pepper_tcp_socket.cc revision 868fa2fe829687343ffae624259930155e16dbd8
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "content/browser/renderer_host/pepper/pepper_tcp_socket.h" 6 7#include <string.h> 8 9#include "base/bind.h" 10#include "base/bind_helpers.h" 11#include "base/compiler_specific.h" 12#include "base/logging.h" 13#include "base/strings/string_util.h" 14#include "content/browser/renderer_host/pepper/pepper_message_filter.h" 15#include "content/public/browser/browser_thread.h" 16#include "net/base/host_port_pair.h" 17#include "net/base/io_buffer.h" 18#include "net/base/ip_endpoint.h" 19#include "net/base/net_errors.h" 20#include "net/cert/cert_verifier.h" 21#include "net/cert/x509_certificate.h" 22#include "net/dns/host_resolver.h" 23#include "net/dns/single_request_host_resolver.h" 24#include "net/socket/client_socket_factory.h" 25#include "net/socket/client_socket_handle.h" 26#include "net/socket/ssl_client_socket.h" 27#include "net/socket/tcp_client_socket.h" 28#include "ppapi/proxy/ppapi_messages.h" 29#include "ppapi/shared_impl/private/net_address_private_impl.h" 30#include "ppapi/shared_impl/private/ppb_x509_certificate_private_shared.h" 31#include "ppapi/shared_impl/private/tcp_socket_private_impl.h" 32 33using ppapi::NetAddressPrivateImpl; 34 35namespace content { 36 37PepperTCPSocket::PepperTCPSocket( 38 PepperMessageFilter* manager, 39 int32 routing_id, 40 uint32 plugin_dispatcher_id, 41 uint32 socket_id) 42 : manager_(manager), 43 routing_id_(routing_id), 44 plugin_dispatcher_id_(plugin_dispatcher_id), 45 socket_id_(socket_id), 46 connection_state_(BEFORE_CONNECT), 47 end_of_file_reached_(false) { 48 DCHECK(manager); 49} 50 51PepperTCPSocket::PepperTCPSocket( 52 PepperMessageFilter* manager, 53 int32 routing_id, 54 uint32 plugin_dispatcher_id, 55 uint32 socket_id, 56 net::StreamSocket* socket) 57 : manager_(manager), 58 routing_id_(routing_id), 59 plugin_dispatcher_id_(plugin_dispatcher_id), 60 socket_id_(socket_id), 61 connection_state_(CONNECTED), 62 end_of_file_reached_(false), 63 socket_(socket) { 64 DCHECK(manager); 65} 66 67PepperTCPSocket::~PepperTCPSocket() { 68 // Make sure no further callbacks from socket_. 69 if (socket_) 70 socket_->Disconnect(); 71} 72 73void PepperTCPSocket::Connect(const std::string& host, uint16_t port) { 74 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 75 76 if (connection_state_ != BEFORE_CONNECT) { 77 SendConnectACKError(); 78 return; 79 } 80 81 connection_state_ = CONNECT_IN_PROGRESS; 82 net::HostResolver::RequestInfo request_info(net::HostPortPair(host, port)); 83 resolver_.reset(new net::SingleRequestHostResolver( 84 manager_->GetHostResolver())); 85 int result = resolver_->Resolve( 86 request_info, &address_list_, 87 base::Bind(&PepperTCPSocket::OnResolveCompleted, base::Unretained(this)), 88 net::BoundNetLog()); 89 if (result != net::ERR_IO_PENDING) 90 OnResolveCompleted(result); 91} 92 93void PepperTCPSocket::ConnectWithNetAddress( 94 const PP_NetAddress_Private& net_addr) { 95 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 96 97 net::IPAddressNumber address; 98 int port; 99 if (connection_state_ != BEFORE_CONNECT || 100 !NetAddressPrivateImpl::NetAddressToIPEndPoint(net_addr, 101 &address, 102 &port)) { 103 SendConnectACKError(); 104 return; 105 } 106 107 // Copy the single IPEndPoint to address_list_. 