OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 1075 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1086 FROM_HERE, | 1086 FROM_HERE, |
1087 base::Bind(IgnoreResult(&Core::Connect), this, callback)); | 1087 base::Bind(IgnoreResult(&Core::Connect), this, callback)); |
1088 return posted ? ERR_IO_PENDING : ERR_ABORTED; | 1088 return posted ? ERR_IO_PENDING : ERR_ABORTED; |
1089 } | 1089 } |
1090 | 1090 |
1091 DCHECK(OnNSSTaskRunner()); | 1091 DCHECK(OnNSSTaskRunner()); |
1092 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1092 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1093 DCHECK(user_read_callback_.is_null()); | 1093 DCHECK(user_read_callback_.is_null()); |
1094 DCHECK(user_write_callback_.is_null()); | 1094 DCHECK(user_write_callback_.is_null()); |
1095 DCHECK(user_connect_callback_.is_null()); | 1095 DCHECK(user_connect_callback_.is_null()); |
1096 DCHECK(!user_read_buf_); | 1096 DCHECK(!user_read_buf_.get()); |
1097 DCHECK(!user_write_buf_); | 1097 DCHECK(!user_write_buf_.get()); |
1098 | 1098 |
1099 next_handshake_state_ = STATE_HANDSHAKE; | 1099 next_handshake_state_ = STATE_HANDSHAKE; |
1100 int rv = DoHandshakeLoop(OK); | 1100 int rv = DoHandshakeLoop(OK); |
1101 if (rv == ERR_IO_PENDING) { | 1101 if (rv == ERR_IO_PENDING) { |
1102 user_connect_callback_ = callback; | 1102 user_connect_callback_ = callback; |
1103 } else if (rv > OK) { | 1103 } else if (rv > OK) { |
1104 rv = OK; | 1104 rv = OK; |
1105 } | 1105 } |
1106 if (rv != ERR_IO_PENDING && !OnNetworkTaskRunner()) { | 1106 if (rv != ERR_IO_PENDING && !OnNetworkTaskRunner()) { |
1107 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); | 1107 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1141 nss_waiting_read_ = false; | 1141 nss_waiting_read_ = false; |
1142 } | 1142 } |
1143 return posted ? ERR_IO_PENDING : ERR_ABORTED; | 1143 return posted ? ERR_IO_PENDING : ERR_ABORTED; |
1144 } | 1144 } |
1145 | 1145 |
1146 DCHECK(OnNSSTaskRunner()); | 1146 DCHECK(OnNSSTaskRunner()); |
1147 DCHECK(handshake_callback_called_); | 1147 DCHECK(handshake_callback_called_); |
1148 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1148 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1149 DCHECK(user_read_callback_.is_null()); | 1149 DCHECK(user_read_callback_.is_null()); |
1150 DCHECK(user_connect_callback_.is_null()); | 1150 DCHECK(user_connect_callback_.is_null()); |
1151 DCHECK(!user_read_buf_); | 1151 DCHECK(!user_read_buf_.get()); |
1152 DCHECK(nss_bufs_); | 1152 DCHECK(nss_bufs_); |
1153 | 1153 |
1154 user_read_buf_ = buf; | 1154 user_read_buf_ = buf; |
1155 user_read_buf_len_ = buf_len; | 1155 user_read_buf_len_ = buf_len; |
1156 | 1156 |
1157 int rv = DoReadLoop(OK); | 1157 int rv = DoReadLoop(OK); |
1158 if (rv == ERR_IO_PENDING) { | 1158 if (rv == ERR_IO_PENDING) { |
1159 if (OnNetworkTaskRunner()) | 1159 if (OnNetworkTaskRunner()) |
1160 nss_waiting_read_ = true; | 1160 nss_waiting_read_ = true; |
1161 user_read_callback_ = callback; | 1161 user_read_callback_ = callback; |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1195 nss_waiting_write_ = false; | 1195 nss_waiting_write_ = false; |
1196 } | 1196 } |
1197 return posted ? ERR_IO_PENDING : ERR_ABORTED; | 1197 return posted ? ERR_IO_PENDING : ERR_ABORTED; |
1198 } | 1198 } |
1199 | 1199 |
1200 DCHECK(OnNSSTaskRunner()); | 1200 DCHECK(OnNSSTaskRunner()); |
1201 DCHECK(handshake_callback_called_); | 1201 DCHECK(handshake_callback_called_); |
1202 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1202 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1203 DCHECK(user_write_callback_.is_null()); | 1203 DCHECK(user_write_callback_.is_null()); |
