OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
60 #include <sslerr.h> | 60 #include <sslerr.h> |
61 #include <sslproto.h> | 61 #include <sslproto.h> |
62 | 62 |
63 #include <algorithm> | 63 #include <algorithm> |
64 #include <limits> | 64 #include <limits> |
65 #include <map> | 65 #include <map> |
66 | 66 |
67 #include "base/bind.h" | 67 #include "base/bind.h" |
68 #include "base/bind_helpers.h" | 68 #include "base/bind_helpers.h" |
69 #include "base/build_time.h" | 69 #include "base/build_time.h" |
70 #include "base/callback_helpers.h" | |
70 #include "base/compiler_specific.h" | 71 #include "base/compiler_specific.h" |
71 #include "base/logging.h" | 72 #include "base/logging.h" |
72 #include "base/memory/singleton.h" | 73 #include "base/memory/singleton.h" |
73 #include "base/metrics/histogram.h" | 74 #include "base/metrics/histogram.h" |
75 #include "base/single_thread_task_runner.h" | |
76 #include "base/stl_util.h" | |
74 #include "base/string_number_conversions.h" | 77 #include "base/string_number_conversions.h" |
75 #include "base/string_util.h" | 78 #include "base/string_util.h" |
76 #include "base/stringprintf.h" | 79 #include "base/stringprintf.h" |
77 #include "base/threading/thread_restrictions.h" | 80 #include "base/threading/thread_restrictions.h" |
78 #include "base/values.h" | 81 #include "base/values.h" |
79 #include "crypto/ec_private_key.h" | 82 #include "crypto/ec_private_key.h" |
80 #include "crypto/rsa_private_key.h" | 83 #include "crypto/rsa_private_key.h" |
81 #include "crypto/scoped_nss_types.h" | 84 #include "crypto/scoped_nss_types.h" |
82 #include "net/base/address_list.h" | 85 #include "net/base/address_list.h" |
83 #include "net/base/asn1_util.h" | 86 #include "net/base/asn1_util.h" |
(...skipping 155 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
239 if (!CertGetCertificateContextProperty( | 242 if (!CertGetCertificateContextProperty( |
240 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { | 243 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { |
241 return FALSE; | 244 return FALSE; |
242 } | 245 } |
243 | 246 |
244 return TRUE; | 247 return TRUE; |
245 } | 248 } |
246 | 249 |
247 #endif | 250 #endif |
248 | 251 |
249 // PeerCertificateChain is a helper object which extracts the certificate | |
250 // chain, as given by the server, from an NSS socket and performs the needed | |
251 // resource management. The first element of the chain is the leaf certificate | |
252 // and the other elements are in the order given by the server. | |
253 class PeerCertificateChain { | |
254 public: | |
255 explicit PeerCertificateChain(PRFileDesc* nss_fd) | |
256 : num_certs_(0), | |
257 certs_(NULL) { | |
258 SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_, 0); | |
259 DCHECK_EQ(rv, SECSuccess); | |
260 | |
261 certs_ = new CERTCertificate*[num_certs_]; | |
262 const unsigned expected_num_certs = num_certs_; | |
263 rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_, | |
264 expected_num_certs); | |
265 DCHECK_EQ(rv, SECSuccess); | |
266 DCHECK_EQ(num_certs_, expected_num_certs); | |
267 } | |
268 | |
269 ~PeerCertificateChain() { | |
270 for (unsigned i = 0; i < num_certs_; i++) | |
271 CERT_DestroyCertificate(certs_[i]); | |
272 delete[] certs_; | |
273 } | |
274 | |
275 unsigned size() const { return num_certs_; } | |
276 | |
277 CERTCertificate* operator[](unsigned i) { | |
278 DCHECK_LT(i, num_certs_); | |
279 return certs_[i]; | |
280 } | |
281 | |
282 std::vector<base::StringPiece> AsStringPieceVector() const { | |
283 std::vector<base::StringPiece> v(size()); | |
284 for (unsigned i = 0; i < size(); i++) { | |
285 v[i] = base::StringPiece( | |
286 reinterpret_cast<const char*>(certs_[i]->derCert.data), | |
287 certs_[i]->derCert.len); | |
288 } | |
289 | |
290 return v; | |
291 } | |
292 | |
293 private: | |
294 unsigned num_certs_; | |
295 CERTCertificate** certs_; | |
296 }; | |
297 | |
298 void DestroyCertificates(CERTCertificate** certs, unsigned len) { | |
299 for (unsigned i = 0; i < len; i++) | |
300 CERT_DestroyCertificate(certs[i]); | |
301 } | |
302 | |
303 // DNSValidationResult enumerates the possible outcomes from processing a | 252 // DNSValidationResult enumerates the possible outcomes from processing a |
304 // set of DNS records. | 253 // set of DNS records. |
305 enum DNSValidationResult { | 254 enum DNSValidationResult { |
306 DNSVR_SUCCESS, // the cert is immediately acceptable. | 255 DNSVR_SUCCESS, // the cert is immediately acceptable. |
307 DNSVR_FAILURE, // the cert is unconditionally rejected. | 256 DNSVR_FAILURE, // the cert is unconditionally rejected. |
308 DNSVR_CONTINUE, // perform CA validation as usual. | 257 DNSVR_CONTINUE, // perform CA validation as usual. |
309 }; | 258 }; |
310 | 259 |
311 // VerifyCAARecords processes DNSSEC validated RRDATA for a number of DNS CAA | 260 // VerifyCAARecords processes DNSSEC validated RRDATA for a number of DNS CAA |
312 // records and checks them against the given chain. | 261 // records and checks them against the given chain. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
352 } | 301 } |
353 } | 302 } |
354 } | 303 } |
355 | 304 |
356 // If a CAA record was found, but nothing matched, then we reject the | 305 // If a CAA record was found, but nothing matched, then we reject the |
357 // certificate. | 306 // certificate. |
358 return DNSVR_FAILURE; | 307 return DNSVR_FAILURE; |
359 } | 308 } |
360 | 309 |
361 // CheckDNSSECChain tries to validate a DNSSEC chain embedded in | 310 // CheckDNSSECChain tries to validate a DNSSEC chain embedded in |
362 // |server_cert_nss_|. It returns true iff a chain is found that proves the | 311 // |server_cert_nss|. It returns true iff a chain is found that proves the |