108 address_list_.clear(); 109 address_list_.push_back(net::IPEndPoint(address, port)); 110 connection_state_ = CONNECT_IN_PROGRESS; 111 StartConnect(address_list_); 112} 113 114void PepperTCPSocket::SSLHandshake( 115 const std::string& server_name, 116 uint16_t server_port, 117 const std::vector<std::vector<char> >& trusted_certs, 118 const std::vector<std::vector<char> >& untrusted_certs) { 119 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 120 121 // Allow to do SSL handshake only if currently the socket has been connected 122 // and there isn't pending read or write. 123 // IsConnected() includes the state that SSL handshake has been finished and 124 // therefore isn't suitable here. 125 if (connection_state_ != CONNECTED || read_buffer_.get() || 126 write_buffer_base_.get() || write_buffer_.get()) { 127 SendSSLHandshakeACK(false); 128 return; 129 } 130 131 connection_state_ = SSL_HANDSHAKE_IN_PROGRESS; 132 // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting. 133 134 net::ClientSocketHandle* handle = new net::ClientSocketHandle(); 135 handle->set_socket(socket_.release()); 136 net::ClientSocketFactory* factory = 137 net::ClientSocketFactory::GetDefaultFactory(); 138 net::HostPortPair host_port_pair(server_name, server_port); 139 net::SSLClientSocketContext ssl_context; 140 ssl_context.cert_verifier = manager_->GetCertVerifier(); 141 socket_.reset(factory->CreateSSLClientSocket( 142 handle, host_port_pair, manager_->ssl_config(), ssl_context)); 143 if (!socket_) { 144 LOG(WARNING) << "Failed to create an SSL client socket."; 145 OnSSLHandshakeCompleted(net::ERR_UNEXPECTED); 146 return; 147 } 148 149 int result = socket_->Connect( 150 base::Bind(&PepperTCPSocket::OnSSLHandshakeCompleted, 151 base::Unretained(this))); 152 if (result != net::ERR_IO_PENDING) 153 OnSSLHandshakeCompleted(result); 154} 155 156void PepperTCPSocket::Read(int32 bytes_to_read) { 157 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 158 159 if (!IsConnected() || end_of_file_reached_ || read_buffer_.get() || 160 bytes_to_read <= 0) { 161 SendReadACKError(); 162 return; 163 } 164 165 if (bytes_to_read > ppapi::TCPSocketPrivateImpl::kMaxReadSize) { 166 NOTREACHED(); 167 bytes_to_read = ppapi::TCPSocketPrivateImpl::kMaxReadSize; 168 } 169 170 read_buffer_ = new net::IOBuffer(bytes_to_read); 171 int result = socket_->Read( 172 read_buffer_.get(), 173 bytes_to_read, 174 base::Bind(&PepperTCPSocket::OnReadCompleted, base::Unretained(this))); 175 if (result != net::ERR_IO_PENDING) 176 OnReadCompleted(result); 177} 178 179void PepperTCPSocket::Write(const std::string& data) { 180 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 181 182 if (!IsConnected() || write_buffer_base_.get() || write_buffer_.get() || 183 data.empty()) { 184 SendWriteACKError(); 185 return; 186 } 187 188 int data_size = data.size(); 189 if (data_size > ppapi::TCPSocketPrivateImpl::kMaxWriteSize) { 190 NOTREACHED(); 191 data_size = ppapi::TCPSocketPrivateImpl::kMaxWriteSize; 