1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_ 6#define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_ 7#pragma once 8 9#include <string> 10 11#include "base/memory/ref_counted.h" 12#include "base/memory/scoped_ptr.h" 13#include "base/time.h" 14#include "net/base/host_resolver.h" 15#include "net/base/ssl_config_service.h" 16#include "net/http/http_response_info.h" 17#include "net/proxy/proxy_server.h" 18#include "net/socket/ssl_client_socket.h" 19#include "net/socket/client_socket_pool_base.h" 20#include "net/socket/client_socket_pool_histograms.h" 21#include "net/socket/client_socket_pool.h" 22 23namespace net { 24 25class CertVerifier; 26class ClientSocketFactory; 27class ConnectJobFactory; 28class DnsCertProvenanceChecker; 29class DnsRRResolver; 30class HostPortPair; 31class HttpProxyClientSocketPool; 32class HttpProxySocketParams; 33class SOCKSClientSocketPool; 34class SOCKSSocketParams; 35class SSLClientSocket; 36class SSLHostInfoFactory; 37class TransportSocketParams; 38class TransportClientSocketPool; 39struct RRResponse; 40 41// SSLSocketParams only needs the socket params for the transport socket 42// that will be used (denoted by |proxy|). 43class SSLSocketParams : public base::RefCounted<SSLSocketParams> { 44 public: 45 SSLSocketParams(const scoped_refptr<TransportSocketParams>& transport_params, 46 const scoped_refptr<SOCKSSocketParams>& socks_params, 47 const scoped_refptr<HttpProxySocketParams>& http_proxy_params, 48 ProxyServer::Scheme proxy, 49 const HostPortPair& host_and_port, 50 const SSLConfig& ssl_config, 51 int load_flags, 52 bool force_spdy_over_ssl, 53 bool want_spdy_over_npn); 54 55 const scoped_refptr<TransportSocketParams>& transport_params() { 56 return transport_params_; 57 } 58 const scoped_refptr<HttpProxySocketParams>& http_proxy_params() { 59 return http_proxy_params_; 60 } 61 const scoped_refptr<SOCKSSocketParams>& socks_params() { 62 return socks_params_; 63 } 64 ProxyServer::Scheme proxy() const { return proxy_; } 65 const HostPortPair& host_and_port() const { return host_and_port_; } 66 const SSLConfig& ssl_config() const { return ssl_config_; } 67 int load_flags() const { return load_flags_; } 68 bool force_spdy_over_ssl() const { return force_spdy_over_ssl_; } 69 bool want_spdy_over_npn() const { return want_spdy_over_npn_; } 70 bool ignore_limits() const { return ignore_limits_; } 71#ifdef ANDROID 72 // Gets the UID of the calling process 73 bool getUID(uid_t *uid) const; 74 void setUID(uid_t uid); 75#endif 76 77 private: 78 friend class base::RefCounted<SSLSocketParams>; 79 ~SSLSocketParams(); 80 81 const scoped_refptr<TransportSocketParams> transport_params_; 82 const scoped_refptr<HttpProxySocketParams> http_proxy_params_; 83 const scoped_refptr<SOCKSSocketParams> socks_params_; 84 const ProxyServer::Scheme proxy_; 85 const HostPortPair host_and_port_; 86 const SSLConfig ssl_config_; 87 const int load_flags_; 88 const bool force_spdy_over_ssl_; 89 const bool want_spdy_over_npn_; 90 bool ignore_limits_; 91 92 DISALLOW_COPY_AND_ASSIGN(SSLSocketParams); 93}; 94 95// SSLConnectJob handles the SSL handshake after setting up the underlying 96// connection as specified in the params. 