| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_WIN_H_ | |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_WIN_H_ | |
| 7 | |
| 8 #define SECURITY_WIN32 // Needs to be defined before including security.h | |
| 9 | |
| 10 #include <windows.h> | |
| 11 #include <wincrypt.h> | |
| 12 #include <security.h> | |
| 13 | |
| 14 #include <string> | |
| 15 | |
| 16 #include "base/memory/scoped_ptr.h" | |
| 17 #include "net/base/cert_verify_result.h" | |
| 18 #include "net/base/completion_callback.h" | |
| 19 #include "net/base/host_port_pair.h" | |
| 20 #include "net/base/net_log.h" | |
| 21 #include "net/base/ssl_config_service.h" | |
| 22 #include "net/socket/ssl_client_socket.h" | |
| 23 | |
| 24 namespace net { | |
| 25 | |
| 26 class BoundNetLog; | |
| 27 class CertVerifier; | |
| 28 class ClientSocketHandle; | |
| 29 class HostPortPair; | |
| 30 class SingleRequestCertVerifier; | |
| 31 | |
| 32 // An SSL client socket implemented with the Windows Schannel. | |
| 33 class SSLClientSocketWin : public SSLClientSocket { | |
| 34 public: | |
| 35 // Takes ownership of the |transport_socket|, which must already be connected. | |
| 36 // The hostname specified in |host_and_port| will be compared with the name(s) | |
| 37 // in the server's certificate during the SSL handshake. If SSL client | |
| 38 // authentication is requested, the host_and_port field of SSLCertRequestInfo | |
| 39 // will be populated with |host_and_port|. |ssl_config| specifies | |
| 40 // the SSL settings. | |
| 41 SSLClientSocketWin(ClientSocketHandle* transport_socket, | |
| 42 const HostPortPair& host_and_port, | |
| 43 const SSLConfig& ssl_config, | |
| 44 const SSLClientSocketContext& context); | |
| 45 ~SSLClientSocketWin(); | |
| 46 | |
| 47 // SSLClientSocket implementation. | |
| 48 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); | |
| 49 virtual NextProtoStatus GetNextProto(std::string* proto, | |
| 50 std::string* server_protos); | |
| 51 virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; | |
| 52 | |
| 53 // SSLSocket implementation. | |
| 54 virtual int ExportKeyingMaterial(const base::StringPiece& label, | |
| 55 bool has_context, | |
| 56 const base::StringPiece& context, | |
| 57 unsigned char* out, | |
| 58 unsigned int outlen); | |
| 59 virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; | |
| 60 | |
| 61 // StreamSocket implementation. | |
| 62 virtual int Connect(const CompletionCallback& callback) OVERRIDE; | |
| 63 virtual void Disconnect() OVERRIDE; | |
| 64 virtual bool IsConnected() const OVERRIDE; | |
| 65 virtual bool IsConnectedAndIdle() const OVERRIDE; | |
| 66 virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE; | |
| 67 virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE; | |
| 68 virtual const BoundNetLog& NetLog() const OVERRIDE{ return net_log_; } | |
| 69 virtual void SetSubresourceSpeculation() OVERRIDE; | |
| 70 virtual void SetOmniboxSpeculation() OVERRIDE; | |
| 71 virtual bool WasEverUsed() const OVERRIDE; | |
| 72 virtual bool UsingTCPFastOpen() const OVERRIDE; | |
| 73 virtual int64 NumBytesRead() const OVERRIDE; | |
| 74 virtual base::TimeDelta GetConnectTimeMicros() const OVERRIDE; | |
| 75 virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; | |
| 76 | |
| 77 // Socket implementation. | |
| 78 virtual int Read(IOBuffer* buf, int buf_len, | |
| 79 const CompletionCallback& callback) OVERRIDE; | |
| 80 virtual int Write(IOBuffer* buf, int buf_len, | |
| 81 const CompletionCallback& callback) OVERRIDE; | |
| 82 | |
| 83 virtual bool SetReceiveBufferSize(int32 size) OVERRIDE; | |
| 84 virtual bool SetSendBufferSize(int32 size) OVERRIDE; | |
| 85 | |
| 86 private: | |
| 87 bool completed_handshake() const { | |
| 88 return next_state_ == STATE_COMPLETED_HANDSHAKE; | |
| 89 } | |
| 90 | |
| 91 // Initializes the SSL options and security context. Returns a net error code. | |
| 92 int InitializeSSLContext(); | |
| 93 | |
| 94 void OnHandshakeIOComplete(int result); | |
| 95 void OnReadComplete(int result); | |
| 96 void OnWriteComplete(int result); | |
| 97 | |
| 98 int DoLoop(int last_io_result); | |
| 99 int DoHandshakeRead(); | |
| 100 int DoHandshakeReadComplete(int result); | |
| 101 int DoHandshakeWrite(); | |
| 102 int DoHandshakeWriteComplete(int result); | |
| 103 int DoVerifyCert(); | |
| 104 int DoVerifyCertComplete(int result); | |
| 105 | |
| 106 int DoPayloadRead(); | |
| 107 int DoPayloadReadComplete(int result); | |
| 108 int DoPayloadDecrypt(); | |
| 109 int DoPayloadEncrypt(); | |
| 110 int DoPayloadWrite(); | |
| 111 int DoPayloadWriteComplete(int result); | |
| 112 int DoCompletedRenegotiation(int result); | |
| 113 | |
