OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
60 #include <sslerr.h> | 60 #include <sslerr.h> |
61 #include <sslproto.h> | 61 #include <sslproto.h> |
62 | 62 |
63 #include <algorithm> | 63 #include <algorithm> |
64 #include <limits> | 64 #include <limits> |
65 #include <map> | 65 #include <map> |
66 | 66 |
67 #include "base/bind.h" | 67 #include "base/bind.h" |
68 #include "base/bind_helpers.h" | 68 #include "base/bind_helpers.h" |
69 #include "base/build_time.h" | 69 #include "base/build_time.h" |
70 #include "base/callback_helpers.h" | |
70 #include "base/compiler_specific.h" | 71 #include "base/compiler_specific.h" |
71 #include "base/logging.h" | 72 #include "base/logging.h" |
72 #include "base/memory/singleton.h" | 73 #include "base/memory/singleton.h" |
73 #include "base/metrics/histogram.h" | 74 #include "base/metrics/histogram.h" |
75 #include "base/single_thread_task_runner.h" | |
76 #include "base/stl_util.h" | |
74 #include "base/string_number_conversions.h" | 77 #include "base/string_number_conversions.h" |
75 #include "base/string_util.h" | 78 #include "base/string_util.h" |
76 #include "base/stringprintf.h" | 79 #include "base/stringprintf.h" |
77 #include "base/threading/thread_restrictions.h" | 80 #include "base/threading/thread_restrictions.h" |
78 #include "base/values.h" | 81 #include "base/values.h" |
79 #include "crypto/ec_private_key.h" | 82 #include "crypto/ec_private_key.h" |
80 #include "crypto/rsa_private_key.h" | 83 #include "crypto/rsa_private_key.h" |
81 #include "crypto/scoped_nss_types.h" | 84 #include "crypto/scoped_nss_types.h" |
82 #include "net/base/address_list.h" | 85 #include "net/base/address_list.h" |
83 #include "net/base/asn1_util.h" | 86 #include "net/base/asn1_util.h" |
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
239 if (!CertGetCertificateContextProperty( | 242 if (!CertGetCertificateContextProperty( |
240 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { | 243 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { |
241 return FALSE; | 244 return FALSE; |
242 } | 245 } |
243 | 246 |
244 return TRUE; | 247 return TRUE; |
245 } | 248 } |
246 | 249 |
247 #endif | 250 #endif |
248 | 251 |
249 // PeerCertificateChain is a helper object which extracts the certificate | |
250 // chain, as given by the server, from an NSS socket and performs the needed | |
251 // resource management. The first element of the chain is the leaf certificate | |
252 // and the other elements are in the order given by the server. | |
253 class PeerCertificateChain { | |
254 public: | |
255 explicit PeerCertificateChain(PRFileDesc* nss_fd) | |
256 : num_certs_(0), | |
257 certs_(NULL) { | |
258 SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_, 0); | |
259 DCHECK_EQ(rv, SECSuccess); | |
260 | |
261 certs_ = new CERTCertificate*[num_certs_]; | |
262 const unsigned expected_num_certs = num_certs_; | |
263 rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_, | |
264 expected_num_certs); | |
265 DCHECK_EQ(rv, SECSuccess); | |
266 DCHECK_EQ(num_certs_, expected_num_certs); | |
267 } | |
268 | |
269 ~PeerCertificateChain() { | |
270 for (unsigned i = 0; i < num_certs_; i++) | |
271 CERT_DestroyCertificate(certs_[i]); | |
272 delete[] certs_; | |
273 } | |
274 | |
275 unsigned size() const { return num_certs_; } | |
276 | |
277 CERTCertificate* operator[](unsigned i) { | |
278 DCHECK_LT(i, num_certs_); | |
279 return certs_[i]; | |
280 } | |
281 | |
282 std::vector<base::StringPiece> AsStringPieceVector() const { | |
283 std::vector<base::StringPiece> v(size()); | |
284 for (unsigned i = 0; i < size(); i++) { | |
285 v[i] = base::StringPiece( | |
286 reinterpret_cast<const char*>(certs_[i]->derCert.data), | |
287 certs_[i]->derCert.len); | |
288 } | |
289 | |
290 return v; | |
291 } | |
292 | |
293 private: | |
294 unsigned num_certs_; | |
295 CERTCertificate** certs_; | |
296 }; | |
297 | |
298 void DestroyCertificates(CERTCertificate** certs, unsigned len) { | |
299 for (unsigned i = 0; i < len; i++) | |
300 CERT_DestroyCertificate(certs[i]); | |
301 } | |
302 | |
303 // DNSValidationResult enumerates the possible outcomes from processing a | 252 // DNSValidationResult enumerates the possible outcomes from processing a |
304 // set of DNS records. | 253 // set of DNS records. |
305 enum DNSValidationResult { | 254 enum DNSValidationResult { |
306 DNSVR_SUCCESS, // the cert is immediately acceptable. | 255 DNSVR_SUCCESS, // the cert is immediately acceptable. |
307 DNSVR_FAILURE, // the cert is unconditionally rejected. | 256 DNSVR_FAILURE, // the cert is unconditionally rejected. |
308 DNSVR_CONTINUE, // perform CA validation as usual. | 257 DNSVR_CONTINUE, // perform CA validation as usual. |
309 }; | 258 }; |
310 | 259 |
311 // VerifyCAARecords processes DNSSEC validated RRDATA for a number of DNS CAA | 260 // VerifyCAARecords processes DNSSEC validated RRDATA for a number of DNS CAA |
312 // records and checks them against the given chain. | 261 // records and checks them against the given chain. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
352 } | 301 } |
353 } | 302 } |
354 } | 303 } |
355 | 304 |
356 // If a CAA record was found, but nothing matched, then we reject the | 305 // If a CAA record was found, but nothing matched, then we reject the |
357 // certificate. | 306 // certificate. |
358 return DNSVR_FAILURE; | 307 return DNSVR_FAILURE; |
359 } | 308 } |
360 | 309 |
361 // CheckDNSSECChain tries to validate a DNSSEC chain embedded in | 310 // CheckDNSSECChain tries to validate a DNSSEC chain embedded in |
362 // |server_cert_nss_|. It returns true iff a chain is found that proves the | 311 // |server_cert_nss|. It returns true iff a chain is found that proves the |
363 // value of a CAA record that contains a valid public key fingerprint. | 312 // value of a CAA record that contains a valid public key fingerprint. |
364 // |port| contains the TCP port number that we connected to as CAA records can | 313 // |port| contains the TCP port number that we connected to as CAA records can |
365 // be specific to a given port. | 314 // be specific to a given port. |
366 DNSValidationResult CheckDNSSECChain( | 315 DNSValidationResult CheckDNSSECChain( |
367 const std::string& hostname, | 316 const std::string& hostname, |
368 CERTCertificate* server_cert_nss, | 317 CERTCertificate* server_cert_nss, |
369 uint16 port) { | 318 uint16 port) { |
370 if (!server_cert_nss) | 319 if (!server_cert_nss) |
371 return DNSVR_CONTINUE; | 320 return DNSVR_CONTINUE; |
372 | 321 |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
414 if (verifier.rrtype() != kDNS_CAA) | 363 if (verifier.rrtype() != kDNS_CAA) |
415 return DNSVR_CONTINUE; | 364 return DNSVR_CONTINUE; |
416 | 365 |
417 DNSValidationResult r = VerifyCAARecords( | 366 DNSValidationResult r = VerifyCAARecords( |
418 server_cert_nss, verifier.rrdatas(), port); | 367 server_cert_nss, verifier.rrdatas(), port); |
419 SECITEM_FreeItem(&dnssec_embedded_chain, PR_FALSE); | 368 SECITEM_FreeItem(&dnssec_embedded_chain, PR_FALSE); |
420 | 369 |
421 return r; | 370 return r; |
422 } | 371 } |
423 | 372 |
373 bool DomainBoundCertNegotiated(PRFileDesc* socket) { | |
374 // TODO(wtc,mattm): this is temporary while DBC support is changed into | |
375 // Channel ID. | |
376 return false; | |
377 } | |
378 | |
379 void DestroyCertificates(CERTCertificate** certs, size_t len) { | |
380 for (size_t i = 0; i < len; i++) | |
381 CERT_DestroyCertificate(certs[i]); | |
382 } | |
383 | |
384 // Helper function to wrap BoundNetLog::AddByteTransferEvent from within the | |
385 // SSLClientSocketNSS::Core. | |
386 // AddByteTransferEvent expects to receive a const char*, which is typically | |
387 // backed by an IOBuffer*. However, the Core may need to add the log entry | |
388 // from the NSS task runner, and after marshalling to the network thread, the | |
389 // underlying IOBuffer*/const char* may be out of scope by the time | |
390 // AddByteTransferEvent is invoked. This helper provides a signature that | |
391 // takes an IOBuffer*, allowing the underlying IOBuffer to be kept alive long | |
392 // enough to log the event from the network thread. | |
wtc
2012/05/30 22:54:29
I don't see anything in this helper function that
Ryan Sleevi
2012/05/30 23:20:10
Yes. I could change |buffer| to be "const scoped_r
| |
393 void LogByteTransferEvent(BoundNetLog* net_log, NetLog::EventType event_type, | |
394 int len, IOBuffer* buffer) { | |
395 if (!net_log) | |
396 return; | |
397 net_log->AddByteTransferEvent(event_type, len, buffer->data()); | |
398 } | |
399 | |
400 // PeerCertificateChain is a helper object which extracts the certificate | |
401 // chain, as given by the server, from an NSS socket and performs the needed | |
402 // resource management. The first element of the chain is the leaf certificate | |
403 // and the other elements are in the order given by the server. | |
404 class PeerCertificateChain { | |
405 public: | |
406 PeerCertificateChain() {} | |
407 PeerCertificateChain(const PeerCertificateChain& other); | |
408 ~PeerCertificateChain(); | |
409 PeerCertificateChain& operator=(const PeerCertificateChain& other); | |
410 | |
411 // Resets the current chain to the certificate chain stored in |nss_fd|. | |
412 // If |nss_fd| is NULL, frees the current certificate chain. | |
wtc
2012/05/30 22:54:29
Nit: this comment seems to imply that the current
Ryan Sleevi
2012/05/30 23:20:10
Will update.
| |
413 void Reset(PRFileDesc* nss_fd); | |
414 | |
415 // Returns the current certificate chain as a vector of DER-encoded | |
416 // base::StringPieces. The returned vector remains valid until Reset is | |
417 // called. | |
418 std::vector<base::StringPiece> AsStringPieceVector() const; | |
419 | |
420 size_t size() const { return certs_.size(); } | |
421 CERTCertificate* operator[](size_t i) const { | |
422 DCHECK_LT(i, certs_.size()); | |
423 return certs_[i]; | |
424 } | |
425 | |
426 private: | |
427 std::vector<CERTCertificate*> certs_; | |
428 }; | |
429 | |
430 PeerCertificateChain::PeerCertificateChain( | |
431 const PeerCertificateChain& other) { | |
432 *this = other; | |
wtc
2012/05/30 22:54:29
Nit: indent by just two.
| |
433 } | |
434 | |
435 PeerCertificateChain::~PeerCertificateChain() { | |
436 Reset(NULL); | |
437 } | |
438 | |
439 PeerCertificateChain& PeerCertificateChain::operator=( | |
440 const PeerCertificateChain& other) { | |
441 if (this == &other) | |
442 return *this; | |
443 | |
444 Reset(NULL); | |
445 certs_.reserve(other.certs_.size()); | |
446 for (size_t i = 0; i < other.certs_.size(); ++i) | |
447 certs_.push_back(CERT_DupCertificate(other.certs_[i])); | |
448 | |
449 return *this; | |
450 } | |
451 | |
452 void PeerCertificateChain::Reset(PRFileDesc* nss_fd) { | |
453 for (size_t i = 0; i < certs_.size(); ++i) | |
454 CERT_DestroyCertificate(certs_[i]); | |
455 certs_.clear(); | |
456 | |
457 if (nss_fd == NULL) | |
458 return; | |
459 | |
460 unsigned int num_certs = 0; | |
461 SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs, 0); | |
462 DCHECK_EQ(SECSuccess, rv); | |
463 | |
464 if (num_certs == 0) | |
465 return; | |
wtc
2012/05/30 22:54:29
This should be a CHECK or DCHECK. NSS doesn't sup
Ryan Sleevi
2012/05/30 23:20:10
Really this was meant to handle when rv == SECFail
wtc
2012/05/31 01:23:42
I see. SSL_PeerCertificateChain has this code:
| |
466 | |
467 certs_.resize(num_certs); | |
468 const unsigned int expected_num_certs = num_certs; | |
469 rv = SSL_PeerCertificateChain(nss_fd, vector_as_array(&certs_), | |
470 &num_certs, expected_num_certs); | |
471 DCHECK_EQ(SECSuccess, rv); | |
472 DCHECK_EQ(expected_num_certs, num_certs); | |
473 } | |
474 | |
475 std::vector<base::StringPiece> | |
476 PeerCertificateChain::AsStringPieceVector() const { | |
477 std::vector<base::StringPiece> v(certs_.size()); | |
478 for (unsigned i = 0; i < size(); i++) { | |
wtc
2012/05/30 22:54:29
Nit: use either size() or certs_.size() consistent
| |
479 v[i] = base::StringPiece( | |
480 reinterpret_cast<const char*>(certs_[i]->derCert.data), | |
481 certs_[i]->derCert.len); | |
482 } | |
483 | |
484 return v; | |
485 } | |
486 | |
487 // ConnectionState is a helper struct used to pass handshake state between | |
wtc
2012/05/30 22:54:29
If this structure holds the handshake state, perha
| |
488 // the NSS task runner and the network task runner. | |
489 // | |
490 // This struct is necessary because the SSLClientSocketNSS needs to read these | |
491 // variables synchronously on the network task runner, but they may be read or | |
492 // written at any time on the network task runner. Copying avoids the need for | |
wtc
2012/05/30 22:54:29
Should the "network task runner" in this line be "
Ryan Sleevi
2012/05/30 23:20:10
Yes, thanks, fixed.
| |
493 // lock contention, | |
wtc
2012/05/30 22:54:29
Did you mean "lock contention" or "lock protection
Ryan Sleevi
2012/05/30 23:20:10
You're absolutely correct. It was meant to say "lo
| |
494 struct ConnectionState { | |
495 ConnectionState() { Reset(); } | |
496 | |
497 void Reset() { | |
498 next_proto_status = SSLClientSocket::kNextProtoUnsupported; | |
499 next_proto.clear(); | |
500 server_protos.clear(); | |
501 domain_bound_cert_type = CLIENT_CERT_INVALID_TYPE; | |
502 client_certs.clear(); | |
503 server_cert_chain.Reset(NULL); | |
504 server_cert = NULL; | |
505 predicted_cert_chain_correct = false; | |
506 resumed_handshake = false; | |
507 ssl_connection_status = 0; | |
508 } | |
509 | |
510 // Set to kNextProtoNegotiated if NPN was successfully negotiated, with the | |
511 // negotiated protocol stored in |next_proto|. | |
512 SSLClientSocket::NextProtoStatus next_proto_status; | |
513 std::string next_proto; | |
514 // If the server supports NPN, the protocols supported by the server. | |
515 std::string server_protos; | |
516 | |
517 SSLClientCertType domain_bound_cert_type; | |
518 | |
519 // If the peer requests client certificate authentication, the set of | |
520 // certificates that matched the peer's criteria. | |
521 CertificateList client_certs; | |
522 | |
523 // Set when the handshake fully completes. | |
524 // | |
525 // The server certificate is first received from NSS as an NSS certificate | |
526 // chain (|server_cert_chain|) and then converted into a platform-specific | |
527 // net::X509Certificate object (|server_cert|). It's possible for some | |
wtc
2012/05/30 22:54:29
Nit: you can omit net:: in this file.
| |
528 // certificates to be successfully parsed by NSS, and not by the platform | |
529 // libraries (i.e.: when running within a sandbox, different parsing | |
530 // algorithms, etc), so it's not safe to assume that |server_cert| will | |
531 // always be non-NULL. | |
532 PeerCertificateChain server_cert_chain; | |
533 scoped_refptr<X509Certificate> server_cert; | |
534 | |
535 bool predicted_cert_chain_correct; | |
wtc
2012/05/30 22:54:29
Please keep the original comment, after updating i
| |
536 bool resumed_handshake; | |
537 int ssl_connection_status; | |
538 }; | |
539 | |
424 } // namespace | 540 } // namespace |
425 | 541 |
426 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 542 // SSLClientSocketNSS::Core provides a thread-safe, ref-counted core that is |
427 const HostPortPair& host_and_port, | 543 // able to marshal data between NSS functions and an underlying transport |
428 const SSLConfig& ssl_config, | 544 // socket. |
429 SSLHostInfo* ssl_host_info, | 545 // Because NSS functions such as signing, creating certificates, or locating |
430 const SSLClientSocketContext& context) | 546 // private keys may block while waiting for the underlying PKCS#11 modules, |
431 : transport_send_busy_(false), | 547 // the Core exists to allow all potentially blocking NSS functions to be |
548 // executed on a dedicated task runner, allowing the network task runner to | |
549 // continue executing tasks. | |
wtc
2012/05/30 22:54:29
This block comment is important to the understandi
| |
550 class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> { | |
551 public: | |
552 // Creates a new Core. | |
553 // The main NSS state machine will be executed on |nss_task_runner|, while | |
554 // any network I/O (via |transport|), logging (via |net_log|), or server | |
555 // bound cert fetching (|server_bound_cert_service|) will happen on the | |
556 // |network_task_runner|. | |
557 // The caller retains ownership of |transport|, |net_log|, and | |
558 // |server_bound_cert_service|, and they must remain valid until Detach() | |
559 // is called. | |
560 Core(base::SingleThreadTaskRunner* network_task_runner, | |
561 base::SingleThreadTaskRunner* nss_task_runner, | |
562 ClientSocketHandle* transport, | |
563 const HostPortPair& host_and_port, | |
564 const SSLConfig& ssl_config, | |
565 BoundNetLog* net_log, | |
566 ServerBoundCertService* server_bound_cert_service); | |
567 | |
568 // Called on the network task runner. | |
569 // Transfers ownership of |socket|, an NSS SSL socket, and |buffers|, the | |
570 // underlying memio implementation, to the Core. Returns SECSuccess if the | |
571 // Core was successfully registered with the socket, otherwise an error | |
572 // code. | |
573 SECStatus Init(PRFileDesc* socket, memio_Private* buffers); | |
wtc
2012/05/30 22:54:29
Why do you use SECStatus here? This is not an NSS
| |
574 | |
575 // Called on the network task runner. | |
576 // Sets the predicted certificate chain that the peer will send, for use | |
577 // with the TLS CachedInfo extension. May not be called before Init() or | |
578 // after Connect(). | |
579 void SetPredictedCertificates( | |
580 const std::vector<std::string>& predicted_certificates); | |
581 | |
582 // Called on the network task runner. | |
583 // Attempts an SSL handshake, performing the underlying socket IO as needed. | |
584 // If the handshake cannot be completed synchronously, returns | |
585 // ERR_IO_PENDING, invoking |callback| on the network task runner once the | |
586 // handshake has completed. Otherwise, returns OK on success or a network | |
587 // error code on failure. | |
588 int Connect(const CompletionCallback& callback); | |
589 | |
590 // Called on the network task runner. | |
591 // Signals that the resources owned by the network task runner are going | |
592 // away. No further callbacks will be invoked on the network task runner. | |
593 // May be called at any time. | |
594 void Detach(); | |
595 | |
596 // Called on the network task runner. | |
597 // Returns the current state of the underlying SSL socket. May be called at | |
598 // any time. | |
599 const ConnectionState& state() const { | |
600 return network_connection_state_; | |
601 } | |
602 | |
603 // Called on the network task runner. | |
604 // Read() and Write() mirror the net::Socket functions of the same name. | |
605 // If ERR_IO_PENDING is returned, |callback| will be invoked on the network | |
606 // task runner at a later point, unless the caller calls Detach(). | |
607 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); | |
608 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); | |
wtc
2012/05/30 22:54:29
Nit: it may be good to summarize somewhere that al
| |
609 | |
610 private: | |
611 friend class base::RefCountedThreadSafe<Core>; | |
612 ~Core(); | |
613 | |
614 enum State { | |
615 STATE_NONE, | |
616 STATE_HANDSHAKE, | |
617 STATE_GET_DOMAIN_BOUND_CERT_COMPLETE, | |
618 }; | |
619 | |
620 bool OnNSSTaskRunner() const; | |
621 bool OnNetworkTaskRunner() const; | |
622 | |
623 //////////////////////////////////////////////////////////////////////////// | |
624 // Methods that are ONLY called on the NSS task runner: | |
625 //////////////////////////////////////////////////////////////////////////// | |
626 | |
627 // Called by NSS during full handshakes to allow the application to | |
628 // verify the certificate. Instead of verifying the certificate in the midst | |
629 // of the handshake, SECSuccess is always returned and the peer's certificate | |
630 // is verified afterwards. | |
631 // This behaviour is an artifact of the original SSLClientSocketWin | |
632 // implementation, which could not verify the peer's certificate until after | |
633 // the handshake had completed. | |
wtc
2012/05/30 22:54:29
Nit: it's also caused by not having a working
SSL_
| |
634 static SECStatus OwnAuthCertHandler(void* arg, | |
635 PRFileDesc* socket, | |
636 PRBool checksig, | |
637 PRBool is_server); | |
638 | |
639 // Callbacks called by NSS when the peer requests client certificate | |
640 // authentication. | |
641 // See the documentation in third_party/nss/ssl/ssl.h for the meanings of | |
642 // the arguments. | |
643 #if defined(NSS_PLATFORM_CLIENT_AUTH) | |
644 // When NSS has been integrated with awareness of the underlying system | |
645 // cryptographic libraries, this callback allows the caller to supply a | |
646 // native platform certificate and key for use by NSS. At most, one of | |
647 // either (result_certs, result_private_key) or (result_nss_certificate, | |
648 // result_nss_private_key) should be set. | |
649 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | |
650 static SECStatus PlatformClientAuthHandler( | |
651 void* arg, | |
652 PRFileDesc* socket, | |
653 CERTDistNames* ca_names, | |
654 CERTCertList** result_certs, | |
655 void** result_private_key, | |
656 CERTCertificate** result_nss_certificate, | |
657 SECKEYPrivateKey** result_nss_private_key); | |
658 #else | |
659 static SECStatus ClientAuthHandler(void* arg, | |
660 PRFileDesc* socket, | |
661 CERTDistNames* ca_names, | |
662 CERTCertificate** result_certificate, | |
663 SECKEYPrivateKey** result_private_key); | |
664 #endif | |
665 | |
666 // Called by NSS once the handshake has completed. | |
667 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | |
668 static void HandshakeCallback(PRFileDesc* socket, void* arg); | |
669 | |
670 // Called by NSS if the peer supports the NPN handshake extension, to allow | |
671 // the application to select the protocol to use. | |
672 // See the documentation for SSLNextProtocolCallback in | |
673 // third_party/nss/ssl/ssl.h for the meanings of the arguments. | |
674 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | |
675 static SECStatus NextProtoCallback(void* arg, | |
676 PRFileDesc* fd, | |
677 const unsigned char* protos, | |
678 unsigned int protos_len, | |
679 unsigned char* proto_out, | |
680 unsigned int* proto_out_len, | |
681 unsigned int proto_max_len); | |
682 | |
683 // Handles an NSS error generated while handshaking or performing IO. | |
684 // Returns a network error code mapped from the original NSS error. | |
685 int HandleNSSError(PRErrorCode error, bool handshake_error); | |
686 | |
687 int DoHandshakeLoop(int last_io_result); | |
688 int DoReadLoop(int result); | |
689 int DoWriteLoop(int result); | |
690 | |
691 int DoHandshake(); | |
692 int DoGetDBCertComplete(int result); | |
693 | |
694 int DoPayloadRead(); | |
695 int DoPayloadWrite(); | |
696 | |
697 bool DoTransportIO(); | |
698 int BufferRecv(); | |
699 int BufferSend(); | |
700 | |
701 void OnRecvComplete(int result); | |
702 void OnSendComplete(int result); | |
703 | |
704 void DoConnectCallback(int result); | |
705 void DoReadCallback(int result); | |
706 void DoWriteCallback(int result); | |
707 | |
708 // Domain bound cert client auth handler. | |
709 // Returns the value the ClientAuthHandler function should return. | |
710 SECStatus DomainBoundClientAuthHandler( | |
711 const SECItem* cert_types, | |
712 CERTCertificate** result_certificate, | |
713 SECKEYPrivateKey** result_private_key); | |
714 | |
715 // ImportDBCertAndKey is a helper function for turning a DER-encoded cert and | |
716 // key into a CERTCertificate and SECKEYPrivateKey. Returns OK upon success | |
717 // and an error code otherwise. | |
718 // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been | |
719 // set by a call to ServerBoundCertService->GetDomainBoundCert. The caller | |
720 // takes ownership of the |*cert| and |*key|. | |
721 int ImportDBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key); | |
722 | |
723 // Updates the NSS and platform specific certificates. | |
724 void UpdateServerCert(); | |
725 // Updates the nss_connection_state_ with the negotiated security parameters. | |
726 void UpdateConnectionStatus(); | |
727 // Record histograms for DBC support during full handshakes - resumed | |
728 // handshakes are ignored. | |
729 void RecordDomainBoundCertSupport() const; | |
730 | |
731 //////////////////////////////////////////////////////////////////////////// | |
732 // Methods that are ONLY called on the network task runner: | |
733 //////////////////////////////////////////////////////////////////////////// | |
734 int DoBufferRecv(IOBuffer* buffer, int len); | |
735 int DoBufferSend(IOBuffer* buffer, int len); | |
736 int DoGetDomainBoundCert(const std::string& origin, | |
737 const std::vector<uint8>& requested_cert_types); | |
738 | |
739 void OnGetDomainBoundCertComplete(int result); | |
740 void OnConnectionStateUpdated(const ConnectionState& state); | |
741 | |
742 //////////////////////////////////////////////////////////////////////////// | |
743 // Methods that are accessed on both the network task runner and the NSS | |
wtc
2012/05/30 22:54:29
Nit: accessed => called.
| |
744 // task runner. | |
745 //////////////////////////////////////////////////////////////////////////// | |
746 void OnHandshakeIOComplete(int result); | |
747 void BufferRecvComplete(IOBuffer* buffer, int result); | |
748 void BufferSendComplete(int result); | |
749 void PostOrRunCallback(const base::Closure& callback); | |
wtc
2012/05/30 22:54:29
Document that the callback runs on the network tas
| |
750 | |
751 //////////////////////////////////////////////////////////////////////////// | |
752 // Variables that are ONLY accessed on the network task runner: | |
wtc
2012/05/30 22:54:29
Nit: Variables => Members?