97class SSLConnectJob : public ConnectJob { 98 public: 99 SSLConnectJob( 100 const std::string& group_name, 101 const scoped_refptr<SSLSocketParams>& params, 102 const base::TimeDelta& timeout_duration, 103 TransportClientSocketPool* transport_pool, 104 SOCKSClientSocketPool* socks_pool, 105 HttpProxyClientSocketPool* http_proxy_pool, 106 ClientSocketFactory* client_socket_factory, 107 HostResolver* host_resolver, 108 CertVerifier* cert_verifier, 109 DnsRRResolver* dnsrr_resolver, 110 DnsCertProvenanceChecker* dns_cert_checker, 111 SSLHostInfoFactory* ssl_host_info_factory, 112 Delegate* delegate, 113 NetLog* net_log); 114 virtual ~SSLConnectJob(); 115 116 // ConnectJob methods. 117 virtual LoadState GetLoadState() const; 118 119 virtual void GetAdditionalErrorState(ClientSocketHandle * handle); 120 121 private: 122 enum State { 123 STATE_TRANSPORT_CONNECT, 124 STATE_TRANSPORT_CONNECT_COMPLETE, 125 STATE_SOCKS_CONNECT, 126 STATE_SOCKS_CONNECT_COMPLETE, 127 STATE_TUNNEL_CONNECT, 128 STATE_TUNNEL_CONNECT_COMPLETE, 129 STATE_SSL_CONNECT, 130 STATE_SSL_CONNECT_COMPLETE, 131 STATE_NONE, 132 }; 133 134 void OnIOComplete(int result); 135 136 // Runs the state transition loop. 137 int DoLoop(int result); 138 139 int DoTransportConnect(); 140 int DoTransportConnectComplete(int result); 141 int DoSOCKSConnect(); 142 int DoSOCKSConnectComplete(int result); 143 int DoTunnelConnect(); 144 int DoTunnelConnectComplete(int result); 145 int DoSSLConnect(); 146 int DoSSLConnectComplete(int result); 147 148 // Starts the SSL connection process. Returns OK on success and 149 // ERR_IO_PENDING if it cannot immediately service the request. 150 // Otherwise, it returns a net error code. 151 virtual int ConnectInternal(); 152 153 scoped_refptr<SSLSocketParams> params_; 154 TransportClientSocketPool* const transport_pool_; 155 SOCKSClientSocketPool* const socks_pool_; 156 HttpProxyClientSocketPool* const http_proxy_pool_; 157 ClientSocketFactory* const client_socket_factory_; 158 HostResolver* const host_resolver_; 159 CertVerifier* const cert_verifier_; 160 DnsRRResolver* const dnsrr_resolver_; 161 DnsCertProvenanceChecker* dns_cert_checker_; 162 SSLHostInfoFactory* const ssl_host_info_factory_; 163 164 State next_state_; 165 CompletionCallbackImpl<SSLConnectJob> callback_; 166 scoped_ptr<ClientSocketHandle> transport_socket_handle_; 167 scoped_ptr<SSLClientSocket> ssl_socket_; 168 scoped_ptr<SSLHostInfo> ssl_host_info_; 169 170 // The time the DoSSLConnect() method was called. 171 base::TimeTicks ssl_connect_start_time_; 172 173 HttpResponseInfo error_response_info_; 174 175 DISALLOW_COPY_AND_ASSIGN(SSLConnectJob); 176}; 177 178class SSLClientSocketPool : public ClientSocketPool, 179 public SSLConfigService::Observer { 180 public: 181 // Only the pools that will be used are required. i.e. if you never 182 // try to create an SSL over SOCKS socket, |socks_pool| may be NULL. 183 SSLClientSocketPool( 184 int max_sockets, 185 int max_sockets_per_group, 186 ClientSocketPoolHistograms* histograms, 187 HostResolver* host_resolver, 188 CertVerifier* cert_verifier, 189 DnsRRResolver* dnsrr_resolver, 190 DnsCertProvenanceChecker* dns_cert_checker, 191 SSLHostInfoFactory* ssl_host_info_factory, 192 ClientSocketFactory* client_socket_factory, 193 TransportClientSocketPool* transport_pool, 194 SOCKSClientSocketPool* socks_pool, 195 HttpProxyClientSocketPool* http_proxy_pool, 196 SSLConfigService* ssl_config_service, 197 NetLog* net_log); 198 199 virtual ~SSLClientSocketPool(); 200 201 // ClientSocketPool