1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// Use of this source code is governed by a BSD-style license that can be 3731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// found in the LICENSE file. 4731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#ifndef NET_SOCKET_SSL_HOST_INFO_H_ 621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#define NET_SOCKET_SSL_HOST_INFO_H_ 7731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 8731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick#include <string> 9731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick#include <vector> 10731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 11ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/ref_counted.h" 12ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/scoped_ptr.h" 13513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#include "base/time.h" 1421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/cert_verifier.h" 15513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch#include "net/base/cert_verify_result.h" 16731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick#include "net/base/completion_callback.h" 173f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen#include "net/base/dnsrr_resolver.h" 18731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick#include "net/socket/ssl_client_socket.h" 19731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 20731df977c0511bca2206b5f333555b1205ff1f43Iain Merricknamespace net { 21731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 22513209b27ff55e2841eac0e4120199c23acce758Ben Murdochclass X509Certificate; 23513209b27ff55e2841eac0e4120199c23acce758Ben Murdochstruct SSLConfig; 24513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 25731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// SSLHostInfo is an interface for fetching information about an SSL server. 26731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// This information may be stored on disk so does not include keys or session 27731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// information etc. Primarily it's intended for caching the server's 28731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick// certificates. 29731df977c0511bca2206b5f333555b1205ff1f43Iain Merrickclass SSLHostInfo { 30731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick public: 3121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen SSLHostInfo(const std::string& hostname, 3221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen const SSLConfig& ssl_config, 3321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CertVerifier *certVerifier); 34731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick virtual ~SSLHostInfo(); 35731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 36731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Start will commence the lookup. This must be called before any other 37731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // methods. By opportunistically calling this early, it may be possible to 38731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // overlap this object's lookup and reduce latency. 39731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick virtual void Start() = 0; 40731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 41731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // WaitForDataReady returns OK if the fetch of the requested data has 42731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on 43731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // the current thread when ready. 44731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // 45731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Only a single callback can be outstanding at a given time and, in the 46731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // event that WaitForDataReady returns OK, it's the caller's responsibility 47731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // to delete |callback|. 48731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // 49731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned 50731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // but, obviously, a callback will never be made. 51731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick virtual int WaitForDataReady(CompletionCallback* callback) = 0; 52731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 53731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Persist allows for the host information to be updated for future users. 54731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // This is a fire and forget operation: the caller may drop its reference 55731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // from this object and the store operation will still complete. This can 56731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // only be called once WaitForDataReady has returned OK or called its 57731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // callback. 58731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick virtual void Persist() = 0; 59731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 603f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen // StartDnsLookup triggers a DNS lookup for the host. 613f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen void StartDnsLookup(DnsRRResolver* dnsrr_resolver); 623f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen 63731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick struct State { 64513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch State(); 65513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch ~State(); 66513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 6721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void Clear(); 6821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 69731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // certs is a vector of DER encoded X.509 certificates, as the server 70731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // returned them and in the same order. 71731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick std::vector<std::string> certs; 72513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 73513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch private: 74513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch DISALLOW_COPY_AND_ASSIGN(State); 75731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick }; 76731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 77731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Once the data is ready, it can be read using the following members. These 78731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // members can then be updated before calling |Persist|. 79731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick const State& state() const; 80731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick State* mutable_state(); 81731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 82513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // If |cert_valid()| returns true, then this contains the result of verifying 83513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // the certificate. 84513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const CertVerifyResult& cert_verify_result() const; 85513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 86513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in 87513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // |state().certs| is still being validated and arranges for the given 8821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // callback to be called when the verification completes. If the verification 8921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // has already finished then WaitForCertVerification returns the result of 9021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // that verification. 91513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch int WaitForCertVerification(CompletionCallback* callback); 92513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 93513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch base::TimeTicks verification_start_time() const { 94513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch return verification_start_time_; 95513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch } 96513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 9721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen base::TimeTicks verification_end_time() const { 9821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen return verification_end_time_; 9921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen } 10021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 101731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick protected: 102731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // Parse parses an opaque blob of data and fills out the public member fields 103731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // of this object. It returns true iff the parse was successful. The public 104731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // member fields will be set to something sane in any case. 105731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick bool Parse(const std::string& data); 106731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick std::string Serialize() const; 107731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick State state_; 1084a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch bool cert_verification_complete_; 1094a5e2dc747d50c653511c68ccb2cfbfb740bd5a7Ben Murdoch int cert_verification_error_; 110513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 111513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch private: 112513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // This is the callback function which the CertVerifier calls via |callback_|. 113513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch void VerifyCallback(int rv); 114513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch 11521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // ParseInner is a helper function for Parse. 11621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool ParseInner(const std::string& data); 11721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 118513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // This is the hostname that we'll validate the certificates against. 119513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const std::string hostname_; 120513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch bool cert_parsing_failed_; 121513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch CompletionCallback* cert_verification_callback_; 122513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch // These two members are taken from the SSLConfig. 123513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch bool rev_checking_enabled_; 124513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch bool verify_ev_cert_; 125513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch base::TimeTicks verification_start_time_; 12621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen base::TimeTicks verification_end_time_; 127513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch CertVerifyResult cert_verify_result_; 12821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen SingleRequestCertVerifier verifier_; 129513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch scoped_refptr<X509Certificate> cert_; 130513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch scoped_refptr<CancelableCompletionCallback<SSLHostInfo> > callback_; 1313f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen 1323f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen DnsRRResolver* dnsrr_resolver_; 1333f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen CompletionCallback* dns_callback_; 1343f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen DnsRRResolver::Handle dns_handle_; 1353f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen RRResponse dns_response_; 1363f50c38dc070f4bb515c1b64450dae14f316474eKristian Monsen base::TimeTicks dns_lookup_start_time_; 13772a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen base::TimeTicks cert_verification_finished_time_; 138731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick}; 139731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 140731df977c0511bca2206b5f333555b1205ff1f43Iain Merrickclass SSLHostInfoFactory { 141731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick public: 142731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick virtual ~SSLHostInfoFactory(); 143731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 144731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname 145731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick // or NULL on failure. 146513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch virtual SSLHostInfo* GetForHost(const std::string& hostname, 147513209b27ff55e2841eac0e4120199c23acce758Ben Murdoch const SSLConfig& ssl_config) = 0; 148731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick}; 149731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 150731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick} // namespace net 151731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick 15221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#endif // NET_SOCKET_SSL_HOST_INFO_H_ 153