1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_
6#define NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_
7
8#include <certt.h>
9#include <keyt.h>
10#include <nspr.h>
11#include <nss.h>
12
13#include "base/memory/scoped_ptr.h"
14#include "net/base/completion_callback.h"
15#include "net/base/host_port_pair.h"
16#include "net/base/net_log.h"
17#include "net/base/nss_memio.h"
18#include "net/socket/ssl_server_socket.h"
19#include "net/ssl/ssl_config_service.h"
20
21namespace net {
22
23class SSLServerSocketNSS : public SSLServerSocket {
24 public:
25  // See comments on CreateSSLServerSocket for details of how these
26  // parameters are used.
27  SSLServerSocketNSS(scoped_ptr<StreamSocket> socket,
28                     scoped_refptr<X509Certificate> certificate,
29                     crypto::RSAPrivateKey* key,
30                     const SSLConfig& ssl_config);
31  virtual ~SSLServerSocketNSS();
32
33  // SSLServerSocket interface.
34  virtual int Handshake(const CompletionCallback& callback) OVERRIDE;
35
36  // SSLSocket interface.
37  virtual int ExportKeyingMaterial(const base::StringPiece& label,
38                                   bool has_context,
39                                   const base::StringPiece& context,
40                                   unsigned char* out,
41                                   unsigned int outlen) OVERRIDE;
42  virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE;
43
44  // Socket interface (via StreamSocket).
45  virtual int Read(IOBuffer* buf, int buf_len,
46                   const CompletionCallback& callback) OVERRIDE;
47  virtual int Write(IOBuffer* buf, int buf_len,
48                    const CompletionCallback& callback) OVERRIDE;
49  virtual int SetReceiveBufferSize(int32 size) OVERRIDE;
50  virtual int SetSendBufferSize(int32 size) OVERRIDE;
51
52  // StreamSocket implementation.
53  virtual int Connect(const CompletionCallback& callback) OVERRIDE;
54  virtual void Disconnect() OVERRIDE;
55  virtual bool IsConnected() const OVERRIDE;
56  virtual bool IsConnectedAndIdle() const OVERRIDE;
57  virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE;
58  virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE;
59  virtual const BoundNetLog& NetLog() const OVERRIDE;
60  virtual void SetSubresourceSpeculation() OVERRIDE;
61  virtual void SetOmniboxSpeculation() OVERRIDE;
62  virtual bool WasEverUsed() const OVERRIDE;
63  virtual bool UsingTCPFastOpen() const OVERRIDE;
64  virtual bool WasNpnNegotiated() const OVERRIDE;
65  virtual NextProto GetNegotiatedProtocol() const OVERRIDE;
66  virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE;
67
68 private:
69  enum State {
70    STATE_NONE,
71    STATE_HANDSHAKE,
72  };
73
74  int InitializeSSLOptions();
75
76  void OnSendComplete(int result);
77  void OnRecvComplete(int result);
78  void OnHandshakeIOComplete(int result);
79
80  int BufferSend();
81  void BufferSendComplete(int result);
82  int BufferRecv();
83  void BufferRecvComplete(int result);
84  bool DoTransportIO();
85  int DoPayloadRead();
86  int DoPayloadWrite();
87
88  int DoHandshakeLoop(int last_io_result);
89  int DoReadLoop(int result);
90  int DoWriteLoop(int result);
91  int DoHandshake();
92  void DoHandshakeCallback(int result);
93  void DoReadCallback(int result);
94  void DoWriteCallback(int result);
95
96  static SECStatus OwnAuthCertHandler(void* arg,
97                                      PRFileDesc* socket,
98                                      PRBool checksig,
99                                      PRBool is_server);
100  static void HandshakeCallback(PRFileDesc* socket, void* arg);
101
102  int Init();
103
104  // Members used to send and receive buffer.
105  bool transport_send_busy_;
106  bool transport_recv_busy_;
107
108  scoped_refptr<IOBuffer> recv_buffer_;
109
110  BoundNetLog net_log_;
111
112  CompletionCallback user_handshake_callback_;
113  CompletionCallback user_read_callback_;
114  CompletionCallback user_write_callback_;
115
116  // Used by Read function.
117  scoped_refptr<IOBuffer> user_read_buf_;
118  int user_read_buf_len_;
119
120  // Used by Write function.
121  scoped_refptr<IOBuffer> user_write_buf_;
122  int user_write_buf_len_;
123
124  // The NSS SSL state machine
125  PRFileDesc* nss_fd_;
126
127  // Buffers for the network end of the SSL state machine
128  memio_Private* nss_bufs_;
129
130  // StreamSocket for sending and receiving data.
131  scoped_ptr<StreamSocket> transport_socket_;
132
133  // Options for the SSL socket.
134  SSLConfig ssl_config_;
135
136  // Certificate for the server.
137  scoped_refptr<X509Certificate> cert_;
138
139  // Private key used by the server.
140  scoped_ptr<crypto::RSAPrivateKey> key_;
141
142  State next_handshake_state_;
143  bool completed_handshake_;
144
145  DISALLOW_COPY_AND_ASSIGN(SSLServerSocketNSS);
146};
147
148}  // namespace net
149
150#endif  // NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_
151