363 // value of a CAA record that contains a valid public key fingerprint. | 312 // value of a CAA record that contains a valid public key fingerprint. |
364 // |port| contains the TCP port number that we connected to as CAA records can | 313 // |port| contains the TCP port number that we connected to as CAA records can |
365 // be specific to a given port. | 314 // be specific to a given port. |
366 DNSValidationResult CheckDNSSECChain( | 315 DNSValidationResult CheckDNSSECChain( |
367 const std::string& hostname, | 316 const std::string& hostname, |
368 CERTCertificate* server_cert_nss, | 317 CERTCertificate* server_cert_nss, |
369 uint16 port) { | 318 uint16 port) { |
370 if (!server_cert_nss) | 319 if (!server_cert_nss) |
371 return DNSVR_CONTINUE; | 320 return DNSVR_CONTINUE; |
372 | 321 |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
414 if (verifier.rrtype() != kDNS_CAA) | 363 if (verifier.rrtype() != kDNS_CAA) |
415 return DNSVR_CONTINUE; | 364 return DNSVR_CONTINUE; |
416 | 365 |
417 DNSValidationResult r = VerifyCAARecords( | 366 DNSValidationResult r = VerifyCAARecords( |
418 server_cert_nss, verifier.rrdatas(), port); | 367 server_cert_nss, verifier.rrdatas(), port); |
419 SECITEM_FreeItem(&dnssec_embedded_chain, PR_FALSE); | 368 SECITEM_FreeItem(&dnssec_embedded_chain, PR_FALSE); |
420 | 369 |
421 return r; | 370 return r; |
422 } | 371 } |
423 | 372 |
373 bool DomainBoundCertNegotiated(PRFileDesc* socket) { | |
374 // TODO(wtc,mattm): this is temporary while DBC support is changed into | |
375 // Channel ID. | |
376 return false; | |
377 } | |
378 | |
379 void DestroyCertificates(CERTCertificate** certs, size_t len) { | |
380 for (size_t i = 0; i < len; i++) | |
381 CERT_DestroyCertificate(certs[i]); | |
382 } | |
383 | |
384 // Helper function to wrap BoundNetLog::AddByteTransferEvent from within the | |
385 // SSLClientSocketNSS::Core. | |
386 // AddByteTransferEvent expects to receive a const char*, which is typically | |
387 // backed by an IOBuffer*. However, the Core may need to add the log entry | |
388 // from the NSS task runner, and after marshalling to the network thread, the | |
389 // underlying IOBuffer*/const char* may be out of scope by the time | |
390 // AddByteTransferEvent is invoked. This helper provides a signature that | |
391 // takes an IOBuffer*, allowing the underlying IOBuffer to be kept alive long | |
392 // enough to log the event from the network thread. | |
393 void LogByteTransferEvent(BoundNetLog* net_log, NetLog::EventType event_type, | |
394 int len, IOBuffer* buffer) { | |
395 if (!net_log) | |
396 return; | |
397 net_log->AddByteTransferEvent(event_type, len, buffer->data()); | |
398 } | |
399 | |
400 // PeerCertificateChain is a helper object which extracts the certificate | |
401 // chain, as given by the server, from an NSS socket and performs the needed | |
402 // resource management. The first element of the chain is the leaf certificate | |
403 // and the other elements are in the order given by the server. | |
404 class PeerCertificateChain { | |
405 public: | |
406 PeerCertificateChain() {} | |
407 PeerCertificateChain(const PeerCertificateChain& other); | |
408 ~PeerCertificateChain(); | |
409 PeerCertificateChain& operator=(const PeerCertificateChain& other); | |
410 | |
411 // Resets the current chain to the certificate chain stored in |nss_fd|. | |
412 // If |nss_fd| is NULL, frees the current certificate chain. | |
413 void Reset(PRFileDesc* nss_fd); | |
414 | |
415 // Returns the current certificate chain as a vector of DER-encoded | |
416 // base::StringPieces. The returned vector remains valid until Reset is | |
417 // called. | |
418 std::vector<base::StringPiece> AsStringPieceVector() const; | |
419 | |
420 size_t size() const { return certs_.size(); } | |
421 CERTCertificate* operator[](size_t i) const { | |
422 DCHECK_LT(i, certs_.size()); | |
423 return certs_[i]; | |
424 } | |
425 | |
426 private: | |
427 std::vector<CERTCertificate*> certs_; | |
428 }; | |
429 | |
430 PeerCertificateChain::PeerCertificateChain( | |
431 const PeerCertificateChain& other) { | |
432 *this = other; | |
433 } | |
434 | |
435 PeerCertificateChain::~PeerCertificateChain() { | |
436 Reset(NULL); | |
437 } | |
438 | |
439 PeerCertificateChain& PeerCertificateChain::operator=( | |
440 const PeerCertificateChain& other) { | |
441 if (this == &other) | |
442 return *this; | |
443 | |
444 Reset(NULL); | |
445 certs_.reserve(other.certs_.size()); | |
446 for (size_t i = 0; i < other.certs_.size(); ++i) | |
447 certs_.push_back(CERT_DupCertificate(other.certs_[i])); | |
448 | |
449 return *this; | |
450 } | |
451 | |
452 void PeerCertificateChain::Reset(PRFileDesc* nss_fd) { | |
453 for (size_t i = 0; i < certs_.size(); ++i) | |
454 CERT_DestroyCertificate(certs_[i]); | |
455 certs_.clear(); | |
456 | |
457 if (nss_fd == NULL) | |
458 return; | |
459 | |
460 unsigned int num_certs = 0; | |
461 SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs, 0); | |
462 DCHECK_EQ(SECSuccess, rv); | |
463 | |
464 if (num_certs == 0) | |
465 return; | |
466 | |
467 certs_.resize(num_certs); | |
468 const unsigned int expected_num_certs = num_certs; | |
469 rv = SSL_PeerCertificateChain(nss_fd, vector_as_array(&certs_), | |
470 &num_certs, expected_num_certs); | |
471 DCHECK_EQ(SECSuccess, rv); | |
472 DCHECK_EQ(expected_num_certs, num_certs); | |
473 } | |
474 | |
475 std::vector<base::StringPiece> | |
476 PeerCertificateChain::AsStringPieceVector() const { | |
477 std::vector<base::StringPiece> v(certs_.size()); | |
478 for (unsigned i = 0; i < size(); i++) { | |
479 v[i] = base::StringPiece( | |
