1c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be 3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file. 4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_ 6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define NET_SOCKET_SSL_CLIENT_SOCKET_H_ 73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once 8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 9c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include <string> 10c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 113345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "net/base/completion_callback.h" 12c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "net/base/load_flags.h" 13c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "net/base/net_errors.h" 14c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/socket/client_socket.h" 15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 16c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net { 17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass SSLCertRequestInfo; 19731df977c0511bca2206b5f333555b1205ff1f43Iain Merrickclass SSLHostInfo; 20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass SSLInfo; 213345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrickstruct RRResponse; 223345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 233345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick// DNSSECProvider is an interface to an object that can return DNSSEC data. 243345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrickclass DNSSECProvider { 253345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick public: 263345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // GetDNSSECRecords will either: 273345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // 1) set |*out| to NULL and return OK. 283345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // 2) set |*out| to a pointer, which is owned by this object, and return OK. 293345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // 3) return IO_PENDING and call |callback| on the current MessageLoop at 303345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // some point in the future. Once the callback has been made, this 313345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // function will return OK if called again. 323345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick virtual int GetDNSSECRecords(RRResponse** out, 333345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick CompletionCallback* callback) = 0; 34dd0e069b1c2e5079f99024c4d54c7d06ef81d11bIain Merrick 35731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick private: 36731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick ~DNSSECProvider() {} 373345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick}; 38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// A client socket that uses SSL as the transport layer. 40c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// 41c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// NOTE: The SSL handshake occurs within the Connect method after a TCP 42c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// connection is established. If a SSL error occurs during the handshake, 43c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Connect will fail. 44c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// 45c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass SSLClientSocket : public ClientSocket { 46c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public: 4721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen SSLClientSocket(); 4821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 49c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Next Protocol Negotiation (NPN) allows a TLS client and server to come to 50c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // an agreement about the application level protocol to speak over a 51c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // connection. 52c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott enum NextProtoStatus { 5321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // WARNING: These values are serialised to disk. Don't change them. 5421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 55c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott kNextProtoUnsupported = 0, // The server doesn't support NPN. 56c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott kNextProtoNegotiated = 1, // We agreed on a protocol. 57c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott kNextProtoNoOverlap = 2, // No protocols in common. We requested 58c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // the first protocol in our list. 59c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }; 60c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 61c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Next Protocol Negotiation (NPN), if successful, results in agreement on an 62c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // application-level string that specifies the application level protocol to 63c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // use over the TLS connection. NextProto enumerates the application level 64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // protocols that we recognise. 65c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott enum NextProto { 66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott kProtoUnknown = 0, 67c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott kProtoHTTP11 = 1, 68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch kProtoSPDY1 = 2, 693345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick kProtoSPDY2 = 3, 70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott }; 71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Gets the SSL connection information of the socket. 73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott virtual void GetSSLInfo(SSLInfo* ssl_info) = 0; 74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Gets the SSL CertificateRequest info of the socket after Connect failed 76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // with ERR_SSL_CLIENT_AUTH_CERT_NEEDED. 77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott virtual void GetSSLCertRequestInfo( 78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott SSLCertRequestInfo* cert_request_info) = 0; 79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // Get the application level protocol that we negotiated with the server. 81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // *proto is set to the resulting protocol (n.b. that the string may have 82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // embedded NULs). 83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // kNextProtoUnsupported: *proto is cleared. 84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // kNextProtoNegotiated: *proto is set to the negotiated protocol. 85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // kNextProtoNoOverlap: *proto is set to the first protocol in the 86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott // supported list. 87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott virtual NextProtoStatus GetNextProto(std::string* proto) = 0; 88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 8921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen static NextProto NextProtoFromString(const std::string& proto_string); 9021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen static bool IgnoreCertError(int error, int load_flags); 9221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual bool was_npn_negotiated() const; 9421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual bool set_was_npn_negotiated(bool negotiated); 96c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch 973345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick virtual void UseDNSSEC(DNSSECProvider*) { } 983345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 9921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual bool was_spdy_negotiated() const; 1003345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 10121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual bool set_was_spdy_negotiated(bool negotiated); 1023345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick 103c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch private: 104c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch // True if NPN was responded to, independent of selecting SPDY or HTTP. 105c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch bool was_npn_negotiated_; 1063345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick // True if NPN successfully negotiated SPDY. 1073345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick bool was_spdy_negotiated_; 108c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}; 109c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 110c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott} // namespace net 111c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott 112c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_ 113