Also on lines 771 and
| |
753 //////////////////////////////////////////////////////////////////////////// | |
754 | |
755 // True if the owning SSLClientSocketNSS has called Detach(). No further | |
756 // callbacks will be invoked nor access to variables owned by the network | |
757 // task runner. | |
758 bool detached_; | |
759 | |
760 // The underlying transport to use for network IO. | |
761 ClientSocketHandle* transport_; | |
762 base::WeakPtrFactory<BoundNetLog> weak_factory_; | |
wtc
2012/05/30 22:54:29
weak_factory_ is a confusing name. I thought this
| |
763 | |
764 // The current connection state. Mirrors |nss_connection_state_|. | |
765 ConnectionState network_connection_state_; | |
766 | |
767 ServerBoundCertService* server_bound_cert_service_; | |
768 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_; | |
769 | |
770 //////////////////////////////////////////////////////////////////////////// | |
771 // Variables that are ONLY accessed on the NSS task runner: | |
772 //////////////////////////////////////////////////////////////////////////// | |
773 HostPortPair host_and_port_; | |
774 SSLConfig ssl_config_; | |
775 | |
776 // NSS state machine | |
wtc
2012/05/30 22:54:29
Nit: it is a little confusing to call nss_fd_ the
| |
777 PRFileDesc* nss_fd_; | |
778 | |
779 // Buffers for the network end of the SSL state machine | |
780 memio_Private* nss_bufs_; | |
781 | |
782 // The certificate chain, in DER form, that is expected to be received from | |
783 // the server. | |
784 std::vector<std::string> predicted_certs_; | |
785 | |
786 State next_handshake_state_; | |
787 | |
788 // True if domain bound certs were negotiated. | |
789 bool domain_bound_cert_xtn_negotiated_; | |
790 // True if the handshake state machine was interrupted for client auth. | |
791 bool client_auth_cert_needed_; | |
792 // True if NSS has called HandshakeCallback. | |
793 bool handshake_callback_called_; | |
794 | |
795 ConnectionState nss_connection_state_; | |
796 | |
797 bool transport_recv_busy_; | |
798 bool transport_recv_eof_; | |
799 bool transport_send_busy_; | |
800 | |
801 // Used by Read function. | |
802 scoped_refptr<IOBuffer> user_read_buf_; | |
803 int user_read_buf_len_; | |
804 | |
805 // Used by Write function. | |
806 scoped_refptr<IOBuffer> user_write_buf_; | |
807 int user_write_buf_len_; | |
808 | |
809 CompletionCallback user_connect_callback_; | |
810 CompletionCallback user_read_callback_; | |
811 CompletionCallback user_write_callback_; | |
812 | |
813 //////////////////////////////////////////////////////////////////////////// | |
814 // Variables that are accessed on both the network task runner and the NSS | |
815 // task runner. | |
816 //////////////////////////////////////////////////////////////////////////// | |
817 scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_; | |
818 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner_; | |
819 | |
820 // Dereferenced only on the network task runner, but bound to tasks destined | |
821 // for the network task runner from the NSS task runner. | |
822 base::WeakPtr<BoundNetLog> weak_net_log_; | |
823 | |
824 // Written on the network task runner by the |server_bound_cert_service_|, | |
825 // prior to invoking OnHandshakeIOComplete. | |
826 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked | |
827 // on the NSS task runner. | |
828 SSLClientCertType domain_bound_cert_type_; | |
829 std::string domain_bound_private_key_; | |
830 std::string domain_bound_cert_; | |
831 | |
832 DISALLOW_COPY_AND_ASSIGN(Core); | |
833 }; | |
834 | |
835 SSLClientSocketNSS::Core::Core( | |
836 base::SingleThreadTaskRunner* network_task_runner, | |
837 base::SingleThreadTaskRunner* nss_task_runner, | |
838 ClientSocketHandle* transport, | |
839 const HostPortPair& host_and_port, | |
840 const SSLConfig& ssl_config, | |
841 BoundNetLog* net_log, | |
842 ServerBoundCertService* server_bound_cert_service) | |
843 : detached_(false), | |
844 transport_(transport), | |
845 weak_factory_(net_log), | |
846 server_bound_cert_service_(server_bound_cert_service), | |
847 domain_bound_cert_request_handle_(NULL), | |
848 host_and_port_(host_and_port), | |
849 ssl_config_(ssl_config), | |
850 nss_fd_(NULL), | |
851 nss_bufs_(NULL), | |
852 next_handshake_state_(STATE_NONE), | |
853 domain_bound_cert_xtn_negotiated_(false), | |
854 client_auth_cert_needed_(false), | |
855 handshake_callback_called_(false), | |
432 transport_recv_busy_(false), | 856 transport_recv_busy_(false), |
433 transport_recv_eof_(false), | 857 transport_recv_eof_(false), |
434 transport_(transport_socket), | 858 transport_send_busy_(false), |
435 host_and_port_(host_and_port), | |
436 ssl_config_(ssl_config), | |
437 user_read_buf_len_(0), | 859 user_read_buf_len_(0), |
438 user_write_buf_len_(0), | 860 user_write_buf_len_(0), |
439 server_cert_nss_(NULL), | 861 network_task_runner_(network_task_runner), |
440 server_cert_verify_result_(NULL), | 862 nss_task_runner_(nss_task_runner), |
441 ssl_connection_status_(0), | 863 weak_net_log_(weak_factory_.GetWeakPtr()), |
wtc
2012/05/30 22:54:29
Is this cheaper than calling weak_factory_.GetWeak
Ryan Sleevi
2012/05/30 23:20:10
It's more subtle than that, so I'll add appropriat
| |
442 client_auth_cert_needed_(false), | 864 domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE) { |
443 cert_verifier_(context.cert_verifier), | 865 } |
444 domain_bound_cert_xtn_negotiated_(false), | 866 |
445 server_bound_cert_service_(context.server_bound_cert_service), | 867 SSLClientSocketNSS::Core::~Core() { |
446 domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE), | 868 // TODO(wtc): Send SSL close_notify alert. |
447 domain_bound_cert_request_handle_(NULL), | 869 if (nss_fd_ != NULL) { |
448 handshake_callback_called_(false), | 870 PR_Close(nss_fd_); |
449 completed_handshake_(false), | 871 nss_fd_ = NULL; |
450 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 872 } |
451 predicted_cert_chain_correct_(false), | 873 } |
452 next_handshake_state_(STATE_NONE), | 874 |
453 nss_fd_(NULL), | 875 SECStatus SSLClientSocketNSS::Core::Init(PRFileDesc* socket, |
454 nss_bufs_(NULL), | 876 memio_Private* buffers) { |
455 net_log_(transport_socket->socket()->NetLog()), | 877 DCHECK(OnNetworkTaskRunner()); |
456 ssl_host_info_(ssl_host_info), | 878 DCHECK(!nss_fd_); |
457 transport_security_state_(context.transport_security_state), | 879 DCHECK(!nss_bufs_); |
458 next_proto_status_(kNextProtoUnsupported), | 880 |
459 valid_thread_id_(base::kInvalidThreadId) { | 881 nss_fd_ = socket; |
460 EnterFunction(""); | 882 nss_bufs_ = buffers; |
461 } | 883 |
462 | 884 SECStatus rv = SECSuccess; |
463 SSLClientSocketNSS::~SSLClientSocketNSS() { | 885 |
464 EnterFunction(""); | 886 if (!ssl_config_.next_protos.empty()) { |
465 Disconnect(); | 887 rv = SSL_SetNextProtoCallback( |
466 LeaveFunction(""); | 888 nss_fd_, SSLClientSocketNSS::Core::NextProtoCallback, this); |
467 } | 889 if (rv != SECSuccess) |
468 | 890 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoCallback", ""); |
469 // static | 891 } |
470 void SSLClientSocket::ClearSessionCache() { | 892 |
471 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't | 893 rv = SSL_AuthCertificateHook( |
472 // bother initializing NSS just to clear an empty SSL session cache. | 894 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this); |
473 if (!NSS_IsInitialized()) | 895 if (rv != SECSuccess) { |
896 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", ""); | |
897 return rv; | |
898 } | |
899 | |
900 #if defined(NSS_PLATFORM_CLIENT_AUTH) | |
901 rv = SSL_GetPlatformClientAuthDataHook( | |
902 nss_fd_, SSLClientSocketNSS::Core::PlatformClientAuthHandler, | |
903 this); | |
904 #else | |
905 rv = SSL_GetClientAuthDataHook( | |
906 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); | |
907 #endif | |
908 if (rv != SECSuccess) { | |
909 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); | |
910 return rv; | |
911 } | |
912 | |
913 rv = SSL_HandshakeCallback( | |
914 nss_fd_, SSLClientSocketNSS::Core::HandshakeCallback, this); | |
915 if (rv != SECSuccess) { | |
916 LogFailedNSSFunction(*weak_net_log_, "SSL_HandshakeCallback", ""); | |
917 return rv; | |
918 } | |
919 | |
920 return SECSuccess; | |
921 } | |
922 | |
923 void SSLClientSocketNSS::Core::SetPredictedCertificates( | |
924 const std::vector<std::string>& predicted_certs) { | |
925 if (predicted_certs.empty()) | |
474 return; | 926 return; |
475 | 927 |
476 SSL_ClearSessionCache(); | 928 if (!OnNSSTaskRunner()) { |
477 } | 929 DCHECK(!detached_); |
478 | 930 nss_task_runner_->PostTask( |
479 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { | 931 FROM_HERE, |
480 EnterFunction(""); | 932 base::Bind(&Core::SetPredictedCertificates, this, predicted_certs)); |
481 ssl_info->Reset(); | |
482 if (!server_cert_nss_) | |
483 return; | 933 return; |
484 | 934 } |
485 ssl_info->cert_status = server_cert_verify_result_->cert_status; | 935 |
486 ssl_info->cert = server_cert_verify_result_->verified_cert; | 936 DCHECK(nss_fd_); |
487 ssl_info->connection_status = ssl_connection_status_; | 937 |
488 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; | 938 predicted_certs_ = predicted_certs; |
489 for (std::vector<SHA1Fingerprint>::const_iterator | 939 |
490 i = side_pinned_public_keys_.begin(); | 940 scoped_array<CERTCertificate*> certs( |
491 i != side_pinned_public_keys_.end(); i++) { | 941 new CERTCertificate*[predicted_certs.size()]); |
492 ssl_info->public_key_hashes.push_back(*i); | 942 |
493 } | 943 for (size_t i = 0; i < predicted_certs.size(); i++) { |
494 ssl_info->is_issued_by_known_root = | 944 SECItem derCert; |
495 server_cert_verify_result_->is_issued_by_known_root; | 945 derCert.data = const_cast<uint8*>(reinterpret_cast<const uint8*>( |
496 ssl_info->client_cert_sent = WasDomainBoundCertSent() || | 946 predicted_certs[i].data())); |
497 (ssl_config_.send_client_cert && ssl_config_.client_cert); | 947 derCert.len = predicted_certs[i].size(); |
498 | 948 certs[i] = CERT_NewTempCertificate( |
499 PRUint16 cipher_suite = | 949 CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */, |
500 SSLConnectionStatusToCipherSuite(ssl_connection_status_); | 950 PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */); |
501 SSLCipherSuiteInfo cipher_info; | 951 if (!certs[i]) { |
502 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, | 952 DestroyCertificates(&certs[0], i); |
503 &cipher_info, sizeof(cipher_info)); | 953 NOTREACHED(); |
504 if (ok == SECSuccess) { | 954 return; |
505 ssl_info->security_bits = cipher_info.effectiveKeyBits; | |
506 } else { | |
507 ssl_info->security_bits = -1; | |
508 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() | |
509 << " for cipherSuite " << cipher_suite; | |
510 } | |
511 | |
512 PRBool last_handshake_resumed; | |
513 ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); | |
514 if (ok == SECSuccess) { | |
515 if (last_handshake_resumed) { | |
516 ssl_info->handshake_type = SSLInfo::HANDSHAKE_RESUME; | |
517 } else { | |
518 ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL; | |
519 } | 955 } |
520 } | 956 } |
521 | 957 |
522 LeaveFunction(""); | 958 SECStatus rv; |
523 } | 959 #ifdef SSL_ENABLE_CACHED_INFO |
524 | 960 rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), |
525 void SSLClientSocketNSS::GetSSLCertRequestInfo( | 961 predicted_certs.size()); |
526 SSLCertRequestInfo* cert_request_info) { | 962 DCHECK_EQ(SECSuccess, rv); |
527 EnterFunction(""); | 963 #else |
528 // TODO(rch): switch SSLCertRequestInfo.host_and_port to a HostPortPair | 964 rv = SECFailure; // Not implemented. |
529 cert_request_info->host_and_port = host_and_port_.ToString(); | 965 #endif |
530 cert_request_info->client_certs = client_certs_; | 966 DestroyCertificates(&certs[0], predicted_certs.size()); |
531 LeaveFunction(cert_request_info->client_certs.size()); | 967 |
532 } | 968 if (rv != SECSuccess) { |
533 | 969 LOG(WARNING) << "SetPredictedCertificates failed: " |
534 int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, | 970 << host_and_port_.ToString(); |
535 bool has_context, | 971 } |
536 const base::StringPiece& context, | 972 } |
537 unsigned char* out, | 973 |
538 unsigned int outlen) { | 974 int SSLClientSocketNSS::Core::Connect(const CompletionCallback& callback) { |
539 if (!IsConnected()) | 975 if (!OnNSSTaskRunner()) { |
540 return ERR_SOCKET_NOT_CONNECTED; | 976 DCHECK(!detached_); |
541 SECStatus result = SSL_ExportKeyingMaterial( | 977 bool posted = nss_task_runner_->PostTask( |
542 nss_fd_, label.data(), label.size(), has_context, | 978 FROM_HERE, |
543 reinterpret_cast<const unsigned char*>(context.data()), | 979 base::Bind(IgnoreResult(&Core::Connect), this, callback)); |
544 context.length(), out, outlen); | 980 return posted ? ERR_IO_PENDING : ERR_UNEXPECTED; |
545 if (result != SECSuccess) { | 981 } |
546 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); | 982 |
547 return MapNSSError(PORT_GetError()); | 983 DCHECK(OnNSSTaskRunner()); |
548 } | 984 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
549 return OK; | |
550 } | |
551 | |
552 SSLClientSocket::NextProtoStatus | |
553 SSLClientSocketNSS::GetNextProto(std::string* proto, | |
554 std::string* server_protos) { | |
555 *proto = next_proto_; | |
556 *server_protos = server_protos_; | |
557 return next_proto_status_; | |
558 } | |
559 | |
560 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) { | |
561 EnterFunction(""); | |
562 DCHECK(transport_.get()); | |
563 DCHECK(next_handshake_state_ == STATE_NONE); | |
564 DCHECK(user_read_callback_.is_null()); | 985 DCHECK(user_read_callback_.is_null()); |
565 DCHECK(user_write_callback_.is_null()); | 986 DCHECK(user_write_callback_.is_null()); |
566 DCHECK(user_connect_callback_.is_null()); | 987 DCHECK(user_connect_callback_.is_null()); |
567 DCHECK(!user_read_buf_); | 988 DCHECK(!user_read_buf_); |
568 DCHECK(!user_write_buf_); | 989 DCHECK(!user_write_buf_); |
569 | 990 |
570 EnsureThreadIdAssigned(); | 991 next_handshake_state_ = STATE_HANDSHAKE; |
571 | 992 int rv = DoHandshakeLoop(OK); |
572 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL); | |
573 | |
574 int rv = Init(); | |
575 if (rv != OK) { | |
576 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
577 return rv; | |
578 } | |
579 | |
580 rv = InitializeSSLOptions(); | |
581 if (rv != OK) { | |
582 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
583 return rv; | |
584 } | |
585 | |
586 rv = InitializeSSLPeerName(); | |
587 if (rv != OK) { | |
588 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
589 return rv; | |
590 } | |
591 | |
592 if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) { | |
593 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
594 } else { | |
595 GotoState(STATE_HANDSHAKE); | |
596 } | |
597 | |
598 rv = DoHandshakeLoop(OK); | |
599 if (rv == ERR_IO_PENDING) { | 993 if (rv == ERR_IO_PENDING) { |
600 user_connect_callback_ = callback; | 994 user_connect_callback_ = callback; |
601 } else { | 995 } else if (rv > OK) { |
602 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 996 rv = OK; |
603 } | 997 } |
604 | 998 if (rv != ERR_IO_PENDING && !OnNetworkTaskRunner()) |
605 LeaveFunction(""); | 999 PostOrRunCallback(base::Bind(callback, rv)); |
606 return rv > OK ? OK : rv; | 1000 |
607 } | 1001 return rv; |
608 | 1002 } |
609 void SSLClientSocketNSS::Disconnect() { | 1003 |
610 EnterFunction(""); | 1004 void SSLClientSocketNSS::Core::Detach() { |
611 | 1005 DCHECK(OnNetworkTaskRunner()); |
612 CHECK(CalledOnValidThread()); | 1006 |
613 | 1007 detached_ = true; |
614 // Shut down anything that may call us back. | 1008 transport_ = NULL; |
615 verifier_.reset(); | 1009 weak_factory_.InvalidateWeakPtrs(); |
616 transport_->socket()->Disconnect(); | 1010 |
1011 network_connection_state_.Reset(); | |
617 | 1012 |
618 if (domain_bound_cert_request_handle_ != NULL) { | 1013 if (domain_bound_cert_request_handle_ != NULL) { |
619 server_bound_cert_service_->CancelRequest( | 1014 server_bound_cert_service_->CancelRequest( |
620 domain_bound_cert_request_handle_); | 1015 domain_bound_cert_request_handle_); |
621 domain_bound_cert_request_handle_ = NULL; | 1016 domain_bound_cert_request_handle_ = NULL; |
622 } | 1017 } |
623 | 1018 } |
624 // TODO(wtc): Send SSL close_notify alert. | 1019 |
625 if (nss_fd_ != NULL) { | 1020 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, |
626 PR_Close(nss_fd_); | 1021 const CompletionCallback& callback) { |
627 nss_fd_ = NULL; | 1022 if (!OnNSSTaskRunner()) { |
628 } | 1023 DCHECK(OnNetworkTaskRunner()); |
629 | 1024 DCHECK(!detached_); |
630 // Reset object state. | 1025 DCHECK(transport_); |
631 user_connect_callback_.Reset(); | 1026 |
632 user_read_callback_.Reset(); | 1027 bool posted = nss_task_runner_->PostTask( |
633 user_write_callback_.Reset(); | 1028 FROM_HERE, |
634 transport_send_busy_ = false; | 1029 base::Bind(IgnoreResult(&Core::Read), this, make_scoped_refptr(buf), |
635 transport_recv_busy_ = false; | 1030 buf_len, callback)); |
636 transport_recv_eof_ = false; | 1031 return posted ? ERR_IO_PENDING : ERR_UNEXPECTED; |
637 user_read_buf_ = NULL; | 1032 } |
638 user_read_buf_len_ = 0; | 1033 |
639 user_write_buf_ = NULL; | 1034 DCHECK(OnNSSTaskRunner()); |
640 user_write_buf_len_ = 0; | 1035 DCHECK(handshake_callback_called_); |
641 server_cert_ = NULL; | 1036 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
642 if (server_cert_nss_) { | |
643 CERT_DestroyCertificate(server_cert_nss_); | |
644 server_cert_nss_ = NULL; | |
645 } | |
646 local_server_cert_verify_result_.Reset(); | |
647 server_cert_verify_result_ = NULL; | |
648 ssl_connection_status_ = 0; | |
649 completed_handshake_ = false; | |
650 start_cert_verification_time_ = base::TimeTicks(); | |
651 predicted_cert_chain_correct_ = false; | |
652 nss_bufs_ = NULL; | |
653 client_certs_.clear(); | |
654 client_auth_cert_needed_ = false; | |
655 domain_bound_cert_xtn_negotiated_ = false; | |
656 | |
657 LeaveFunction(""); | |
658 } | |
659 | |
660 bool SSLClientSocketNSS::IsConnected() const { | |
661 // Ideally, we should also check if we have received the close_notify alert | |
662 // message from the server, and return false in that case. We're not doing | |
663 // that, so this function may return a false positive. Since the upper | |
664 // layer (HttpNetworkTransaction) needs to handle a persistent connection | |
665 // closed by the server when we send a request anyway, a false positive in | |
666 // exchange for simpler code is a good trade-off. | |
667 EnterFunction(""); | |
668 bool ret = completed_handshake_ && transport_->socket()->IsConnected(); | |
669 LeaveFunction(""); | |
670 return ret; | |
671 } | |
672 | |
673 bool SSLClientSocketNSS::IsConnectedAndIdle() const { | |
674 // Unlike IsConnected, this method doesn't return a false positive. | |
675 // | |
676 // Strictly speaking, we should check if we have received the close_notify | |
677 // alert message from the server, and return false in that case. Although | |
678 // the close_notify alert message means EOF in the SSL layer, it is just | |
679 // bytes to the transport layer below, so | |
680 // transport_->socket()->IsConnectedAndIdle() returns the desired false | |
681 // when we receive close_notify. | |
682 EnterFunction(""); | |
683 bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle(); | |
684 LeaveFunction(""); | |
685 return ret; | |
686 } | |
687 | |
688 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const { | |
689 return transport_->socket()->GetPeerAddress(address); | |
690 } | |
691 | |
692 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const { | |
693 return transport_->socket()->GetLocalAddress(address); | |
694 } | |
695 | |
696 const BoundNetLog& SSLClientSocketNSS::NetLog() const { | |
697 return net_log_; | |
698 } | |
699 | |
700 void SSLClientSocketNSS::SetSubresourceSpeculation() { | |
701 if (transport_.get() && transport_->socket()) { | |
702 transport_->socket()->SetSubresourceSpeculation(); | |
703 } else { | |
704 NOTREACHED(); | |
705 } | |
706 } | |
707 | |
708 void SSLClientSocketNSS::SetOmniboxSpeculation() { | |
709 if (transport_.get() && transport_->socket()) { | |
710 transport_->socket()->SetOmniboxSpeculation(); | |
711 } else { | |
712 NOTREACHED(); | |
713 } | |
714 } | |
715 | |
716 bool SSLClientSocketNSS::WasEverUsed() const { | |
717 if (transport_.get() && transport_->socket()) { | |
718 return transport_->socket()->WasEverUsed(); | |
719 } | |
720 NOTREACHED(); | |
721 return false; | |
722 } | |
723 | |
724 bool SSLClientSocketNSS::UsingTCPFastOpen() const { | |
725 if (transport_.get() && transport_->socket()) { | |
726 return transport_->socket()->UsingTCPFastOpen(); | |
727 } | |
728 NOTREACHED(); | |
729 return false; | |
730 } | |
731 | |
732 int64 SSLClientSocketNSS::NumBytesRead() const { | |
733 if (transport_.get() && transport_->socket()) { | |
734 return transport_->socket()->NumBytesRead(); | |
735 } | |
736 NOTREACHED(); | |
737 return -1; | |
738 } | |
739 | |
740 base::TimeDelta SSLClientSocketNSS::GetConnectTimeMicros() const { | |
741 if (transport_.get() && transport_->socket()) { | |
742 return transport_->socket()->GetConnectTimeMicros(); | |
743 } | |
744 NOTREACHED(); | |
745 return base::TimeDelta::FromMicroseconds(-1); | |
746 } | |
747 | |
748 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, | |
749 const CompletionCallback& callback) { | |
750 EnterFunction(buf_len); | |
751 DCHECK(completed_handshake_); | |
752 DCHECK(next_handshake_state_ == STATE_NONE); | |
753 DCHECK(user_read_callback_.is_null()); | 1037 DCHECK(user_read_callback_.is_null()); |
754 DCHECK(user_connect_callback_.is_null()); | 1038 DCHECK(user_connect_callback_.is_null()); |
755 DCHECK(!user_read_buf_); | 1039 DCHECK(!user_read_buf_); |
756 DCHECK(nss_bufs_); | 1040 DCHECK(nss_bufs_); |
757 | 1041 |
758 user_read_buf_ = buf; | 1042 user_read_buf_ = buf; |
759 user_read_buf_len_ = buf_len; | 1043 user_read_buf_len_ = buf_len; |
760 | 1044 |
761 int rv = DoReadLoop(OK); | 1045 int rv = DoReadLoop(OK); |
762 | |
763 if (rv == ERR_IO_PENDING) { | 1046 if (rv == ERR_IO_PENDING) { |
764 user_read_callback_ = callback; | 1047 user_read_callback_ = callback; |
765 } else { | 1048 } else { |
766 user_read_buf_ = NULL; | 1049 user_read_buf_ = NULL; |
767 user_read_buf_len_ = 0; | 1050 user_read_buf_len_ = 0; |
1051 | |
1052 // This function was asynchronously invoked above. Asynchronously invoke | |
1053 // the user's callback. This is done here, rather than hidden behind | |
1054 // base::PostTaskAndReplyWithResult(), because the callback should only | |
1055 // be posted when rv != ERR_IO_PENDING. | |
1056 if (!OnNetworkTaskRunner()) | |
1057 network_task_runner_->PostTask(FROM_HERE, base::Bind(callback, rv)); | |
768 } | 1058 } |
769 LeaveFunction(rv); | 1059 |
770 return rv; | 1060 return rv; |
771 } | 1061 } |
772 | 1062 |
773 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, | 1063 int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len, |
774 const CompletionCallback& callback) { | 1064 const CompletionCallback& callback) { |
775 EnterFunction(buf_len); | 1065 if (!OnNSSTaskRunner()) { |
776 DCHECK(completed_handshake_); | 1066 DCHECK(OnNetworkTaskRunner()); |
777 DCHECK(next_handshake_state_ == STATE_NONE); | 1067 DCHECK(!detached_); |
1068 DCHECK(transport_); | |
1069 | |
1070 bool posted = nss_task_runner_->PostTask( | |
1071 FROM_HERE, | |
1072 base::Bind(IgnoreResult(&Core::Write), this, make_scoped_refptr(buf), | |
1073 buf_len, callback)); | |
1074 int rv = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; | |
1075 return rv; | |
1076 } | |
1077 | |
1078 DCHECK(OnNSSTaskRunner()); | |
1079 DCHECK(handshake_callback_called_); | |
1080 DCHECK_EQ(STATE_NONE, next_handshake_state_); | |
778 DCHECK(user_write_callback_.is_null()); | 1081 DCHECK(user_write_callback_.is_null()); |
779 DCHECK(user_connect_callback_.is_null()); | 1082 DCHECK(user_connect_callback_.is_null()); |
780 DCHECK(!user_write_buf_); | 1083 DCHECK(!user_write_buf_); |
781 DCHECK(nss_bufs_); | 1084 DCHECK(nss_bufs_); |
782 | 1085 |
783 user_write_buf_ = buf; | 1086 user_write_buf_ = buf; |
784 user_write_buf_len_ = buf_len; | 1087 user_write_buf_len_ = buf_len; |
785 | 1088 |
786 int rv = DoWriteLoop(OK); | 1089 int rv = DoWriteLoop(OK); |
787 | |
788 if (rv == ERR_IO_PENDING) { | 1090 if (rv == ERR_IO_PENDING) { |
789 user_write_callback_ = callback; | 1091 user_write_callback_ = callback; |
790 } else { | 1092 } else { |
791 user_write_buf_ = NULL; | 1093 user_write_buf_ = NULL; |
792 user_write_buf_len_ = 0; | 1094 user_write_buf_len_ = 0; |
793 } | 1095 |
794 LeaveFunction(rv); | 1096 // This function was asynchronously invoked above. Asynchronously invoke |
1097 // the user's callback. This is done here, rather than hidden behind | |
1098 // base::PostTaskAndReplyWithResult(), because the callback should only | |
1099 // be posted when rv != ERR_IO_PENDING. | |
1100 if (!OnNetworkTaskRunner()) | |
1101 network_task_runner_->PostTask(FROM_HERE, base::Bind(callback, rv)); | |
1102 } | |
1103 | |
795 return rv; | 1104 return rv; |
796 } | 1105 } |
797 | 1106 |
798 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { | 1107 bool SSLClientSocketNSS::Core::OnNSSTaskRunner() const { |
799 return transport_->socket()->SetReceiveBufferSize(size); | 1108 return nss_task_runner_->RunsTasksOnCurrentThread(); |
800 } | 1109 } |
801 | 1110 |
802 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) { | 1111 bool SSLClientSocketNSS::Core::OnNetworkTaskRunner() const { |
803 return transport_->socket()->SetSendBufferSize(size); | 1112 return network_task_runner_->RunsTasksOnCurrentThread(); |
804 } | 1113 } |
805 | 1114 |
806 int SSLClientSocketNSS::Init() { | 1115 // static |
807 EnterFunction(""); | 1116 SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler( |
808 // Initialize the NSS SSL library in a threadsafe way. This also | 1117 void* arg, |
809 // initializes the NSS base library. | 1118 PRFileDesc* socket, |
810 EnsureNSSSSLInit(); | 1119 PRBool checksig, |
811 if (!NSS_IsInitialized()) | 1120 PRBool is_server) { |
812 return ERR_UNEXPECTED; | 1121 #ifdef SSL_ENABLE_FALSE_START |
813 #if !defined(OS_MACOSX) && !defined(OS_WIN) | 1122 Core* core = reinterpret_cast<Core*>(arg); |
814 if (ssl_config_.cert_io_enabled) { | 1123 if (!core->handshake_callback_called_) { |
815 // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO | 1124 // Only need to turn off False Start in the initial handshake. Also, it is |
816 // loop by MessageLoopForIO::current(). | 1125 // unsafe to call SSL_OptionSet in a renegotiation because the "first |
817 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 1126 // handshake" lock isn't already held, which will result in an assertion |
818 EnsureNSSHttpIOInit(); | 1127 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet. |
1128 PRBool npn; | |
1129 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket, | |
1130 ssl_next_proto_nego_xtn, | |
1131 &npn); | |
1132 if (rv != SECSuccess || !npn) { | |
1133 // If the server doesn't support NPN, then we don't do False Start with | |
1134 // it. | |
1135 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); | |
1136 } | |
819 } | 1137 } |
820 #endif | 1138 #endif |
821 | 1139 |
822 LeaveFunction(""); | 1140 // Tell NSS to not verify the certificate. |
823 return OK; | 1141 return SECSuccess; |
824 } | 1142 } |
825 | 1143 |
826 int SSLClientSocketNSS::InitializeSSLOptions() { | 1144 #if defined(NSS_PLATFORM_CLIENT_AUTH) |
827 // Transport connected, now hook it up to nss | 1145 // static |
828 // TODO(port): specify rx and tx buffer sizes separately | 1146 SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler( |
829 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | 1147 void* arg, |