1204 DCHECK(user_connect_callback_.is_null()); | 1204 DCHECK(user_connect_callback_.is_null()); |
1205 DCHECK(!user_write_buf_); | 1205 DCHECK(!user_write_buf_.get()); |
1206 DCHECK(nss_bufs_); | 1206 DCHECK(nss_bufs_); |
1207 | 1207 |
1208 user_write_buf_ = buf; | 1208 user_write_buf_ = buf; |
1209 user_write_buf_len_ = buf_len; | 1209 user_write_buf_len_ = buf_len; |
1210 | 1210 |
1211 int rv = DoWriteLoop(OK); | 1211 int rv = DoWriteLoop(OK); |
1212 if (rv == ERR_IO_PENDING) { | 1212 if (rv == ERR_IO_PENDING) { |
1213 if (OnNetworkTaskRunner()) | 1213 if (OnNetworkTaskRunner()) |
1214 nss_waiting_write_ = true; | 1214 nss_waiting_write_ = true; |
1215 user_write_callback_ = callback; | 1215 user_write_callback_ = callback; |
(...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1538 FROM_HERE, | 1538 FROM_HERE, |
1539 base::Bind(&AddLogEvent, core->weak_net_log_, | 1539 base::Bind(&AddLogEvent, core->weak_net_log_, |
1540 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED)); | 1540 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED)); |
1541 | 1541 |
1542 // Regular client certificate requested. | 1542 // Regular client certificate requested. |
1543 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; | 1543 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; |
1544 void* wincx = SSL_RevealPinArg(socket); | 1544 void* wincx = SSL_RevealPinArg(socket); |
1545 | 1545 |
1546 if (core->ssl_config_.send_client_cert) { | 1546 if (core->ssl_config_.send_client_cert) { |
1547 // Second pass: a client certificate should have been selected. | 1547 // Second pass: a client certificate should have been selected. |
1548 if (core->ssl_config_.client_cert) { | 1548 if (core->ssl_config_.client_cert.get()) { |
1549 CERTCertificate* cert = CERT_DupCertificate( | 1549 CERTCertificate* cert = |
1550 core->ssl_config_.client_cert->os_cert_handle()); | 1550 CERT_DupCertificate(core->ssl_config_.client_cert->os_cert_handle()); |
1551 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx); | 1551 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx); |
1552 if (privkey) { | 1552 if (privkey) { |
1553 // TODO(jsorianopastor): We should wait for server certificate | 1553 // TODO(jsorianopastor): We should wait for server certificate |
1554 // verification before sending our credentials. See | 1554 // verification before sending our credentials. See |
1555 // http://crbug.com/13934. | 1555 // http://crbug.com/13934. |
1556 *result_certificate = cert; | 1556 *result_certificate = cert; |
1557 *result_private_key = privkey; | 1557 *result_private_key = privkey; |
1558 // A cert_count of -1 means the number of certificates is unknown. | 1558 // A cert_count of -1 means the number of certificates is unknown. |
1559 // NSS will construct the certificate chain. | 1559 // NSS will construct the certificate chain. |
1560 core->AddCertProvidedEvent(-1); | 1560 core->AddCertProvidedEvent(-1); |
(...skipping 389 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1950 if (rv != SECSuccess) | 1950 if (rv != SECSuccess) |
1951 return MapNSSError(PORT_GetError()); | 1951 return MapNSSError(PORT_GetError()); |
1952 | 1952 |
1953 SetChannelIDProvided(); | 1953 SetChannelIDProvided(); |
1954 GotoState(STATE_HANDSHAKE); | 1954 GotoState(STATE_HANDSHAKE); |
1955 return OK; | 1955 return OK; |
1956 } | 1956 } |
1957 | 1957 |
1958 int SSLClientSocketNSS::Core::DoPayloadRead() { | 1958 int SSLClientSocketNSS::Core::DoPayloadRead() { |
1959 DCHECK(OnNSSTaskRunner()); | 1959 DCHECK(OnNSSTaskRunner()); |
1960 DCHECK(user_read_buf_); | 1960 DCHECK(user_read_buf_.get()); |