192 } 193 194 write_buffer_base_ = new net::IOBuffer(data_size); 195 memcpy(write_buffer_base_->data(), data.data(), data_size); 196 write_buffer_ = 197 new net::DrainableIOBuffer(write_buffer_base_.get(), data_size); 198 DoWrite(); 199} 200 201void PepperTCPSocket::SetBoolOption(uint32_t name, bool value) { 202 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); 203 DCHECK(socket_.get()); 204 205 switch (name) { 206 case PP_TCPSOCKETOPTION_NO_DELAY: 207 if (!IsSsl()) { 208 net::TCPClientSocket* tcp_socket = 209 static_cast<net::TCPClientSocket*>(socket_.get()); 210 SendSetBoolOptionACK(tcp_socket->SetNoDelay(value)); 211 } else { 212 SendSetBoolOptionACK(false); 213 } 214 return; 215 default: 216 break; 217 } 218 219 NOTREACHED(); 220 SendSetBoolOptionACK(false); 221} 222 223void PepperTCPSocket::StartConnect(const net::AddressList& addresses) { 224 DCHECK(connection_state_ == CONNECT_IN_PROGRESS); 225 226 socket_.reset(new net::TCPClientSocket(addresses, NULL, 227 net::NetLog::Source())); 228 int result = socket_->Connect( 229 base::Bind(&PepperTCPSocket::OnConnectCompleted, 230 base::Unretained(this))); 231 if (result != net::ERR_IO_PENDING) 232 OnConnectCompleted(result); 233} 234 235void PepperTCPSocket::SendConnectACKError() { 236 manager_->Send(new PpapiMsg_PPBTCPSocket_ConnectACK( 237 routing_id_, plugin_dispatcher_id_, socket_id_, false, 238 NetAddressPrivateImpl::kInvalidNetAddress, 239 NetAddressPrivateImpl::kInvalidNetAddress)); 240} 241 242// static 243bool PepperTCPSocket::GetCertificateFields( 244 const net::X509Certificate& cert, 245 ppapi::PPB_X509Certificate_Fields* fields) { 246 const net::CertPrincipal& issuer = cert.issuer(); 247 fields->SetField(PP_X509CERTIFICATE_PRIVATE_ISSUER_COMMON_NAME, 248 new base::StringValue(issuer.common_name)); 249 fields->SetField(PP_X509CERTIFICATE_PRIVATE_ISSUER_LOCALITY_NAME, 250 new base::StringValue(issuer.locality_name)); 251 fields->SetField(PP_X509CERTIFICATE_PRIVATE_ISSUER_STATE_OR_PROVINCE_NAME, 252 new base::StringValue(issuer.state_or_province_name)); 253 fields->SetField(PP_X509CERTIFICATE_PRIVATE_ISSUER_COUNTRY_NAME, 254 new base::StringValue(issuer.country_name)); 255 fields->SetField(PP_X509CERTIFICATE_PRIVATE_ISSUER_ORGANIZATION_NAME, 256 new base::StringValue(JoinString(issuer.organization_names, '\n'))); 257 fields->SetField(PP_X509CERTIFICATE_PRIVATE_ISSUER_ORGANIZATION_UNIT_NAME, 258 new base::StringValue(JoinString(issuer.organization_unit_names, '\n'))); 259 260 const net::CertPrincipal& subject = cert.subject(); 261 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SUBJECT_COMMON_NAME, 262 new base::StringValue(subject.common_name)); 263 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SUBJECT_LOCALITY_NAME, 264 new base::StringValue(subject.locality_name)); 265 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SUBJECT_STATE_OR_PROVINCE_NAME, 266 new base::StringValue(subject.state_or_province_name)); 267 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SUBJECT_COUNTRY_NAME, 268 new base::StringValue(subject.country_name)); 269 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SUBJECT_ORGANIZATION_NAME, 