| 114 int DidCallInitializeSecurityContext(); | |
| 115 int DidCompleteHandshake(); | |
| 116 void DidCompleteRenegotiation(); | |
| 117 void LogConnectionTypeMetrics() const; | |
| 118 void FreeSendBuffer(); | |
| 119 | |
| 120 scoped_ptr<ClientSocketHandle> transport_; | |
| 121 HostPortPair host_and_port_; | |
| 122 SSLConfig ssl_config_; | |
| 123 | |
| 124 // User function to callback when the Connect() completes. | |
| 125 CompletionCallback user_connect_callback_; | |
| 126 | |
| 127 // User function to callback when a Read() completes. | |
| 128 CompletionCallback user_read_callback_; | |
| 129 scoped_refptr<IOBuffer> user_read_buf_; | |
| 130 int user_read_buf_len_; | |
| 131 | |
| 132 // User function to callback when a Write() completes. | |
| 133 CompletionCallback user_write_callback_; | |
| 134 scoped_refptr<IOBuffer> user_write_buf_; | |
| 135 int user_write_buf_len_; | |
| 136 | |
| 137 // Used to Read and Write using transport_. | |
| 138 scoped_refptr<IOBuffer> transport_read_buf_; | |
| 139 scoped_refptr<IOBuffer> transport_write_buf_; | |
| 140 | |
| 141 enum State { | |
| 142 STATE_NONE, | |
| 143 STATE_HANDSHAKE_READ, | |
| 144 STATE_HANDSHAKE_READ_COMPLETE, | |
| 145 STATE_HANDSHAKE_WRITE, | |
| 146 STATE_HANDSHAKE_WRITE_COMPLETE, | |
| 147 STATE_VERIFY_CERT, | |
| 148 STATE_VERIFY_CERT_COMPLETE, | |
| 149 STATE_COMPLETED_RENEGOTIATION, | |
| 150 STATE_COMPLETED_HANDSHAKE | |
| 151 // After the handshake, the socket remains | |
| 152 // in the STATE_COMPLETED_HANDSHAKE state, | |
| 153 // unless a renegotiate handshake occurs. | |
| 154 }; | |
| 155 State next_state_; | |
| 156 | |
| 157 SecPkgContext_StreamSizes stream_sizes_; | |
| 158 scoped_refptr<X509Certificate> server_cert_; | |
| 159 CertVerifier* const cert_verifier_; | |
| 160 scoped_ptr<SingleRequestCertVerifier> verifier_; | |
| 161 CertVerifyResult server_cert_verify_result_; | |
| 162 | |
| 163 CredHandle* creds_; | |
| 164 CtxtHandle ctxt_; | |
| 165 SecBuffer in_buffers_[2]; // Input buffers for InitializeSecurityContext. | |
| 166 SecBuffer send_buffer_; // Output buffer for InitializeSecurityContext. | |
| 167 SECURITY_STATUS isc_status_; // Return value of InitializeSecurityContext. | |
| 168 scoped_array<char> payload_send_buffer_; | |
| 169 int payload_send_buffer_len_; | |
| 170 int bytes_sent_; | |
| 171 | |
| 172 // recv_buffer_ holds the received ciphertext. Since Schannel decrypts | |
| 173 // data in place, sometimes recv_buffer_ may contain decrypted plaintext and | |
| 174 // any undecrypted ciphertext. (Ciphertext is decrypted one full SSL record | |
| 175 // at a time.) | |
| 176 // | |
| 177 // If bytes_decrypted_ is 0, the received ciphertext is at the beginning of | |
| 178 // recv_buffer_, ready to be passed to DecryptMessage. | |
| 179 scoped_array<char> recv_buffer_; | |
| 180 char* decrypted_ptr_; // Points to the decrypted plaintext in recv_buffer_ | |
| 181 int bytes_decrypted_; // The number of bytes of decrypted plaintext. | |
| 182 char* received_ptr_; // Points to the received ciphertext in recv_buffer_ | |
| 183 int bytes_received_; // The number of bytes of received ciphertext. | |
| 184 | |
| 185 // True if we're writing the first token (handshake message) to the server, | |
| 186 // false if we're writing a subsequent token. After we have written a token | |
| 187 // successfully, DoHandshakeWriteComplete checks this member to set the next | |
| 188 // state. | |
| 189 bool writing_first_token_; | |
| 190 | |
| 191 // Only used in the STATE_HANDSHAKE_READ_COMPLETE and | |
| 192 // STATE_PAYLOAD_READ_COMPLETE states. True if a 'result' argument of OK | |
| 193 // should be ignored, to prevent it from being interpreted as EOF. | |
| 194 // | |
| 195 // The reason we need this flag is that OK means not only "0 bytes of data | |
| 196 // were read" but also EOF. We set ignore_ok_result_ to true when we need | |
| 197 // to continue processing previously read data without reading more data. | |
| 198 // We have to pass a 'result' of OK to the DoLoop method, and don't want it | |
| 199 // to be interpreted as EOF. | |
| 200 bool ignore_ok_result_; | |
| 201 | |
| 202 // Renegotiation is in progress. | |
| 203 bool renegotiating_; | |
| 204 | |
| 205 // True when the decrypter needs more data in order to decrypt. | |
| 206 bool need_more_data_; | |
| 207 | |
| 208 BoundNetLog net_log_; | |
| 209 }; | |
| 210 | |
| 211 } // namespace net | |
| 212 | |
| 213 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_WIN_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11876044:
Remove support for 'system' SSL on Mac (SecureTransport) and Win (SChannel) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src