1961 DCHECK_GT(user_read_buf_len_, 0); | 1961 DCHECK_GT(user_read_buf_len_, 0); |
1962 | 1962 |
1963 int rv; | 1963 int rv; |
1964 // If a previous greedy read resulted in an error that was not consumed (eg: | 1964 // If a previous greedy read resulted in an error that was not consumed (eg: |
1965 // due to the caller having read some data successfully), then return that | 1965 // due to the caller having read some data successfully), then return that |
1966 // pending error now. | 1966 // pending error now. |
1967 if (pending_read_result_ != kNoPendingReadResult) { | 1967 if (pending_read_result_ != kNoPendingReadResult) { |
1968 rv = pending_read_result_; | 1968 rv = pending_read_result_; |
1969 PRErrorCode prerr = pending_read_nss_error_; | 1969 PRErrorCode prerr = pending_read_nss_error_; |
1970 pending_read_result_ = kNoPendingReadResult; | 1970 pending_read_result_ = kNoPendingReadResult; |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2068 NetLog::TYPE_SSL_READ_ERROR, | 2068 NetLog::TYPE_SSL_READ_ERROR, |
2069 CreateNetLogSSLErrorCallback(rv, pending_read_nss_error_))); | 2069 CreateNetLogSSLErrorCallback(rv, pending_read_nss_error_))); |
2070 pending_read_nss_error_ = 0; | 2070 pending_read_nss_error_ = 0; |
2071 } | 2071 } |
2072 return rv; | 2072 return rv; |
2073 } | 2073 } |
2074 | 2074 |
2075 int SSLClientSocketNSS::Core::DoPayloadWrite() { | 2075 int SSLClientSocketNSS::Core::DoPayloadWrite() { |
2076 DCHECK(OnNSSTaskRunner()); | 2076 DCHECK(OnNSSTaskRunner()); |
2077 | 2077 |
2078 DCHECK(user_write_buf_); | 2078 DCHECK(user_write_buf_.get()); |
2079 | 2079 |
2080 int old_amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_); | 2080 int old_amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_); |
2081 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | 2081 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); |
2082 int new_amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_); | 2082 int new_amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_); |
2083 // PR_Write could potentially consume the unhandled data in the memio read | 2083 // PR_Write could potentially consume the unhandled data in the memio read |
2084 // buffer if a renegotiation is in progress. If the buffer is consumed, | 2084 // buffer if a renegotiation is in progress. If the buffer is consumed, |
2085 // notify the latest buffer size to NetworkRunner. | 2085 // notify the latest buffer size to NetworkRunner. |
2086 if (old_amount_in_read_buffer != new_amount_in_read_buffer) { | 2086 if (old_amount_in_read_buffer != new_amount_in_read_buffer) { |
2087 PostOrRunCallback( | 2087 PostOrRunCallback( |
2088 FROM_HERE, | 2088 FROM_HERE, |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2150 | 2150 |
2151 char* buf; | 2151 char* buf; |
2152 int nb = memio_GetReadParams(nss_bufs_, &buf); | 2152 int nb = memio_GetReadParams(nss_bufs_, &buf); |
2153 int rv; | 2153 int rv; |
2154 if (!nb) { | 2154 if (!nb) { |
2155 // buffer too full to read into, so no I/O possible at moment | 2155 // buffer too full to read into, so no I/O possible at moment |
2156 rv = ERR_IO_PENDING; | 2156 rv = ERR_IO_PENDING; |
2157 } else { | 2157 } else { |
2158 scoped_refptr<IOBuffer> read_buffer(new IOBuffer(nb)); | 2158 scoped_refptr<IOBuffer> read_buffer(new IOBuffer(nb)); |
2159 if (OnNetworkTaskRunner()) { | 2159 if (OnNetworkTaskRunner()) { |
2160 rv = DoBufferRecv(read_buffer, nb); | 2160 rv = DoBufferRecv(read_buffer.get(), nb); |
2161 } else { | 2161 } else { |
2162 bool posted = network_task_runner_->PostTask( | 2162 bool posted = network_task_runner_->PostTask( |
2163 FROM_HERE, | 2163 FROM_HERE, |