480 reinterpret_cast<const char*>(certs_[i]->derCert.data), | |
481 certs_[i]->derCert.len); | |
482 } | |
483 | |
484 return v; | |
485 } | |
486 | |
487 // ConnectionState is a helper struct used to pass handshake state between | |
488 // the NSS task runner and the network task runner. | |
489 // | |
490 // This struct is necessary because the SSLClientSocketNSS needs to read these | |
491 // variables synchronously on the network task runner, but they may be read or | |
492 // written at any time on the network task runner. Copying avoids the need for | |
493 // lock contention, | |
494 struct ConnectionState { | |
495 ConnectionState() { Reset(); } | |
496 | |
497 void Reset() { | |
498 next_proto_status = SSLClientSocket::kNextProtoUnsupported; | |
499 next_proto.clear(); | |
500 server_protos.clear(); | |
501 domain_bound_cert_type = CLIENT_CERT_INVALID_TYPE; | |
502 client_certs.clear(); | |
503 server_cert_chain.Reset(NULL); | |
504 server_cert = NULL; | |
505 predicted_cert_chain_correct = false; | |
506 resumed_handshake = false; | |
507 ssl_connection_status = 0; | |
508 } | |
509 | |
510 // Set to kNextProtoNegotiated if NPN was successfully negotiated, with the | |
511 // negotiated protocol stored in |next_proto|. | |
512 SSLClientSocket::NextProtoStatus next_proto_status; | |
513 std::string next_proto; | |
514 // If the server supports NPN, the protocols supported by the server. | |
515 std::string server_protos; | |
516 | |
517 SSLClientCertType domain_bound_cert_type; | |
518 | |
519 // If the peer requests client certificate authentication, the set of | |
520 // certificates that matched the peer's criteria. | |
521 CertificateList client_certs; | |
522 | |
523 // Set when the handshake fully completes. | |
524 // | |
525 // The server certificate is first received from NSS as an NSS certificate | |
526 // chain (|server_cert_chain|) and then converted into a platform-specific | |
527 // net::X509Certificate object (|server_cert|). It's possible for some | |
528 // certificates to be successfully parsed by NSS, and not by the platform | |
529 // libraries (i.e.: when running within a sandbox, different parsing | |
530 // algorithms, etc), so it's not safe to assume that |server_cert| will | |
531 // always be non-NULL. | |
532 PeerCertificateChain server_cert_chain; | |
533 scoped_refptr<X509Certificate> server_cert; | |
534 | |
535 bool predicted_cert_chain_correct; | |
536 bool resumed_handshake; | |
537 int ssl_connection_status; | |
538 }; | |
539 | |
424 } // namespace | 540 } // namespace |
425 | 541 |
426 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 542 // SSLClientSocketNSS::Core provides a thread-safe, ref-counted core that is |
427 const HostPortPair& host_and_port, | 543 // able to marshal data between NSS functions and an underlying transport |
428 const SSLConfig& ssl_config, | 544 // socket. |
429 SSLHostInfo* ssl_host_info, | 545 // Because NSS functions such as signing, creating certificates, or locating |
430 const SSLClientSocketContext& context) | 546 // private keys may block while waiting for the underlying PKCS#11 modules, |
431 : transport_send_busy_(false), | 547 // the Core exists to allow all potentially blocking NSS functions to be |
548 // executed on a dedicated task runner, allowing the network task runner to | |
549 // continue executing tasks. | |
550 class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> { | |
551 public: | |
552 // Creates a new Core. | |
553 // The main NSS state machine will be executed on |nss_task_runner|, while | |
554 // any network I/O (via |transport|), logging (via |net_log|), or server | |
555 // bound cert fetching (|server_bound_cert_service|) will happen on the | |
556 // |network_task_runner|. | |
557 // The caller retains ownership of |transport|, |net_log|, and | |
558 // |server_bound_cert_service|, and they must remain valid until Detach() | |
559 // is called. | |
560 Core(base::SingleThreadTaskRunner* network_task_runner, | |
561 base::SingleThreadTaskRunner* nss_task_runner, | |
562 ClientSocketHandle* transport, | |
563 const HostPortPair& host_and_port, | |
564 const SSLConfig& ssl_config, | |
565 BoundNetLog* net_log, | |
566 ServerBoundCertService* server_bound_cert_service); | |
567 | |
568 // Called on the network task runner. | |
569 // Transfers ownership of |socket|, an NSS SSL socket, and |buffers|, the | |
570 // underlying memio implementation, to the Core. Returns SECSuccess if the | |
571 // Core was successfully registered with the socket, otherwise an error | |
572 // code. | |
573 SECStatus Init(PRFileDesc* socket, memio_Private* buffers); | |
574 | |
575 // Called on the network task runner. | |
576 // Sets the predicted certificate chain that the peer will send, for use | |
577 // with the TLS CachedInfo extension. May not be called before Init() or | |
578 // after Connect(). | |
579 void SetPredictedCertificates( | |
580 const std::vector<std::string>& predicted_certificates); | |
581 | |
582 // Called on the network task runner. | |
583 // Attempts an SSL handshake, performing the underlying socket IO as needed. | |
584 // If the handshake cannot be completed synchronously, returns | |
585 // ERR_IO_PENDING, invoking |callback| on the network task runner once the | |
586 // handshake has completed. Otherwise, returns OK on success or a network | |
587 // error code on failure. | |
588 int Connect(const CompletionCallback& callback); | |
589 | |
590 // Called on the network task runner. | |
591 // Signals that the resources owned by the network task runner are going | |
592 // away. No further callbacks will be invoked on the network task runner. | |
