1c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Use of this source code is governed by a BSD-style license that can be
3c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// found in the LICENSE file.
4c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
5c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
6c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#define NET_SOCKET_SSL_CLIENT_SOCKET_H_
73345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#pragma once
8c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
9c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include <string>
10c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
113345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick#include "net/base/completion_callback.h"
12c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "net/base/load_flags.h"
13c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch#include "net/base/net_errors.h"
14c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#include "net/socket/client_socket.h"
15c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
16c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottnamespace net {
17c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
18c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass SSLCertRequestInfo;
19731df977c0511bca2206b5f333555b1205ff1f43Iain Merrickclass SSLHostInfo;
20c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass SSLInfo;
213345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrickstruct RRResponse;
223345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick
233345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick// DNSSECProvider is an interface to an object that can return DNSSEC data.
243345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrickclass DNSSECProvider {
253345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick public:
263345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // GetDNSSECRecords will either:
273345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  //   1) set |*out| to NULL and return OK.
283345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  //   2) set |*out| to a pointer, which is owned by this object, and return OK.
293345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  //   3) return IO_PENDING and call |callback| on the current MessageLoop at
303345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  //      some point in the future. Once the callback has been made, this
313345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  //      function will return OK if called again.
323345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  virtual int GetDNSSECRecords(RRResponse** out,
333345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick                               CompletionCallback* callback) = 0;
34dd0e069b1c2e5079f99024c4d54c7d06ef81d11bIain Merrick
35731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick private:
36731df977c0511bca2206b5f333555b1205ff1f43Iain Merrick  ~DNSSECProvider() {}
373345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick};
38c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
39c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// A client socket that uses SSL as the transport layer.
40c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott//
41c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// NOTE: The SSL handshake occurs within the Connect method after a TCP
42c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// connection is established.  If a SSL error occurs during the handshake,
43c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott// Connect will fail.
44c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott//
45c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scottclass SSLClientSocket : public ClientSocket {
46c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott public:
4721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  SSLClientSocket();
4821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen
49c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // Next Protocol Negotiation (NPN) allows a TLS client and server to come to
50c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // an agreement about the application level protocol to speak over a
51c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // connection.
52c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  enum NextProtoStatus {
5321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen    // WARNING: These values are serialised to disk. Don't change them.
5421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen
55c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott    kNextProtoUnsupported = 0,  // The server doesn't support NPN.
56c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott    kNextProtoNegotiated = 1,   // We agreed on a protocol.
57c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott    kNextProtoNoOverlap = 2,    // No protocols in common. We requested
58c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott                                // the first protocol in our list.
59c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  };
60c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
61c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // Next Protocol Negotiation (NPN), if successful, results in agreement on an
62c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // application-level string that specifies the application level protocol to
63c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // use over the TLS connection. NextProto enumerates the application level
64c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // protocols that we recognise.
65c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  enum NextProto {
66c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott    kProtoUnknown = 0,
67c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott    kProtoHTTP11 = 1,
68c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch    kProtoSPDY1 = 2,
693345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick    kProtoSPDY2 = 3,
70c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  };
71c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
72c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // Gets the SSL connection information of the socket.
73c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  virtual void GetSSLInfo(SSLInfo* ssl_info) = 0;
74c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
75c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // Gets the SSL CertificateRequest info of the socket after Connect failed
76c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // with ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
77c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  virtual void GetSSLCertRequestInfo(
78c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott      SSLCertRequestInfo* cert_request_info) = 0;
79c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
80c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // Get the application level protocol that we negotiated with the server.
81c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // *proto is set to the resulting protocol (n.b. that the string may have
82c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  // embedded NULs).
83c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  //   kNextProtoUnsupported: *proto is cleared.
84c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  //   kNextProtoNegotiated:  *proto is set to the negotiated protocol.
85c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  //   kNextProtoNoOverlap:   *proto is set to the first protocol in the
86c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  //                          supported list.
87c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott  virtual NextProtoStatus GetNextProto(std::string* proto) = 0;
88c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
8921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  static NextProto NextProtoFromString(const std::string& proto_string);
9021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen
9121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  static bool IgnoreCertError(int error, int load_flags);
9221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen
9321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  virtual bool was_npn_negotiated() const;
9421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen
9521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  virtual bool set_was_npn_negotiated(bool negotiated);
96c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch
973345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  virtual void UseDNSSEC(DNSSECProvider*) { }
983345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick
9921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  virtual bool was_spdy_negotiated() const;
1003345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick
10121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen  virtual bool set_was_spdy_negotiated(bool negotiated);
1023345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick
103c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch private:
104c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  // True if NPN was responded to, independent of selecting SPDY or HTTP.
105c407dc5cd9bdc5668497f21b26b09d988ab439deBen Murdoch  bool was_npn_negotiated_;
1063345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  // True if NPN successfully negotiated SPDY.
1073345a6884c488ff3a535c2c9acdd33d74b37e311Iain Merrick  bool was_spdy_negotiated_;
108c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott};
109c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
110c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott}  // namespace net
111c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott
112c7f5f8508d98d5952d42ed7648c2a8f30a4da156Patrick Scott#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_H_
113