2164 base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer, | 2164 base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer, |
2165 nb)); | 2165 nb)); |
2166 rv = posted ? ERR_IO_PENDING : ERR_ABORTED; | 2166 rv = posted ? ERR_IO_PENDING : ERR_ABORTED; |
2167 } | 2167 } |
2168 | 2168 |
2169 if (rv == ERR_IO_PENDING) { | 2169 if (rv == ERR_IO_PENDING) { |
2170 transport_recv_busy_ = true; | 2170 transport_recv_busy_ = true; |
(...skipping 24 matching lines...) Expand all Loading... |
2195 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); | 2195 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); |
2196 const unsigned int len = len1 + len2; | 2196 const unsigned int len = len1 + len2; |
2197 | 2197 |
2198 int rv = 0; | 2198 int rv = 0; |
2199 if (len) { | 2199 if (len) { |
2200 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); | 2200 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); |
2201 memcpy(send_buffer->data(), buf1, len1); | 2201 memcpy(send_buffer->data(), buf1, len1); |
2202 memcpy(send_buffer->data() + len1, buf2, len2); | 2202 memcpy(send_buffer->data() + len1, buf2, len2); |
2203 | 2203 |
2204 if (OnNetworkTaskRunner()) { | 2204 if (OnNetworkTaskRunner()) { |
2205 rv = DoBufferSend(send_buffer, len); | 2205 rv = DoBufferSend(send_buffer.get(), len); |
2206 } else { | 2206 } else { |
2207 bool posted = network_task_runner_->PostTask( | 2207 bool posted = network_task_runner_->PostTask( |
2208 FROM_HERE, | 2208 FROM_HERE, |
2209 base::Bind(IgnoreResult(&Core::DoBufferSend), this, send_buffer, | 2209 base::Bind(IgnoreResult(&Core::DoBufferSend), this, send_buffer, |
2210 len)); | 2210 len)); |
2211 rv = posted ? ERR_IO_PENDING : ERR_ABORTED; | 2211 rv = posted ? ERR_IO_PENDING : ERR_ABORTED; |
2212 } | 2212 } |
2213 | 2213 |
2214 if (rv == ERR_IO_PENDING) { | 2214 if (rv == ERR_IO_PENDING) { |
2215 transport_send_busy_ = true; | 2215 transport_send_busy_ = true; |
2216 } else { | 2216 } else { |
2217 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); | 2217 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); |
2218 } | 2218 } |
2219 } | 2219 } |
2220 | 2220 |
2221 return rv; | 2221 return rv; |
2222 } | 2222 } |
2223 | 2223 |
2224 void SSLClientSocketNSS::Core::OnRecvComplete(int result) { | 2224 void SSLClientSocketNSS::Core::OnRecvComplete(int result) { |
2225 DCHECK(OnNSSTaskRunner()); | 2225 DCHECK(OnNSSTaskRunner()); |
2226 | 2226 |
2227 if (next_handshake_state_ == STATE_HANDSHAKE) { | 2227 if (next_handshake_state_ == STATE_HANDSHAKE) { |
2228 OnHandshakeIOComplete(result); | 2228 OnHandshakeIOComplete(result); |
2229 return; | 2229 return; |
2230 } | 2230 } |
2231 | 2231 |
2232 // Network layer received some data, check if client requested to read | 2232 // Network layer received some data, check if client requested to read |
2233 // decrypted data. | 2233 // decrypted data. |
2234 if (!user_read_buf_) | 2234 if (!user_read_buf_.get()) |
2235 return; | 2235 return; |
2236 | 2236 |
2237 int rv = DoReadLoop(result); | 2237 int rv = DoReadLoop(result); |
2238 if (rv != ERR_IO_PENDING) | 2238 if (rv != ERR_IO_PENDING) |
2239 DoReadCallback(rv); | 2239 DoReadCallback(rv); |
2240 } | 2240 } |
2241 | 2241 |
2242 void SSLClientSocketNSS::Core::OnSendComplete(int result) { | 2242 void SSLClientSocketNSS::Core::OnSendComplete(int result) { |
2243 DCHECK(OnNSSTaskRunner()); | 2243 DCHECK(OnNSSTaskRunner()); |
2244 | 2244 |
2245 if (next_handshake_state_ == STATE_HANDSHAKE) { | 2245 if (next_handshake_state_ == STATE_HANDSHAKE) { |
2246 OnHandshakeIOComplete(result); | 2246 OnHandshakeIOComplete(result); |
2247 return; | 2247 return; |
2248 } | 2248 } |
2249 | 2249 |