830 if (nss_fd_ == NULL) { | 1148 PRFileDesc* socket, |
831 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | 1149 CERTDistNames* ca_names, |
832 } | 1150 CERTCertList** result_certs, |
833 | 1151 void** result_private_key, |
834 // Grab pointer to buffers | 1152 CERTCertificate** result_nss_certificate, |
835 nss_bufs_ = memio_GetSecret(nss_fd_); | 1153 SECKEYPrivateKey** result_nss_private_key) { |
836 | 1154 Core* core = reinterpret_cast<Core*>(arg); |
837 /* Create SSL state machine */ | 1155 DCHECK(core->OnNSSTaskRunner()); |
838 /* Push SSL onto our fake I/O socket */ | 1156 |
839 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | 1157 core->PostOrRunCallback(base::Bind( |
840 if (nss_fd_ == NULL) { | 1158 &BoundNetLog::AddEvent, core->weak_net_log_, |
841 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); | 1159 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, |
842 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. | 1160 static_cast<NetLog::EventParameters*>(NULL))); |
843 } | 1161 |
844 // TODO(port): set more ssl options! Check errors! | 1162 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); |
845 | 1163 |
846 int rv; | 1164 // Check if a domain-bound certificate is requested. |
847 | 1165 if (DomainBoundCertNegotiated(socket)) { |
848 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); | 1166 return core->DomainBoundClientAuthHandler(cert_types, |
849 if (rv != SECSuccess) { | 1167 result_nss_certificate, |
850 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); | 1168 result_nss_private_key); |
851 return ERR_UNEXPECTED; | 1169 } |
852 } | 1170 |
853 | 1171 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; |
854 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); | 1172 #if defined(OS_WIN) |
855 if (rv != SECSuccess) { | 1173 if (core->ssl_config_.send_client_cert) { |
856 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); | 1174 if (core->ssl_config_.client_cert) { |
857 return ERR_UNEXPECTED; | 1175 PCCERT_CONTEXT cert_context = |
858 } | 1176 core->ssl_config_.client_cert->os_cert_handle(); |
859 | 1177 |
860 // Don't do V2 compatible hellos because they don't support TLS extensions. | 1178 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; |
861 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE); | 1179 DWORD key_spec = 0; |
862 if (rv != SECSuccess) { | 1180 BOOL must_free = FALSE; |
863 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO"); | 1181 BOOL acquired_key = CryptAcquireCertificatePrivateKey( |
864 return ERR_UNEXPECTED; | 1182 cert_context, CRYPT_ACQUIRE_CACHE_FLAG, NULL, |
865 } | 1183 &crypt_prov, &key_spec, &must_free); |
866 | 1184 |
867 SSLVersionRange version_range; | 1185 if (acquired_key) { |
868 version_range.min = ssl_config_.version_min; | 1186 // Since we passed CRYPT_ACQUIRE_CACHE_FLAG, |must_free| must be false |
869 version_range.max = ssl_config_.version_max; | 1187 // according to the MSDN documentation. |
870 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | 1188 CHECK_EQ(must_free, FALSE); |
871 if (rv != SECSuccess) { | 1189 DCHECK_NE(key_spec, CERT_NCRYPT_KEY_SPEC); |
872 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | 1190 |
873 return ERR_NO_SSL_VERSIONS_ENABLED; | 1191 SECItem der_cert; |
874 } | 1192 der_cert.type = siDERCertBuffer; |
875 | 1193 der_cert.data = cert_context->pbCertEncoded; |
876 for (std::vector<uint16>::const_iterator it = | 1194 der_cert.len = cert_context->cbCertEncoded; |
877 ssl_config_.disabled_cipher_suites.begin(); | 1195 |
878 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | 1196 // TODO(rsleevi): Error checking for NSS allocation errors. |
879 // This will fail if the specified cipher is not implemented by NSS, but | 1197 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB(); |
880 // the failure is harmless. | 1198 CERTCertificate* user_cert = CERT_NewTempCertificate( |
881 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 1199 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); |
882 } | 1200 if (!user_cert) { |
883 | 1201 // Importing the certificate can fail for reasons including a serial |
884 #ifdef SSL_ENABLE_SESSION_TICKETS | 1202 // number collision. See crbug.com/97355. |
885 // Support RFC 5077 | 1203 core->PostOrRunCallback(base::Bind( |
886 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); | 1204 &BoundNetLog::AddEvent, core->weak_net_log_, |
887 if (rv != SECSuccess) { | 1205 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
888 LogFailedNSSFunction( | 1206 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)))); |
889 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | 1207 return SECFailure; |
890 } | 1208 } |
1209 CERTCertList* cert_chain = CERT_NewCertList(); | |
1210 CERT_AddCertToListTail(cert_chain, user_cert); | |
1211 | |
1212 // Add the intermediates. | |
1213 X509Certificate::OSCertHandles intermediates = | |
1214 core->ssl_config_.client_cert->GetIntermediateCertificates(); | |
1215 for (X509Certificate::OSCertHandles::const_iterator it = | |
1216 intermediates.begin(); it != intermediates.end(); ++it) { | |
1217 der_cert.data = (*it)->pbCertEncoded; | |
1218 der_cert.len = (*it)->cbCertEncoded; | |
1219 | |
1220 CERTCertificate* intermediate = CERT_NewTempCertificate( | |
1221 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | |
1222 if (!intermediate) { | |
1223 CERT_DestroyCertList(cert_chain); | |
1224 core->PostOrRunCallback(base::Bind( | |
1225 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1226 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1227 make_scoped_refptr( | |
1228 new NetLogIntegerParameter("cert_count", 0)))); | |
1229 return SECFailure; | |
1230 } | |
1231 CERT_AddCertToListTail(cert_chain, intermediate); | |
1232 } | |
1233 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>( | |
1234 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT))); | |
1235 key_context->cbSize = sizeof(*key_context); | |
1236 // NSS will free this context when no longer in use, but the | |
1237 // |must_free| result from CryptAcquireCertificatePrivateKey was false | |
1238 // so we increment the refcount to negate NSS's future decrement. | |
1239 CryptContextAddRef(crypt_prov, NULL, 0); | |
1240 key_context->hCryptProv = crypt_prov; | |
1241 key_context->dwKeySpec = key_spec; | |
1242 *result_private_key = key_context; | |
1243 *result_certs = cert_chain; | |
1244 | |
1245 int cert_count = 1 + intermediates.size(); | |
1246 core->PostOrRunCallback(base::Bind( | |
1247 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1248 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1249 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
1250 cert_count)))); | |
1251 return SECSuccess; | |
1252 } | |
1253 LOG(WARNING) << "Client cert found without private key"; | |
1254 } | |
1255 | |
1256 // Send no client certificate. | |
1257 core->PostOrRunCallback(base::Bind( | |
1258 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1259 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1260 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)))); | |
1261 return SECFailure; | |
1262 } | |
1263 | |
1264 core->nss_connection_state_.client_certs.clear(); | |
1265 | |
1266 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames); | |
1267 for (int i = 0; i < ca_names->nnames; ++i) { | |
1268 issuer_list[i].cbData = ca_names->names[i].len; | |
1269 issuer_list[i].pbData = ca_names->names[i].data; | |
1270 } | |
1271 | |
1272 // Client certificates of the user are in the "MY" system certificate store. | |
1273 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); | |
1274 if (!my_cert_store) { | |
1275 PLOG(ERROR) << "Could not open the \"MY\" system certificate store"; | |
1276 | |
1277 core->PostOrRunCallback(base::Bind( | |
1278 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1279 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1280 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)))); | |
1281 return SECFailure; | |
1282 } | |
1283 | |
1284 // Enumerate the client certificates. | |
1285 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para; | |
1286 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para)); | |
1287 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para); | |
1288 find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH; | |
1289 find_by_issuer_para.cIssuer = ca_names->nnames; | |
1290 find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL; | |
1291 find_by_issuer_para.pfnFindCallback = ClientCertFindCallback; | |
1292 | |
1293 PCCERT_CHAIN_CONTEXT chain_context = NULL; | |
1294 DWORD find_flags = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG | | |
1295 CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG; | |
1296 | |
1297 for (;;) { | |
1298 // Find a certificate chain. | |
1299 chain_context = CertFindChainInStore(my_cert_store, | |
1300 X509_ASN_ENCODING, | |
1301 find_flags, | |
1302 CERT_CHAIN_FIND_BY_ISSUER, | |
1303 &find_by_issuer_para, | |
1304 chain_context); | |
1305 if (!chain_context) { | |
1306 DWORD err = GetLastError(); | |
1307 if (err != CRYPT_E_NOT_FOUND) | |
1308 DLOG(ERROR) << "CertFindChainInStore failed: " << err; | |
1309 break; | |
1310 } | |
1311 | |
1312 // Get the leaf certificate. | |
1313 PCCERT_CONTEXT cert_context = | |
1314 chain_context->rgpChain[0]->rgpElement[0]->pCertContext; | |
1315 // Create a copy the handle, so that we can close the "MY" certificate store | |
1316 // before returning from this function. | |
1317 PCCERT_CONTEXT cert_context2; | |
1318 BOOL ok = CertAddCertificateContextToStore(NULL, cert_context, | |
1319 CERT_STORE_ADD_USE_EXISTING, | |
1320 &cert_context2); | |
1321 if (!ok) { | |
1322 NOTREACHED(); | |
1323 continue; | |
1324 } | |
1325 | |
1326 // Copy the rest of the chain. Copying the chain stops gracefully if an | |
1327 // error is encountered, with the partial chain being used as the | |
1328 // intermediates, as opposed to failing to consider the client certificate | |
1329 // at all. | |
1330 net::X509Certificate::OSCertHandles intermediates; | |
1331 for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; i++) { | |
1332 PCCERT_CONTEXT intermediate_copy; | |
1333 ok = CertAddCertificateContextToStore( | |
1334 NULL, chain_context->rgpChain[0]->rgpElement[i]->pCertContext, | |
1335 CERT_STORE_ADD_USE_EXISTING, &intermediate_copy); | |
1336 if (!ok) { | |
1337 NOTREACHED(); | |
1338 break; | |
1339 } | |
1340 intermediates.push_back(intermediate_copy); | |
1341 } | |
1342 | |
1343 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | |
1344 cert_context2, intermediates); | |
1345 core->nss_connection_state_.client_certs.push_back(cert); | |
1346 | |
1347 X509Certificate::FreeOSCertHandle(cert_context2); | |
1348 for (net::X509Certificate::OSCertHandles::iterator it = | |
1349 intermediates.begin(); it != intermediates.end(); ++it) { | |
1350 net::X509Certificate::FreeOSCertHandle(*it); | |
1351 } | |
1352 } | |
1353 | |
1354 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG); | |
1355 DCHECK(ok); | |
1356 | |
1357 // Tell NSS to suspend the client authentication. We will then abort the | |
1358 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
1359 return SECWouldBlock; | |
1360 #elif defined(OS_MACOSX) | |
1361 if (core->ssl_config_.send_client_cert) { | |
1362 if (core->ssl_config_.client_cert) { | |
1363 OSStatus os_error = noErr; | |
1364 SecIdentityRef identity = NULL; | |
1365 SecKeyRef private_key = NULL; | |
1366 CFArrayRef chain = | |
1367 core->ssl_config_.client_cert->CreateClientCertificateChain(); | |
1368 if (chain) { | |
1369 identity = reinterpret_cast<SecIdentityRef>( | |
1370 const_cast<void*>(CFArrayGetValueAtIndex(chain, 0))); | |
1371 } | |
1372 if (identity) | |
1373 os_error = SecIdentityCopyPrivateKey(identity, &private_key); | |
1374 | |
1375 if (chain && identity && os_error == noErr) { | |
1376 // TODO(rsleevi): Error checking for NSS allocation errors. | |
1377 *result_certs = CERT_NewCertList(); | |
1378 *result_private_key = private_key; | |
1379 | |
1380 for (CFIndex i = 0; i < CFArrayGetCount(chain); ++i) { | |
1381 CSSM_DATA cert_data; | |
1382 SecCertificateRef cert_ref; | |
1383 if (i == 0) { | |
1384 cert_ref = core->ssl_config_.client_cert->os_cert_handle(); | |
1385 } else { | |
1386 cert_ref = reinterpret_cast<SecCertificateRef>( | |
1387 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); | |
1388 } | |
1389 os_error = SecCertificateGetData(cert_ref, &cert_data); | |
1390 if (os_error != noErr) | |
1391 break; | |
1392 | |
1393 SECItem der_cert; | |
1394 der_cert.type = siDERCertBuffer; | |
1395 der_cert.data = cert_data.Data; | |
1396 der_cert.len = cert_data.Length; | |
1397 CERTCertificate* nss_cert = CERT_NewTempCertificate( | |
1398 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | |
1399 if (!nss_cert) { | |
1400 // In the event of an NSS error we make up an OS error and reuse | |
1401 // the error handling, below. | |
1402 os_error = errSecCreateChainFailed; | |
1403 break; | |
1404 } | |
1405 CERT_AddCertToListTail(*result_certs, nss_cert); | |
1406 } | |
1407 } | |
1408 if (os_error == noErr) { | |
1409 int cert_count = 0; | |
1410 if (chain) { | |
1411 cert_count = CFArrayGetCount(chain); | |
1412 CFRelease(chain); | |
1413 } | |
1414 core->PostOrRunCallback(base::Bind( | |
1415 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1416 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1417 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
1418 cert_count)))); | |
1419 return SECSuccess; | |
1420 } | |
1421 OSSTATUS_LOG(WARNING, os_error) | |
1422 << "Client cert found, but could not be used"; | |
1423 if (*result_certs) { | |
1424 CERT_DestroyCertList(*result_certs); | |
1425 *result_certs = NULL; | |
1426 } | |
1427 if (*result_private_key) | |
1428 *result_private_key = NULL; | |
1429 if (private_key) | |
1430 CFRelease(private_key); | |
1431 if (chain) | |
1432 CFRelease(chain); | |
1433 } | |
1434 | |
1435 // Send no client certificate. | |
1436 core->PostOrRunCallback(base::Bind( | |
1437 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1438 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1439 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)))); | |
1440 return SECFailure; | |
1441 } | |
1442 | |
1443 core->nss_connection_state_.client_certs.clear(); | |
1444 | |
1445 // First, get the cert issuer names allowed by the server. | |
1446 std::vector<CertPrincipal> valid_issuers; | |
1447 int n = ca_names->nnames; | |
1448 for (int i = 0; i < n; i++) { | |
1449 // Parse each name into a CertPrincipal object. | |
1450 CertPrincipal p; | |
1451 if (p.ParseDistinguishedName(ca_names->names[i].data, | |
1452 ca_names->names[i].len)) { | |
1453 valid_issuers.push_back(p); | |
1454 } | |
1455 } | |
1456 | |
1457 // Now get the available client certs whose issuers are allowed by the server. | |
1458 X509Certificate::GetSSLClientCertificates( | |
1459 core->host_and_port_.host(), valid_issuers, | |
1460 &core->nss_connection_state_.client_certs); | |
1461 | |
1462 // Tell NSS to suspend the client authentication. We will then abort the | |
1463 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
1464 return SECWouldBlock; | |
891 #else | 1465 #else |
892 #error "You need to install NSS-3.12 or later to build chromium" | 1466 return SECFailure; |
893 #endif | 1467 #endif |
894 | 1468 } |
895 #ifdef SSL_ENABLE_DEFLATE | 1469 |
896 // Some web servers have been found to break if TLS is used *or* if DEFLATE | 1470 #else // NSS_PLATFORM_CLIENT_AUTH |
897 // is advertised. Thus, if TLS is disabled (probably because we are doing | 1471 |
898 // SSLv3 fallback), we disable DEFLATE also. | 1472 // static |
899 // See http://crbug.com/31628 | 1473 // Based on Mozilla's NSS_GetClientAuthData. |
900 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, | 1474 SECStatus SSLClientSocketNSS::Core::ClientAuthHandler( |
901 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1); | 1475 void* arg, |
902 if (rv != SECSuccess) | 1476 PRFileDesc* socket, |
903 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE"); | 1477 CERTDistNames* ca_names, |
1478 CERTCertificate** result_certificate, | |
1479 SECKEYPrivateKey** result_private_key) { | |
1480 Core* core = reinterpret_cast<Core*>(arg); | |
1481 DCHECK(core->OnNSSTaskRunner()); | |
1482 | |
1483 core->PostOrRunCallback(base::Bind( | |
1484 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1485 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, | |
1486 static_cast<NetLog::EventParameters*>(NULL))); | |
1487 | |
1488 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | |
1489 | |
1490 // Check if a domain-bound certificate is requested. | |
1491 if (DomainBoundCertNegotiated(socket)) { | |
1492 return core->DomainBoundClientAuthHandler( | |
1493 cert_types, result_certificate, result_private_key); | |
1494 } | |
1495 | |
1496 // Regular client certificate requested. | |
1497 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; | |
1498 void* wincx = SSL_RevealPinArg(socket); | |
1499 | |
1500 // Second pass: a client certificate should have been selected. | |
1501 if (core->ssl_config_.send_client_cert) { | |
1502 if (core->ssl_config_.client_cert) { | |
1503 CERTCertificate* cert = CERT_DupCertificate( | |
1504 core->ssl_config_.client_cert->os_cert_handle()); | |
1505 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx); | |
1506 if (privkey) { | |
1507 // TODO(jsorianopastor): We should wait for server certificate | |
1508 // verification before sending our credentials. See | |
1509 // http://crbug.com/13934. | |
1510 *result_certificate = cert; | |
1511 *result_private_key = privkey; | |
1512 // A cert_count of -1 means the number of certificates is unknown. | |
1513 // NSS will construct the certificate chain. | |
1514 core->PostOrRunCallback(base::Bind( | |
1515 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1516 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1517 make_scoped_refptr( | |
1518 new NetLogIntegerParameter("cert_count", -1)))); | |
1519 | |
1520 return SECSuccess; | |
1521 } | |
1522 LOG(WARNING) << "Client cert found without private key"; | |
1523 } | |
1524 // Send no client certificate. | |
1525 core->PostOrRunCallback(base::Bind( | |
1526 &BoundNetLog::AddEvent, core->weak_net_log_, | |
1527 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1528 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)))); | |
1529 return SECFailure; | |
1530 } | |
1531 | |
1532 core->nss_connection_state_.client_certs.clear(); | |
1533 | |
1534 // Iterate over all client certificates. | |
1535 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | |
1536 CERT_GetDefaultCertDB(), certUsageSSLClient, | |
1537 PR_FALSE, PR_FALSE, wincx); | |
1538 if (client_certs) { | |
1539 for (CERTCertListNode* node = CERT_LIST_HEAD(client_certs); | |
1540 !CERT_LIST_END(node, client_certs); | |
1541 node = CERT_LIST_NEXT(node)) { | |
1542 // Only offer unexpired certificates. | |
1543 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != | |
1544 secCertTimeValid) { | |
1545 continue; | |
1546 } | |
1547 // Filter by issuer. | |
1548 // | |
1549 // TODO(davidben): This does a binary comparison of the DER-encoded | |
1550 // issuers. We should match according to RFC 5280 sec. 7.1. We should find | |
1551 // an appropriate NSS function or add one if needbe. | |
1552 if (ca_names->nnames && | |
1553 NSS_CmpCertChainWCANames(node->cert, ca_names) != SECSuccess) { | |
1554 continue; | |
1555 } | |
1556 | |
1557 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( | |
1558 node->cert, net::X509Certificate::OSCertHandles()); | |
1559 core->nss_connection_state_.client_certs.push_back(x509_cert); | |
1560 } | |
1561 CERT_DestroyCertList(client_certs); | |
1562 } | |
1563 | |
1564 // Tell NSS to suspend the client authentication. We will then abort the | |
1565 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
1566 return SECWouldBlock; | |
1567 } | |
1568 #endif // NSS_PLATFORM_CLIENT_AUTH | |
1569 | |
1570 // static | |
1571 void SSLClientSocketNSS::Core::HandshakeCallback( | |
1572 PRFileDesc* socket, | |
1573 void* arg) { | |
1574 Core* core = reinterpret_cast<Core*>(arg); | |
1575 DCHECK(core->OnNSSTaskRunner()); | |
1576 | |
1577 core->handshake_callback_called_ = true; | |
1578 | |
1579 ConnectionState* nss_state = &core->nss_connection_state_; | |
1580 | |
1581 PRBool last_handshake_resumed; | |
1582 SECStatus rv = SSL_HandshakeResumedSession(socket, &last_handshake_resumed); | |
1583 if (rv == SECSuccess && last_handshake_resumed) { | |
1584 nss_state->resumed_handshake = true; | |
1585 } else { | |
1586 nss_state->resumed_handshake = false; | |
1587 } | |
1588 | |
1589 core->RecordDomainBoundCertSupport(); | |
1590 core->UpdateServerCert(); | |
1591 core->UpdateConnectionStatus(); | |
1592 | |
1593 // We need to see if the predicted certificate chain (from | |
1594 // SetPredictedCertificates) matches the actual certificate chain. | |
1595 nss_state->predicted_cert_chain_correct = false; | |
1596 if (!core->predicted_certs_.empty()) { | |
1597 PeerCertificateChain& certs = nss_state->server_cert_chain; | |
1598 nss_state->predicted_cert_chain_correct = | |
1599 certs.size() == core->predicted_certs_.size(); | |
1600 | |
1601 if (nss_state->predicted_cert_chain_correct) { | |
1602 for (unsigned i = 0; i < certs.size(); i++) { | |
1603 if (certs[i]->derCert.len != core->predicted_certs_[i].size() || | |
1604 memcmp(certs[i]->derCert.data, core->predicted_certs_[i].data(), | |
1605 certs[i]->derCert.len) != 0) { | |
1606 nss_state->predicted_cert_chain_correct = false; | |
1607 break; | |
1608 } | |
1609 } | |
1610 } | |
1611 } | |
1612 | |
1613 // Update the network task runners view of the connection state whenever | |
1614 // a handshake has completed. | |
1615 core->PostOrRunCallback(base::Bind(&Core::OnConnectionStateUpdated, core, | |
1616 *nss_state)); | |
1617 } | |
1618 | |
1619 // static | |
1620 SECStatus SSLClientSocketNSS::Core::NextProtoCallback( | |
1621 void* arg, | |
1622 PRFileDesc* nss_fd, | |
1623 const unsigned char* protos, | |
1624 unsigned int protos_len, | |
1625 unsigned char* proto_out, | |
1626 unsigned int* proto_out_len, | |
1627 unsigned int proto_max_len) { | |
1628 Core* core = reinterpret_cast<Core*>(arg); | |
1629 DCHECK(core->OnNSSTaskRunner()); | |
1630 | |
1631 ConnectionState* nss_state = &core->nss_connection_state_; | |
1632 | |
1633 // For each protocol in server preference, see if we support it. | |
1634 for (unsigned int i = 0; i < protos_len; ) { | |
1635 const size_t len = protos[i]; | |
1636 for (std::vector<std::string>::const_iterator | |
1637 j = core->ssl_config_.next_protos.begin(); | |
1638 j != core->ssl_config_.next_protos.end(); j++) { | |
1639 // Having very long elements in the |next_protos| vector isn't a disaster | |
1640 // because they'll never be selected, but it does indicate an error | |
1641 // somewhere. | |
1642 DCHECK_LT(j->size(), 256u); | |
1643 | |
1644 if (j->size() == len && | |
1645 memcmp(&protos[i + 1], j->data(), len) == 0) { | |
1646 nss_state->next_proto_status = kNextProtoNegotiated; | |
1647 nss_state->next_proto = *j; | |
1648 break; | |
1649 } | |
1650 } | |
1651 | |
1652 if (nss_state->next_proto_status == kNextProtoNegotiated) | |
1653 break; | |
1654 | |
1655 // NSS ensures that the data in |protos| is well formed, so this will not | |
1656 // cause a jump past the end of the buffer. | |
1657 i += len + 1; | |
1658 } | |
1659 | |
1660 nss_state->server_protos.assign( | |
1661 reinterpret_cast<const char*>(protos), protos_len); | |
1662 | |
1663 // If we didn't find a protocol, we select the first one from our list. | |
1664 if (nss_state->next_proto_status != kNextProtoNegotiated) { | |
1665 nss_state->next_proto_status = kNextProtoNoOverlap; | |
1666 nss_state->next_proto = core->ssl_config_.next_protos[0]; | |
1667 } | |
1668 | |
1669 if (nss_state->next_proto.size() > proto_max_len) { | |
1670 PORT_SetError(SEC_ERROR_OUTPUT_LEN); | |
1671 return SECFailure; | |
1672 } | |
1673 memcpy(proto_out, nss_state->next_proto.data(), | |
1674 nss_state->next_proto.size()); | |
1675 *proto_out_len = nss_state->next_proto.size(); | |
1676 return SECSuccess; | |
1677 } | |
1678 | |
1679 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error, | |
1680 bool handshake_error) { | |
1681 DCHECK(OnNSSTaskRunner()); | |
1682 | |
1683 int net_error = handshake_error ? MapNSSHandshakeError(nss_error) : | |
1684 MapNSSError(nss_error); | |
1685 | |
1686 #if defined(OS_WIN) | |
1687 // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate | |
1688 // os_cert_handle() as an optimization. However, if the certificate | |
1689 // private key is stored on a smart card, and the smart card is removed, | |
1690 // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again, | |
1691 // preventing client certificate authentication. Because the | |
1692 // X509Certificate may outlive the individual SSLClientSocketNSS, due to | |
1693 // caching in X509Certificate, this failure ends up preventing client | |
1694 // certificate authentication with the same certificate for all future | |
1695 // attempts, even after the smart card has been re-inserted. By setting | |
1696 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will | |
1697 // typically be freed. This allows a new HCRYPTPROV to be obtained from | |
1698 // the certificate on the next attempt, which should succeed if the smart | |
1699 // card has been re-inserted, or will typically prompt the user to | |
1700 // re-insert the smart card if not. | |
1701 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || | |
1702 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && | |
1703 ssl_config_.send_client_cert && ssl_config_.client_cert) { | |
1704 CertSetCertificateContextProperty( | |
1705 ssl_config_.client_cert->os_cert_handle(), | |
1706 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); | |
1707 } | |
904 #endif | 1708 #endif |
905 | 1709 |
906 #ifdef SSL_ENABLE_FALSE_START | 1710 return net_error; |
907 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, | 1711 } |
908 ssl_config_.false_start_enabled); | 1712 |
909 if (rv != SECSuccess) | 1713 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) { |
910 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); | 1714 DCHECK(OnNSSTaskRunner()); |
911 #endif | 1715 |
912 | |
913 #ifdef SSL_ENABLE_RENEGOTIATION | |
914 // We allow servers to request renegotiation. Since we're a client, | |
915 // prohibiting this is rather a waste of time. Only servers are in a | |
916 // position to prevent renegotiation attacks. | |
917 // http://extendedsubset.com/?p=8 | |
918 | |
919 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | |
920 SSL_RENEGOTIATE_TRANSITIONAL); | |
921 if (rv != SECSuccess) { | |
922 LogFailedNSSFunction( | |
923 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); | |
924 } | |
925 #endif // SSL_ENABLE_RENEGOTIATION | |
926 | |
927 if (!ssl_config_.next_protos.empty()) { | |
928 rv = SSL_SetNextProtoCallback( | |
929 nss_fd_, SSLClientSocketNSS::NextProtoCallback, this); | |
930 if (rv != SECSuccess) | |
931 LogFailedNSSFunction(net_log_, "SSL_SetNextProtoCallback", ""); | |
932 } | |
933 | |
934 #ifdef SSL_CBC_RANDOM_IV | |
935 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, | |
936 ssl_config_.false_start_enabled); | |
937 if (rv != SECSuccess) | |
938 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV"); | |
939 #endif | |
940 | |
941 #ifdef SSL_ENABLE_OCSP_STAPLING | |
942 if (IsOCSPStaplingSupported()) { | |
943 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE); | |
944 if (rv != SECSuccess) { | |
945 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | |
946 "SSL_ENABLE_OCSP_STAPLING"); | |
947 } | |
948 } | |
949 #endif | |
950 | |
