| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_ | |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_ | |
| 7 | |
| 8 #include <Security/Security.h> | |
| 9 | |
| 10 #include <string> | |
| 11 #include <vector> | |
| 12 | |
| 13 #include "base/memory/scoped_ptr.h" | |
| 14 #include "net/base/cert_verify_result.h" | |
| 15 #include "net/base/completion_callback.h" | |
| 16 #include "net/base/host_port_pair.h" | |
| 17 #include "net/base/net_log.h" | |
| 18 #include "net/base/ssl_config_service.h" | |
| 19 #include "net/socket/ssl_client_socket.h" | |
| 20 | |
| 21 namespace net { | |
| 22 | |
| 23 class CertVerifier; | |
| 24 class ClientSocketHandle; | |
| 25 class SingleRequestCertVerifier; | |
| 26 | |
| 27 // An SSL client socket implemented with Secure Transport. | |
| 28 class SSLClientSocketMac : public SSLClientSocket { | |
| 29 public: | |
| 30 // Takes ownership of the |transport_socket|, which must already be connected. | |
| 31 // The hostname specified in |host_and_port| will be compared with the name(s) | |
| 32 // in the server's certificate during the SSL handshake. If SSL client | |
| 33 // authentication is requested, the host_and_port field of SSLCertRequestInfo | |
| 34 // will be populated with |host_and_port|. |ssl_config| specifies | |
| 35 // the SSL settings. | |
| 36 SSLClientSocketMac(ClientSocketHandle* transport_socket, | |
| 37 const HostPortPair& host_and_port, | |
| 38 const SSLConfig& ssl_config, | |
| 39 const SSLClientSocketContext& context); | |
| 40 virtual ~SSLClientSocketMac(); | |
| 41 | |
| 42 // SSLClientSocket implementation. | |
| 43 virtual void GetSSLCertRequestInfo( | |
| 44 SSLCertRequestInfo* cert_request_info) OVERRIDE; | |
| 45 virtual NextProtoStatus GetNextProto(std::string* proto, | |
| 46 std::string* server_protos) OVERRIDE; | |
| 47 virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; | |
| 48 | |
| 49 // SSLSocket implementation. | |
| 50 virtual int ExportKeyingMaterial(const base::StringPiece& label, | |
| 51 bool has_context, | |
| 52 const base::StringPiece& context, | |
| 53 unsigned char* out, | |
| 54 unsigned int outlen) OVERRIDE; | |
| 55 virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; | |
| 56 | |
| 57 // StreamSocket implementation. | |
| 58 virtual int Connect(const CompletionCallback& callback) OVERRIDE; | |
| 59 virtual void Disconnect() OVERRIDE; | |
| 60 virtual bool IsConnected() const OVERRIDE; | |
| 61 virtual bool IsConnectedAndIdle() const OVERRIDE; | |
| 62 virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE; | |
| 63 virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE; | |
| 64 virtual const BoundNetLog& NetLog() const OVERRIDE; | |
| 65 virtual void SetSubresourceSpeculation() OVERRIDE; | |
| 66 virtual void SetOmniboxSpeculation() OVERRIDE; | |
| 67 virtual bool WasEverUsed() const OVERRIDE; | |
| 68 virtual bool UsingTCPFastOpen() const OVERRIDE; | |
| 69 virtual int64 NumBytesRead() const OVERRIDE; | |
| 70 virtual base::TimeDelta GetConnectTimeMicros() const OVERRIDE; | |
| 71 virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; | |
| 72 | |
| 73 // Socket implementation. | |
| 74 virtual int Read(IOBuffer* buf, | |
| 75 int buf_len, | |
| 76 const CompletionCallback& callback) OVERRIDE; | |
| 77 virtual int Write(IOBuffer* buf, | |
| 78 int buf_len, | |
| 79 const CompletionCallback& callback) OVERRIDE; | |
| 80 virtual bool SetReceiveBufferSize(int32 size) OVERRIDE; | |
| 81 virtual bool SetSendBufferSize(int32 size) OVERRIDE; | |
| 82 | |
| 83 private: | |
| 84 bool completed_handshake() const { | |
| 85 return next_handshake_state_ == STATE_COMPLETED_HANDSHAKE; | |
| 86 } | |
| 87 // Initializes the SSLContext. Returns a net error code. | |
| 88 int InitializeSSLContext(); | |
| 89 | |
| 90 void DoConnectCallback(int result); | |