2250 // OnSendComplete may need to call DoPayloadRead while the renegotiation | 2250 // OnSendComplete may need to call DoPayloadRead while the renegotiation |
2251 // handshake is in progress. | 2251 // handshake is in progress. |
2252 int rv_read = ERR_IO_PENDING; | 2252 int rv_read = ERR_IO_PENDING; |
2253 int rv_write = ERR_IO_PENDING; | 2253 int rv_write = ERR_IO_PENDING; |
2254 bool network_moved; | 2254 bool network_moved; |
2255 do { | 2255 do { |
2256 if (user_read_buf_) | 2256 if (user_read_buf_.get()) |
2257 rv_read = DoPayloadRead(); | 2257 rv_read = DoPayloadRead(); |
2258 if (user_write_buf_) | 2258 if (user_write_buf_.get()) |
2259 rv_write = DoPayloadWrite(); | 2259 rv_write = DoPayloadWrite(); |
2260 network_moved = DoTransportIO(); | 2260 network_moved = DoTransportIO(); |
2261 } while (rv_read == ERR_IO_PENDING && | 2261 } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING && |
2262 rv_write == ERR_IO_PENDING && | 2262 (user_read_buf_.get() || user_write_buf_.get()) && network_moved); |
2263 (user_read_buf_ || user_write_buf_) && | |
2264 network_moved); | |
2265 | 2263 |
2266 // If the parent SSLClientSocketNSS is deleted during the processing of the | 2264 // If the parent SSLClientSocketNSS is deleted during the processing of the |
2267 // Read callback and OnNSSTaskRunner() == OnNetworkTaskRunner(), then the Core | 2265 // Read callback and OnNSSTaskRunner() == OnNetworkTaskRunner(), then the Core |
2268 // will be detached (and possibly deleted). Guard against deletion by taking | 2266 // will be detached (and possibly deleted). Guard against deletion by taking |
2269 // an extra reference, then check if the Core was detached before invoking the | 2267 // an extra reference, then check if the Core was detached before invoking the |
2270 // next callback. | 2268 // next callback. |
2271 scoped_refptr<Core> guard(this); | 2269 scoped_refptr<Core> guard(this); |
2272 if (user_read_buf_ && rv_read != ERR_IO_PENDING) | 2270 if (user_read_buf_.get() && rv_read != ERR_IO_PENDING) |
2273 DoReadCallback(rv_read); | 2271 DoReadCallback(rv_read); |
2274 | 2272 |
2275 if (OnNetworkTaskRunner() && detached_) | 2273 if (OnNetworkTaskRunner() && detached_) |
2276 return; | 2274 return; |
2277 | 2275 |
2278 if (user_write_buf_ && rv_write != ERR_IO_PENDING) | 2276 if (user_write_buf_.get() && rv_write != ERR_IO_PENDING) |
2279 DoWriteCallback(rv_write); | 2277 DoWriteCallback(rv_write); |
2280 } | 2278 } |
2281 | 2279 |
2282 // As part of Connect(), the SSLClientSocketNSS object performs an SSL | 2280 // As part of Connect(), the SSLClientSocketNSS object performs an SSL |
2283 // handshake. This requires network IO, which in turn calls | 2281 // handshake. This requires network IO, which in turn calls |
2284 // BufferRecvComplete() with a non-zero byte count. This byte count eventually | 2282 // BufferRecvComplete() with a non-zero byte count. This byte count eventually |
2285 // winds its way through the state machine and ends up being passed to the | 2283 // winds its way through the state machine and ends up being passed to the |
2286 // callback. For Read() and Write(), that's what we want. But for Connect(), | 2284 // callback. For Read() and Write(), that's what we want. But for Connect(), |
2287 // the caller expects OK (i.e. 0) for success. | 2285 // the caller expects OK (i.e. 0) for success. |
2288 void SSLClientSocketNSS::Core::DoConnectCallback(int rv) { | 2286 void SSLClientSocketNSS::Core::DoConnectCallback(int rv) { |
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2435 return ERR_INVALID_ARGUMENT; | 2433 return ERR_INVALID_ARGUMENT; |
2436 } | 2434 } |