270 new base::StringValue(JoinString(subject.organization_names, '\n'))); 271 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SUBJECT_ORGANIZATION_UNIT_NAME, 272 new base::StringValue(JoinString(subject.organization_unit_names, '\n'))); 273 274 const std::string& serial_number = cert.serial_number(); 275 fields->SetField(PP_X509CERTIFICATE_PRIVATE_SERIAL_NUMBER, 276 base::BinaryValue::CreateWithCopiedBuffer(serial_number.data(), 277 serial_number.length())); 278 fields->SetField(PP_X509CERTIFICATE_PRIVATE_VALIDITY_NOT_BEFORE, 279 new base::FundamentalValue(cert.valid_start().ToDoubleT())); 280 fields->SetField(PP_X509CERTIFICATE_PRIVATE_VALIDITY_NOT_AFTER, 281 new base::FundamentalValue(cert.valid_expiry().ToDoubleT())); 282 std::string der; 283 net::X509Certificate::GetDEREncoded(cert.os_cert_handle(), &der); 284 fields->SetField(PP_X509CERTIFICATE_PRIVATE_RAW, 285 base::BinaryValue::CreateWithCopiedBuffer(der.data(), der.length())); 286 return true; 287} 288 289// static 290bool PepperTCPSocket::GetCertificateFields( 291 const char* der, 292 uint32_t length, 293 ppapi::PPB_X509Certificate_Fields* fields) { 294 scoped_refptr<net::X509Certificate> cert = 295 net::X509Certificate::CreateFromBytes(der, length); 296 if (!cert.get()) 297 return false; 298 return GetCertificateFields(*cert.get(), fields); 299} 300 301void PepperTCPSocket::SendReadACKError() { 302 manager_->Send(new PpapiMsg_PPBTCPSocket_ReadACK( 303 routing_id_, plugin_dispatcher_id_, socket_id_, false, std::string())); 304} 305 306void PepperTCPSocket::SendWriteACKError() { 307 manager_->Send(new PpapiMsg_PPBTCPSocket_WriteACK( 308 routing_id_, plugin_dispatcher_id_, socket_id_, false, 0)); 309} 310 311void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) { 312 ppapi::PPB_X509Certificate_Fields certificate_fields; 313 if (succeeded) { 314 // Our socket is guaranteed to be an SSL socket if we get here. 315 net::SSLClientSocket* ssl_socket = 316 static_cast<net::SSLClientSocket*>(socket_.get()); 317 net::SSLInfo ssl_info; 318 ssl_socket->GetSSLInfo(&ssl_info); 319 if (ssl_info.cert.get()) 320 GetCertificateFields(*ssl_info.cert.get(), &certificate_fields); 321 } 322 manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK( 323 routing_id_, 324 plugin_dispatcher_id_, 325 socket_id_, 326 succeeded, 327 certificate_fields)); 328} 329 330void PepperTCPSocket::SendSetBoolOptionACK(bool succeeded) { 331 manager_->Send(new PpapiMsg_PPBTCPSocket_SetBoolOptionACK( 332 routing_id_, plugin_dispatcher_id_, socket_id_, succeeded)); 333} 334 335void PepperTCPSocket::OnResolveCompleted(int result) { 336 DCHECK(connection_state_ == CONNECT_IN_PROGRESS); 337 338 if (result != net::OK) { 339 SendConnectACKError(); 340 connection_state_ = BEFORE_CONNECT; 341 return; 342 } 343 344 StartConnect(address_list_); 345} 346 347void PepperTCPSocket::OnConnectCompleted(int result) { 348 DCHECK(connection_state_ == CONNECT_IN_PROGRESS && socket_.get()); 349 350 if (result != net::OK) { 351 SendConnectACKError(); 352 connection_state_ = BEFORE_CONNECT; 353 } else { 354 net::IPEndPoint ip_end_point_local; 355 net::IPEndPoint ip_end_point_remote; 