| 91 void DoReadCallback(int result); | |
| 92 void DoWriteCallback(int result); | |
| 93 void OnHandshakeIOComplete(int result); | |
| 94 void OnTransportReadComplete(int result); | |
| 95 void OnTransportWriteComplete(int result); | |
| 96 | |
| 97 int DoHandshakeLoop(int last_io_result); | |
| 98 | |
| 99 int DoPayloadRead(); | |
| 100 int DoPayloadWrite(); | |
| 101 int DoHandshake(); | |
| 102 int DoVerifyCert(); | |
| 103 int DoVerifyCertComplete(int result); | |
| 104 int DoCompletedRenegotiation(int result); | |
| 105 | |
| 106 void DidCompleteRenegotiation(); | |
| 107 int DidCompleteHandshake(); | |
| 108 | |
| 109 int SetClientCert(); | |
| 110 | |
| 111 static OSStatus SSLReadCallback(SSLConnectionRef connection, | |
| 112 void* data, | |
| 113 size_t* data_length); | |
| 114 static OSStatus SSLWriteCallback(SSLConnectionRef connection, | |
| 115 const void* data, | |
| 116 size_t* data_length); | |
| 117 | |
| 118 scoped_ptr<ClientSocketHandle> transport_; | |
| 119 HostPortPair host_and_port_; | |
| 120 SSLConfig ssl_config_; | |
| 121 | |
| 122 CompletionCallback user_connect_callback_; | |
| 123 CompletionCallback user_read_callback_; | |
| 124 CompletionCallback user_write_callback_; | |
| 125 | |
| 126 // Used by Read function. | |
| 127 scoped_refptr<IOBuffer> user_read_buf_; | |
| 128 int user_read_buf_len_; | |
| 129 | |
| 130 // Used by Write function. | |
| 131 scoped_refptr<IOBuffer> user_write_buf_; | |
| 132 int user_write_buf_len_; | |
| 133 | |
| 134 enum State { | |
| 135 STATE_NONE, | |
| 136 STATE_HANDSHAKE, | |
| 137 STATE_VERIFY_CERT, | |
| 138 STATE_VERIFY_CERT_COMPLETE, | |
| 139 STATE_COMPLETED_RENEGOTIATION, | |
| 140 STATE_COMPLETED_HANDSHAKE, | |
| 141 // After the handshake, the socket remains in the | |
| 142 // STATE_COMPLETED_HANDSHAKE state until renegotiation is requested by | |
| 143 // the server. When renegotiation is requested, the state machine | |
| 144 // restarts at STATE_HANDSHAKE, advances through to | |
| 145 // STATE_VERIFY_CERT_COMPLETE, and then continues to | |
| 146 // STATE_COMPLETED_RENEGOTIATION. After STATE_COMPLETED_RENEGOTIATION | |
| 147 // has been processed, it goes back to STATE_COMPLETED_HANDSHAKE and | |
| 148 // will remain there until the server requests renegotiation again. | |
| 149 // During the initial handshake, STATE_COMPLETED_RENEGOTIATION is | |
| 150 // skipped. | |
| 151 }; | |
| 152 State next_handshake_state_; | |
| 153 | |
| 154 scoped_refptr<X509Certificate> server_cert_; | |
| 155 CertVerifier* const cert_verifier_; | |
| 156 scoped_ptr<SingleRequestCertVerifier> verifier_; | |
| 157 CertVerifyResult server_cert_verify_result_; | |
| 158 | |
| 159 // The initial handshake has already completed, and the current handshake | |
| 160 // is server-initiated renegotiation. | |
| 161 bool renegotiating_; | |
| 162 bool client_cert_requested_; | |
| 163 SSLContextRef ssl_context_; | |
| 164 | |
| 165 // During a renegotiation, the amount of application data read following | |
| 166 // the handshake's completion. | |
| 167 size_t bytes_read_after_renegotiation_; | |
| 168 | |
| 169 // These buffers hold data retrieved from/sent to the underlying transport | |
| 170 // before it's fed to the SSL engine. | |
| 171 std::vector<char> send_buffer_; | |
| 172 int pending_send_error_; | |
| 173 std::vector<char> recv_buffer_; | |
| 174 | |
| 175 // These are the IOBuffers used for operations on the underlying transport. | |
| 176 scoped_refptr<IOBuffer> read_io_buf_; | |
| 177 scoped_refptr<IOBuffer> write_io_buf_; | |
| 178 | |
| 179 BoundNetLog net_log_; | |
| 180 }; | |
| 181 | |
| 182 } // namespace net | |
| 183 | |
| 184 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11876044:
Remove support for 'system' SSL on Mac (SecureTransport) and Win (SChannel) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src