951 #ifdef SSL_ENABLE_CACHED_INFO | |
952 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO, | |
953 ssl_config_.cached_info_enabled); | |
954 if (rv != SECSuccess) | |
955 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO"); | |
956 #endif | |
957 | |
958 #ifdef SSL_ENABLE_OB_CERTS | |
959 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS, | |
960 ssl_config_.domain_bound_certs_enabled); | |
961 if (rv != SECSuccess) | |
962 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS"); | |
963 #endif | |
964 | |
965 #ifdef SSL_ENCRYPT_CLIENT_CERTS | |
966 // For now, enable the encrypted client certificates extension only if | |
967 // server-bound certificates are enabled. | |
968 rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS, | |
969 ssl_config_.domain_bound_certs_enabled); | |
970 if (rv != SECSuccess) | |
971 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS"); | |
972 #endif | |
973 | |
974 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
975 if (rv != SECSuccess) { | |
976 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | |
977 return ERR_UNEXPECTED; | |
978 } | |
979 | |
980 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | |
981 if (rv != SECSuccess) { | |
982 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); | |
983 return ERR_UNEXPECTED; | |
984 } | |
985 | |
986 #if defined(NSS_PLATFORM_CLIENT_AUTH) | |
987 rv = SSL_GetPlatformClientAuthDataHook(nss_fd_, PlatformClientAuthHandler, | |
988 this); | |
989 #else | |
990 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this); | |
991 #endif | |
992 if (rv != SECSuccess) { | |
993 LogFailedNSSFunction(net_log_, "SSL_GetClientAuthDataHook", ""); | |
994 return ERR_UNEXPECTED; | |
995 } | |
996 | |
997 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | |
998 if (rv != SECSuccess) { | |
999 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); | |
1000 return ERR_UNEXPECTED; | |
1001 } | |
1002 | |
1003 // Tell SSL the hostname we're trying to connect to. | |
1004 SSL_SetURL(nss_fd_, host_and_port_.host().c_str()); | |
1005 | |
1006 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | |
1007 SSL_ResetHandshake(nss_fd_, PR_FALSE); | |
1008 | |
1009 return OK; | |
1010 } | |
1011 | |
1012 int SSLClientSocketNSS::InitializeSSLPeerName() { | |
1013 // Tell NSS who we're connected to | |
1014 AddressList peer_address; | |
1015 int err = transport_->socket()->GetPeerAddress(&peer_address); | |
1016 if (err != OK) | |
1017 return err; | |
1018 | |
1019 SockaddrStorage storage; | |
1020 if (!peer_address.front().ToSockAddr(storage.addr, &storage.addr_len)) | |
1021 return ERR_UNEXPECTED; | |
1022 | |
1023 PRNetAddr peername; | |
1024 memset(&peername, 0, sizeof(peername)); | |
1025 DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername)); | |
1026 size_t len = std::min(static_cast<size_t>(storage.addr_len), | |
1027 sizeof(peername)); | |
1028 memcpy(&peername, storage.addr, len); | |
1029 | |
1030 // Adjust the address family field for BSD, whose sockaddr | |
1031 // structure has a one-byte length and one-byte address family | |
1032 // field at the beginning. PRNetAddr has a two-byte address | |
1033 // family field at the beginning. | |
1034 peername.raw.family = storage.addr->sa_family; | |
1035 | |
1036 memio_SetPeerName(nss_fd_, &peername); | |
1037 | |
1038 // Set the peer ID for session reuse. This is necessary when we create an | |
1039 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address | |
1040 // rather than the destination server's address in that case. | |
1041 std::string peer_id = host_and_port_.ToString(); | |
1042 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id. | |
1043 // This will cause session cache misses between sockets with different values | |
1044 // of ssl_session_cache_shard_ and this is used to partition the session cache | |
1045 // for incognito mode. | |
1046 if (!ssl_session_cache_shard_.empty()) { | |
1047 peer_id += "/" + ssl_session_cache_shard_; | |
1048 } | |
1049 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | |
1050 if (rv != SECSuccess) | |
1051 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); | |
1052 | |
1053 return OK; | |
1054 } | |
1055 | |
1056 | |
1057 // Sets server_cert_ and server_cert_nss_ if not yet set. | |
1058 void SSLClientSocketNSS::UpdateServerCert() { | |
1059 // We set the server_cert_ from HandshakeCallback(). | |
1060 if (server_cert_ == NULL) { | |
1061 server_cert_nss_ = SSL_PeerCertificate(nss_fd_); | |
1062 if (server_cert_nss_) { | |
1063 PeerCertificateChain certs(nss_fd_); | |
1064 // This call may fail when SSL is used inside sandbox. In that | |
1065 // case CreateFromDERCertChain() returns NULL. | |
1066 server_cert_ = X509Certificate::CreateFromDERCertChain( | |
1067 certs.AsStringPieceVector()); | |
1068 if (server_cert_) { | |
1069 net_log_.AddEvent( | |
1070 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | |
1071 make_scoped_refptr(new X509CertificateNetLogParam(server_cert_))); | |
1072 } | |
1073 } | |
1074 } | |
1075 } | |
1076 | |
1077 // Sets ssl_connection_status_. | |
1078 void SSLClientSocketNSS::UpdateConnectionStatus() { | |
1079 SSLChannelInfo channel_info; | |
1080 SECStatus ok = SSL_GetChannelInfo(nss_fd_, | |
1081 &channel_info, sizeof(channel_info)); | |
1082 if (ok == SECSuccess && | |
1083 channel_info.length == sizeof(channel_info) && | |
1084 channel_info.cipherSuite) { | |
1085 ssl_connection_status_ |= | |
1086 (static_cast<int>(channel_info.cipherSuite) & | |
1087 SSL_CONNECTION_CIPHERSUITE_MASK) << | |
1088 SSL_CONNECTION_CIPHERSUITE_SHIFT; | |
1089 | |
1090 ssl_connection_status_ |= | |
1091 (static_cast<int>(channel_info.compressionMethod) & | |
1092 SSL_CONNECTION_COMPRESSION_MASK) << | |
1093 SSL_CONNECTION_COMPRESSION_SHIFT; | |
1094 | |
1095 // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS | |
1096 // doesn't support them yet), so we use 0x0302 and 0x0303 directly. | |
1097 int version = SSL_CONNECTION_VERSION_UNKNOWN; | |
1098 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) { | |
1099 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL | |
1100 // version 2. | |
1101 version = SSL_CONNECTION_VERSION_SSL2; | |
1102 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) { | |
1103 version = SSL_CONNECTION_VERSION_SSL3; | |
1104 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) { | |
1105 version = SSL_CONNECTION_VERSION_TLS1; | |
1106 } else if (channel_info.protocolVersion == 0x0302) { | |
1107 version = SSL_CONNECTION_VERSION_TLS1_1; | |
1108 } else if (channel_info.protocolVersion == 0x0303) { | |
1109 version = SSL_CONNECTION_VERSION_TLS1_2; | |
1110 } | |
1111 ssl_connection_status_ |= | |
1112 (version & SSL_CONNECTION_VERSION_MASK) << | |
1113 SSL_CONNECTION_VERSION_SHIFT; | |
1114 } | |
1115 | |
1116 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6. | |
1117 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test | |
1118 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension. | |
1119 #if defined(SSL_MAX_EXTENSIONS) | |
1120 PRBool peer_supports_renego_ext; | |
1121 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn, | |
1122 &peer_supports_renego_ext); | |
1123 if (ok == SECSuccess) { | |
1124 if (!peer_supports_renego_ext) { | |
1125 ssl_connection_status_ |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; | |
1126 // Log an informational message if the server does not support secure | |
1127 // renegotiation (RFC 5746). | |
1128 VLOG(1) << "The server " << host_and_port_.ToString() | |
1129 << " does not support the TLS renegotiation_info extension."; | |
1130 } | |
1131 UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported", | |
1132 peer_supports_renego_ext, 2); | |
1133 } | |
1134 #endif | |
1135 | |
1136 if (ssl_config_.version_fallback) | |
1137 ssl_connection_status_ |= SSL_CONNECTION_VERSION_FALLBACK; | |
1138 } | |
1139 | |
1140 void SSLClientSocketNSS::DoReadCallback(int rv) { | |
1141 EnterFunction(rv); | |
1142 DCHECK(rv != ERR_IO_PENDING); | |
1143 DCHECK(!user_read_callback_.is_null()); | |
1144 | |
1145 // Since Run may result in Read being called, clear |user_read_callback_| | |
1146 // up front. | |
1147 CompletionCallback c = user_read_callback_; | |
1148 user_read_callback_.Reset(); | |
1149 user_read_buf_ = NULL; | |
1150 user_read_buf_len_ = 0; | |
1151 c.Run(rv); | |
1152 LeaveFunction(""); | |
1153 } | |
1154 | |
1155 void SSLClientSocketNSS::DoWriteCallback(int rv) { | |
1156 EnterFunction(rv); | |
1157 DCHECK(rv != ERR_IO_PENDING); | |
1158 DCHECK(!user_write_callback_.is_null()); | |
1159 | |
1160 // Since Run may result in Write being called, clear |user_write_callback_| | |
1161 // up front. | |
1162 CompletionCallback c = user_write_callback_; | |
1163 user_write_callback_.Reset(); | |
1164 user_write_buf_ = NULL; | |
1165 user_write_buf_len_ = 0; | |
1166 c.Run(rv); | |
1167 LeaveFunction(""); | |
1168 } | |
1169 | |
1170 // As part of Connect(), the SSLClientSocketNSS object performs an SSL | |
1171 // handshake. This requires network IO, which in turn calls | |
1172 // BufferRecvComplete() with a non-zero byte count. This byte count eventually | |
1173 // winds its way through the state machine and ends up being passed to the | |
1174 // callback. For Read() and Write(), that's what we want. But for Connect(), | |
1175 // the caller expects OK (i.e. 0) for success. | |
1176 // | |
1177 void SSLClientSocketNSS::DoConnectCallback(int rv) { | |
1178 EnterFunction(rv); | |
1179 DCHECK_NE(rv, ERR_IO_PENDING); | |
1180 DCHECK(!user_connect_callback_.is_null()); | |
1181 | |
1182 CompletionCallback c = user_connect_callback_; | |
1183 user_connect_callback_.Reset(); | |
1184 c.Run(rv > OK ? OK : rv); | |
1185 LeaveFunction(""); | |
1186 } | |
1187 | |
1188 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { | |
1189 EnterFunction(result); | |
1190 int rv = DoHandshakeLoop(result); | |
1191 if (rv != ERR_IO_PENDING) { | |
1192 net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_CONNECT, rv); | |
1193 DoConnectCallback(rv); | |
1194 } | |
1195 LeaveFunction(""); | |
1196 } | |
1197 | |
1198 void SSLClientSocketNSS::OnSendComplete(int result) { | |
1199 EnterFunction(result); | |
1200 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
1201 // In handshake phase. | |
1202 OnHandshakeIOComplete(result); | |
1203 LeaveFunction(""); | |
1204 return; | |
1205 } | |
1206 | |
1207 // OnSendComplete may need to call DoPayloadRead while the renegotiation | |
1208 // handshake is in progress. | |
1209 int rv_read = ERR_IO_PENDING; | |
1210 int rv_write = ERR_IO_PENDING; | |
1211 bool network_moved; | |
1212 do { | |
1213 if (user_read_buf_) | |
1214 rv_read = DoPayloadRead(); | |
1215 if (user_write_buf_) | |
1216 rv_write = DoPayloadWrite(); | |
1217 network_moved = DoTransportIO(); | |
1218 } while (rv_read == ERR_IO_PENDING && | |
1219 rv_write == ERR_IO_PENDING && | |
1220 (user_read_buf_ || user_write_buf_) && | |
1221 network_moved); | |
1222 | |
1223 if (user_read_buf_ && rv_read != ERR_IO_PENDING) | |
1224 DoReadCallback(rv_read); | |
1225 if (user_write_buf_ && rv_write != ERR_IO_PENDING) | |
1226 DoWriteCallback(rv_write); | |
1227 | |
1228 LeaveFunction(""); | |
1229 } | |
1230 | |
1231 void SSLClientSocketNSS::OnRecvComplete(int result) { | |
1232 EnterFunction(result); | |
1233 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
1234 // In handshake phase. | |
1235 OnHandshakeIOComplete(result); | |
1236 LeaveFunction(""); | |
1237 return; | |
1238 } | |
1239 | |
1240 // Network layer received some data, check if client requested to read | |
1241 // decrypted data. | |
1242 if (!user_read_buf_) { | |
1243 LeaveFunction(""); | |
1244 return; | |
1245 } | |
1246 | |
1247 int rv = DoReadLoop(result); | |
1248 if (rv != ERR_IO_PENDING) | |
1249 DoReadCallback(rv); | |
1250 LeaveFunction(""); | |
1251 } | |
1252 | |
1253 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { | |
1254 EnterFunction(last_io_result); | |
1255 int rv = last_io_result; | 1716 int rv = last_io_result; |
1256 do { | 1717 do { |
1257 // Default to STATE_NONE for next state. | 1718 // Default to STATE_NONE for next state. |
1258 // (This is a quirk carried over from the windows | |
1259 // implementation. It makes reading the logs a bit harder.) | |
1260 // State handlers can and often do call GotoState just | |
1261 // to stay in the current state. | |
1262 State state = next_handshake_state_; | 1719 State state = next_handshake_state_; |
1263 GotoState(STATE_NONE); | 1720 GotoState(STATE_NONE); |
1721 | |
1264 switch (state) { | 1722 switch (state) { |
1265 case STATE_LOAD_SSL_HOST_INFO: | |
1266 DCHECK(rv == OK || rv == ERR_IO_PENDING); | |
1267 rv = DoLoadSSLHostInfo(); | |
1268 break; | |
1269 case STATE_HANDSHAKE: | 1723 case STATE_HANDSHAKE: |
1270 rv = DoHandshake(); | 1724 rv = DoHandshake(); |
1271 break; | 1725 break; |
1272 case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE: | 1726 case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE: |
1273 rv = DoGetDBCertComplete(rv); | 1727 rv = DoGetDBCertComplete(rv); |
1274 break; | 1728 break; |
1275 case STATE_VERIFY_DNSSEC: | |
1276 rv = DoVerifyDNSSEC(rv); | |
1277 break; | |
1278 case STATE_VERIFY_CERT: | |
1279 DCHECK(rv == OK); | |
1280 rv = DoVerifyCert(rv); | |
1281 break; | |
1282 case STATE_VERIFY_CERT_COMPLETE: | |
1283 rv = DoVerifyCertComplete(rv); | |
1284 break; | |
1285 case STATE_NONE: | 1729 case STATE_NONE: |
1286 default: | 1730 default: |
1287 rv = ERR_UNEXPECTED; | 1731 rv = ERR_UNEXPECTED; |
1288 LOG(DFATAL) << "unexpected state " << state; | 1732 LOG(DFATAL) << "unexpected state " << state; |
1289 break; | 1733 break; |
1290 } | 1734 } |
1291 | 1735 |
1292 // Do the actual network I/O | 1736 // Do the actual network I/O |
1293 bool network_moved = DoTransportIO(); | 1737 bool network_moved = DoTransportIO(); |
1294 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { | 1738 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { |
1295 // In general we exit the loop if rv is ERR_IO_PENDING. In this | 1739 // In general we exit the loop if rv is ERR_IO_PENDING. In this |
1296 // special case we keep looping even if rv is ERR_IO_PENDING because | 1740 // special case we keep looping even if rv is ERR_IO_PENDING because |
1297 // the transport IO may allow DoHandshake to make progress. | 1741 // the transport IO may allow DoHandshake to make progress. |
1298 DCHECK(rv == OK || rv == ERR_IO_PENDING); | 1742 DCHECK(rv == OK || rv == ERR_IO_PENDING); |
1299 rv = OK; // This causes us to stay in the loop. | 1743 rv = OK; // This causes us to stay in the loop. |
1300 } | 1744 } |
1301 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); | 1745 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); |
1302 LeaveFunction(""); | |
1303 return rv; | 1746 return rv; |
1304 } | 1747 } |
1305 | 1748 |
1306 int SSLClientSocketNSS::DoReadLoop(int result) { | 1749 int SSLClientSocketNSS::Core::DoReadLoop(int result) { |
1307 EnterFunction(""); | 1750 DCHECK(OnNSSTaskRunner()); |
1308 DCHECK(completed_handshake_); | 1751 DCHECK(handshake_callback_called_); |
1309 DCHECK(next_handshake_state_ == STATE_NONE); | 1752 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1310 | 1753 |
1311 if (result < 0) | 1754 if (result < 0) |
1312 return result; | 1755 return result; |
1313 | 1756 |
1314 if (!nss_bufs_) { | 1757 if (!nss_bufs_) { |
1315 LOG(DFATAL) << "!nss_bufs_"; | 1758 LOG(DFATAL) << "!nss_bufs_"; |
1316 int rv = ERR_UNEXPECTED; | 1759 int rv = ERR_UNEXPECTED; |
1317 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 1760 PostOrRunCallback(base::Bind( |
1318 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 1761 &BoundNetLog::AddEvent, weak_net_log_, |
1762 NetLog::TYPE_SSL_READ_ERROR, | |
1763 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | |
1319 return rv; | 1764 return rv; |
1320 } | 1765 } |
1321 | 1766 |
1322 bool network_moved; | 1767 bool network_moved; |
1323 int rv; | 1768 int rv; |
1324 do { | 1769 do { |
1325 rv = DoPayloadRead(); | 1770 rv = DoPayloadRead(); |
1326 network_moved = DoTransportIO(); | 1771 network_moved = DoTransportIO(); |
1327 } while (rv == ERR_IO_PENDING && network_moved); | 1772 } while (rv == ERR_IO_PENDING && network_moved); |
1328 | 1773 |
1329 LeaveFunction(""); | |
1330 return rv; | 1774 return rv; |
1331 } | 1775 } |
1332 | 1776 |
1333 int SSLClientSocketNSS::DoWriteLoop(int result) { | 1777 int SSLClientSocketNSS::Core::DoWriteLoop(int result) { |
1334 EnterFunction(""); | 1778 DCHECK(OnNSSTaskRunner()); |
1335 DCHECK(completed_handshake_); | 1779 DCHECK(handshake_callback_called_); |
1336 DCHECK(next_handshake_state_ == STATE_NONE); | 1780 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1337 | 1781 |
1338 if (result < 0) | 1782 if (result < 0) |
1339 return result; | 1783 return result; |
1340 | 1784 |
1341 if (!nss_bufs_) { | 1785 if (!nss_bufs_) { |
1342 LOG(DFATAL) << "!nss_bufs_"; | 1786 LOG(DFATAL) << "!nss_bufs_"; |
1343 int rv = ERR_UNEXPECTED; | 1787 int rv = ERR_UNEXPECTED; |
1344 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | 1788 PostOrRunCallback(base::Bind( |
1345 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 1789 &BoundNetLog::AddEvent, weak_net_log_, |
1790 NetLog::TYPE_SSL_READ_ERROR, | |
1791 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | |
1346 return rv; | 1792 return rv; |
1347 } | 1793 } |
1348 | 1794 |
1349 bool network_moved; | 1795 bool network_moved; |
1350 int rv; | 1796 int rv; |
1351 do { | 1797 do { |
1352 rv = DoPayloadWrite(); | 1798 rv = DoPayloadWrite(); |
1353 network_moved = DoTransportIO(); | 1799 network_moved = DoTransportIO(); |
1354 } while (rv == ERR_IO_PENDING && network_moved); | 1800 } while (rv == ERR_IO_PENDING && network_moved); |
1355 | 1801 |
1356 LeaveFunction(""); | 1802 LeaveFunction(rv); |
1357 return rv; | 1803 return rv; |
1358 } | 1804 } |
1359 | 1805 |
1360 bool SSLClientSocketNSS::LoadSSLHostInfo() { | 1806 int SSLClientSocketNSS::Core::DoHandshake() { |
1361 const SSLHostInfo::State& state(ssl_host_info_->state()); | 1807 DCHECK(OnNSSTaskRunner()); |
1362 | 1808 |
1363 if (state.certs.empty()) | |
1364 return true; | |
1365 | |
1366 const std::vector<std::string>& certs_in = state.certs; | |
1367 scoped_array<CERTCertificate*> certs(new CERTCertificate*[certs_in.size()]); | |
1368 | |
1369 for (size_t i = 0; i < certs_in.size(); i++) { | |
1370 SECItem derCert; | |
1371 derCert.data = | |
1372 const_cast<uint8*>(reinterpret_cast<const uint8*>(certs_in[i].data())); | |
1373 derCert.len = certs_in[i].size(); | |
1374 certs[i] = CERT_NewTempCertificate( | |
1375 CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */, | |
1376 PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */); | |
1377 if (!certs[i]) { | |
1378 DestroyCertificates(&certs[0], i); | |
1379 NOTREACHED(); | |
1380 return false; | |
1381 } | |
1382 } | |
1383 | |
1384 SECStatus rv; | |
1385 #ifdef SSL_ENABLE_CACHED_INFO | |
1386 rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), certs_in.size()); | |
1387 DCHECK_EQ(SECSuccess, rv); | |
1388 #else | |
1389 rv = SECFailure; // Not implemented. | |
1390 #endif | |
1391 DestroyCertificates(&certs[0], certs_in.size()); | |
1392 | |
1393 return rv == SECSuccess; | |
1394 } | |
1395 | |
1396 int SSLClientSocketNSS::DoLoadSSLHostInfo() { | |
1397 EnterFunction(""); | |
1398 int rv = ssl_host_info_->WaitForDataReady( | |
1399 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
1400 base::Unretained(this))); | |
1401 GotoState(STATE_HANDSHAKE); | |
1402 | |
1403 if (rv == OK) { | |
1404 if (!LoadSSLHostInfo()) | |
1405 LOG(WARNING) << "LoadSSLHostInfo failed: " << host_and_port_.ToString(); | |
1406 } else { | |
1407 DCHECK_EQ(ERR_IO_PENDING, rv); | |
1408 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
1409 } | |
1410 | |
1411 LeaveFunction(""); | |
1412 return rv; | |
1413 } | |
1414 | |
1415 int SSLClientSocketNSS::DoHandshake() { | |
1416 EnterFunction(""); | |
1417 int net_error = net::OK; | 1809 int net_error = net::OK; |
1418 SECStatus rv = SSL_ForceHandshake(nss_fd_); | 1810 SECStatus rv = SSL_ForceHandshake(nss_fd_); |
1419 | 1811 |
1420 // TODO(rkn): Handle the case in which server-bound cert generation takes | 1812 // TODO(rkn): Handle the case in which server-bound cert generation takes |
1421 // too long and the server has closed the connection. Report some new error | 1813 // too long and the server has closed the connection. Report some new error |
1422 // code so that the higher level code will attempt to delete the socket and | 1814 // code so that the higher level code will attempt to delete the socket and |
1423 // redo the handshake. | 1815 // redo the handshake. |
1424 | |
1425 if (client_auth_cert_needed_) { | 1816 if (client_auth_cert_needed_) { |
1426 if (domain_bound_cert_xtn_negotiated_) { | 1817 if (domain_bound_cert_xtn_negotiated_) { |
1427 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE); | 1818 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE); |
1428 net_error = ERR_IO_PENDING; | 1819 net_error = ERR_IO_PENDING; |
1429 } else { | 1820 } else { |
1430 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1821 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
1431 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1822 PostOrRunCallback(base::Bind( |
1432 make_scoped_refptr(new SSLErrorParams(net_error, 0))); | 1823 &BoundNetLog::AddEvent, weak_net_log_, |
1824 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
1825 make_scoped_refptr(new SSLErrorParams(net_error, 0)))); | |
1826 | |
1433 // If the handshake already succeeded (because the server requests but | 1827 // If the handshake already succeeded (because the server requests but |
1434 // doesn't require a client cert), we need to invalidate the SSL session | 1828 // doesn't require a client cert), we need to invalidate the SSL session |
1435 // so that we won't try to resume the non-client-authenticated session in | 1829 // so that we won't try to resume the non-client-authenticated session in |
1436 // the next handshake. This will cause the server to ask for a client | 1830 // the next handshake. This will cause the server to ask for a client |
1437 // cert again. | 1831 // cert again. |
1438 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) { | 1832 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) |
1439 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); | 1833 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); |
1440 } | |
1441 } | 1834 } |
1442 } else if (rv == SECSuccess) { | 1835 } else if (rv == SECSuccess) { |
1443 if (handshake_callback_called_) { | 1836 if (!handshake_callback_called_) { |
1444 // We need to see if the predicted certificate chain (in | 1837 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - |
1445 // |ssl_host_info_->state().certs) matches the actual certificate chain | 1838 // SSL_ForceHandshake returned SECSuccess prematurely. |
1446 // before we call SaveSSLHostInfo, as that will update | 1839 rv = SECFailure; |
1447 // |ssl_host_info_|. | 1840 net_error = ERR_SSL_PROTOCOL_ERROR; |
1448 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty()) { | 1841 PostOrRunCallback(base::Bind( |
1449 PeerCertificateChain certs(nss_fd_); | 1842 &BoundNetLog::AddEvent, weak_net_log_, |
1450 const SSLHostInfo::State& state = ssl_host_info_->state(); | 1843 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
1451 predicted_cert_chain_correct_ = certs.size() == state.certs.size(); | 1844 make_scoped_refptr(new SSLErrorParams(net_error, 0)))); |
1452 if (predicted_cert_chain_correct_) { | 1845 } else { |
1453 for (unsigned i = 0; i < certs.size(); i++) { | 1846 #if defined(SSL_ENABLE_OCSP_STAPLING) |
1454 if (certs[i]->derCert.len != state.certs[i].size() || | |
1455 memcmp(certs[i]->derCert.data, state.certs[i].data(), | |
1456 certs[i]->derCert.len) != 0) { | |
1457 predicted_cert_chain_correct_ = false; | |
1458 break; | |
1459 } | |
1460 } | |
1461 } | |
1462 } | |
1463 | |
1464 #if defined(SSL_ENABLE_OCSP_STAPLING) | |
1465 // TODO(agl): figure out how to plumb an OCSP response into the Mac | 1847 // TODO(agl): figure out how to plumb an OCSP response into the Mac |
1466 // system library and update IsOCSPStaplingSupported for Mac. | 1848 // system library and update IsOCSPStaplingSupported for Mac. |
1467 if (!predicted_cert_chain_correct_ && IsOCSPStaplingSupported()) { | 1849 if (!nss_connection_state_.predicted_cert_chain_correct && |
1850 IsOCSPStaplingSupported()) { | |
1468 unsigned int len = 0; | 1851 unsigned int len = 0; |
1469 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len); | 1852 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len); |
1470 if (len) { | 1853 if (len) { |
1471 const unsigned int orig_len = len; | 1854 const unsigned int orig_len = len; |
1472 scoped_array<uint8> ocsp_response(new uint8[orig_len]); | 1855 scoped_array<uint8> ocsp_response(new uint8[orig_len]); |
1473 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len); | 1856 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len); |
1474 DCHECK_EQ(orig_len, len); | 1857 DCHECK_EQ(orig_len, len); |
1475 | 1858 |
1476 #if defined(OS_WIN) | 1859 #if defined(OS_WIN) |
1477 CRYPT_DATA_BLOB ocsp_response_blob; | 1860 if (nss_connection_state_.server_cert) { |
1478 ocsp_response_blob.cbData = len; | 1861 CRYPT_DATA_BLOB ocsp_response_blob; |
1479 ocsp_response_blob.pbData = ocsp_response.get(); | 1862 ocsp_response_blob.cbData = len; |
1480 BOOL ok = CertSetCertificateContextProperty( | 1863 ocsp_response_blob.pbData = ocsp_response.get(); |
1481 server_cert_->os_cert_handle(), | 1864 BOOL ok = CertSetCertificateContextProperty( |
1482 CERT_OCSP_RESPONSE_PROP_ID, | 1865 nss_connection_state_.server_cert->os_cert_handle(), |
1483 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, | 1866 CERT_OCSP_RESPONSE_PROP_ID, |
1484 &ocsp_response_blob); | 1867 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, |
1485 if (!ok) { | 1868 &ocsp_response_blob); |
1486 VLOG(1) << "Failed to set OCSP response property: " | 1869 if (!ok) { |
1487 << GetLastError(); | 1870 VLOG(1) << "Failed to set OCSP response property: " |
1871 << GetLastError(); | |
1872 } | |
1488 } | 1873 } |
1489 #elif defined(USE_NSS) | 1874 #elif defined(USE_NSS) |
1490 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = | 1875 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = |
1491 GetCacheOCSPResponseFromSideChannelFunction(); | 1876 GetCacheOCSPResponseFromSideChannelFunction(); |
1492 SECItem ocsp_response_item; | 1877 SECItem ocsp_response_item; |
1493 ocsp_response_item.type = siBuffer; | 1878 ocsp_response_item.type = siBuffer; |
1494 ocsp_response_item.data = ocsp_response.get(); | 1879 ocsp_response_item.data = ocsp_response.get(); |
1495 ocsp_response_item.len = len; | 1880 ocsp_response_item.len = len; |
1496 | 1881 |
1497 cache_ocsp_response( | 1882 cache_ocsp_response(CERT_GetDefaultCertDB(), certs[0], PR_Now(), |
1498 CERT_GetDefaultCertDB(), server_cert_nss_, PR_Now(), | 1883 &ocsp_response_item, NULL); |
1499 &ocsp_response_item, NULL); | 1884 #endif |
1500 #endif | |
1501 } | 1885 } |
1502 } | 1886 } |
1503 #endif | 1887 #endif |
1504 | |
1505 SaveSSLHostInfo(); | |
1506 // SSL handshake is completed. Let's verify the certificate. | |
1507 GotoState(STATE_VERIFY_DNSSEC); | |
1508 // Done! | |
1509 } else { | |
1510 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - | |
1511 // SSL_ForceHandshake returned SECSuccess prematurely. | |
1512 rv = SECFailure; | |
1513 net_error = ERR_SSL_PROTOCOL_ERROR; | |
1514 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
1515 make_scoped_refptr(new SSLErrorParams(net_error, 0))); | |
1516 } | 1888 } |
1889 // Done! | |
1517 } else { | 1890 } else { |
1518 PRErrorCode prerr = PR_GetError(); | 1891 PRErrorCode prerr = PR_GetError(); |