593 // May be called at any time. | |
594 void Detach(); | |
595 | |
596 // Called on the network task runner. | |
597 // Returns the current state of the underlying SSL socket. May be called at | |
598 // any time. | |
599 const ConnectionState& state() const { | |
600 return network_connection_state_; | |
601 } | |
602 | |
603 // Called on the network task runner. | |
604 // Read() and Write() mirror the net::Socket functions of the same name. | |
605 // If ERR_IO_PENDING is returned, |callback| will be invoked on the network | |
606 // task runner at a later point, unless the caller calls Detach(). | |
607 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); | |
608 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); | |
609 | |
610 private: | |
611 friend class base::RefCountedThreadSafe<Core>; | |
612 ~Core(); | |
613 | |
614 enum State { | |
615 STATE_NONE, | |
616 STATE_HANDSHAKE, | |
617 STATE_GET_DOMAIN_BOUND_CERT_COMPLETE, | |
618 }; | |
619 | |
620 bool OnNSSTaskRunner() const; | |
621 bool OnNetworkTaskRunner() const; | |
622 | |
623 //////////////////////////////////////////////////////////////////////////// | |
624 // Methods that are ONLY called on the NSS task runner: | |
625 //////////////////////////////////////////////////////////////////////////// | |
626 | |
627 // Called by NSS during full handshakes to allow the application to | |
628 // verify the certificate. Instead of verifying the certificate in the midst | |
629 // of the handshake, SECSuccess is always returned and the peer's certificate | |
630 // is verified afterwards. | |
631 // This behaviour is an artifact of the original SSLClientSocketWin | |
632 // implementation, which could not verify the peer's certificate until after | |
633 // the handshake had completed. | |
634 static SECStatus OwnAuthCertHandler(void* arg, | |
635 PRFileDesc* socket, | |
636 PRBool checksig, | |
637 PRBool is_server); | |
638 | |
639 // Callbacks called by NSS when the peer requests client certificate | |
640 // authentication. | |
641 // See the documentation in third_party/nss/ssl/ssl.h for the meanings of | |
642 // the arguments. | |
643 #if defined(NSS_PLATFORM_CLIENT_AUTH) | |
644 // When NSS has been integrated with awareness of the underlying system | |
645 // cryptographic libraries, this callback allows the caller to supply a | |
646 // native platform certificate and key for use by NSS. At most, one of | |
647 // either (result_certs, result_private_key) or (result_nss_certificate, | |
648 // result_nss_private_key) should be set. | |
649 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | |
650 static SECStatus PlatformClientAuthHandler( | |
651 void* arg, | |
652 PRFileDesc* socket, | |
653 CERTDistNames* ca_names, | |
654 CERTCertList** result_certs, | |
655 void** result_private_key, | |
656 CERTCertificate** result_nss_certificate, | |
657 SECKEYPrivateKey** result_nss_private_key); | |
658 #else | |
659 static SECStatus ClientAuthHandler(void* arg, | |
660 PRFileDesc* socket, | |
661 CERTDistNames* ca_names, | |
662 CERTCertificate** result_certificate, | |
663 SECKEYPrivateKey** result_private_key); | |
664 #endif | |
665 | |
666 // Called by NSS once the handshake has completed. | |
667 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | |
668 static void HandshakeCallback(PRFileDesc* socket, void* arg); | |
669 | |
670 // Called by NSS if the peer supports the NPN handshake extension, to allow | |
671 // the application to select the protocol to use. | |
672 // See the documentation for SSLNextProtocolCallback in | |
673 // third_party/nss/ssl/ssl.h for the meanings of the arguments. | |
674 // |arg| contains a pointer to the current SSLClientSocketNSS::Core. | |
675 static SECStatus NextProtoCallback(void* arg, | |
676 PRFileDesc* fd, | |
677 const unsigned char* protos, | |
678 unsigned int protos_len, | |
679 unsigned char* proto_out, | |
680 unsigned int* proto_out_len, | |
681 unsigned int proto_max_len); | |
682 | |
683 // Handles an NSS error generated while handshaking or performing IO. | |
684 // Returns a network error code mapped from the original NSS error. | |
685 int HandleNSSError(PRErrorCode error, bool handshake_error); | |
686 | |
687 int DoHandshakeLoop(int last_io_result); | |
688 int DoReadLoop(int result); | |
689 int DoWriteLoop(int result); | |
690 | |
691 int DoHandshake(); | |
692 int DoGetDBCertComplete(int result); | |
693 | |
694 int DoPayloadRead(); | |
695 int DoPayloadWrite(); | |
696 | |
697 bool DoTransportIO(); | |
698 int BufferRecv(); | |
699 int BufferSend(); | |
700 | |
701 void OnRecvComplete(int result); | |
702 void OnSendComplete(int result); | |
703 | |
704 void DoConnectCallback(int result); | |
705 void DoReadCallback(int result); | |
706 void DoWriteCallback(int result); | |
707 | |
708 // Domain bound cert client auth handler. | |
709 // Returns the value the ClientAuthHandler function should return. | |
710 SECStatus DomainBoundClientAuthHandler( | |
711 const SECItem* cert_types, | |
712 CERTCertificate** result_certificate, | |
713 SECKEYPrivateKey** result_private_key); | |
714 | |
715 // ImportDBCertAndKey is a helper function for turning a DER-encoded cert and | |
716 // key into a CERTCertificate and SECKEYPrivateKey. Returns OK upon success | |
717 // and an error code otherwise. | |
718 // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been | |
719 // set by a call to ServerBoundCertService->GetDomainBoundCert. The caller | |
720 // takes ownership of the |*cert| and |*key|. | |
721 int ImportDBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key); | |
722 | |
723 // Updates the NSS and platform specific certificates. | |