356 PP_NetAddress_Private local_addr = 357 NetAddressPrivateImpl::kInvalidNetAddress; 358 PP_NetAddress_Private remote_addr = 359 NetAddressPrivateImpl::kInvalidNetAddress; 360 361 if (socket_->GetLocalAddress(&ip_end_point_local) != net::OK || 362 !NetAddressPrivateImpl::IPEndPointToNetAddress( 363 ip_end_point_local.address(), 364 ip_end_point_local.port(), 365 &local_addr) || 366 socket_->GetPeerAddress(&ip_end_point_remote) != net::OK || 367 !NetAddressPrivateImpl::IPEndPointToNetAddress( 368 ip_end_point_remote.address(), 369 ip_end_point_remote.port(), 370 &remote_addr)) { 371 SendConnectACKError(); 372 connection_state_ = BEFORE_CONNECT; 373 } else { 374 manager_->Send(new PpapiMsg_PPBTCPSocket_ConnectACK( 375 routing_id_, plugin_dispatcher_id_, socket_id_, true, 376 local_addr, remote_addr)); 377 connection_state_ = CONNECTED; 378 } 379 } 380} 381 382void PepperTCPSocket::OnSSLHandshakeCompleted(int result) { 383 DCHECK(connection_state_ == SSL_HANDSHAKE_IN_PROGRESS); 384 385 bool succeeded = result == net::OK; 386 SendSSLHandshakeACK(succeeded); 387 connection_state_ = succeeded ? SSL_CONNECTED : SSL_HANDSHAKE_FAILED; 388} 389 390void PepperTCPSocket::OnReadCompleted(int result) { 391 DCHECK(read_buffer_.get()); 392 393 if (result > 0) { 394 manager_->Send(new PpapiMsg_PPBTCPSocket_ReadACK( 395 routing_id_, plugin_dispatcher_id_, socket_id_, true, 396 std::string(read_buffer_->data(), result))); 397 } else if (result == 0) { 398 end_of_file_reached_ = true; 399 manager_->Send(new PpapiMsg_PPBTCPSocket_ReadACK( 400 routing_id_, plugin_dispatcher_id_, socket_id_, true, std::string())); 401 } else { 402 SendReadACKError(); 403 } 404 read_buffer_ = NULL; 405} 406 407void PepperTCPSocket::OnWriteCompleted(int result) { 408 DCHECK(write_buffer_base_.get()); 409 DCHECK(write_buffer_.get()); 410 411 // Note: For partial writes of 0 bytes, don't continue writing to avoid a 412 // likely infinite loop. 413 if (result > 0) { 414 write_buffer_->DidConsume(result); 415 if (write_buffer_->BytesRemaining() > 0) { 416 DoWrite(); 417 return; 418 } 419 } 420 421 if (result >= 0) { 422 manager_->Send(new PpapiMsg_PPBTCPSocket_WriteACK( 423 routing_id_, plugin_dispatcher_id_, socket_id_, true, 424 write_buffer_->BytesConsumed())); 425 } else { 426 SendWriteACKError(); 427 } 428 429 write_buffer_ = NULL; 430 write_buffer_base_ = NULL; 431} 432 433bool PepperTCPSocket::IsConnected() const { 434 return connection_state_ == CONNECTED || connection_state_ == SSL_CONNECTED; 435} 436 437bool PepperTCPSocket::IsSsl() const { 438 return connection_state_ == SSL_HANDSHAKE_IN_PROGRESS || 439 connection_state_ == SSL_CONNECTED || 440 connection_state_ == SSL_HANDSHAKE_FAILED; 441} 442 443void PepperTCPSocket::DoWrite() { 444 DCHECK(write_buffer_base_.get()); 445 DCHECK(write_buffer_.get()); 446 DCHECK_GT(write_buffer_->BytesRemaining(), 0); 447 448 int result = socket_->Write( 449 write_buffer_.get(), 450 write_buffer_->BytesRemaining(), 451 base::Bind(&PepperTCPSocket::OnWriteCompleted, base::Unretained(this))); 452 if (result != net::ERR_IO_PENDING) 453 OnWriteCompleted(result); 454} 455 456} // namespace content 457