1519 net_error = HandleNSSError(prerr, true); | 1892 net_error = HandleNSSError(prerr, true); |
1520 | 1893 |
1521 // If not done, stay in this state | 1894 // If not done, stay in this state |
1522 if (net_error == ERR_IO_PENDING) { | 1895 if (net_error == ERR_IO_PENDING) { |
1523 GotoState(STATE_HANDSHAKE); | 1896 GotoState(STATE_HANDSHAKE); |
1524 } else { | 1897 } else { |
1525 net_log_.AddEvent( | 1898 PostOrRunCallback(base::Bind( |
1899 &BoundNetLog::AddEvent, weak_net_log_, | |
1526 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1900 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
1527 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); | 1901 make_scoped_refptr(new SSLErrorParams(net_error, prerr)))); |
1528 } | 1902 } |
1529 } | 1903 } |
1530 | 1904 |
1531 LeaveFunction(""); | |
1532 return net_error; | 1905 return net_error; |
1533 } | 1906 } |
1534 | 1907 |
1535 int SSLClientSocketNSS::ImportDBCertAndKey(CERTCertificate** cert, | 1908 int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) { |
1536 SECKEYPrivateKey** key) { | 1909 SECStatus rv; |
1537 // Set the certificate. | 1910 PostOrRunCallback(base::Bind( |
1538 SECItem cert_item; | 1911 &BoundNetLog::EndEventWithNetErrorCode, weak_net_log_, |
1539 cert_item.data = (unsigned char*) domain_bound_cert_.data(); | 1912 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, result)); |
1540 cert_item.len = domain_bound_cert_.size(); | |
1541 *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), | |
1542 &cert_item, | |
1543 NULL, | |
1544 PR_FALSE, | |
1545 PR_TRUE); | |
1546 if (*cert == NULL) | |
1547 return MapNSSError(PORT_GetError()); | |
1548 | 1913 |
1549 // Set the private key. | |
1550 switch (domain_bound_cert_type_) { | |
1551 case CLIENT_CERT_ECDSA_SIGN: { | |
1552 SECKEYPublicKey* public_key = NULL; | |
1553 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | |
1554 ServerBoundCertService::kEPKIPassword, | |
1555 reinterpret_cast<const unsigned char*>( | |
1556 domain_bound_private_key_.data()), | |
1557 domain_bound_private_key_.size(), | |
1558 &(*cert)->subjectPublicKeyInfo, | |
1559 false, | |
1560 false, | |
1561 key, | |
1562 &public_key)) { | |
1563 CERT_DestroyCertificate(*cert); | |
1564 *cert = NULL; | |
1565 return MapNSSError(PORT_GetError()); | |
1566 } | |
1567 SECKEY_DestroyPublicKey(public_key); | |
1568 break; | |
1569 } | |
1570 | |
1571 default: | |
1572 NOTREACHED(); | |
1573 return ERR_INVALID_ARGUMENT; | |
1574 } | |
1575 | |
1576 return OK; | |
1577 } | |
1578 | |
1579 int SSLClientSocketNSS::DoGetDBCertComplete(int result) { | |
1580 SECStatus rv; | |
1581 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, | |
1582 result); | |
1583 client_auth_cert_needed_ = false; | 1914 client_auth_cert_needed_ = false; |
1584 domain_bound_cert_request_handle_ = NULL; | 1915 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE; |
1585 | 1916 |
1586 if (result != OK) { | 1917 if (result != OK) { |
1587 // Failed to get a DBC. Proceed without. | 1918 // Failed to get a DBC. Proceed without. |
1588 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, NULL, NULL, NULL); | 1919 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, NULL, NULL, NULL); |
1589 if (rv != SECSuccess) | 1920 if (rv != SECSuccess) |
1590 return MapNSSError(PORT_GetError()); | 1921 return MapNSSError(PORT_GetError()); |
1922 | |
1591 GotoState(STATE_HANDSHAKE); | 1923 GotoState(STATE_HANDSHAKE); |
1592 return OK; | 1924 return OK; |
1593 } | 1925 } |
1594 | 1926 |
1595 CERTCertificate* cert; | 1927 CERTCertificate* cert; |
1596 SECKEYPrivateKey* key; | 1928 SECKEYPrivateKey* key; |
1597 int error = ImportDBCertAndKey(&cert, &key); | 1929 int error = ImportDBCertAndKey(&cert, &key); |
1598 if (error != OK) | 1930 if (error != OK) |
1599 return error; | 1931 return error; |
1600 | 1932 |
1601 CERTCertificateList* cert_chain = CERT_CertChainFromCert(cert, | 1933 CERTCertificateList* cert_chain = |
1602 certUsageSSLClient, | 1934 CERT_CertChainFromCert(cert, certUsageSSLClient, PR_FALSE); |
1603 PR_FALSE); | 1935 |
1604 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1936 PostOrRunCallback(base::Bind( |
1937 &BoundNetLog::AddEvent, weak_net_log_, | |
1938 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1605 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | 1939 make_scoped_refptr(new NetLogIntegerParameter("cert_count", |
1606 cert_chain->len))); | 1940 cert_chain->len)))); |
1941 | |
1607 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); | 1942 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); |
1608 if (rv != SECSuccess) | 1943 if (rv != SECSuccess) |
1609 return MapNSSError(PORT_GetError()); | 1944 return MapNSSError(PORT_GetError()); |
1610 | 1945 |
1611 GotoState(STATE_HANDSHAKE); | 1946 GotoState(STATE_HANDSHAKE); |
1612 set_domain_bound_cert_type(domain_bound_cert_type_); | |
1613 return OK; | 1947 return OK; |
1614 } | 1948 } |
1615 | 1949 |
1616 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) { | 1950 int SSLClientSocketNSS::Core::DoPayloadRead() { |
1617 DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(), | 1951 DCHECK(OnNSSTaskRunner()); |
1618 server_cert_nss_, | |
1619 host_and_port_.port()); | |
1620 if (r == DNSVR_SUCCESS) { | |
1621 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; | |
1622 local_server_cert_verify_result_.verified_cert = server_cert_; | |
1623 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1624 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
1625 return OK; | |
1626 } | |
1627 | |
1628 GotoState(STATE_VERIFY_CERT); | |
1629 | |
1630 return OK; | |
1631 } | |
1632 | |
1633 int SSLClientSocketNSS::DoVerifyCert(int result) { | |
1634 DCHECK(server_cert_nss_); | |
1635 | |
1636 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
1637 | |
1638 // If the certificate is expected to be bad we can use the | |
1639 // expectation as the cert status. Don't use |server_cert_| here | |
1640 // because it can be set to NULL in case we failed to create | |
1641 // X509Certificate in UpdateServerCert(). This may happen when this | |
1642 // code is used inside sandbox. | |
1643 base::StringPiece der_cert( | |
1644 reinterpret_cast<char*>(server_cert_nss_->derCert.data), | |
1645 server_cert_nss_->derCert.len); | |
1646 CertStatus cert_status; | |
1647 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | |
1648 DCHECK(start_cert_verification_time_.is_null()); | |
1649 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | |
1650 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1651 local_server_cert_verify_result_.Reset(); | |
1652 local_server_cert_verify_result_.cert_status = cert_status; | |
1653 local_server_cert_verify_result_.verified_cert = server_cert_; | |
1654 return OK; | |
1655 } | |
1656 | |
1657 // We may have failed to create X509Certificate object if we are | |
1658 // running inside sandbox. | |
1659 if (!server_cert_) { | |
1660 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1661 local_server_cert_verify_result_.Reset(); | |
1662 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | |
1663 return ERR_CERT_INVALID; | |
1664 } | |
1665 | |
1666 start_cert_verification_time_ = base::TimeTicks::Now(); | |
1667 | |
1668 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() && | |
1669 predicted_cert_chain_correct_) { | |
1670 // If the SSLHostInfo had a prediction for the certificate chain of this | |
1671 // server then it will have optimistically started a verification of that | |
1672 // chain. So, if the prediction was correct, we should wait for that | |
1673 // verification to finish rather than start our own. | |
1674 net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL); | |
1675 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2); | |
1676 base::TimeTicks end_time = ssl_host_info_->verification_end_time(); | |
1677 if (end_time.is_null()) | |
1678 end_time = base::TimeTicks::Now(); | |
1679 UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved", | |
1680 end_time - ssl_host_info_->verification_start_time()); | |
1681 server_cert_verify_result_ = &ssl_host_info_->cert_verify_result(); | |
1682 return ssl_host_info_->WaitForCertVerification( | |
1683 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
1684 base::Unretained(this))); | |
1685 } else { | |
1686 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | |
1687 } | |
1688 | |
1689 int flags = 0; | |
1690 if (ssl_config_.rev_checking_enabled) | |
1691 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | |
1692 if (ssl_config_.verify_ev_cert) | |
1693 flags |= X509Certificate::VERIFY_EV_CERT; | |
1694 if (ssl_config_.cert_io_enabled) | |
1695 flags |= X509Certificate::VERIFY_CERT_IO_ENABLED; | |
1696 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | |
1697 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1698 return verifier_->Verify( | |
1699 server_cert_, host_and_port_.host(), flags, | |
1700 SSLConfigService::GetCRLSet(), | |
1701 &local_server_cert_verify_result_, | |
1702 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
1703 base::Unretained(this)), | |
1704 net_log_); | |
1705 } | |
1706 | |
1707 // Derived from AuthCertificateCallback() in | |
1708 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | |
1709 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | |
1710 verifier_.reset(); | |
1711 | |
1712 if (!start_cert_verification_time_.is_null()) { | |
1713 base::TimeDelta verify_time = | |
1714 base::TimeTicks::Now() - start_cert_verification_time_; | |
1715 if (result == OK) | |
1716 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | |
1717 else | |
1718 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | |
1719 } | |
1720 | |
1721 // We used to remember the intermediate CA certs in the NSS database | |
1722 // persistently. However, NSS opens a connection to the SQLite database | |
1723 // during NSS initialization and doesn't close the connection until NSS | |
1724 // shuts down. If the file system where the database resides is gone, | |
1725 // the database connection goes bad. What's worse, the connection won't | |
1726 // recover when the file system comes back. Until this NSS or SQLite bug | |
1727 // is fixed, we need to avoid using the NSS database for non-essential | |
1728 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and | |
1729 // http://crbug.com/15630 for more info. | |
1730 | |
1731 // TODO(hclam): Skip logging if server cert was expected to be bad because | |
1732 // |server_cert_verify_result_| doesn't contain all the information about | |
1733 // the cert. | |
1734 if (result == OK) | |
1735 LogConnectionTypeMetrics(); | |
1736 | |
1737 completed_handshake_ = true; | |
1738 | |
1739 if (!user_read_callback_.is_null()) { | |
1740 int rv = DoReadLoop(OK); | |
1741 if (rv != ERR_IO_PENDING) | |
1742 DoReadCallback(rv); | |
1743 } | |
1744 | |
1745 #if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID) | |
1746 // Take care of any mandates for public key pinning. | |
1747 // | |
1748 // Pinning is only enabled for official builds to make sure that others don't | |
1749 // end up with pins that cannot be easily updated. | |
1750 // | |
1751 // TODO(agl): we might have an issue here where a request for foo.example.com | |
1752 // merges into a SPDY connection to www.example.com, and gets a different | |
1753 // certificate. | |
1754 | |
1755 const CertStatus cert_status = server_cert_verify_result_->cert_status; | |
1756 if ((result == OK || (IsCertificateError(result) && | |
1757 IsCertStatusMinorError(cert_status))) && | |
1758 server_cert_verify_result_->is_issued_by_known_root && | |
1759 transport_security_state_) { | |
1760 bool sni_available = | |
1761 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | |
1762 ssl_config_.version_fallback; | |
1763 const std::string& host = host_and_port_.host(); | |
1764 | |
1765 TransportSecurityState::DomainState domain_state; | |
1766 if (transport_security_state_->GetDomainState(host, sni_available, | |
1767 &domain_state) && | |
1768 domain_state.HasPins()) { | |
1769 if (!domain_state.IsChainOfPublicKeysPermitted( | |
1770 server_cert_verify_result_->public_key_hashes)) { | |
1771 const base::Time build_time = base::GetBuildTime(); | |
1772 // Pins are not enforced if the build is sufficiently old. Chrome | |
1773 // users should get updates every six weeks or so, but it's possible | |
1774 // that some users will stop getting updates for some reason. We | |
1775 // don't want those users building up as a pool of people with bad | |
1776 // pins. | |
1777 if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) { | |
1778 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | |
1779 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | |
1780 TransportSecurityState::ReportUMAOnPinFailure(host); | |
1781 } | |
1782 } else { | |
1783 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | |
1784 } | |
1785 } | |
1786 } | |
1787 #endif | |
1788 | |
1789 // Exit DoHandshakeLoop and return the result to the caller to Connect. | |
1790 DCHECK(next_handshake_state_ == STATE_NONE); | |
1791 return result; | |
1792 } | |
1793 | |
1794 int SSLClientSocketNSS::DoPayloadRead() { | |
1795 EnterFunction(user_read_buf_len_); | |
1796 DCHECK(user_read_buf_); | 1952 DCHECK(user_read_buf_); |
1797 DCHECK_GT(user_read_buf_len_, 0); | 1953 DCHECK_GT(user_read_buf_len_, 0); |
1954 | |
1798 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); | 1955 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); |
1799 if (client_auth_cert_needed_) { | 1956 if (client_auth_cert_needed_) { |
1800 // We don't need to invalidate the non-client-authenticated SSL session | 1957 // We don't need to invalidate the non-client-authenticated SSL session |
1801 // because the server will renegotiate anyway. | 1958 // because the server will renegotiate anyway. |
1802 LeaveFunction(""); | |
1803 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1959 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
1804 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 1960 PostOrRunCallback(base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
1805 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 1961 NetLog::TYPE_SSL_READ_ERROR, |
1962 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | |
wtc
2012/05/30 22:54:29
Nit: align these parameters with the opening paren
| |
1806 return rv; | 1963 return rv; |
1807 } | 1964 } |
1808 if (rv >= 0) { | 1965 if (rv >= 0) { |
1809 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | 1966 PostOrRunCallback( |
1810 user_read_buf_->data()); | 1967 base::Bind(&LogByteTransferEvent, weak_net_log_, |
1811 LeaveFunction(""); | 1968 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, |
1969 scoped_refptr<IOBuffer>(user_read_buf_))); | |
1812 return rv; | 1970 return rv; |
1813 } | 1971 } |
1814 PRErrorCode prerr = PR_GetError(); | 1972 PRErrorCode prerr = PR_GetError(); |
1815 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1973 if (prerr == PR_WOULD_BLOCK_ERROR) |
1816 LeaveFunction(""); | |
1817 return ERR_IO_PENDING; | 1974 return ERR_IO_PENDING; |
1818 } | 1975 |
1819 LeaveFunction(""); | |
1820 rv = HandleNSSError(prerr, false); | 1976 rv = HandleNSSError(prerr, false); |
1821 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 1977 PostOrRunCallback(base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
1822 make_scoped_refptr(new SSLErrorParams(rv, prerr))); | 1978 NetLog::TYPE_SSL_READ_ERROR, |
1979 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); | |
1823 return rv; | 1980 return rv; |
1824 } | 1981 } |
1825 | 1982 |
1826 int SSLClientSocketNSS::DoPayloadWrite() { | 1983 int SSLClientSocketNSS::Core::DoPayloadWrite() { |
1827 EnterFunction(user_write_buf_len_); | 1984 DCHECK(OnNSSTaskRunner()); |
1985 | |
1828 DCHECK(user_write_buf_); | 1986 DCHECK(user_write_buf_); |
1987 | |
1829 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | 1988 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); |
1830 if (rv >= 0) { | 1989 if (rv >= 0) { |
1831 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1990 PostOrRunCallback(base::Bind( |
1832 user_write_buf_->data()); | 1991 &LogByteTransferEvent, weak_net_log_, |
1833 LeaveFunction(""); | 1992 NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
1993 scoped_refptr<IOBuffer>(user_write_buf_))); | |
1834 return rv; | 1994 return rv; |
1835 } | 1995 } |
1836 PRErrorCode prerr = PR_GetError(); | 1996 PRErrorCode prerr = PR_GetError(); |
1837 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1997 if (prerr == PR_WOULD_BLOCK_ERROR) |
1838 LeaveFunction(""); | |
1839 return ERR_IO_PENDING; | 1998 return ERR_IO_PENDING; |
1840 } | 1999 |
1841 LeaveFunction(""); | |
1842 rv = HandleNSSError(prerr, false); | 2000 rv = HandleNSSError(prerr, false); |
1843 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | 2001 PostOrRunCallback(base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
1844 make_scoped_refptr(new SSLErrorParams(rv, prerr))); | 2002 NetLog::TYPE_SSL_WRITE_ERROR, |
2003 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); | |
1845 return rv; | 2004 return rv; |
1846 } | 2005 } |
1847 | 2006 |
1848 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { | |
1849 UpdateConnectionTypeHistograms(CONNECTION_SSL); | |
1850 if (server_cert_verify_result_->has_md5) | |
1851 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); | |
1852 if (server_cert_verify_result_->has_md2) | |
1853 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); | |
1854 if (server_cert_verify_result_->has_md4) | |
1855 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); | |
1856 if (server_cert_verify_result_->has_md5_ca) | |
1857 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); | |
1858 if (server_cert_verify_result_->has_md2_ca) | |
1859 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | |
1860 int ssl_version = SSLConnectionStatusToVersion(ssl_connection_status_); | |
1861 switch (ssl_version) { | |
1862 case SSL_CONNECTION_VERSION_SSL2: | |
1863 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2); | |
1864 break; | |
1865 case SSL_CONNECTION_VERSION_SSL3: | |
1866 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3); | |
1867 break; | |
1868 case SSL_CONNECTION_VERSION_TLS1: | |
1869 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1); | |
1870 break; | |
1871 case SSL_CONNECTION_VERSION_TLS1_1: | |
1872 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | |
1873 break; | |
1874 case SSL_CONNECTION_VERSION_TLS1_2: | |
1875 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | |
1876 break; | |
1877 }; | |
1878 } | |
1879 | |
1880 // SaveSSLHostInfo saves the certificate chain of the connection so that we can | |
1881 // start verification faster in the future. | |
1882 void SSLClientSocketNSS::SaveSSLHostInfo() { | |
1883 if (!ssl_host_info_.get()) | |
1884 return; | |
1885 | |
1886 // If the SSLHostInfo hasn't managed to load from disk yet then we can't save | |
1887 // anything. | |
1888 if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK) | |
1889 return; | |
1890 | |
1891 SSLHostInfo::State* state = ssl_host_info_->mutable_state(); | |
1892 | |
1893 state->certs.clear(); | |
1894 PeerCertificateChain certs(nss_fd_); | |
1895 for (unsigned i = 0; i < certs.size(); i++) { | |
1896 if (certs[i]->derCert.len > std::numeric_limits<uint16>::max()) | |
1897 return; | |
1898 | |
1899 state->certs.push_back(std::string( | |
1900 reinterpret_cast<char*>(certs[i]->derCert.data), | |
1901 certs[i]->derCert.len)); | |
1902 } | |
1903 | |
1904 ssl_host_info_->Persist(); | |
1905 } | |
1906 | |
1907 // Do as much network I/O as possible between the buffer and the | 2007 // Do as much network I/O as possible between the buffer and the |
1908 // transport socket. Return true if some I/O performed, false | 2008 // transport socket. Return true if some I/O performed, false |
1909 // otherwise (error or ERR_IO_PENDING). | 2009 // otherwise (error or ERR_IO_PENDING). |
1910 bool SSLClientSocketNSS::DoTransportIO() { | 2010 bool SSLClientSocketNSS::Core::DoTransportIO() { |
1911 EnterFunction(""); | 2011 DCHECK(OnNSSTaskRunner()); |
2012 | |
1912 bool network_moved = false; | 2013 bool network_moved = false; |
1913 if (nss_bufs_ != NULL) { | 2014 if (nss_bufs_ != NULL) { |
1914 int rv; | 2015 int rv; |
1915 // Read and write as much data as we can. The loop is neccessary | 2016 // Read and write as much data as we can. The loop is neccessary |
1916 // because Write() may return synchronously. | 2017 // because Write() may return synchronously. |
1917 do { | 2018 do { |
1918 rv = BufferSend(); | 2019 rv = BufferSend(); |
1919 if (rv > 0) | 2020 if (rv > 0) |
1920 network_moved = true; | 2021 network_moved = true; |
1921 } while (rv > 0); | 2022 } while (rv > 0); |
1922 if (!transport_recv_eof_ && BufferRecv() >= 0) | 2023 if (!transport_recv_eof_ && BufferRecv() >= 0) |
1923 network_moved = true; | 2024 network_moved = true; |
1924 } | 2025 } |
1925 LeaveFunction(network_moved); | |
1926 return network_moved; | 2026 return network_moved; |
1927 } | 2027 } |
1928 | 2028 |
2029 int SSLClientSocketNSS::Core::BufferRecv() { | |
2030 DCHECK(OnNSSTaskRunner()); | |
2031 | |
2032 if (transport_recv_busy_) | |
2033 return ERR_IO_PENDING; | |
2034 | |
2035 char* buf; | |
2036 int nb = memio_GetReadParams(nss_bufs_, &buf); | |
2037 int rv; | |
2038 if (!nb) { | |
2039 // buffer too full to read into, so no I/O possible at moment | |
2040 rv = ERR_IO_PENDING; | |
2041 } else { | |
2042 scoped_refptr<IOBuffer> read_buffer(new IOBuffer(nb)); | |
2043 if (OnNetworkTaskRunner()) { | |
2044 rv = DoBufferRecv(read_buffer, nb); | |
2045 } else { | |
2046 bool posted = network_task_runner_->PostTask( | |
2047 FROM_HERE, | |
2048 base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer, | |
2049 nb)); | |
2050 rv = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; | |
2051 } | |
2052 | |
2053 if (rv == ERR_IO_PENDING) { | |
2054 transport_recv_busy_ = true; | |
2055 } else { | |
2056 if (rv > 0) { | |
2057 memcpy(buf, read_buffer->data(), rv); | |
2058 } else if (rv == 0) { | |
2059 transport_recv_eof_ = true; | |
2060 } | |
2061 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv)); | |
2062 } | |
2063 } | |
2064 return rv; | |
2065 } | |
2066 | |
1929 // Return 0 for EOF, | 2067 // Return 0 for EOF, |
1930 // > 0 for bytes transferred immediately, | 2068 // > 0 for bytes transferred immediately, |
1931 // < 0 for error (or the non-error ERR_IO_PENDING). | 2069 // < 0 for error (or the non-error ERR_IO_PENDING). |
1932 int SSLClientSocketNSS::BufferSend() { | 2070 int SSLClientSocketNSS::Core::BufferSend() { |
2071 DCHECK(OnNSSTaskRunner()); | |
2072 | |
1933 if (transport_send_busy_) | 2073 if (transport_send_busy_) |
1934 return ERR_IO_PENDING; | 2074 return ERR_IO_PENDING; |
1935 | 2075 |
1936 EnterFunction(""); | |
1937 const char* buf1; | 2076 const char* buf1; |
1938 const char* buf2; | 2077 const char* buf2; |
1939 unsigned int len1, len2; | 2078 unsigned int len1, len2; |
1940 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); | 2079 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); |
1941 const unsigned int len = len1 + len2; | 2080 const unsigned int len = len1 + len2; |
1942 | 2081 |
1943 int rv = 0; | 2082 int rv = 0; |
1944 if (len) { | 2083 if (len) { |
1945 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); | 2084 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); |
1946 memcpy(send_buffer->data(), buf1, len1); | 2085 memcpy(send_buffer->data(), buf1, len1); |
1947 memcpy(send_buffer->data() + len1, buf2, len2); | 2086 memcpy(send_buffer->data() + len1, buf2, len2); |
1948 rv = transport_->socket()->Write( | 2087 |
1949 send_buffer, len, | 2088 if (OnNetworkTaskRunner()) { |
1950 base::Bind(&SSLClientSocketNSS::BufferSendComplete, | 2089 rv = DoBufferSend(send_buffer, len); |
1951 base::Unretained(this))); | 2090 } else { |
2091 bool posted = network_task_runner_->PostTask( | |
2092 FROM_HERE, | |
2093 base::Bind(IgnoreResult(&Core::DoBufferSend), this, send_buffer, | |
2094 len)); | |
2095 rv = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; | |
2096 } | |
2097 | |
1952 if (rv == ERR_IO_PENDING) { | 2098 if (rv == ERR_IO_PENDING) { |
1953 transport_send_busy_ = true; | 2099 transport_send_busy_ = true; |
1954 } else { | 2100 } else { |
1955 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); | 2101 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); |
1956 } | 2102 } |
1957 } | 2103 } |
1958 | 2104 |
1959 LeaveFunction(rv); | |
1960 return rv; | 2105 return rv; |
1961 } | 2106 } |
1962 | 2107 |
1963 void SSLClientSocketNSS::BufferSendComplete(int result) { | 2108 void SSLClientSocketNSS::Core::OnRecvComplete(int result) { |
1964 EnterFunction(result); | 2109 DCHECK(OnNSSTaskRunner()); |
1965 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result)); | 2110 |
1966 transport_send_busy_ = false; | 2111 if (next_handshake_state_ == STATE_HANDSHAKE) { |
1967 OnSendComplete(result); | 2112 OnHandshakeIOComplete(result); |
2113 return; | |
2114 } | |
2115 | |
2116 // Network layer received some data, check if client requested to read | |
2117 // decrypted data. | |
2118 if (!user_read_buf_) | |
2119 return; | |
2120 | |
2121 int rv = DoReadLoop(result); | |
2122 if (rv != ERR_IO_PENDING) | |
2123 DoReadCallback(rv); | |
2124 } | |
2125 | |
2126 void SSLClientSocketNSS::Core::OnSendComplete(int result) { | |
2127 DCHECK(OnNSSTaskRunner()); | |
2128 | |
2129 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
2130 OnHandshakeIOComplete(result); | |
2131 return; | |
2132 } | |
2133 | |
2134 // OnSendComplete may need to call DoPayloadRead while the renegotiation | |
2135 // handshake is in progress. | |
2136 int rv_read = ERR_IO_PENDING; | |
2137 int rv_write = ERR_IO_PENDING; | |
2138 bool network_moved; | |
2139 do { | |
2140 if (user_read_buf_) | |
2141 rv_read = DoPayloadRead(); | |
2142 if (user_write_buf_) | |
2143 rv_write = DoPayloadWrite(); | |
2144 network_moved = DoTransportIO(); | |
2145 } while (rv_read == ERR_IO_PENDING && | |
2146 rv_write == ERR_IO_PENDING && | |
2147 (user_read_buf_ || user_write_buf_) && | |
2148 network_moved); | |
2149 | |
2150 if (user_read_buf_ && rv_read != ERR_IO_PENDING) | |
2151 DoReadCallback(rv_read); | |
2152 if (user_write_buf_ && rv_write != ERR_IO_PENDING) | |
2153 DoWriteCallback(rv_write); | |
2154 } | |
2155 | |
2156 // As part of Connect(), the SSLClientSocketNSS object performs an SSL | |
2157 // handshake. This requires network IO, which in turn calls | |
2158 // BufferRecvComplete() with a non-zero byte count. This byte count eventually | |
2159 // winds its way through the state machine and ends up being passed to the | |
2160 // callback. For Read() and Write(), that's what we want. But for Connect(), | |
2161 // the caller expects OK (i.e. 0) for success. | |
2162 void SSLClientSocketNSS::Core::DoConnectCallback(int rv) { | |
2163 DCHECK(OnNSSTaskRunner()); | |
2164 DCHECK_NE(rv, ERR_IO_PENDING); | |
2165 DCHECK(!user_connect_callback_.is_null()); | |
2166 | |
2167 base::Closure c = base::Bind( | |
2168 base::ResetAndReturn(&user_connect_callback_), | |
2169 rv > OK ? OK : rv); | |
2170 PostOrRunCallback(c); | |
2171 } | |
2172 | |
2173 void SSLClientSocketNSS::Core::DoReadCallback(int rv) { | |
2174 DCHECK(OnNSSTaskRunner()); | |
2175 DCHECK_NE(ERR_IO_PENDING, rv); | |
2176 DCHECK(!user_read_callback_.is_null()); | |
2177 | |
2178 user_read_buf_ = NULL; | |
2179 user_read_buf_len_ = 0; | |
2180 base::Closure c = base::Bind( | |
2181 base::ResetAndReturn(&user_read_callback_), | |
2182 rv); | |
2183 PostOrRunCallback(c); | |
2184 } | |
2185 | |
2186 void SSLClientSocketNSS::Core::DoWriteCallback(int rv) { | |
wtc
2012/05/30 22:54:29
Why does DoWriteCallback not use PostOrRunCallback
Ryan Sleevi
2012/05/30 23:20:10
BUG.