724 void UpdateServerCert(); | |
725 // Updates the nss_connection_state_ with the negotiated security parameters. | |
726 void UpdateConnectionStatus(); | |
727 // Record histograms for DBC support during full handshakes - resumed | |
728 // handshakes are ignored. | |
729 void RecordDomainBoundCertSupport() const; | |
730 | |
731 //////////////////////////////////////////////////////////////////////////// | |
732 // Methods that are ONLY called on the network task runner: | |
733 //////////////////////////////////////////////////////////////////////////// | |
734 int DoBufferRecv(IOBuffer* buffer, int len); | |
735 int DoBufferSend(IOBuffer* buffer, int len); | |
736 int DoGetDomainBoundCert(const std::string& origin, | |
737 const std::vector<uint8>& requested_cert_types); | |
738 | |
739 void OnGetDomainBoundCertComplete(int result); | |
740 void OnConnectionStateUpdated(const ConnectionState& state); | |
741 | |
742 //////////////////////////////////////////////////////////////////////////// | |
743 // Methods that are accessed on both the network task runner and the NSS | |
744 // task runner. | |
745 //////////////////////////////////////////////////////////////////////////// | |
746 void OnHandshakeIOComplete(int result); | |
747 void BufferRecvComplete(IOBuffer* buffer, int result); | |
748 void BufferSendComplete(int result); | |
749 void PostOrRunCallback(const tracked_objects::Location& location, | |
750 const base::Closure& callback); | |
751 | |
752 //////////////////////////////////////////////////////////////////////////// | |
753 // Variables that are ONLY accessed on the network task runner: | |
754 //////////////////////////////////////////////////////////////////////////// | |
755 | |
756 // True if the owning SSLClientSocketNSS has called Detach(). No further | |
757 // callbacks will be invoked nor access to variables owned by the network | |
758 // task runner. | |
759 bool detached_; | |
760 | |
761 // The underlying transport to use for network IO. | |
762 ClientSocketHandle* transport_; | |
763 base::WeakPtrFactory<BoundNetLog> weak_factory_; | |
764 | |
765 // The current connection state. Mirrors |nss_connection_state_|. | |
766 ConnectionState network_connection_state_; | |
767 | |
768 ServerBoundCertService* server_bound_cert_service_; | |
769 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_; | |
770 | |
771 //////////////////////////////////////////////////////////////////////////// | |
772 // Variables that are ONLY accessed on the NSS task runner: | |
773 //////////////////////////////////////////////////////////////////////////// | |
774 HostPortPair host_and_port_; | |
775 SSLConfig ssl_config_; | |
776 | |
777 // NSS state machine | |
778 PRFileDesc* nss_fd_; | |
779 | |
780 // Buffers for the network end of the SSL state machine | |
781 memio_Private* nss_bufs_; | |
782 | |
783 // The certificate chain, in DER form, that is expected to be received from | |
784 // the server. | |
785 std::vector<std::string> predicted_certs_; | |
786 | |
787 State next_handshake_state_; | |
788 | |
789 // True if domain bound certs were negotiated. | |
790 bool domain_bound_cert_xtn_negotiated_; | |
791 // True if the handshake state machine was interrupted for client auth. | |
792 bool client_auth_cert_needed_; | |
793 // True if NSS has called HandshakeCallback. | |
794 bool handshake_callback_called_; | |
795 | |
796 ConnectionState nss_connection_state_; | |
797 | |
798 bool transport_recv_busy_; | |
799 bool transport_recv_eof_; | |
800 bool transport_send_busy_; | |
801 | |
802 // Used by Read function. | |
803 scoped_refptr<IOBuffer> user_read_buf_; | |
804 int user_read_buf_len_; | |
805 | |
806 // Used by Write function. | |
807 scoped_refptr<IOBuffer> user_write_buf_; | |
808 int user_write_buf_len_; | |
809 | |
810 CompletionCallback user_connect_callback_; | |
811 CompletionCallback user_read_callback_; | |
812 CompletionCallback user_write_callback_; | |
813 | |
814 //////////////////////////////////////////////////////////////////////////// | |
815 // Variables that are accessed on both the network task runner and the NSS | |
816 // task runner. | |
817 //////////////////////////////////////////////////////////////////////////// | |
818 scoped_refptr<base::SingleThreadTaskRunner> network_task_runner_; | |
819 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner_; | |
820 | |
821 // Dereferenced only on the network task runner, but bound to tasks destined | |
822 // for the network task runner from the NSS task runner. | |
823 base::WeakPtr<BoundNetLog> weak_net_log_; | |
824 | |
825 // Written on the network task runner by the |server_bound_cert_service_|, | |
826 // prior to invoking OnHandshakeIOComplete. | |
827 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked | |
828 // on the NSS task runner. | |
829 SSLClientCertType domain_bound_cert_type_; | |
830 std::string domain_bound_private_key_; | |
831 std::string domain_bound_cert_; | |
832 | |
833 DISALLOW_COPY_AND_ASSIGN(Core); | |
834 }; | |
835 | |
836 SSLClientSocketNSS::Core::Core( | |
837 base::SingleThreadTaskRunner* network_task_runner, | |
838 base::SingleThreadTaskRunner* nss_task_runner, | |
839 ClientSocketHandle* transport, | |
840 const HostPortPair& host_and_port, | |
841 const SSLConfig& ssl_config, | |
842 BoundNetLog* net_log, | |
843 ServerBoundCertService* server_bound_cert_service) | |
844 : detached_(false), | |
845 transport_(transport), | |
846 weak_factory_(net_log), | |
847 server_bound_cert_service_(server_bound_cert_service), | |
848 domain_bound_cert_request_handle_(NULL), | |
849 host_and_port_(host_and_port), | |
850 ssl_config_(ssl_config), | |
