1ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen// Copyright (c) 2011 The Chromium Authors. All rights reserved. 221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// Use of this source code is governed by a BSD-style license that can be 321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen// found in the LICENSE file. 421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#ifndef NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ 621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#define NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ 721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#pragma once 821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include <certt.h> 1021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include <keyt.h> 1121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include <nspr.h> 1221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include <nss.h> 1321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 14ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen#include "base/memory/scoped_ptr.h" 1521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/completion_callback.h" 1621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/host_port_pair.h" 1721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/net_log.h" 1821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/nss_memio.h" 1921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/base/ssl_config_service.h" 2021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#include "net/socket/ssl_server_socket.h" 2121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 2221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsennamespace net { 2321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 2421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsenclass SSLServerSocketNSS : public SSLServerSocket { 2521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen public: 2621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // This object takes ownership of the following parameters: 2721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |socket| - A socket that is already connected. 2821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |cert| - The certificate to be used by the server. 2921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // 3021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // The following parameters are copied in the constructor. 3121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |ssl_config| - Options for SSL socket. 3221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // |key| - The private key used by the server. 3321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen SSLServerSocketNSS(Socket* transport_socket, 3421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_refptr<X509Certificate> cert, 35ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen crypto::RSAPrivateKey* key, 3621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen const SSLConfig& ssl_config); 3721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual ~SSLServerSocketNSS(); 3821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 3921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // SSLServerSocket implementation. 4021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual int Accept(CompletionCallback* callback); 4121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual int Read(IOBuffer* buf, int buf_len, 4221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* callback); 4321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen virtual int Write(IOBuffer* buf, int buf_len, 4421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* callback); 4572a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen virtual bool SetReceiveBufferSize(int32 size); 4672a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen virtual bool SetSendBufferSize(int32 size); 4721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 4821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen private: 4972a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen enum State { 5072a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen STATE_NONE, 5172a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen STATE_HANDSHAKE, 5272a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen }; 5321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 5421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int InitializeSSLOptions(); 5521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 5621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void OnSendComplete(int result); 5721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void OnRecvComplete(int result); 5821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void OnHandshakeIOComplete(int result); 5921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 6021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int BufferSend(); 6121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void BufferSendComplete(int result); 6221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int BufferRecv(); 6321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void BufferRecvComplete(int result); 6421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool DoTransportIO(); 6521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int DoPayloadRead(); 6672a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen int DoPayloadWrite(); 6721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 6821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int DoHandshakeLoop(int last_io_result); 6921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int DoReadLoop(int result); 7021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int DoWriteLoop(int result); 7121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int DoHandshake(); 7221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void DoAcceptCallback(int result); 7321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void DoReadCallback(int result); 7421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen void DoWriteCallback(int result); 7521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 7621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen static SECStatus OwnAuthCertHandler(void* arg, 7721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen PRFileDesc* socket, 7821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen PRBool checksig, 7921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen PRBool is_server); 8021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen static void HandshakeCallback(PRFileDesc* socket, void* arg); 8121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 8272a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen virtual int Init(); 8372a454cd3513ac24fbdd0e0cb9ad70b86a99b801Kristian Monsen 8421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Members used to send and receive buffer. 8521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallbackImpl<SSLServerSocketNSS> buffer_send_callback_; 8621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallbackImpl<SSLServerSocketNSS> buffer_recv_callback_; 8721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool transport_send_busy_; 8821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool transport_recv_busy_; 8921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_refptr<IOBuffer> recv_buffer_; 9121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen BoundNetLog net_log_; 9321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* user_accept_callback_; 9521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* user_read_callback_; 9621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen CompletionCallback* user_write_callback_; 9721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 9821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Used by Read function. 9921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_refptr<IOBuffer> user_read_buf_; 10021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int user_read_buf_len_; 10121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 10221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Used by Write function. 10321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_refptr<IOBuffer> user_write_buf_; 10421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen int user_write_buf_len_; 10521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 10621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // The NSS SSL state machine 10721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen PRFileDesc* nss_fd_; 10821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 10921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Buffers for the network end of the SSL state machine 11021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen memio_Private* nss_bufs_; 11121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 11221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Socket for sending and receiving data. 11321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_ptr<Socket> transport_socket_; 11421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 11521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Options for the SSL socket. 11621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // TODO(hclam): This memeber is currently not used. Should make use of this 11721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // member to configure the socket. 11821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen SSLConfig ssl_config_; 11921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 12021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Certificate for the server. 12121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen scoped_refptr<X509Certificate> cert_; 12221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 12321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen // Private key used by the server. 124ddb351dbec246cf1fab5ec20d2d5520909041de1Kristian Monsen scoped_ptr<crypto::RSAPrivateKey> key_; 12521d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 12621d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen State next_handshake_state_; 12721d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen bool completed_handshake_; 12821d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 12921d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen DISALLOW_COPY_AND_ASSIGN(SSLServerSocketNSS); 13021d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen}; 13121d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 13221d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen} // namespace net 13321d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen 13421d179b334e59e9a3bfcaed4c4430bef1bc5759dKristian Monsen#endif // NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ 135