| |
2187 EnterFunction(rv); | |
2188 DCHECK(rv != ERR_IO_PENDING); | |
2189 DCHECK(!user_write_callback_.is_null()); | |
2190 | |
2191 // Since Run may result in Write being called, clear |user_write_callback_| | |
2192 // up front. | |
2193 CompletionCallback c = user_write_callback_; | |
2194 user_write_callback_.Reset(); | |
2195 user_write_buf_ = NULL; | |
2196 user_write_buf_len_ = 0; | |
2197 c.Run(rv); | |
1968 LeaveFunction(""); | 2198 LeaveFunction(""); |
1969 } | 2199 } |
1970 | 2200 |
1971 int SSLClientSocketNSS::BufferRecv() { | 2201 SECStatus SSLClientSocketNSS::Core::DomainBoundClientAuthHandler( |
1972 if (transport_recv_busy_) return ERR_IO_PENDING; | |
1973 | |
1974 char* buf; | |
1975 int nb = memio_GetReadParams(nss_bufs_, &buf); | |
1976 EnterFunction(nb); | |
1977 int rv; | |
1978 if (!nb) { | |
1979 // buffer too full to read into, so no I/O possible at moment | |
1980 rv = ERR_IO_PENDING; | |
1981 } else { | |
1982 recv_buffer_ = new IOBuffer(nb); | |
1983 rv = transport_->socket()->Read( | |
1984 recv_buffer_, nb, | |
1985 base::Bind(&SSLClientSocketNSS::BufferRecvComplete, | |
1986 base::Unretained(this))); | |
1987 if (rv == ERR_IO_PENDING) { | |
1988 transport_recv_busy_ = true; | |
1989 } else { | |
1990 if (rv > 0) { | |
1991 memcpy(buf, recv_buffer_->data(), rv); | |
1992 } else if (rv == 0) { | |
1993 transport_recv_eof_ = true; | |
1994 } | |
1995 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv)); | |
1996 recv_buffer_ = NULL; | |
1997 } | |
1998 } | |
1999 LeaveFunction(rv); | |
2000 return rv; | |
2001 } | |
2002 | |
2003 void SSLClientSocketNSS::BufferRecvComplete(int result) { | |
2004 EnterFunction(result); | |
2005 if (result > 0) { | |
2006 char* buf; | |
2007 memio_GetReadParams(nss_bufs_, &buf); | |
2008 memcpy(buf, recv_buffer_->data(), result); | |
2009 } else if (result == 0) { | |
2010 transport_recv_eof_ = true; | |
2011 } | |
2012 recv_buffer_ = NULL; | |
2013 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result)); | |
2014 transport_recv_busy_ = false; | |
2015 OnRecvComplete(result); | |
2016 LeaveFunction(""); | |
2017 } | |
2018 | |
2019 int SSLClientSocketNSS::HandleNSSError(PRErrorCode nss_error, | |
2020 bool handshake_error) { | |
2021 int net_error = handshake_error ? MapNSSHandshakeError(nss_error) : | |
2022 MapNSSError(nss_error); | |
2023 | |
2024 #if defined(OS_WIN) | |
2025 // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate | |
2026 // os_cert_handle() as an optimization. However, if the certificate | |
2027 // private key is stored on a smart card, and the smart card is removed, | |
2028 // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again, | |
2029 // preventing client certificate authentication. Because the | |
2030 // X509Certificate may outlive the individual SSLClientSocketNSS, due to | |
2031 // caching in X509Certificate, this failure ends up preventing client | |
2032 // certificate authentication with the same certificate for all future | |
2033 // attempts, even after the smart card has been re-inserted. By setting | |
2034 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will | |
2035 // typically be freed. This allows a new HCRYPTPROV to be obtained from | |
2036 // the certificate on the next attempt, which should succeed if the smart | |
2037 // card has been re-inserted, or will typically prompt the user to | |
2038 // re-insert the smart card if not. | |
2039 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || | |
2040 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && | |
2041 ssl_config_.send_client_cert && ssl_config_.client_cert) { | |
2042 CertSetCertificateContextProperty( | |
2043 ssl_config_.client_cert->os_cert_handle(), | |
2044 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); | |
2045 } | |
2046 #endif | |
2047 | |
2048 return net_error; | |
2049 } | |
2050 | |
2051 // static | |
2052 // NSS calls this if an incoming certificate needs to be verified. | |
2053 // Do nothing but return SECSuccess. | |
2054 // This is called only in full handshake mode. | |
2055 // Peer certificate is retrieved in HandshakeCallback() later, which is called | |
2056 // in full handshake mode or in resumption handshake mode. | |
2057 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, | |
2058 PRFileDesc* socket, | |
2059 PRBool checksig, | |
2060 PRBool is_server) { | |
2061 #ifdef SSL_ENABLE_FALSE_START | |
2062 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | |
2063 if (!that->server_cert_nss_) { | |
2064 // Only need to turn off False Start in the initial handshake. Also, it is | |
2065 // unsafe to call SSL_OptionSet in a renegotiation because the "first | |
2066 // handshake" lock isn't already held, which will result in an assertion | |
2067 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet. | |
2068 PRBool npn; | |
2069 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket, | |
2070 ssl_next_proto_nego_xtn, | |
2071 &npn); | |
2072 if (rv != SECSuccess || !npn) { | |
2073 // If the server doesn't support NPN, then we don't do False Start with | |
2074 // it. | |
2075 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); | |
2076 } | |
2077 } | |
2078 #endif | |
2079 | |
2080 // Tell NSS to not verify the certificate. | |
2081 return SECSuccess; | |
2082 } | |
2083 | |
2084 // static | |
2085 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) { | |
2086 // TODO(wtc,mattm): this is temporary while DBC support is changed into | |
2087 // Channel ID. | |
2088 return false; | |
2089 } | |
2090 | |
2091 SECStatus SSLClientSocketNSS::DomainBoundClientAuthHandler( | |
2092 const SECItem* cert_types, | 2202 const SECItem* cert_types, |
2093 CERTCertificate** result_certificate, | 2203 CERTCertificate** result_certificate, |
2094 SECKEYPrivateKey** result_private_key) { | 2204 SECKEYPrivateKey** result_private_key) { |
2205 DCHECK(OnNSSTaskRunner()); | |
2206 | |
2095 domain_bound_cert_xtn_negotiated_ = true; | 2207 domain_bound_cert_xtn_negotiated_ = true; |
2096 | 2208 |
2097 // We have negotiated the domain-bound certificate extension. | 2209 // We have negotiated the domain-bound certificate extension. |
2098 std::string origin = "https://" + host_and_port_.ToString(); | 2210 std::string origin = "https://" + host_and_port_.ToString(); |
2099 std::vector<uint8> requested_cert_types(cert_types->data, | 2211 std::vector<uint8> requested_cert_types(cert_types->data, |
2100 cert_types->data + cert_types->len); | 2212 cert_types->data + cert_types->len); |
2101 net_log_.BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL); | 2213 int error = ERR_UNEXPECTED; |
2102 int error = server_bound_cert_service_->GetDomainBoundCert( | 2214 if (OnNetworkTaskRunner()) { |
2103 origin, | 2215 error = DoGetDomainBoundCert(origin, requested_cert_types); |
2104 requested_cert_types, | 2216 } else { |
2105 &domain_bound_cert_type_, | 2217 bool posted = network_task_runner_->PostTask( |
2106 &domain_bound_private_key_, | 2218 FROM_HERE, |
2107 &domain_bound_cert_, | 2219 base::Bind(IgnoreResult(&Core::DoGetDomainBoundCert), this, origin, |
2108 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | 2220 requested_cert_types)); |
2109 base::Unretained(this)), | 2221 error = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; |
2110 &domain_bound_cert_request_handle_); | 2222 } |
2111 | 2223 |
2112 if (error == ERR_IO_PENDING) { | 2224 if (error == ERR_IO_PENDING) { |
2113 // Asynchronous case. | 2225 // Asynchronous case. |
2114 client_auth_cert_needed_ = true; | 2226 client_auth_cert_needed_ = true; |
2115 return SECWouldBlock; | 2227 return SECWouldBlock; |
2116 } | 2228 } |
2117 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, | 2229 |
2118 error); | 2230 PostOrRunCallback(base::Bind( |
2119 | 2231 &BoundNetLog::EndEventWithNetErrorCode, weak_net_log_, |
2232 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, error)); | |
2120 SECStatus rv = SECSuccess; | 2233 SECStatus rv = SECSuccess; |
2121 if (error == OK) { | 2234 if (error == OK) { |
2122 // Synchronous success. | 2235 // Synchronous success. |
2123 int result = ImportDBCertAndKey(result_certificate, | 2236 int result = ImportDBCertAndKey(result_certificate, result_private_key); |
2124 result_private_key); | 2237 if (result != OK) { |
2125 if (result == OK) { | 2238 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE; |
2126 set_domain_bound_cert_type(domain_bound_cert_type_); | |
2127 } else { | |
2128 rv = SECFailure; | 2239 rv = SECFailure; |
2129 } | 2240 } |
2130 } else { | 2241 } else { |
2131 rv = SECFailure; // Synchronous failure. | 2242 rv = SECFailure; |
2132 } | 2243 } |
2133 | 2244 |
2134 int cert_count = (rv == SECSuccess) ? 1 : 0; | 2245 int cert_count = (rv == SECSuccess) ? 1 : 0; |
2135 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 2246 PostOrRunCallback(base::Bind( |
2247 &BoundNetLog::AddEvent, weak_net_log_, | |
2248 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2136 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | 2249 make_scoped_refptr(new NetLogIntegerParameter("cert_count", |
2137 cert_count))); | 2250 cert_count)))); |
2138 return rv; | 2251 return rv; |
2139 } | 2252 } |
2140 | 2253 |
2141 #if defined(NSS_PLATFORM_CLIENT_AUTH) | 2254 int SSLClientSocketNSS::Core::ImportDBCertAndKey(CERTCertificate** cert, |
2142 // static | 2255 SECKEYPrivateKey** key) { |
2143 // NSS calls this if a client certificate is needed. | 2256 // Set the certificate. |
2144 SECStatus SSLClientSocketNSS::PlatformClientAuthHandler( | 2257 SECItem cert_item; |
2145 void* arg, | 2258 cert_item.data = (unsigned char*) domain_bound_cert_.data(); |
2146 PRFileDesc* socket, | 2259 cert_item.len = domain_bound_cert_.size(); |
2147 CERTDistNames* ca_names, | 2260 *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), |
2148 CERTCertList** result_certs, | 2261 &cert_item, |
2149 void** result_private_key, | 2262 NULL, |
2150 CERTCertificate** result_nss_certificate, | 2263 PR_FALSE, |
2151 SECKEYPrivateKey** result_nss_private_key) { | 2264 PR_TRUE); |
2152 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 2265 if (*cert == NULL) |
2153 | 2266 return MapNSSError(PORT_GetError()); |
2154 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL); | 2267 |
2155 | 2268 // Set the private key. |
2156 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | 2269 switch (domain_bound_cert_type_) { |
2157 | 2270 case CLIENT_CERT_ECDSA_SIGN: { |
2158 // Check if a domain-bound certificate is requested. | 2271 SECKEYPublicKey* public_key = NULL; |
2159 if (DomainBoundCertNegotiated(socket)) { | 2272 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
2160 return that->DomainBoundClientAuthHandler( | 2273 ServerBoundCertService::kEPKIPassword, |
2161 cert_types, result_nss_certificate, result_nss_private_key); | 2274 reinterpret_cast<const unsigned char*>( |
2162 } | 2275 domain_bound_private_key_.data()), |
2163 | 2276 domain_bound_private_key_.size(), |
2164 that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert; | 2277 &(*cert)->subjectPublicKeyInfo, |
2165 #if defined(OS_WIN) | 2278 false, |
2166 if (that->ssl_config_.send_client_cert) { | 2279 false, |
2167 if (that->ssl_config_.client_cert) { | 2280 key, |
2168 PCCERT_CONTEXT cert_context = | 2281 &public_key)) { |
2169 that->ssl_config_.client_cert->os_cert_handle(); | 2282 CERT_DestroyCertificate(*cert); |
2170 | 2283 *cert = NULL; |
2171 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; | 2284 return MapNSSError(PORT_GetError()); |
2172 DWORD key_spec = 0; | |
2173 BOOL must_free = FALSE; | |
2174 BOOL acquired_key = CryptAcquireCertificatePrivateKey( | |
2175 cert_context, CRYPT_ACQUIRE_CACHE_FLAG, NULL, | |
2176 &crypt_prov, &key_spec, &must_free); | |
2177 | |
2178 if (acquired_key) { | |
2179 // Since we passed CRYPT_ACQUIRE_CACHE_FLAG, |must_free| must be false | |
2180 // according to the MSDN documentation. | |
2181 CHECK_EQ(must_free, FALSE); | |
2182 DCHECK_NE(key_spec, CERT_NCRYPT_KEY_SPEC); | |
2183 | |
2184 SECItem der_cert; | |
2185 der_cert.type = siDERCertBuffer; | |
2186 der_cert.data = cert_context->pbCertEncoded; | |
2187 der_cert.len = cert_context->cbCertEncoded; | |
2188 | |
2189 // TODO(rsleevi): Error checking for NSS allocation errors. | |
2190 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB(); | |
2191 CERTCertificate* user_cert = CERT_NewTempCertificate( | |
2192 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | |
2193 if (!user_cert) { | |
2194 // Importing the certificate can fail for reasons including a serial | |
2195 // number collision. See crbug.com/97355. | |
2196 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2197 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2198 return SECFailure; | |
2199 } | |
2200 CERTCertList* cert_chain = CERT_NewCertList(); | |
2201 CERT_AddCertToListTail(cert_chain, user_cert); | |
2202 | |
2203 // Add the intermediates. | |
2204 X509Certificate::OSCertHandles intermediates = | |
2205 that->ssl_config_.client_cert->GetIntermediateCertificates(); | |
2206 for (X509Certificate::OSCertHandles::const_iterator it = | |
2207 intermediates.begin(); it != intermediates.end(); ++it) { | |
2208 der_cert.data = (*it)->pbCertEncoded; | |
2209 der_cert.len = (*it)->cbCertEncoded; | |
2210 | |
2211 CERTCertificate* intermediate = CERT_NewTempCertificate( | |
2212 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | |
2213 if (!intermediate) { | |
2214 CERT_DestroyCertList(cert_chain); | |
2215 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2216 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
2217 0))); | |
2218 return SECFailure; | |
2219 } | |
2220 CERT_AddCertToListTail(cert_chain, intermediate); | |
2221 } | |
2222 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>( | |
2223 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT))); | |
2224 key_context->cbSize = sizeof(*key_context); | |
2225 // NSS will free this context when no longer in use, but the | |
2226 // |must_free| result from CryptAcquireCertificatePrivateKey was false | |
2227 // so we increment the refcount to negate NSS's future decrement. | |
2228 CryptContextAddRef(crypt_prov, NULL, 0); | |
2229 key_context->hCryptProv = crypt_prov; | |
2230 key_context->dwKeySpec = key_spec; | |
2231 *result_private_key = key_context; | |
2232 *result_certs = cert_chain; | |
2233 | |
2234 int cert_count = 1 + intermediates.size(); | |
2235 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2236 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
2237 cert_count))); | |
2238 return SECSuccess; | |
2239 } | 2285 } |
2240 LOG(WARNING) << "Client cert found without private key"; | 2286 SECKEY_DestroyPublicKey(public_key); |
2241 } | |
2242 // Send no client certificate. | |
2243 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2244 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2245 return SECFailure; | |
2246 } | |
2247 | |
2248 that->client_certs_.clear(); | |
2249 | |
2250 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames); | |
2251 for (int i = 0; i < ca_names->nnames; ++i) { | |
2252 issuer_list[i].cbData = ca_names->names[i].len; | |
2253 issuer_list[i].pbData = ca_names->names[i].data; | |
2254 } | |
2255 | |
2256 // Client certificates of the user are in the "MY" system certificate store. | |
2257 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); | |
2258 if (!my_cert_store) { | |
2259 LOG(ERROR) << "Could not open the \"MY\" system certificate store: " | |
2260 << GetLastError(); | |
2261 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2262 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2263 return SECFailure; | |
2264 } | |
2265 | |
2266 // Enumerate the client certificates. | |
2267 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para; | |
2268 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para)); | |
2269 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para); | |
2270 find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH; | |
2271 find_by_issuer_para.cIssuer = ca_names->nnames; | |
2272 find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL; | |
2273 find_by_issuer_para.pfnFindCallback = ClientCertFindCallback; | |
2274 | |
2275 PCCERT_CHAIN_CONTEXT chain_context = NULL; | |
2276 DWORD find_flags = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG | | |
2277 CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG; | |
2278 | |
2279 for (;;) { | |
2280 // Find a certificate chain. | |
2281 chain_context = CertFindChainInStore(my_cert_store, | |
2282 X509_ASN_ENCODING, | |
2283 find_flags, | |
2284 CERT_CHAIN_FIND_BY_ISSUER, | |
2285 &find_by_issuer_para, | |
2286 chain_context); | |
2287 if (!chain_context) { | |
2288 DWORD err = GetLastError(); | |
2289 if (err != CRYPT_E_NOT_FOUND) | |
2290 DLOG(ERROR) << "CertFindChainInStore failed: " << err; | |
2291 break; | 2287 break; |
2292 } | 2288 } |
2293 | 2289 |
2294 // Get the leaf certificate. | 2290 default: |
2295 PCCERT_CONTEXT cert_context = | |
2296 chain_context->rgpChain[0]->rgpElement[0]->pCertContext; | |
2297 // Create a copy the handle, so that we can close the "MY" certificate store | |
2298 // before returning from this function. | |
2299 PCCERT_CONTEXT cert_context2; | |
2300 BOOL ok = CertAddCertificateContextToStore(NULL, cert_context, | |
2301 CERT_STORE_ADD_USE_EXISTING, | |
2302 &cert_context2); | |
2303 if (!ok) { | |
2304 NOTREACHED(); | 2291 NOTREACHED(); |
2305 continue; | 2292 return ERR_INVALID_ARGUMENT; |
2293 } | |
2294 | |
2295 return OK; | |
2296 } | |
2297 | |
2298 void SSLClientSocketNSS::Core::UpdateServerCert() { | |
2299 nss_connection_state_.server_cert_chain.Reset(nss_fd_); | |
2300 nss_connection_state_.server_cert = X509Certificate::CreateFromDERCertChain( | |
2301 nss_connection_state_.server_cert_chain.AsStringPieceVector()); | |
2302 if (nss_connection_state_.server_cert) { | |
2303 PostOrRunCallback(base::Bind( | |
2304 &BoundNetLog::AddEvent, weak_net_log_, | |
2305 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | |
2306 make_scoped_refptr(new X509CertificateNetLogParam( | |
2307 nss_connection_state_.server_cert)))); | |
2308 } | |
2309 } | |
2310 | |
2311 void SSLClientSocketNSS::Core::UpdateConnectionStatus() { | |
2312 SSLChannelInfo channel_info; | |
2313 SECStatus ok = SSL_GetChannelInfo(nss_fd_, | |
2314 &channel_info, sizeof(channel_info)); | |
2315 if (ok == SECSuccess && | |
2316 channel_info.length == sizeof(channel_info) && | |
2317 channel_info.cipherSuite) { | |
2318 nss_connection_state_.ssl_connection_status |= | |
2319 (static_cast<int>(channel_info.cipherSuite) & | |
2320 SSL_CONNECTION_CIPHERSUITE_MASK) << | |
2321 SSL_CONNECTION_CIPHERSUITE_SHIFT; | |
2322 | |
2323 nss_connection_state_.ssl_connection_status |= | |
2324 (static_cast<int>(channel_info.compressionMethod) & | |
2325 SSL_CONNECTION_COMPRESSION_MASK) << | |
2326 SSL_CONNECTION_COMPRESSION_SHIFT; | |
2327 | |
2328 // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS | |
2329 // doesn't support them yet), so we use 0x0302 and 0x0303 directly. | |
2330 int version = SSL_CONNECTION_VERSION_UNKNOWN; | |
2331 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) { | |
2332 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL | |
2333 // version 2. | |
2334 version = SSL_CONNECTION_VERSION_SSL2; | |
2335 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) { | |
2336 version = SSL_CONNECTION_VERSION_SSL3; | |
2337 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) { | |
2338 version = SSL_CONNECTION_VERSION_TLS1; | |
2339 } else if (channel_info.protocolVersion == 0x0302) { | |
2340 version = SSL_CONNECTION_VERSION_TLS1_1; | |
2341 } else if (channel_info.protocolVersion == 0x0303) { | |
2342 version = SSL_CONNECTION_VERSION_TLS1_2; | |
2306 } | 2343 } |
2307 | 2344 nss_connection_state_.ssl_connection_status |= |
2308 // Copy the rest of the chain. Copying the chain stops gracefully if an | 2345 (version & SSL_CONNECTION_VERSION_MASK) << |
2309 // error is encountered, with the partial chain being used as the | 2346 SSL_CONNECTION_VERSION_SHIFT; |
2310 // intermediates, as opposed to failing to consider the client certificate | 2347 } |
2311 // at all. | 2348 |
2312 net::X509Certificate::OSCertHandles intermediates; | 2349 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6. |
2313 for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; i++) { | 2350 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test |
2314 PCCERT_CONTEXT intermediate_copy; | 2351 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension. |
2315 ok = CertAddCertificateContextToStore( | 2352 #if defined(SSL_MAX_EXTENSIONS) |
2316 NULL, chain_context->rgpChain[0]->rgpElement[i]->pCertContext, | 2353 PRBool peer_supports_renego_ext; |
2317 CERT_STORE_ADD_USE_EXISTING, &intermediate_copy); | 2354 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn, |
2318 if (!ok) { | 2355 &peer_supports_renego_ext); |
2319 NOTREACHED(); | 2356 if (ok == SECSuccess) { |
2320 break; | 2357 if (!peer_supports_renego_ext) { |
2321 } | 2358 nss_connection_state_.ssl_connection_status |= |
2322 intermediates.push_back(intermediate_copy); | 2359 SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; |
2360 // Log an informational message if the server does not support secure | |
2361 // renegotiation (RFC 5746). | |
2362 VLOG(1) << "The server " << host_and_port_.ToString() | |
2363 << " does not support the TLS renegotiation_info extension."; | |
2323 } | 2364 } |
2324 | 2365 UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported", |
2325 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 2366 peer_supports_renego_ext, 2); |
2326 cert_context2, intermediates); | 2367 } |
2327 that->client_certs_.push_back(cert); | |
2328 | |
2329 X509Certificate::FreeOSCertHandle(cert_context2); | |
2330 for (net::X509Certificate::OSCertHandles::iterator it = | |
2331 intermediates.begin(); it != intermediates.end(); ++it) { | |
2332 net::X509Certificate::FreeOSCertHandle(*it); | |
2333 } | |
2334 } | |
2335 | |
2336 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG); | |
2337 DCHECK(ok); | |
2338 | |
2339 // Tell NSS to suspend the client authentication. We will then abort the | |
2340 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
2341 return SECWouldBlock; | |
2342 #elif defined(OS_MACOSX) | |
2343 if (that->ssl_config_.send_client_cert) { | |
2344 if (that->ssl_config_.client_cert) { | |
2345 OSStatus os_error = noErr; | |
2346 SecIdentityRef identity = NULL; | |
2347 SecKeyRef private_key = NULL; | |
2348 CFArrayRef chain = | |
2349 that->ssl_config_.client_cert->CreateClientCertificateChain(); | |
2350 if (chain) { | |
2351 identity = reinterpret_cast<SecIdentityRef>( | |
2352 const_cast<void*>(CFArrayGetValueAtIndex(chain, 0))); | |
2353 } | |
2354 if (identity) | |
2355 os_error = SecIdentityCopyPrivateKey(identity, &private_key); | |
2356 | |
2357 if (chain && identity && os_error == noErr) { | |
2358 // TODO(rsleevi): Error checking for NSS allocation errors. | |
2359 *result_certs = CERT_NewCertList(); | |
2360 *result_private_key = private_key; | |
2361 | |
2362 for (CFIndex i = 0; i < CFArrayGetCount(chain); ++i) { | |
2363 CSSM_DATA cert_data; | |
2364 SecCertificateRef cert_ref; | |
2365 if (i == 0) { | |
2366 cert_ref = that->ssl_config_.client_cert->os_cert_handle(); | |
2367 } else { | |
2368 cert_ref = reinterpret_cast<SecCertificateRef>( | |
2369 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); | |
2370 } | |
2371 os_error = SecCertificateGetData(cert_ref, &cert_data); | |
2372 if (os_error != noErr) | |
2373 break; | |
2374 | |
2375 SECItem der_cert; | |
2376 der_cert.type = siDERCertBuffer; | |
2377 der_cert.data = cert_data.Data; | |
2378 der_cert.len = cert_data.Length; | |
2379 CERTCertificate* nss_cert = CERT_NewTempCertificate( | |
2380 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | |
2381 if (!nss_cert) { | |
2382 // In the event of an NSS error we make up an OS error and reuse | |
2383 // the error handling, below. | |
2384 os_error = errSecCreateChainFailed; | |
2385 break; | |
2386 } | |
2387 CERT_AddCertToListTail(*result_certs, nss_cert); | |
2388 } | |
2389 } | |
2390 if (os_error == noErr) { | |
2391 int cert_count = 0; | |
2392 if (chain) { | |
2393 cert_count = CFArrayGetCount(chain); | |
2394 CFRelease(chain); | |
2395 } | |
2396 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2397 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
2398 cert_count))); | |
2399 return SECSuccess; | |
2400 } | |
2401 OSSTATUS_LOG(WARNING, os_error) | |
2402 << "Client cert found, but could not be used"; | |
2403 if (*result_certs) { | |
2404 CERT_DestroyCertList(*result_certs); | |
2405 *result_certs = NULL; | |
2406 } | |
2407 if (*result_private_key) | |
2408 *result_private_key = NULL; | |
2409 if (private_key) | |
2410 CFRelease(private_key); | |
2411 if (chain) | |
2412 CFRelease(chain); | |
2413 } | |
2414 // Send no client certificate. | |
2415 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2416 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2417 return SECFailure; | |
2418 } | |
2419 | |
2420 that->client_certs_.clear(); | |
2421 | |
2422 // First, get the cert issuer names allowed by the server. | |
2423 std::vector<CertPrincipal> valid_issuers; | |