851 nss_fd_(NULL), | |
852 nss_bufs_(NULL), | |
853 next_handshake_state_(STATE_NONE), | |
854 domain_bound_cert_xtn_negotiated_(false), | |
855 client_auth_cert_needed_(false), | |
856 handshake_callback_called_(false), | |
432 transport_recv_busy_(false), | 857 transport_recv_busy_(false), |
433 transport_recv_eof_(false), | 858 transport_recv_eof_(false), |
434 transport_(transport_socket), | 859 transport_send_busy_(false), |
435 host_and_port_(host_and_port), | |
436 ssl_config_(ssl_config), | |
437 user_read_buf_len_(0), | 860 user_read_buf_len_(0), |
438 user_write_buf_len_(0), | 861 user_write_buf_len_(0), |
439 server_cert_nss_(NULL), | 862 network_task_runner_(network_task_runner), |
440 server_cert_verify_result_(NULL), | 863 nss_task_runner_(nss_task_runner), |
441 ssl_connection_status_(0), | 864 weak_net_log_(weak_factory_.GetWeakPtr()), |
442 client_auth_cert_needed_(false), | 865 domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE) { |
443 cert_verifier_(context.cert_verifier), | 866 } |
444 domain_bound_cert_xtn_negotiated_(false), | 867 |
445 server_bound_cert_service_(context.server_bound_cert_service), | 868 SSLClientSocketNSS::Core::~Core() { |
446 domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE), | 869 // TODO(wtc): Send SSL close_notify alert. |
447 domain_bound_cert_request_handle_(NULL), | 870 if (nss_fd_ != NULL) { |
448 handshake_callback_called_(false), | 871 PR_Close(nss_fd_); |
449 completed_handshake_(false), | 872 nss_fd_ = NULL; |
450 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 873 } |
451 predicted_cert_chain_correct_(false), | 874 } |
452 next_handshake_state_(STATE_NONE), | 875 |
453 nss_fd_(NULL), | 876 SECStatus SSLClientSocketNSS::Core::Init(PRFileDesc* socket, |
454 nss_bufs_(NULL), | 877 memio_Private* buffers) { |
455 net_log_(transport_socket->socket()->NetLog()), | 878 DCHECK(OnNetworkTaskRunner()); |
456 ssl_host_info_(ssl_host_info), | 879 DCHECK(!nss_fd_); |
457 transport_security_state_(context.transport_security_state), | 880 DCHECK(!nss_bufs_); |
458 next_proto_status_(kNextProtoUnsupported), | 881 |
459 valid_thread_id_(base::kInvalidThreadId) { | 882 nss_fd_ = socket; |
460 EnterFunction(""); | 883 nss_bufs_ = buffers; |
461 } | 884 |
462 | 885 SECStatus rv = SECSuccess; |
463 SSLClientSocketNSS::~SSLClientSocketNSS() { | 886 |
464 EnterFunction(""); | 887 if (!ssl_config_.next_protos.empty()) { |
465 Disconnect(); | 888 rv = SSL_SetNextProtoCallback( |
466 LeaveFunction(""); | 889 nss_fd_, SSLClientSocketNSS::Core::NextProtoCallback, this); |
467 } | 890 if (rv != SECSuccess) |
468 | 891 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoCallback", ""); |
469 // static | 892 } |
470 void SSLClientSocket::ClearSessionCache() { | 893 |
471 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't | 894 rv = SSL_AuthCertificateHook( |
472 // bother initializing NSS just to clear an empty SSL session cache. | 895 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this); |
473 if (!NSS_IsInitialized()) | 896 if (rv != SECSuccess) { |
897 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", ""); | |
898 return rv; | |
899 } | |
900 | |
901 #if defined(NSS_PLATFORM_CLIENT_AUTH) | |
902 rv = SSL_GetPlatformClientAuthDataHook( | |
903 nss_fd_, SSLClientSocketNSS::Core::PlatformClientAuthHandler, | |
904 this); | |
905 #else | |
906 rv = SSL_GetClientAuthDataHook( | |
907 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); | |
908 #endif | |
909 if (rv != SECSuccess) { | |
910 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); | |
911 return rv; | |
912 } | |
913 | |
914 rv = SSL_HandshakeCallback( | |
915 nss_fd_, SSLClientSocketNSS::Core::HandshakeCallback, this); | |
916 if (rv != SECSuccess) { | |
917 LogFailedNSSFunction(*weak_net_log_, "SSL_HandshakeCallback", ""); | |
918 return rv; | |
919 } | |
920 | |
921 return SECSuccess; | |
922 } | |
923 | |
924 void SSLClientSocketNSS::Core::SetPredictedCertificates( | |
925 const std::vector<std::string>& predicted_certs) { | |
926 if (predicted_certs.empty()) | |
474 return; | 927 return; |
475 | 928 |
476 SSL_ClearSessionCache(); | 929 if (!OnNSSTaskRunner()) { |
477 } | 930 DCHECK(!detached_); |
478 | 931 nss_task_runner_->PostTask( |
479 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { | 932 FROM_HERE, |
480 EnterFunction(""); | 933 base::Bind(&Core::SetPredictedCertificates, this, predicted_certs)); |
481 ssl_info->Reset(); | |
482 if (!server_cert_nss_) | |
483 return; | 934 return; |
484 | 935 } |
485 ssl_info->cert_status = server_cert_verify_result_->cert_status; | 936 |
486 ssl_info->cert = server_cert_verify_result_->verified_cert; | 937 DCHECK(nss_fd_); |
487 ssl_info->connection_status = ssl_connection_status_; | 938 |
488 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; | 939 predicted_certs_ = predicted_certs; |
489 for (std::vector<SHA1Fingerprint>::const_iterator | 940 |
490 i = side_pinned_public_keys_.begin(); | 941 scoped_array<CERTCertificate*> certs( |
491 i != side_pinned_public_keys_.end(); i++) { | 942 new CERTCertificate*[predicted_certs.size()]); |
492 ssl_info->public_key_hashes.push_back(*i); | 943 |
493 } | 944 for (size_t i = 0; i < predicted_certs.size(); i++) { |
494 ssl_info->is_issued_by_known_root = | 945 SECItem derCert; |
495 server_cert_verify_result_->is_issued_by_known_root; | 946 derCert.data = const_cast<uint8*>(reinterpret_cast<const uint8*>( |
496 ssl_info->client_cert_sent = WasDomainBoundCertSent() || | 947 predicted_certs[i].data())); |
497 (ssl_config_.send_client_cert && ssl_config_.client_cert); | 948 derCert.len = predicted_certs[i].size(); |
498 | 949 certs[i] = CERT_NewTempCertificate( |