methods: 202 virtual int RequestSocket(const std::string& group_name, 203 const void* connect_params, 204 RequestPriority priority, 205 ClientSocketHandle* handle, 206 CompletionCallback* callback, 207 const BoundNetLog& net_log); 208 209 virtual void RequestSockets(const std::string& group_name, 210 const void* params, 211 int num_sockets, 212 const BoundNetLog& net_log); 213 214 virtual void CancelRequest(const std::string& group_name, 215 ClientSocketHandle* handle); 216 217 virtual void ReleaseSocket(const std::string& group_name, 218 ClientSocket* socket, 219 int id); 220 221 virtual void Flush(); 222 223 virtual void CloseIdleSockets(); 224 225 virtual int IdleSocketCount() const; 226 227 virtual int IdleSocketCountInGroup(const std::string& group_name) const; 228 229 virtual LoadState GetLoadState(const std::string& group_name, 230 const ClientSocketHandle* handle) const; 231 232 virtual DictionaryValue* GetInfoAsValue(const std::string& name, 233 const std::string& type, 234 bool include_nested_pools) const; 235 236 virtual base::TimeDelta ConnectionTimeout() const; 237 238 virtual ClientSocketPoolHistograms* histograms() const; 239 240 private: 241 typedef ClientSocketPoolBase<SSLSocketParams> PoolBase; 242 243 // SSLConfigService::Observer methods: 244 245 // When the user changes the SSL config, we flush all idle sockets so they 246 // won't get re-used. 247 virtual void OnSSLConfigChanged(); 248 249 class SSLConnectJobFactory : public PoolBase::ConnectJobFactory { 250 public: 251 SSLConnectJobFactory( 252 TransportClientSocketPool* transport_pool, 253 SOCKSClientSocketPool* socks_pool, 254 HttpProxyClientSocketPool* http_proxy_pool, 255 ClientSocketFactory* client_socket_factory, 256 HostResolver* host_resolver, 257 CertVerifier* cert_verifier, 258 DnsRRResolver* dnsrr_resolver, 259 DnsCertProvenanceChecker* dns_cert_checker, 260 SSLHostInfoFactory* ssl_host_info_factory, 261 NetLog* net_log); 262 263 virtual ~SSLConnectJobFactory() {} 264 265 // ClientSocketPoolBase::ConnectJobFactory methods. 266 virtual ConnectJob* NewConnectJob( 267 const std::string& group_name, 268 const PoolBase::Request& request, 269 ConnectJob::Delegate* delegate) const; 270 271 virtual base::TimeDelta ConnectionTimeout() const { return timeout_; } 272 273 private: 274 TransportClientSocketPool* const transport_pool_; 275 SOCKSClientSocketPool* const socks_pool_; 276 HttpProxyClientSocketPool* const http_proxy_pool_; 277 ClientSocketFactory* const client_socket_factory_; 278 HostResolver* const host_resolver_; 279 CertVerifier* const cert_verifier_; 280 DnsRRResolver* const dnsrr_resolver_; 281 DnsCertProvenanceChecker* const dns_cert_checker_; 282 SSLHostInfoFactory* const ssl_host_info_factory_; 283 base::TimeDelta timeout_; 284 NetLog* net_log_; 285 286 DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory); 287 }; 288 289 TransportClientSocketPool* const transport_pool_; 290 SOCKSClientSocketPool* const socks_pool_; 291 HttpProxyClientSocketPool* const http_proxy_pool_; 292 PoolBase base_; 293 const scoped_refptr<SSLConfigService> ssl_config_service_; 294 295 DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool); 296}; 297 298REGISTER_SOCKET_PARAMS_FOR_POOL(SSLClientSocketPool, SSLSocketParams); 299 300} // namespace net 301 302#endif // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_ 303