2424 int n = ca_names->nnames; | |
2425 for (int i = 0; i < n; i++) { | |
2426 // Parse each name into a CertPrincipal object. | |
2427 CertPrincipal p; | |
2428 if (p.ParseDistinguishedName(ca_names->names[i].data, | |
2429 ca_names->names[i].len)) { | |
2430 valid_issuers.push_back(p); | |
2431 } | |
2432 } | |
2433 | |
2434 // Now get the available client certs whose issuers are allowed by the server. | |
2435 X509Certificate::GetSSLClientCertificates(that->host_and_port_.host(), | |
2436 valid_issuers, | |
2437 &that->client_certs_); | |
2438 | |
2439 // Tell NSS to suspend the client authentication. We will then abort the | |
2440 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
2441 return SECWouldBlock; | |
2442 #else | |
2443 return SECFailure; | |
2444 #endif | 2368 #endif |
2445 } | 2369 |
2446 | 2370 if (ssl_config_.version_fallback) { |
2447 #else // NSS_PLATFORM_CLIENT_AUTH | 2371 nss_connection_state_.ssl_connection_status |= |
2448 | 2372 SSL_CONNECTION_VERSION_FALLBACK; |
2449 // static | 2373 } |
2450 // NSS calls this if a client certificate is needed. | 2374 } |
2451 // Based on Mozilla's NSS_GetClientAuthData. | 2375 |
2452 SECStatus SSLClientSocketNSS::ClientAuthHandler( | 2376 void SSLClientSocketNSS::Core::RecordDomainBoundCertSupport() const { |
2453 void* arg, | 2377 if (nss_connection_state_.resumed_handshake) |
2454 PRFileDesc* socket, | |
2455 CERTDistNames* ca_names, | |
2456 CERTCertificate** result_certificate, | |
2457 SECKEYPrivateKey** result_private_key) { | |
2458 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | |
2459 | |
2460 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL); | |
2461 | |
2462 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | |
2463 | |
2464 // Check if a domain-bound certificate is requested. | |
2465 if (DomainBoundCertNegotiated(socket)) { | |
2466 return that->DomainBoundClientAuthHandler( | |
2467 cert_types, result_certificate, result_private_key); | |
2468 } | |
2469 | |
2470 // Regular client certificate requested. | |
2471 that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert; | |
2472 void* wincx = SSL_RevealPinArg(socket); | |
2473 | |
2474 // Second pass: a client certificate should have been selected. | |
2475 if (that->ssl_config_.send_client_cert) { | |
2476 if (that->ssl_config_.client_cert) { | |
2477 CERTCertificate* cert = CERT_DupCertificate( | |
2478 that->ssl_config_.client_cert->os_cert_handle()); | |
2479 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx); | |
2480 if (privkey) { | |
2481 // TODO(jsorianopastor): We should wait for server certificate | |
2482 // verification before sending our credentials. See | |
2483 // http://crbug.com/13934. | |
2484 *result_certificate = cert; | |
2485 *result_private_key = privkey; | |
2486 // A cert_count of -1 means the number of certificates is unknown. | |
2487 // NSS will construct the certificate chain. | |
2488 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2489 make_scoped_refptr(new NetLogIntegerParameter("cert_count", -1))); | |
2490 return SECSuccess; | |
2491 } | |
2492 LOG(WARNING) << "Client cert found without private key"; | |
2493 } | |
2494 // Send no client certificate. | |
2495 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2496 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2497 return SECFailure; | |
2498 } | |
2499 | |
2500 // Iterate over all client certificates. | |
2501 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | |
2502 CERT_GetDefaultCertDB(), certUsageSSLClient, | |
2503 PR_FALSE, PR_FALSE, wincx); | |
2504 if (client_certs) { | |
2505 for (CERTCertListNode* node = CERT_LIST_HEAD(client_certs); | |
2506 !CERT_LIST_END(node, client_certs); | |
2507 node = CERT_LIST_NEXT(node)) { | |
2508 // Only offer unexpired certificates. | |
2509 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != | |
2510 secCertTimeValid) | |
2511 continue; | |
2512 // Filter by issuer. | |
2513 // | |
2514 // TODO(davidben): This does a binary comparison of the DER-encoded | |
2515 // issuers. We should match according to RFC 5280 sec. 7.1. We should find | |
2516 // an appropriate NSS function or add one if needbe. | |
2517 if (ca_names->nnames && | |
2518 NSS_CmpCertChainWCANames(node->cert, ca_names) != SECSuccess) | |
2519 continue; | |
2520 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( | |
2521 node->cert, net::X509Certificate::OSCertHandles()); | |
2522 that->client_certs_.push_back(x509_cert); | |
2523 } | |
2524 CERT_DestroyCertList(client_certs); | |
2525 } | |
2526 | |
2527 // Tell NSS to suspend the client authentication. We will then abort the | |
2528 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
2529 return SECWouldBlock; | |
2530 } | |
2531 #endif // NSS_PLATFORM_CLIENT_AUTH | |
2532 | |
2533 void SSLClientSocketNSS::RecordDomainBoundCertSupport() const { | |
2534 PRBool last_handshake_resumed; | |
2535 SECStatus ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); | |
2536 if (ok != SECSuccess || last_handshake_resumed) | |
2537 return; | 2378 return; |
2538 | 2379 |
2539 // Since this enum is used for a histogram, do not change or re-use values. | 2380 // Since this enum is used for a histogram, do not change or re-use values. |
2540 enum { | 2381 enum { |
2541 DISABLED = 0, | 2382 DISABLED = 0, |
2542 CLIENT_ONLY = 1, | 2383 CLIENT_ONLY = 1, |
2543 CLIENT_AND_SERVER = 2, | 2384 CLIENT_AND_SERVER = 2, |
2544 DOMAIN_BOUND_CERT_USAGE_MAX | 2385 DOMAIN_BOUND_CERT_USAGE_MAX |
2545 } supported = DISABLED; | 2386 } supported = DISABLED; |
2546 #ifdef SSL_ENABLE_OB_CERTS | 2387 #ifdef SSL_ENABLE_OB_CERTS |
2547 if (domain_bound_cert_xtn_negotiated_) | 2388 if (domain_bound_cert_xtn_negotiated_) |
2548 supported = CLIENT_AND_SERVER; | 2389 supported = CLIENT_AND_SERVER; |
2549 else if (ssl_config_.domain_bound_certs_enabled) | 2390 else if (ssl_config_.domain_bound_certs_enabled) |
2550 supported = CLIENT_ONLY; | 2391 supported = CLIENT_ONLY; |
2551 #endif | 2392 #endif |
2552 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2393 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
2553 DOMAIN_BOUND_CERT_USAGE_MAX); | 2394 DOMAIN_BOUND_CERT_USAGE_MAX); |
2554 } | 2395 } |
2555 | 2396 |
2397 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) { | |
2398 DCHECK(OnNetworkTaskRunner()); | |
2399 DCHECK_GT(len, 0); | |
2400 | |
2401 if (detached_) | |
2402 return ERR_UNEXPECTED; | |
wtc
2012/05/30 22:54:29
Nit: ERR_ABORTED may be a better error code.
Same
| |
2403 | |
2404 int rv = transport_->socket()->Read( | |
2405 read_buffer, len, | |
2406 base::Bind(&Core::BufferRecvComplete, base::Unretained(this), | |
2407 scoped_refptr<IOBuffer>(read_buffer))); | |
wtc
2012/05/30 22:54:29
Why do you need to use scoped_refptr here? It see
Ryan Sleevi
2012/05/30 23:20:10
This was to avoid any races on read_buffer_ betwee
| |
2408 | |
2409 if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) { | |
2410 nss_task_runner_->PostTask( | |
2411 FROM_HERE, base::Bind(&Core::BufferRecvComplete, this, | |
2412 scoped_refptr<IOBuffer>(read_buffer), rv)); | |
2413 return rv; | |
2414 } | |
2415 | |
2416 return rv; | |
2417 } | |
2418 | |
2419 int SSLClientSocketNSS::Core::DoBufferSend(IOBuffer* send_buffer, int len) { | |
2420 DCHECK(OnNetworkTaskRunner()); | |
2421 DCHECK_GT(len, 0); | |
2422 | |
2423 if (detached_) | |
2424 return ERR_UNEXPECTED; | |
2425 | |
2426 int rv = transport_->socket()->Write( | |
2427 send_buffer, len, | |
2428 base::Bind(&Core::BufferSendComplete, | |
2429 base::Unretained(this))); | |
2430 | |
2431 if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) { | |
2432 nss_task_runner_->PostTask( | |
2433 FROM_HERE, | |
2434 base::Bind(&Core::BufferSendComplete, this, rv)); | |
2435 return rv; | |
2436 } | |
2437 | |
2438 return rv; | |
2439 } | |
2440 | |
2441 int SSLClientSocketNSS::Core::DoGetDomainBoundCert( | |
2442 const std::string& origin, | |
2443 const std::vector<uint8>& requested_cert_types) { | |
2444 DCHECK(OnNetworkTaskRunner()); | |
2445 | |
2446 if (detached_) | |
2447 return ERR_FAILED; | |
wtc
2012/05/30 22:54:29
ERR_ABORTED?
| |
2448 | |
2449 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL); | |
wtc
2012/05/30 22:54:29
Should we check weak_net_log_ != NULL?
Ryan Sleevi
2012/05/30 23:20:10
Do. By virtue of !detached_, we're guaranteed to h
| |
2450 | |
2451 int rv = server_bound_cert_service_->GetDomainBoundCert( | |
2452 origin, | |
2453 requested_cert_types, | |
2454 &domain_bound_cert_type_, | |
2455 &domain_bound_private_key_, | |
2456 &domain_bound_cert_, | |
2457 base::Bind(&Core::OnGetDomainBoundCertComplete, base::Unretained(this)), | |
2458 &domain_bound_cert_request_handle_); | |
2459 | |
2460 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { | |
2461 nss_task_runner_->PostTask( | |
2462 FROM_HERE, | |
2463 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); | |
2464 return ERR_IO_PENDING; | |
2465 } | |
2466 | |
2467 return rv; | |
2468 } | |
2469 | |
2470 void SSLClientSocketNSS::Core::OnConnectionStateUpdated( | |
2471 const ConnectionState& state) { | |
2472 network_connection_state_ = state; | |
2473 } | |
2474 | |
2475 void SSLClientSocketNSS::Core::BufferSendComplete(int result) { | |
2476 if (!OnNSSTaskRunner()) { | |
2477 if (detached_) | |
2478 return; | |
2479 | |
2480 nss_task_runner_->PostTask( | |
2481 FROM_HERE, base::Bind(&Core::BufferSendComplete, this, result)); | |
2482 return; | |
2483 } | |
2484 | |
2485 DCHECK(OnNSSTaskRunner()); | |
2486 | |
2487 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result)); | |
2488 transport_send_busy_ = false; | |
2489 OnSendComplete(result); | |
2490 } | |
2491 | |
2492 void SSLClientSocketNSS::Core::OnHandshakeIOComplete(int result) { | |
2493 if (!OnNSSTaskRunner()) { | |
2494 if (detached_) | |
2495 return; | |
2496 | |
2497 nss_task_runner_->PostTask( | |
2498 FROM_HERE, base::Bind(&Core::OnHandshakeIOComplete, this, result)); | |
2499 return; | |
2500 } | |
2501 | |
2502 DCHECK(OnNSSTaskRunner()); | |
2503 | |
2504 int rv = DoHandshakeLoop(result); | |
2505 if (rv != ERR_IO_PENDING) | |
2506 DoConnectCallback(rv); | |
2507 } | |
2508 | |
2509 void SSLClientSocketNSS::Core::OnGetDomainBoundCertComplete(int result) { | |
2510 DCHECK(OnNetworkTaskRunner()); | |
2511 | |
2512 domain_bound_cert_request_handle_ = NULL; | |
2513 OnHandshakeIOComplete(result); | |
2514 } | |
2515 | |
2516 void SSLClientSocketNSS::Core::BufferRecvComplete( | |
2517 IOBuffer* read_buffer, | |
2518 int result) { | |
2519 DCHECK(read_buffer); | |
2520 | |
2521 if (!OnNSSTaskRunner()) { | |
2522 if (detached_) | |
2523 return; | |
2524 | |
2525 nss_task_runner_->PostTask( | |
2526 FROM_HERE, base::Bind(&Core::BufferRecvComplete, this, | |
2527 scoped_refptr<IOBuffer>(read_buffer), result)); | |
2528 return; | |
2529 } | |
2530 | |
2531 DCHECK(OnNSSTaskRunner()); | |
2532 | |
2533 if (result > 0) { | |
2534 char* buf; | |
2535 int nb = memio_GetReadParams(nss_bufs_, &buf); | |
2536 CHECK_GE(nb, result); | |
2537 memcpy(buf, read_buffer->data(), result); | |
2538 } else if (result == 0) { | |
2539 transport_recv_eof_ = true; | |
2540 } | |
2541 | |
2542 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result)); | |
2543 transport_recv_busy_ = false; | |
2544 OnRecvComplete(result); | |
2545 } | |
2546 | |
2547 void SSLClientSocketNSS::Core::PostOrRunCallback(const base::Closure& task) { | |
2548 if (!OnNetworkTaskRunner()) { | |
2549 network_task_runner_->PostTask( | |
2550 FROM_HERE, task); | |
wtc
2012/05/30 22:54:29
Nit: move this to the previous line.
| |
2551 return; | |
2552 } | |
2553 | |
2554 DCHECK(OnNetworkTaskRunner()); | |
2555 | |
2556 if (detached_ || task.is_null()) | |
2557 return; | |
2558 task.Run(); | |
2559 } | |
2560 | |
2561 SSLClientSocketNSS::SSLClientSocketNSS( | |
2562 base::SingleThreadTaskRunner* network_task_runner, | |
2563 base::SingleThreadTaskRunner* nss_task_runner, | |
2564 ClientSocketHandle* transport_socket, | |
2565 const HostPortPair& host_and_port, | |
2566 const SSLConfig& ssl_config, | |
2567 SSLHostInfo* ssl_host_info, | |
2568 const SSLClientSocketContext& context) | |
2569 : network_task_runner_(network_task_runner), | |
2570 nss_task_runner_(nss_task_runner), | |
2571 transport_(transport_socket), | |
2572 host_and_port_(host_and_port), | |
2573 ssl_config_(ssl_config), | |
2574 server_cert_verify_result_(NULL), | |
2575 cert_verifier_(context.cert_verifier), | |
2576 server_bound_cert_service_(context.server_bound_cert_service), | |
2577 completed_handshake_(false), | |
2578 ssl_session_cache_shard_(context.ssl_session_cache_shard), | |
2579 next_handshake_state_(STATE_NONE), | |
2580 nss_fd_(NULL), | |
2581 net_log_(transport_socket->socket()->NetLog()), | |
2582 ssl_host_info_(ssl_host_info), | |
2583 transport_security_state_(context.transport_security_state), | |
2584 valid_thread_id_(base::kInvalidThreadId) { | |
2585 EnterFunction(""); | |
2586 InitCore(); | |
2587 LeaveFunction(""); | |
2588 } | |
2589 | |
2590 SSLClientSocketNSS::~SSLClientSocketNSS() { | |
2591 EnterFunction(""); | |
2592 Disconnect(); | |
2593 LeaveFunction(""); | |
2594 } | |
2595 | |
2556 // static | 2596 // static |
2557 // NSS calls this when handshake is completed. | 2597 void SSLClientSocket::ClearSessionCache() { |
2558 // After the SSL handshake is finished, use CertVerifier to verify | 2598 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't |
2559 // the saved server certificate. | 2599 // bother initializing NSS just to clear an empty SSL session cache. |
2560 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, | 2600 if (!NSS_IsInitialized()) |
2561 void* arg) { | 2601 return; |
2562 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 2602 |
2563 | 2603 SSL_ClearSessionCache(); |
2564 that->handshake_callback_called_ = true; | 2604 } |
2565 | 2605 |
2566 that->RecordDomainBoundCertSupport(); | 2606 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { |
2567 that->UpdateServerCert(); | 2607 EnterFunction(""); |
2568 that->UpdateConnectionStatus(); | 2608 ssl_info->Reset(); |
2569 } | 2609 if (core_->state().server_cert_chain.size() == 0 || |
2570 | 2610 !core_->state().server_cert_chain[0]) { |
2571 // NextProtoCallback is called by NSS during the handshake, if the server | 2611 return; |
2572 // supports NPN, to select a protocol from the list that the server offered. | 2612 } |
2573 // See the comment in net/third_party/nss/ssl/ssl.h for the meanings of the | 2613 |
2574 // arguments. | 2614 ssl_info->cert_status = server_cert_verify_result_->cert_status; |
2575 // static | 2615 ssl_info->cert = server_cert_verify_result_->verified_cert; |
2576 SECStatus | 2616 ssl_info->connection_status = |
2577 SSLClientSocketNSS::NextProtoCallback(void* arg, | 2617 core_->state().ssl_connection_status; |
2578 PRFileDesc* nss_fd, | 2618 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; |
2579 const unsigned char* protos, | 2619 for (std::vector<SHA1Fingerprint>::const_iterator |
2580 unsigned int protos_len, | 2620 i = side_pinned_public_keys_.begin(); |
2581 unsigned char* proto_out, | 2621 i != side_pinned_public_keys_.end(); i++) { |
2582 unsigned int* proto_out_len, | 2622 ssl_info->public_key_hashes.push_back(*i); |
2583 unsigned int proto_max_len) { | 2623 } |
2584 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 2624 ssl_info->is_issued_by_known_root = |
2585 | 2625 server_cert_verify_result_->is_issued_by_known_root; |
2586 // For each protocol in server preference, see if we support it. | 2626 ssl_info->client_cert_sent = WasDomainBoundCertSent() || |
2587 for (unsigned int i = 0; i < protos_len; ) { | 2627 (ssl_config_.send_client_cert && ssl_config_.client_cert); |
2588 const size_t len = protos[i]; | 2628 |
2589 for (std::vector<std::string>::const_iterator | 2629 PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite( |
2590 j = that->ssl_config_.next_protos.begin(); | 2630 core_->state().ssl_connection_status); |
2591 j != that->ssl_config_.next_protos.end(); j++) { | 2631 SSLCipherSuiteInfo cipher_info; |
2592 // Having very long elements in the |next_protos| vector isn't a disaster | 2632 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, |
2593 // because they'll never be selected, but it does indicate an error | 2633 &cipher_info, sizeof(cipher_info)); |
2594 // somewhere. | 2634 if (ok == SECSuccess) { |
2595 DCHECK_LT(j->size(), 256u); | 2635 ssl_info->security_bits = cipher_info.effectiveKeyBits; |
2596 | 2636 } else { |
2597 if (j->size() == len && | 2637 ssl_info->security_bits = -1; |
2598 memcmp(&protos[i + 1], j->data(), len) == 0) { | 2638 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() |
2599 that->next_proto_status_ = kNextProtoNegotiated; | 2639 << " for cipherSuite " << cipher_suite; |
2600 that->next_proto_ = *j; | 2640 } |
2641 | |
2642 ssl_info->handshake_type = core_->state().resumed_handshake ? | |
2643 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL; | |
2644 | |
2645 LeaveFunction(""); | |
2646 } | |
2647 | |
2648 void SSLClientSocketNSS::GetSSLCertRequestInfo( | |
2649 SSLCertRequestInfo* cert_request_info) { | |
2650 EnterFunction(""); | |
2651 // TODO(rch): switch SSLCertRequestInfo.host_and_port to a HostPortPair | |
2652 cert_request_info->host_and_port = host_and_port_.ToString(); | |
2653 cert_request_info->client_certs = core_->state().client_certs; | |
2654 LeaveFunction(cert_request_info->client_certs.size()); | |
2655 } | |
2656 | |
2657 int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, | |
2658 bool has_context, | |
2659 const base::StringPiece& context, | |
2660 unsigned char* out, | |
2661 unsigned int outlen) { | |
2662 if (!IsConnected()) | |
2663 return ERR_SOCKET_NOT_CONNECTED; | |
2664 | |
2665 // SSL_ExportKeyingMaterial may block the current thread if |core_| is in | |
2666 // the midst of a handshake. | |
2667 SECStatus result = SSL_ExportKeyingMaterial( | |
2668 nss_fd_, label.data(), label.size(), has_context, | |
2669 reinterpret_cast<const unsigned char*>(context.data()), | |
2670 context.length(), out, outlen); | |
2671 if (result != SECSuccess) { | |
2672 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); | |
2673 return MapNSSError(PORT_GetError()); | |
2674 } | |
2675 return OK; | |
2676 } | |
2677 | |
2678 SSLClientSocket::NextProtoStatus | |
2679 SSLClientSocketNSS::GetNextProto(std::string* proto, | |
2680 std::string* server_protos) { | |
2681 *proto = core_->state().next_proto; | |
2682 *server_protos = core_->state().server_protos; | |
2683 return core_->state().next_proto_status; | |
2684 } | |
2685 | |
2686 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) { | |
2687 EnterFunction(""); | |
2688 DCHECK(transport_.get()); | |
2689 DCHECK(next_handshake_state_ == STATE_NONE); | |
2690 DCHECK(user_connect_callback_.is_null()); | |
2691 | |
2692 EnsureThreadIdAssigned(); | |
2693 | |
2694 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL); | |
2695 | |
2696 int rv = Init(); | |
2697 if (rv != OK) { | |
2698 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2699 return rv; | |
2700 } | |
2701 | |
2702 rv = InitializeSSLOptions(); | |
2703 if (rv != OK) { | |
2704 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2705 return rv; | |
2706 } | |
2707 | |
2708 rv = InitializeSSLPeerName(); | |
2709 if (rv != OK) { | |
2710 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2711 return rv; | |
2712 } | |
2713 | |
2714 if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) { | |
2715 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
2716 } else { | |
2717 GotoState(STATE_HANDSHAKE); | |
2718 } | |
2719 | |
2720 rv = DoHandshakeLoop(OK); | |
2721 if (rv == ERR_IO_PENDING) { | |
2722 user_connect_callback_ = callback; | |
2723 } else { | |
2724 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2725 } | |
2726 | |
2727 LeaveFunction(""); | |
2728 return rv > OK ? OK : rv; | |
2729 } | |
2730 | |
2731 void SSLClientSocketNSS::Disconnect() { | |
2732 EnterFunction(""); | |
2733 | |
2734 CHECK(CalledOnValidThread()); | |
2735 | |
2736 // Shut down anything that may call us back. | |
2737 core_->Detach(); | |
2738 verifier_.reset(); | |
2739 transport_->socket()->Disconnect(); | |
2740 | |
2741 // Reset object state. | |
2742 user_connect_callback_.Reset(); | |
2743 local_server_cert_verify_result_.Reset(); | |
2744 server_cert_verify_result_ = NULL; | |
2745 completed_handshake_ = false; | |
2746 start_cert_verification_time_ = base::TimeTicks(); | |
2747 InitCore(); | |
2748 | |
2749 LeaveFunction(""); | |
2750 } | |
2751 | |
2752 bool SSLClientSocketNSS::IsConnected() const { | |
2753 // Ideally, we should also check if we have received the close_notify alert | |
2754 // message from the server, and return false in that case. We're not doing | |
2755 // that, so this function may return a false positive. Since the upper | |
2756 // layer (HttpNetworkTransaction) needs to handle a persistent connection | |
2757 // closed by the server when we send a request anyway, a false positive in | |
2758 // exchange for simpler code is a good trade-off. | |
2759 EnterFunction(""); | |
2760 bool ret = completed_handshake_ && transport_->socket()->IsConnected(); | |
2761 LeaveFunction(""); | |
2762 return ret; | |
2763 } | |
2764 | |
2765 bool SSLClientSocketNSS::IsConnectedAndIdle() const { | |
2766 // Unlike IsConnected, this method doesn't return a false positive. | |
2767 // | |
2768 // Strictly speaking, we should check if we have received the close_notify | |
2769 // alert message from the server, and return false in that case. Although | |
2770 // the close_notify alert message means EOF in the SSL layer, it is just | |
2771 // bytes to the transport layer below, so | |
2772 // transport_->socket()->IsConnectedAndIdle() returns the desired false | |
2773 // when we receive close_notify. | |
2774 EnterFunction(""); | |
2775 bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle(); | |
2776 LeaveFunction(""); | |
2777 return ret; | |
2778 } | |
2779 | |
2780 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const { | |
2781 return transport_->socket()->GetPeerAddress(address); | |
2782 } | |
2783 | |
2784 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const { | |
2785 return transport_->socket()->GetLocalAddress(address); | |
2786 } | |
2787 | |
2788 const BoundNetLog& SSLClientSocketNSS::NetLog() const { | |
2789 return net_log_; | |
2790 } | |
2791 | |
2792 void SSLClientSocketNSS::SetSubresourceSpeculation() { | |
2793 if (transport_.get() && transport_->socket()) { | |
2794 transport_->socket()->SetSubresourceSpeculation(); | |
2795 } else { | |
2796 NOTREACHED(); | |
2797 } | |
2798 } | |
2799 | |
2800 void SSLClientSocketNSS::SetOmniboxSpeculation() { | |
2801 if (transport_.get() && transport_->socket()) { | |
2802 transport_->socket()->SetOmniboxSpeculation(); | |
2803 } else { | |
2804 NOTREACHED(); | |
2805 } | |
2806 } | |
2807 | |
2808 bool SSLClientSocketNSS::WasEverUsed() const { | |
2809 if (transport_.get() && transport_->socket()) { | |
2810 return transport_->socket()->WasEverUsed(); | |
2811 } | |
2812 NOTREACHED(); | |
2813 return false; | |
2814 } | |
2815 | |
2816 bool SSLClientSocketNSS::UsingTCPFastOpen() const { | |
2817 if (transport_.get() && transport_->socket()) { | |
2818 return transport_->socket()->UsingTCPFastOpen(); | |
2819 } | |
2820 NOTREACHED(); | |
2821 return false; | |
2822 } | |
2823 | |
2824 int64 SSLClientSocketNSS::NumBytesRead() const { | |
2825 if (transport_.get() && transport_->socket()) { | |
2826 return transport_->socket()->NumBytesRead(); | |
2827 } | |
2828 NOTREACHED(); | |
2829 return -1; | |
2830 } | |
2831 | |
2832 base::TimeDelta SSLClientSocketNSS::GetConnectTimeMicros() const { | |
2833 if (transport_.get() && transport_->socket()) { | |
2834 return transport_->socket()->GetConnectTimeMicros(); | |
2835 } | |
2836 NOTREACHED(); | |
2837 return base::TimeDelta::FromMicroseconds(-1); | |
2838 } | |
2839 | |
2840 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, | |
2841 const CompletionCallback& callback) { | |
2842 DCHECK(core_); | |
2843 | |
2844 EnterFunction(buf_len); | |
2845 int rv = core_->Read(buf, buf_len, callback); | |
2846 LeaveFunction(rv); | |
2847 | |
2848 return rv; | |
2849 } | |
2850 | |
2851 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, | |
2852 const CompletionCallback& callback) { | |
2853 DCHECK(core_); | |
2854 | |
2855 EnterFunction(buf_len); | |
2856 int rv = core_->Write(buf, buf_len, callback); | |
2857 LeaveFunction(rv); | |
2858 | |
2859 return rv; | |
2860 } | |
2861 | |
2862 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { | |
2863 return transport_->socket()->SetReceiveBufferSize(size); | |
2864 } | |
2865 | |
2866 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) { | |
2867 return transport_->socket()->SetSendBufferSize(size); | |
2868 } | |
2869 | |
2870 int SSLClientSocketNSS::Init() { | |
2871 EnterFunction(""); | |
2872 // Initialize the NSS SSL library in a threadsafe way. This also | |
2873 // initializes the NSS base library. | |
2874 EnsureNSSSSLInit(); | |
2875 if (!NSS_IsInitialized()) | |
2876 return ERR_UNEXPECTED; | |
2877 #if !defined(OS_MACOSX) && !defined(OS_WIN) | |
2878 if (ssl_config_.cert_io_enabled) { | |
2879 // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO | |
2880 // loop by MessageLoopForIO::current(). | |
2881 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | |
2882 EnsureNSSHttpIOInit(); | |
2883 } | |
2884 #endif | |
2885 | |
2886 LeaveFunction(""); | |
2887 return OK; | |
2888 } | |
2889 | |
2890 void SSLClientSocketNSS::InitCore() { | |
2891 core_ = new Core(network_task_runner_, nss_task_runner_, transport_.get(), | |
2892 host_and_port_, ssl_config_, &net_log_, | |
2893 server_bound_cert_service_); | |
2894 } | |
2895 | |
2896 int SSLClientSocketNSS::InitializeSSLOptions() { | |
2897 // Transport connected, now hook it up to nss | |
2898 // TODO(port): specify rx and tx buffer sizes separately | |
2899 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | |
2900 if (nss_fd_ == NULL) { | |
2901 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | |
2902 } | |
2903 | |
2904 // Grab pointer to buffers | |
2905 memio_Private* nss_bufs = memio_GetSecret(nss_fd_); | |
2906 | |
2907 /* Create SSL state machine */ | |
2908 /* Push SSL onto our fake I/O socket */ | |
2909 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | |
2910 if (nss_fd_ == NULL) { | |
2911 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); | |
2912 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. | |
2913 } | |
2914 // TODO(port): set more ssl options! Check errors! | |
2915 | |
2916 int rv; | |
2917 | |
2918 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); | |
2919 if (rv != SECSuccess) { | |
2920 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); | |
2921 return ERR_UNEXPECTED; | |
2922 } | |
2923 | |
2924 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); | |
2925 if (rv != SECSuccess) { | |
2926 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); | |
2927 return ERR_UNEXPECTED; | |
2928 } | |
2929 | |
2930 // Don't do V2 compatible hellos because they don't support TLS extensions. | |
2931 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE); | |
2932 if (rv != SECSuccess) { | |
2933 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO"); | |
2934 return ERR_UNEXPECTED; | |
2935 } | |
2936 | |
2937 SSLVersionRange version_range; | |
2938 version_range.min = ssl_config_.version_min; | |
2939 version_range.max = ssl_config_.version_max; | |
2940 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | |
2941 if (rv != SECSuccess) { | |
2942 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | |
2943 return ERR_NO_SSL_VERSIONS_ENABLED; | |
2944 } | |
2945 | |
2946 for (std::vector<uint16>::const_iterator it = | |
2947 ssl_config_.disabled_cipher_suites.begin(); | |
2948 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | |
2949 // This will fail if the specified cipher is not implemented by NSS, but | |
2950 // the failure is harmless. | |
2951 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | |
2952 } | |
2953 | |
2954 #ifdef SSL_ENABLE_SESSION_TICKETS | |
2955 // Support RFC 5077 | |
2956 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); | |
2957 if (rv != SECSuccess) { | |
2958 LogFailedNSSFunction( | |
2959 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | |
2960 } | |
2961 #else | |
2962 #error "You need to install NSS-3.12 or later to build chromium" | |
2963 #endif | |
2964 | |
2965 #ifdef SSL_ENABLE_DEFLATE | |
2966 // Some web servers have been found to break if TLS is used *or* if DEFLATE | |
2967 // is advertised. Thus, if TLS is disabled (probably because we are doing | |
2968 // SSLv3 fallback), we disable DEFLATE also. | |
2969 // See http://crbug.com/31628 | |
2970 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, | |
2971 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1); | |
2972 if (rv != SECSuccess) | |
2973 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE"); | |
2974 #endif | |
2975 | |
2976 #ifdef SSL_ENABLE_FALSE_START | |
2977 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, | |
2978 ssl_config_.false_start_enabled); | |
2979 if (rv != SECSuccess) | |
2980 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); | |
2981 #endif | |
2982 | |
2983 #ifdef SSL_ENABLE_RENEGOTIATION | |
2984 // We allow servers to request renegotiation. Since we're a client, | |
2985 // prohibiting this is rather a waste of time. Only servers are in a | |
2986 // position to prevent renegotiation attacks. | |
2987 // http://extendedsubset.com/?p=8 | |
2988 | |
2989 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | |
2990 SSL_RENEGOTIATE_TRANSITIONAL); | |
2991 if (rv != SECSuccess) { | |
2992 LogFailedNSSFunction( | |
2993 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); | |
2994 } | |
2995 #endif // SSL_ENABLE_RENEGOTIATION | |
2996 | |
2997 #ifdef SSL_CBC_RANDOM_IV | |
2998 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, | |
2999 ssl_config_.false_start_enabled); | |
3000 if (rv != SECSuccess) | |
3001 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV"); | |
3002 #endif | |
3003 | |
3004 #ifdef SSL_ENABLE_OCSP_STAPLING | |
3005 if (IsOCSPStaplingSupported()) { | |
3006 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE); | |
3007 if (rv != SECSuccess) { | |
3008 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | |
3009 "SSL_ENABLE_OCSP_STAPLING"); | |
3010 } | |
3011 } | |
3012 #endif | |
3013 | |
3014 #ifdef SSL_ENABLE_CACHED_INFO | |
3015 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO, | |
3016 ssl_config_.cached_info_enabled); | |
3017 if (rv != SECSuccess) | |
3018 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO"); | |
3019 #endif | |
3020 | |
3021 #ifdef SSL_ENABLE_OB_CERTS | |
3022 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS, | |
3023 ssl_config_.domain_bound_certs_enabled); | |
3024 if (rv != SECSuccess) | |
3025 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS"); | |
3026 #endif | |
3027 | |
3028 #ifdef SSL_ENCRYPT_CLIENT_CERTS | |
3029 // For now, enable the encrypted client certificates extension only if | |
3030 // server-bound certificates are enabled. | |
3031 rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS, | |
3032 ssl_config_.domain_bound_certs_enabled); | |
3033 if (rv != SECSuccess) | |
3034 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS"); | |
3035 #endif | |
3036 | |
3037 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
3038 if (rv != SECSuccess) { | |
3039 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | |
3040 return ERR_UNEXPECTED; | |
3041 } | |
3042 | |
3043 rv = core_->Init(nss_fd_, nss_bufs); | |
3044 if (rv != SECSuccess) | |
3045 return ERR_UNEXPECTED; | |
3046 | |
3047 // Tell SSL the hostname we're trying to connect to. | |
3048 SSL_SetURL(nss_fd_, host_and_port_.host().c_str()); | |
3049 | |
3050 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | |
3051 SSL_ResetHandshake(nss_fd_, PR_FALSE); | |
3052 | |
3053 return OK; | |
3054 } | |
3055 | |
3056 int SSLClientSocketNSS::InitializeSSLPeerName() { | |
3057 // Tell NSS who we're connected to | |
3058 AddressList peer_address; | |
3059 int err = transport_->socket()->GetPeerAddress(&peer_address); | |
3060 if (err != OK) | |
3061 return err; | |
3062 | |
3063 SockaddrStorage storage; | |
3064 if (!peer_address.front().ToSockAddr(storage.addr, &storage.addr_len)) | |
3065 return ERR_UNEXPECTED; | |
3066 | |
3067 PRNetAddr peername; | |
3068 memset(&peername, 0, sizeof(peername)); | |
3069 DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername)); | |
3070 size_t len = std::min(static_cast<size_t>(storage.addr_len), | |
3071 sizeof(peername)); | |
3072 memcpy(&peername, storage.addr, len); | |
3073 | |
3074 // Adjust the address family field for BSD, whose sockaddr | |
3075 // structure has a one-byte length and one-byte address family | |
3076 // field at the beginning. PRNetAddr has a two-byte address | |
3077 // family field at the beginning. | |
3078 peername.raw.family = storage.addr->sa_family; | |
3079 | |
3080 memio_SetPeerName(nss_fd_, &peername); | |
3081 | |
3082 // Set the peer ID for session reuse. This is necessary when we create an | |
3083 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address | |
3084 // rather than the destination server's address in that case. | |
3085 std::string peer_id = host_and_port_.ToString(); | |
3086 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id. | |
3087 // This will cause session cache misses between sockets with different values | |
3088 // of ssl_session_cache_shard_ and this is used to partition the session cache | |
3089 // for incognito mode. | |
3090 if (!ssl_session_cache_shard_.empty()) { | |
3091 peer_id += "/" + ssl_session_cache_shard_; | |
3092 } | |
3093 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | |
3094 if (rv != SECSuccess) | |
3095 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); | |
3096 | |
3097 return OK; | |
3098 } | |
3099 | |
3100 void SSLClientSocketNSS::DoConnectCallback(int rv) { | |
3101 EnterFunction(rv); | |
3102 DCHECK_NE(ERR_IO_PENDING, rv); | |
3103 DCHECK(!user_connect_callback_.is_null()); | |
3104 | |
3105 base::ResetAndReturn(&user_connect_callback_).Run(rv > OK ? OK : rv); | |
3106 LeaveFunction(""); | |
3107 } | |
3108 | |
3109 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { | |
3110 EnterFunction(result); | |
3111 int rv = DoHandshakeLoop(result); | |
3112 if (rv != ERR_IO_PENDING) { | |
3113 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
3114 DoConnectCallback(rv); | |
3115 } | |
3116 LeaveFunction(""); | |
3117 } | |
3118 | |
3119 void SSLClientSocketNSS::LoadSSLHostInfo() { | |
3120 const SSLHostInfo::State& state(ssl_host_info_->state()); | |
3121 | |
3122 if (state.certs.empty()) | |
3123 return; | |
3124 | |
3125 const std::vector<std::string>& certs_in = state.certs; | |
3126 core_->SetPredictedCertificates(certs_in); | |
3127 } | |
3128 | |
3129 int SSLClientSocketNSS::DoLoadSSLHostInfo() { | |
3130 EnterFunction(""); | |
3131 int rv = ssl_host_info_->WaitForDataReady( | |
3132 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3133 base::Unretained(this))); | |
3134 GotoState(STATE_HANDSHAKE); | |
3135 | |
3136 if (rv == OK) { | |
3137 LoadSSLHostInfo(); | |
3138 } else { | |
3139 DCHECK_EQ(ERR_IO_PENDING, rv); | |
3140 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
3141 } | |
3142 | |
3143 LeaveFunction(""); | |
3144 return rv; | |
3145 } | |
3146 | |
3147 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { | |
3148 EnterFunction(last_io_result); | |
3149 int rv = last_io_result; | |
3150 do { | |
3151 // Default to STATE_NONE for next state. | |
3152 // (This is a quirk carried over from the windows | |
3153 // implementation. It makes reading the logs a bit harder.) | |
3154 // State handlers can and often do call GotoState just | |
3155 // to stay in the current state. | |
3156 State state = next_handshake_state_; | |
3157 GotoState(STATE_NONE); | |
3158 switch (state) { | |
3159 case STATE_LOAD_SSL_HOST_INFO: | |
3160 DCHECK(rv == OK || rv == ERR_IO_PENDING); | |
3161 rv = DoLoadSSLHostInfo(); | |
2601 break; | 3162 break; |
3163 case STATE_HANDSHAKE: | |
3164 rv = DoHandshake(); | |
3165 break; | |
3166 case STATE_HANDSHAKE_COMPLETE: | |
3167 rv = DoHandshakeComplete(rv); | |
3168 break; | |
3169 case STATE_VERIFY_DNSSEC: | |
3170 rv = DoVerifyDNSSEC(rv); | |
3171 break; | |
3172 case STATE_VERIFY_CERT: | |
3173 DCHECK(rv == OK); | |
3174 rv = DoVerifyCert(rv); | |
3175 break; | |
3176 case STATE_VERIFY_CERT_COMPLETE: | |
3177 rv = DoVerifyCertComplete(rv); | |
3178 break; | |
3179 case STATE_NONE: | |
3180 default: | |
3181 rv = ERR_UNEXPECTED; | |
3182 LOG(DFATAL) << "unexpected state " << state; | |
3183 break; | |
3184 } | |
3185 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); | |
3186 LeaveFunction(""); | |
3187 return rv; | |
3188 } | |
3189 | |
3190 int SSLClientSocketNSS::DoHandshake() { | |
3191 EnterFunction(""); | |
3192 int rv = core_->Connect( | |
3193 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3194 base::Unretained(this))); | |
3195 GotoState(STATE_HANDSHAKE_COMPLETE); | |
3196 | |
3197 LeaveFunction(rv); | |
3198 return rv; | |
3199 } | |
3200 | |
3201 int SSLClientSocketNSS::DoHandshakeComplete(int result) { | |
3202 EnterFunction(result); | |
3203 | |
3204 if (result == OK) { | |
3205 SaveSSLHostInfo(); | |
3206 // SSL handshake is completed. Let's verify the certificate. | |
3207 GotoState(STATE_VERIFY_DNSSEC); | |
3208 // Done! | |
3209 } | |
3210 if (core_->state().domain_bound_cert_type != CLIENT_CERT_INVALID_TYPE) | |
3211 set_domain_bound_cert_type(core_->state().domain_bound_cert_type); | |
3212 | |
3213 LeaveFunction(result); | |
3214 return result; | |
3215 } | |
3216 | |
3217 | |
3218 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) { | |
3219 DCHECK_GT(core_->state().server_cert_chain.size(), 0u); | |
3220 DCHECK(core_->state().server_cert_chain[0]); | |
3221 | |
3222 DNSValidationResult r = CheckDNSSECChain( | |
3223 host_and_port_.host(), core_->state().server_cert_chain[0], | |
3224 host_and_port_.port()); | |
3225 if (r == DNSVR_SUCCESS) { | |
3226 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; | |
3227 local_server_cert_verify_result_.verified_cert = | |
3228 core_->state().server_cert; | |
3229 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3230 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
3231 return OK; | |
3232 } | |
3233 | |
3234 GotoState(STATE_VERIFY_CERT); | |
3235 | |
3236 return OK; | |
3237 } | |
3238 | |
3239 int SSLClientSocketNSS::DoVerifyCert(int result) { | |
3240 DCHECK_GT(core_->state().server_cert_chain.size(), 0u); | |
3241 DCHECK(core_->state().server_cert_chain[0]); | |
3242 | |
3243 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
3244 | |
3245 // If the certificate is expected to be bad we can use the expectation as | |
3246 // the cert status. | |
3247 base::StringPiece der_cert( | |
3248 reinterpret_cast<char*>( | |
3249 core_->state().server_cert_chain[0]->derCert.data), | |
3250 core_->state().server_cert_chain[0]->derCert.len); | |
3251 CertStatus cert_status; | |
3252 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | |
3253 DCHECK(start_cert_verification_time_.is_null()); | |
3254 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | |
3255 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3256 local_server_cert_verify_result_.Reset(); | |
3257 local_server_cert_verify_result_.cert_status = cert_status; | |
3258 local_server_cert_verify_result_.verified_cert = | |
3259 core_->state().server_cert; | |
3260 return OK; | |
3261 } | |
3262 | |
3263 // We may have failed to create X509Certificate object if we are | |
3264 // running inside sandbox. | |
3265 if (!core_->state().server_cert) { | |
3266 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3267 local_server_cert_verify_result_.Reset(); | |
3268 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | |
3269 return ERR_CERT_INVALID; | |
3270 } | |
3271 | |
3272 start_cert_verification_time_ = base::TimeTicks::Now(); | |
3273 | |
3274 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() && | |
3275 core_->state().predicted_cert_chain_correct) { | |
3276 // If the SSLHostInfo had a prediction for the certificate chain of this | |
3277 // server then it will have optimistically started a verification of that | |
3278 // chain. So, if the prediction was correct, we should wait for that | |
3279 // verification to finish rather than start our own. | |
3280 net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL); | |
3281 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2); | |
3282 base::TimeTicks end_time = ssl_host_info_->verification_end_time(); | |
3283 if (end_time.is_null()) | |
3284 end_time = base::TimeTicks::Now(); | |
3285 UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved", | |
3286 end_time - ssl_host_info_->verification_start_time()); | |
3287 server_cert_verify_result_ = &ssl_host_info_->cert_verify_result(); | |
3288 return ssl_host_info_->WaitForCertVerification( | |
3289 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3290 base::Unretained(this))); | |
3291 } else { | |
3292 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | |
3293 } | |
3294 | |
3295 int flags = 0; | |
3296 if (ssl_config_.rev_checking_enabled) | |
3297 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | |
3298 if (ssl_config_.verify_ev_cert) | |
3299 flags |= X509Certificate::VERIFY_EV_CERT; | |
3300 if (ssl_config_.cert_io_enabled) | |
3301 flags |= X509Certificate::VERIFY_CERT_IO_ENABLED; | |
3302 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | |
3303 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3304 return verifier_->Verify( | |
3305 core_->state().server_cert, host_and_port_.host(), flags, | |
3306 SSLConfigService::GetCRLSet(), &local_server_cert_verify_result_, | |
3307 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3308 base::Unretained(this)), | |
3309 net_log_); | |
3310 } | |
3311 | |
3312 // Derived from AuthCertificateCallback() in | |
3313 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | |
3314 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | |
3315 verifier_.reset(); | |
3316 | |
3317 if (!start_cert_verification_time_.is_null()) { | |
3318 base::TimeDelta verify_time = | |
3319 base::TimeTicks::Now() - start_cert_verification_time_; | |
3320 if (result == OK) | |
3321 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | |
3322 else | |
3323 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | |
3324 } | |
3325 | |
3326 // We used to remember the intermediate CA certs in the NSS database | |
3327 // persistently. However, NSS opens a connection to the SQLite database | |
3328 // during NSS initialization and doesn't close the connection until NSS | |
3329 // shuts down. If the file system where the database resides is gone, | |
3330 // the database connection goes bad. What's worse, the connection won't | |
3331 // recover when the file system comes back. Until this NSS or SQLite bug | |
3332 // is fixed, we need to avoid using the NSS database for non-essential | |
3333 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and | |
3334 // http://crbug.com/15630 for more info. | |
3335 | |
3336 // TODO(hclam): Skip logging if server cert was expected to be bad because | |
3337 // |server_cert_verify_result_| doesn't contain all the information about | |
3338 // the cert. | |
3339 if (result == OK) | |
3340 LogConnectionTypeMetrics(); | |
3341 | |
3342 completed_handshake_ = true; | |
3343 | |
3344 #if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID) | |
3345 // Take care of any mandates for public key pinning. | |
3346 // | |
3347 // Pinning is only enabled for official builds to make sure that others don't | |
3348 // end up with pins that cannot be easily updated. | |
3349 // | |
3350 // TODO(agl): we might have an issue here where a request for foo.example.com | |
3351 // merges into a SPDY connection to www.example.com, and gets a different | |
3352 // certificate. | |
3353 | |
3354 const CertStatus cert_status = server_cert_verify_result_->cert_status; | |
3355 if ((result == OK || (IsCertificateError(result) && | |
3356 IsCertStatusMinorError(cert_status))) && | |
3357 server_cert_verify_result_->is_issued_by_known_root && | |
3358 transport_security_state_) { | |
3359 bool sni_available = | |
3360 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | |
3361 ssl_config_.version_fallback; | |
3362 const std::string& host = host_and_port_.host(); | |
3363 | |
3364 TransportSecurityState::DomainState domain_state; | |
3365 if (transport_security_state_->GetDomainState(host, sni_available, | |
3366 &domain_state) && | |
3367 domain_state.HasPins()) { | |
3368 if (!domain_state.IsChainOfPublicKeysPermitted( | |
3369 server_cert_verify_result_->public_key_hashes)) { | |
3370 const base::Time build_time = base::GetBuildTime(); | |
3371 // Pins are not enforced if the build is sufficiently old. Chrome | |
3372 // users should get updates every six weeks or so, but it's possible | |
3373 // that some users will stop getting updates for some reason. We | |
3374 // don't want those users building up as a pool of people with bad | |
3375 // pins. | |
3376 if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) { | |
3377 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | |
3378 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | |
3379 TransportSecurityState::ReportUMAOnPinFailure(host); | |
3380 } | |
3381 } else { | |
3382 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | |
2602 } | 3383 } |
2603 } | 3384 } |
2604 | 3385 } |
2605 if (that->next_proto_status_ == kNextProtoNegotiated) | 3386 #endif |
3387 | |
3388 // Exit DoHandshakeLoop and return the result to the caller to Connect. | |
3389 DCHECK(next_handshake_state_ == STATE_NONE); | |
3390 return result; | |
3391 } | |
3392 | |
3393 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { | |
3394 UpdateConnectionTypeHistograms(CONNECTION_SSL); | |
3395 if (server_cert_verify_result_->has_md5) | |
3396 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); | |
3397 if (server_cert_verify_result_->has_md2) | |
3398 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); | |
3399 if (server_cert_verify_result_->has_md4) | |
3400 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); | |
3401 if (server_cert_verify_result_->has_md5_ca) | |
3402 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); | |
3403 if (server_cert_verify_result_->has_md2_ca) | |
3404 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | |
3405 int ssl_version = SSLConnectionStatusToVersion( | |
3406 core_->state().ssl_connection_status); | |
3407 switch (ssl_version) { | |
3408 case SSL_CONNECTION_VERSION_SSL2: | |
3409 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2); | |
2606 break; | 3410 break; |
2607 | 3411 case SSL_CONNECTION_VERSION_SSL3: |
2608 // NSS checks that the data in |protos| is well formed, so we know that | 3412 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3); |
2609 // this doesn't cause us to jump off the end of the buffer. | 3413 break; |
2610 i += len + 1; | 3414 case SSL_CONNECTION_VERSION_TLS1: |
2611 } | 3415 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1); |
2612 | 3416 break; |
2613 that->server_protos_.assign( | 3417 case SSL_CONNECTION_VERSION_TLS1_1: |
2614 reinterpret_cast<const char*>(protos), protos_len); | 3418 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
2615 | 3419 break; |
2616 // If we didn't find a protocol, we select the first one from our list. | 3420 case SSL_CONNECTION_VERSION_TLS1_2: |
2617 if (that->next_proto_status_ != kNextProtoNegotiated) { | 3421 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
2618 that->next_proto_status_ = kNextProtoNoOverlap; | 3422 break; |
2619 that->next_proto_ = that->ssl_config_.next_protos[0]; | 3423 }; |
2620 } | 3424 } |
2621 | 3425 |
2622 if (that->next_proto_.size() > proto_max_len) { | 3426 // SaveSSLHostInfo saves the certificate chain of the connection so that we can |
2623 PORT_SetError(SEC_ERROR_OUTPUT_LEN); | 3427 // start verification faster in the future. |
2624 return SECFailure; | 3428 void SSLClientSocketNSS::SaveSSLHostInfo() { |
2625 } | 3429 if (!ssl_host_info_.get()) |
2626 memcpy(proto_out, that->next_proto_.data(), that->next_proto_.size()); | 3430 return; |
2627 *proto_out_len = that->next_proto_.size(); | 3431 |
2628 return SECSuccess; | 3432 // If the SSLHostInfo hasn't managed to load from disk yet then we can't save |
3433 // anything. | |
3434 if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK) | |
3435 return; | |
3436 | |
3437 SSLHostInfo::State* state = ssl_host_info_->mutable_state(); | |
3438 | |
3439 state->certs.clear(); | |
3440 const PeerCertificateChain& certs = core_->state().server_cert_chain; | |
3441 for (unsigned i = 0; i < certs.size(); i++) { | |
3442 if (certs[i] == NULL || | |
3443 certs[i]->derCert.len > std::numeric_limits<uint16>::max()) { | |
3444 return; | |
3445 } | |
3446 | |
3447 state->certs.push_back(std::string( | |
3448 reinterpret_cast<char*>(certs[i]->derCert.data), | |
3449 certs[i]->derCert.len)); | |
3450 } | |
3451 | |
3452 ssl_host_info_->Persist(); | |
2629 } | 3453 } |
2630 | 3454 |
2631 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { | 3455 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { |
2632 base::AutoLock auto_lock(lock_); | 3456 base::AutoLock auto_lock(lock_); |
2633 if (valid_thread_id_ != base::kInvalidThreadId) | 3457 if (valid_thread_id_ != base::kInvalidThreadId) |
2634 return; | 3458 return; |
2635 valid_thread_id_ = base::PlatformThread::CurrentId(); | 3459 valid_thread_id_ = base::PlatformThread::CurrentId(); |
2636 } | 3460 } |
2637 | 3461 |
2638 bool SSLClientSocketNSS::CalledOnValidThread() const { | 3462 bool SSLClientSocketNSS::CalledOnValidThread() const { |
2639 EnsureThreadIdAssigned(); | 3463 EnsureThreadIdAssigned(); |
2640 base::AutoLock auto_lock(lock_); | 3464 base::AutoLock auto_lock(lock_); |
2641 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3465 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
2642 } | 3466 } |
2643 | 3467 |
2644 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3468 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
2645 return server_bound_cert_service_; | 3469 return server_bound_cert_service_; |
2646 } | 3470 } |
2647 | 3471 |
2648 } // namespace net | 3472 } // namespace net |
OLD | NEW |