499 PRUint16 cipher_suite = | 950 CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */, |
500 SSLConnectionStatusToCipherSuite(ssl_connection_status_); | 951 PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */); |
501 SSLCipherSuiteInfo cipher_info; | 952 if (!certs[i]) { |
502 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, | 953 DestroyCertificates(&certs[0], i); |
503 &cipher_info, sizeof(cipher_info)); | 954 NOTREACHED(); |
504 if (ok == SECSuccess) { | 955 return; |
505 ssl_info->security_bits = cipher_info.effectiveKeyBits; | |
506 } else { | |
507 ssl_info->security_bits = -1; | |
508 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() | |
509 << " for cipherSuite " << cipher_suite; | |
510 } | |
511 | |
512 PRBool last_handshake_resumed; | |
513 ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); | |
514 if (ok == SECSuccess) { | |
515 if (last_handshake_resumed) { | |
516 ssl_info->handshake_type = SSLInfo::HANDSHAKE_RESUME; | |
517 } else { | |
518 ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL; | |
519 } | 956 } |
520 } | 957 } |
521 | 958 |
522 LeaveFunction(""); | 959 SECStatus rv; |
523 } | 960 #ifdef SSL_ENABLE_CACHED_INFO |
524 | 961 rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), |
525 void SSLClientSocketNSS::GetSSLCertRequestInfo( | 962 predicted_certs.size()); |
526 SSLCertRequestInfo* cert_request_info) { | 963 DCHECK_EQ(SECSuccess, rv); |
527 EnterFunction(""); | 964 #else |
528 // TODO(rch): switch SSLCertRequestInfo.host_and_port to a HostPortPair | 965 rv = SECFailure; // Not implemented. |
529 cert_request_info->host_and_port = host_and_port_.ToString(); | 966 #endif |
530 cert_request_info->client_certs = client_certs_; | 967 DestroyCertificates(&certs[0], predicted_certs.size()); |
531 LeaveFunction(cert_request_info->client_certs.size()); | 968 |
532 } | 969 if (rv != SECSuccess) { |
533 | 970 LOG(WARNING) << "SetPredictedCertificates failed: " |
534 int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, | 971 << host_and_port_.ToString(); |
535 bool has_context, | 972 } |
536 const base::StringPiece& context, | 973 } |
537 unsigned char* out, | 974 |
538 unsigned int outlen) { | 975 int SSLClientSocketNSS::Core::Connect(const CompletionCallback& callback) { |
539 if (!IsConnected()) | 976 if (!OnNSSTaskRunner()) { |
540 return ERR_SOCKET_NOT_CONNECTED; | 977 DCHECK(!detached_); |
541 SECStatus result = SSL_ExportKeyingMaterial( | 978 bool posted = nss_task_runner_->PostTask( |
542 nss_fd_, label.data(), label.size(), has_context, | 979 FROM_HERE, |
543 reinterpret_cast<const unsigned char*>(context.data()), | 980 base::Bind(IgnoreResult(&Core::Connect), this, callback)); |
544 context.length(), out, outlen); | 981 return posted ? ERR_IO_PENDING : ERR_UNEXPECTED; |
545 if (result != SECSuccess) { | 982 } |
546 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); | 983 |
547 return MapNSSError(PORT_GetError()); | 984 DCHECK(OnNSSTaskRunner()); |
548 } | 985 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
549 return OK; | |
550 } | |
551 | |
552 SSLClientSocket::NextProtoStatus | |
553 SSLClientSocketNSS::GetNextProto(std::string* proto, | |
554 std::string* server_protos) { | |
555 *proto = next_proto_; | |
556 *server_protos = server_protos_; | |
557 return next_proto_status_; | |
558 } | |
559 | |
560 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) { | |
561 EnterFunction(""); | |
562 DCHECK(transport_.get()); | |
563 DCHECK(next_handshake_state_ == STATE_NONE); | |
564 DCHECK(user_read_callback_.is_null()); | 986 DCHECK(user_read_callback_.is_null()); |
565 DCHECK(user_write_callback_.is_null()); | 987 DCHECK(user_write_callback_.is_null()); |
566 DCHECK(user_connect_callback_.is_null()); | 988 DCHECK(user_connect_callback_.is_null()); |
567 DCHECK(!user_read_buf_); | 989 DCHECK(!user_read_buf_); |
568 DCHECK(!user_write_buf_); | 990 DCHECK(!user_write_buf_); |
569 | 991 |
570 EnsureThreadIdAssigned(); | 992 next_handshake_state_ = STATE_HANDSHAKE; |
571 | 993 int rv = DoHandshakeLoop(OK); |
572 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL); | |
573 | |
574 int rv = Init(); | |
575 if (rv != OK) { | |
576 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
577 return rv; | |
578 } | |
579 | |
580 rv = InitializeSSLOptions(); | |
581 if (rv != OK) { | |
582 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
583 return rv; | |
584 } | |
585 | |
586 rv = InitializeSSLPeerName(); | |
587 if (rv != OK) { | |
588 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
589 return rv; | |
590 } | |
591 | |
592 if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) { | |
593 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
594 } else { | |
595 GotoState(STATE_HANDSHAKE); | |
596 } | |
597 | |
598 rv = DoHandshakeLoop(OK); | |
599 if (rv == ERR_IO_PENDING) { | 994 if (rv == ERR_IO_PENDING) { |
600 user_connect_callback_ = callback; | 995 user_connect_callback_ = callback; |
601 } else { | 996 } else if (rv > OK) { |
602 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 997 rv = OK; |
603 } | 998 } |
604 | 999 if (rv != ERR_IO_PENDING && !OnNetworkTaskRunner()) |
605 LeaveFunction(""); | 1000 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); |
606 return rv > OK ? OK : rv; | 1001 |
607 } | 1002 return rv; |
608 | 1003 } |
609 void SSLClientSocketNSS::Disconnect() { | 1004 |
610 EnterFunction(""); | 1005 void SSLClientSocketNSS::Core::Detach() { |
611 | 1006 DCHECK(OnNetworkTaskRunner()); |
612 CHECK(CalledOnValidThread()); | 1007 |
613 | 1008 detached_ = true; |
614 // Shut down anything that may call us back. | 1009 transport_ = NULL; |
615 verifier_.reset(); | 1010 weak_factory_.InvalidateWeakPtrs(); |