2437 | 2435 |
2438 return OK; | 2436 return OK; |
2439 } | 2437 } |
2440 | 2438 |
2441 void SSLClientSocketNSS::Core::UpdateServerCert() { | 2439 void SSLClientSocketNSS::Core::UpdateServerCert() { |
2442 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); | 2440 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); |
2443 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( | 2441 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( |
2444 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); | 2442 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); |
2445 if (nss_handshake_state_.server_cert) { | 2443 if (nss_handshake_state_.server_cert.get()) { |
2446 // Since this will be called asynchronously on another thread, it needs to | 2444 // Since this will be called asynchronously on another thread, it needs to |
2447 // own a reference to the certificate. | 2445 // own a reference to the certificate. |
2448 NetLog::ParametersCallback net_log_callback = | 2446 NetLog::ParametersCallback net_log_callback = |
2449 base::Bind(&NetLogX509CertificateCallback, | 2447 base::Bind(&NetLogX509CertificateCallback, |
2450 nss_handshake_state_.server_cert); | 2448 nss_handshake_state_.server_cert); |
2451 PostOrRunCallback( | 2449 PostOrRunCallback( |
2452 FROM_HERE, | 2450 FROM_HERE, |
2453 base::Bind(&AddLogEventWithCallback, weak_net_log_, | 2451 base::Bind(&AddLogEventWithCallback, weak_net_log_, |
2454 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | 2452 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, |
2455 net_log_callback)); | 2453 net_log_callback)); |
(...skipping 392 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2848 ssl_info->connection_status = | 2846 ssl_info->connection_status = |
2849 core_->state().ssl_connection_status; | 2847 core_->state().ssl_connection_status; |
2850 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 2848 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
2851 for (HashValueVector::const_iterator i = side_pinned_public_keys_.begin(); | 2849 for (HashValueVector::const_iterator i = side_pinned_public_keys_.begin(); |
2852 i != side_pinned_public_keys_.end(); ++i) { | 2850 i != side_pinned_public_keys_.end(); ++i) { |
2853 ssl_info->public_key_hashes.push_back(*i); | 2851 ssl_info->public_key_hashes.push_back(*i); |
2854 } | 2852 } |
2855 ssl_info->is_issued_by_known_root = | 2853 ssl_info->is_issued_by_known_root = |
2856 server_cert_verify_result_.is_issued_by_known_root; | 2854 server_cert_verify_result_.is_issued_by_known_root; |
2857 ssl_info->client_cert_sent = | 2855 ssl_info->client_cert_sent = |
2858 ssl_config_.send_client_cert && ssl_config_.client_cert; | 2856 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
2859 ssl_info->channel_id_sent = WasChannelIDSent(); | 2857 ssl_info->channel_id_sent = WasChannelIDSent(); |
2860 | 2858 |
2861 PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite( | 2859 PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite( |
2862 core_->state().ssl_connection_status); | 2860 core_->state().ssl_connection_status); |
2863 SSLCipherSuiteInfo cipher_info; | 2861 SSLCipherSuiteInfo cipher_info; |
2864 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, | 2862 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, |
2865 &cipher_info, sizeof(cipher_info)); | 2863 &cipher_info, sizeof(cipher_info)); |
2866 if (ok == SECSuccess) { | 2864 if (ok == SECSuccess) { |
2867 ssl_info->security_bits = cipher_info.effectiveKeyBits; | 2865 ssl_info->security_bits = cipher_info.effectiveKeyBits; |
2868 } else { | 2866 } else { |
