300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdochclass SSLCertRequestInfo; 2400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdochclass SSLConfig; 2500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdochclass SSLInfo; 2600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 2700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch// An SSL client socket implemented with OpenSSL. 2800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdochclass SSLClientSocketOpenSSL : public SSLClientSocket { 2900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch public: 3000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // Takes ownership of the transport_socket, which may already be connected. 3100d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // The given hostname will be compared with the name(s) in the server's 3200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // certificate during the SSL handshake. ssl_config specifies the SSL 3300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // settings. 3400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch SSLClientSocketOpenSSL(ClientSocketHandle* transport_socket, 354a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch const HostPortPair& host_and_port, 36c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick const SSLConfig& ssl_config); 3700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch ~SSLClientSocketOpenSSL(); 3800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 39201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch const HostPortPair& host_and_port() const { return host_and_port_; } 40201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch 410dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen#ifdef ANDROID 420dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen // Callback from the SSL layer to check which NPN protocol we are supporting 430dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, 440dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen const unsigned char* in, unsigned int inlen); 450dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen#endif 460dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen 4700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // SSLClientSocket methods: 4800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual void GetSSLInfo(SSLInfo* ssl_info); 4900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); 5000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual NextProtoStatus GetNextProto(std::string* proto); 5100d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 5200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // ClientSocket methods: 5300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual int Connect(CompletionCallback* callback); 5400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual void Disconnect(); 5500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual bool IsConnected() const; 5600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual bool IsConnectedAndIdle() const; 5700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual int GetPeerAddress(AddressList*) const; 5800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual const BoundNetLog& NetLog() const; 59c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick virtual void SetSubresourceSpeculation(); 60c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick virtual void SetOmniboxSpeculation(); 61c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick virtual bool WasEverUsed() const; 62513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch virtual bool UsingTCPFastOpen() const; 6300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 6400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // Socket methods: 6500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual int Read(IOBuffer* buf, int buf_len, CompletionCallback* callback); 6600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual int Write(IOBuffer* buf, int buf_len, CompletionCallback* callback); 6700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual bool SetReceiveBufferSize(int32 size); 6800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch virtual bool SetSendBufferSize(int32 size); 6900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 7000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch private: 7100d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch bool Init(); 7200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void DoReadCallback(int result); 7300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void DoWriteCallback(int result); 7400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 7500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch bool DoTransportIO(); 7600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int DoHandshake(); 77731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick int DoVerifyCert(int result); 78731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick int DoVerifyCertComplete(int result); 7900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void DoConnectCallback(int result); 80731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick void InvalidateSessionIfBadCertificate(); 81731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick X509Certificate* UpdateServerCert(); 8200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 8300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void OnHandshakeIOComplete(int result); 8400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void OnSendComplete(int result); 8500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void OnRecvComplete(int result); 8600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 8700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int DoHandshakeLoop(int last_io_result); 8800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int DoReadLoop(int result); 8900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int DoWriteLoop(int result); 9000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int DoPayloadRead(); 9100d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int DoPayloadWrite(); 9200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 93c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick int BufferSend(); 94c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick int BufferRecv(); 9500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void BufferSendComplete(int result); 9600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch void BufferRecvComplete(int result); 97c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick void TransportWriteComplete(int result); 98c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick void TransportReadComplete(int result); 9900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 100c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick CompletionCallbackImpl<SSLClientSocketOpenSSL> buffer_send_callback_; 101c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick CompletionCallbackImpl<SSLClientSocketOpenSSL> buffer_recv_callback_; 10200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch bool transport_send_busy_; 103c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick scoped_refptr<DrainableIOBuffer> send_buffer_; 10400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch bool transport_recv_busy_; 10500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch scoped_refptr<IOBuffer> recv_buffer_; 10600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 10700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch CompletionCallback* user_connect_callback_; 10800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch CompletionCallback* user_read_callback_; 10900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch CompletionCallback* user_write_callback_; 11000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 11100d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // Used by Read function. 11200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch scoped_refptr<IOBuffer> user_read_buf_; 11300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int user_read_buf_len_; 11400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 11500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // Used by Write function. 11600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch scoped_refptr<IOBuffer> user_write_buf_; 11700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch int user_write_buf_len_; 11800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 119731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Set when handshake finishes. 120731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick scoped_refptr<X509Certificate> server_cert_; 121731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick CertVerifyResult server_cert_verify_result_; 122201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch bool completed_handshake_; 123731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 12400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // Stores client authentication information between ClientAuthHandler and 12500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // GetSSLCertRequestInfo calls. 12600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch std::vector<scoped_refptr<X509Certificate> > client_certs_; 12700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch bool client_auth_cert_needed_; 128c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick 129731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick scoped_ptr<CertVerifier> verifier_; 130731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick CompletionCallbackImpl<SSLClientSocketOpenSSL> handshake_io_callback_; 131731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 13200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch // OpenSSL stuff 133c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick SSL* ssl_; 134c6df357b0380597cd1c1b6d28fa7d8ecb98fbbd8Iain Merrick BIO* transport_bio_; 13500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 13600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch scoped_ptr<ClientSocketHandle> transport_; 1374a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch const HostPortPair host_and_port_; 13800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch SSLConfig ssl_config_; 13900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 140201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch // Used for session cache diagnostics. 141201ade2fbba22bfb27ae029f4d23fca6ded109a0Ben Murdoch bool trying_cached_session_; 14200d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 14300d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch enum State { 14400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch STATE_NONE, 14500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch STATE_HANDSHAKE, 14600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch STATE_VERIFY_CERT, 14700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch STATE_VERIFY_CERT_COMPLETE, 14800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch }; 14900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch State next_handshake_state_; 1500dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen#ifdef ANDROID 1510dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen NextProtoStatus npn_status_; 1520dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen std::string npn_proto_; 1530dfd56d4192bd442742c9a0205590d7ef7b7f414Kristian Monsen#endif 15400d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch BoundNetLog net_log_; 15500d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch}; 15600d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 15700d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch} // namespace net 15800d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 15900d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch#endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 16000d26a728db2814620f390b418a7d6325ce5aca6Ben Murdoch 161