(...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3053 bool SSLClientSocketNSS::UsingTCPFastOpen() const { | 3051 bool SSLClientSocketNSS::UsingTCPFastOpen() const { |
3054 if (transport_.get() && transport_->socket()) { | 3052 if (transport_.get() && transport_->socket()) { |
3055 return transport_->socket()->UsingTCPFastOpen(); | 3053 return transport_->socket()->UsingTCPFastOpen(); |
3056 } | 3054 } |
3057 NOTREACHED(); | 3055 NOTREACHED(); |
3058 return false; | 3056 return false; |
3059 } | 3057 } |
3060 | 3058 |
3061 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, | 3059 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, |
3062 const CompletionCallback& callback) { | 3060 const CompletionCallback& callback) { |
3063 DCHECK(core_); | 3061 DCHECK(core_.get()); |
3064 DCHECK(!callback.is_null()); | 3062 DCHECK(!callback.is_null()); |
3065 | 3063 |
3066 EnterFunction(buf_len); | 3064 EnterFunction(buf_len); |
3067 int rv = core_->Read(buf, buf_len, callback); | 3065 int rv = core_->Read(buf, buf_len, callback); |
3068 LeaveFunction(rv); | 3066 LeaveFunction(rv); |
3069 | 3067 |
3070 return rv; | 3068 return rv; |
3071 } | 3069 } |
3072 | 3070 |
3073 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, | 3071 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, |
3074 const CompletionCallback& callback) { | 3072 const CompletionCallback& callback) { |
3075 DCHECK(core_); | 3073 DCHECK(core_.get()); |
3076 DCHECK(!callback.is_null()); | 3074 DCHECK(!callback.is_null()); |
3077 | 3075 |
3078 EnterFunction(buf_len); | 3076 EnterFunction(buf_len); |
3079 int rv = core_->Write(buf, buf_len, callback); | 3077 int rv = core_->Write(buf, buf_len, callback); |
3080 LeaveFunction(rv); | 3078 LeaveFunction(rv); |
3081 | 3079 |
3082 return rv; | 3080 return rv; |
3083 } | 3081 } |
3084 | 3082 |
3085 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { | 3083 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { |
(...skipping 18 matching lines...) Expand all Loading... |
3104 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 3102 // X509Certificate::Verify() runs on a worker thread of CertVerifier. |
3105 EnsureNSSHttpIOInit(); | 3103 EnsureNSSHttpIOInit(); |
3106 } | 3104 } |
3107 #endif | 3105 #endif |
3108 | 3106 |
3109 LeaveFunction(""); | 3107 LeaveFunction(""); |
3110 return OK; | 3108 return OK; |
3111 } | 3109 } |
3112 | 3110 |
3113 void SSLClientSocketNSS::InitCore() { | 3111 void SSLClientSocketNSS::InitCore() { |
3114 core_ = new Core(base::ThreadTaskRunnerHandle::Get(), nss_task_runner_, | 3112 core_ = new Core(base::ThreadTaskRunnerHandle::Get(), |
3115 transport_.get(), host_and_port_, ssl_config_, &net_log_, | 3113 nss_task_runner_.get(), |
| 3114 transport_.get(), |
| 3115 host_and_port_, |
| 3116 ssl_config_, |
| 3117 &net_log_, |
3116 server_bound_cert_service_); | 3118 server_bound_cert_service_); |
3117 } | 3119 } |
3118 | 3120 |
3119 int SSLClientSocketNSS::InitializeSSLOptions() { | 3121 int SSLClientSocketNSS::InitializeSSLOptions() { |
3120 // Transport connected, now hook it up to nss | 3122 // Transport connected, now hook it up to nss |
3121 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize); | 3123 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize); |
3122 if (nss_fd_ == NULL) { | 3124 if (nss_fd_ == NULL) { |
3123 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | 3125 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. |
3124 } | 3126 } |
3125 | 3127 |
(...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3388 DCHECK(start_cert_verification_time_.is_null()); | 3390 DCHECK(start_cert_verification_time_.is_null()); |
3389 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | 3391 VLOG(1) << "Received an expected bad cert with status: " << cert_status; |
3390 server_cert_verify_result_.Reset(); | 3392 server_cert_verify_result_.Reset(); |
3391 server_cert_verify_result_.cert_status = cert_status; | 3393 server_cert_verify_result_.cert_status = cert_status; |
3392 server_cert_verify_result_.verified_cert = core_->state().server_cert; | 3394 server_cert_verify_result_.verified_cert = core_->state().server_cert; |
3393 return OK; | 3395 return OK; |
3394 } | 3396 } |
3395 | 3397 |
3396 // We may have failed to create X509Certificate object if we are | 3398 // We may have failed to create X509Certificate object if we are |
3397 // running inside sandbox. | 3399 // running inside sandbox. |
3398 if (!core_->state().server_cert) { | 3400 if (!core_->state().server_cert.get()) { |
3399 server_cert_verify_result_.Reset(); | 3401 server_cert_verify_result_.Reset(); |
3400 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | 3402 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; |
3401 return ERR_CERT_INVALID; | 3403 return ERR_CERT_INVALID; |
3402 } | 3404 } |
3403 | 3405 |
3404 start_cert_verification_time_ = base::TimeTicks::Now(); | 3406 start_cert_verification_time_ = base::TimeTicks::Now(); |
3405 | 3407 |
3406 int flags = 0; | 3408 int flags = 0; |
3407 if (ssl_config_.rev_checking_enabled) | 3409 if (ssl_config_.rev_checking_enabled) |
3408 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 3410 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
3409 if (ssl_config_.verify_ev_cert) | 3411 if (ssl_config_.verify_ev_cert) |
3410 flags |= CertVerifier::VERIFY_EV_CERT; | 3412 flags |= CertVerifier::VERIFY_EV_CERT; |
3411 if (ssl_config_.cert_io_enabled) | 3413 if (ssl_config_.cert_io_enabled) |
3412 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 3414 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
3413 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | 3415 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
3414 return verifier_->Verify( | 3416 return verifier_->Verify( |
3415 core_->state().server_cert, host_and_port_.host(), flags, | 3417 core_->state().server_cert.get(), |
3416 SSLConfigService::GetCRLSet(), &server_cert_verify_result_, | 3418 host_and_port_.host(), |
| 3419 flags, |
| 3420 SSLConfigService::GetCRLSet(), |
| 3421 &server_cert_verify_result_, |
3417 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | 3422 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, |
3418 base::Unretained(this)), | 3423 base::Unretained(this)), |
3419 net_log_); | 3424 net_log_); |
3420 } | 3425 } |
3421 | 3426 |
3422 // Derived from AuthCertificateCallback() in | 3427 // Derived from AuthCertificateCallback() in |
3423 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 3428 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
3424 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 3429 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
3425 verifier_.reset(); | 3430 verifier_.reset(); |
3426 | 3431 |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3547 EnsureThreadIdAssigned(); | 3552 EnsureThreadIdAssigned(); |
3548 base::AutoLock auto_lock(lock_); | 3553 base::AutoLock auto_lock(lock_); |
3549 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3554 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
3550 } | 3555 } |
3551 | 3556 |
3552 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3557 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3553 return server_bound_cert_service_; | 3558 return server_bound_cert_service_; |
3554 } | 3559 } |
3555 | 3560 |
3556 } // namespace net | 3561 } // namespace net |
OLD | NEW |