616 transport_->socket()->Disconnect(); | 1011 |
1012 network_connection_state_.Reset(); | |
617 | 1013 |
618 if (domain_bound_cert_request_handle_ != NULL) { | 1014 if (domain_bound_cert_request_handle_ != NULL) { |
619 server_bound_cert_service_->CancelRequest( | 1015 server_bound_cert_service_->CancelRequest( |
620 domain_bound_cert_request_handle_); | 1016 domain_bound_cert_request_handle_); |
621 domain_bound_cert_request_handle_ = NULL; | 1017 domain_bound_cert_request_handle_ = NULL; |
622 } | 1018 } |
623 | 1019 } |
624 // TODO(wtc): Send SSL close_notify alert. | 1020 |
625 if (nss_fd_ != NULL) { | 1021 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, |
626 PR_Close(nss_fd_); | 1022 const CompletionCallback& callback) { |
627 nss_fd_ = NULL; | 1023 if (!OnNSSTaskRunner()) { |
628 } | 1024 DCHECK(OnNetworkTaskRunner()); |
629 | 1025 DCHECK(!detached_); |
630 // Reset object state. | 1026 DCHECK(transport_); |
631 user_connect_callback_.Reset(); | 1027 |
632 user_read_callback_.Reset(); | 1028 bool posted = nss_task_runner_->PostTask( |
633 user_write_callback_.Reset(); | 1029 FROM_HERE, |
634 transport_send_busy_ = false; | 1030 base::Bind(IgnoreResult(&Core::Read), this, make_scoped_refptr(buf), |
635 transport_recv_busy_ = false; | 1031 buf_len, callback)); |
636 transport_recv_eof_ = false; | 1032 return posted ? ERR_IO_PENDING : ERR_UNEXPECTED; |
637 user_read_buf_ = NULL; | 1033 } |
638 user_read_buf_len_ = 0; | 1034 |
639 user_write_buf_ = NULL; | 1035 DCHECK(OnNSSTaskRunner()); |
640 user_write_buf_len_ = 0; | 1036 DCHECK(handshake_callback_called_); |
641 server_cert_ = NULL; | 1037 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
642 if (server_cert_nss_) { | |
643 CERT_DestroyCertificate(server_cert_nss_); | |
644 server_cert_nss_ = NULL; | |
645 } | |
646 local_server_cert_verify_result_.Reset(); | |
647 server_cert_verify_result_ = NULL; | |
648 ssl_connection_status_ = 0; | |
649 completed_handshake_ = false; | |
650 start_cert_verification_time_ = base::TimeTicks(); | |
651 predicted_cert_chain_correct_ = false; | |
652 nss_bufs_ = NULL; | |
653 client_certs_.clear(); | |
654 client_auth_cert_needed_ = false; | |
655 domain_bound_cert_xtn_negotiated_ = false; | |
656 | |
657 LeaveFunction(""); | |
658 } | |
659 | |
660 bool SSLClientSocketNSS::IsConnected() const { | |
661 // Ideally, we should also check if we have received the close_notify alert | |
662 // message from the server, and return false in that case. We're not doing | |
663 // that, so this function may return a false positive. Since the upper | |
664 // layer (HttpNetworkTransaction) needs to handle a persistent connection | |
665 // closed by the server when we send a request anyway, a false positive in | |
666 // exchange for simpler code is a good trade-off. | |
667 EnterFunction(""); | |
668 bool ret = completed_handshake_ && transport_->socket()->IsConnected(); | |
669 LeaveFunction(""); | |
670 return ret; | |
671 } | |
672 | |
673 bool SSLClientSocketNSS::IsConnectedAndIdle() const { | |
674 // Unlike IsConnected, this method doesn't return a false positive. | |
675 // | |
676 // Strictly speaking, we should check if we have received the close_notify | |
677 // alert message from the server, and return false in that case. Although | |
678 // the close_notify alert message means EOF in the SSL layer, it is just | |
679 // bytes to the transport layer below, so | |
680 // transport_->socket()->IsConnectedAndIdle() returns the desired false | |
681 // when we receive close_notify. | |
682 EnterFunction(""); | |
683 bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle(); | |
684 LeaveFunction(""); | |
685 return ret; | |
686 } | |
687 | |
688 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const { | |
689 return transport_->socket()->GetPeerAddress(address); | |
690 } | |
691 | |
692 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const { | |
693 return transport_->socket()->GetLocalAddress(address); | |
694 } | |
695 | |
696 const BoundNetLog& SSLClientSocketNSS::NetLog() const { | |
697 return net_log_; | |
698 } | |
699 | |
700 void SSLClientSocketNSS::SetSubresourceSpeculation() { | |
701 if (transport_.get() && transport_->socket()) { | |
702 transport_->socket()->SetSubresourceSpeculation(); | |
703 } else { | |
704 NOTREACHED(); | |
705 } | |
706 } | |
707 | |
708 void SSLClientSocketNSS::SetOmniboxSpeculation() { | |
709 if (transport_.get() && transport_->socket()) { | |
710 transport_->socket()->SetOmniboxSpeculation(); | |
711 } else { | |
712 NOTREACHED(); | |
713 } | |
714 } | |
715 | |
716 bool SSLClientSocketNSS::WasEverUsed() const { | |
717 if (transport_.get() && transport_->socket()) { | |
718 return transport_->socket()->WasEverUsed(); | |
719 } | |
720 NOTREACHED(); | |
721 return false; | |
722 } | |
723 | |
724 bool SSLClientSocketNSS::UsingTCPFastOpen() const { | |
725 if (transport_.get() && transport_->socket()) { | |
726 return transport_->socket()->UsingTCPFastOpen(); | |
727 } | |
728 NOTREACHED(); | |
729 return false; | |
730 } | |
731 | |
732 int64 SSLClientSocketNSS::NumBytesRead() const { | |
733 if (transport_.get() && transport_->socket()) { | |
734 return transport_->socket()->NumBytesRead(); | |
735 } | |
736 NOTREACHED(); | |
737 return -1; | |
738 } | |
739 | |
740 base::TimeDelta SSLClientSocketNSS::GetConnectTimeMicros() const { | |
741 if (transport_.get() && transport_->socket()) { | |
742 return transport_->socket()->GetConnectTimeMicros(); | |
743 } | |
744 NOTREACHED(); | |
745 return base::TimeDelta::FromMicroseconds(-1); | |
746 } | |
747 | |
748 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, | |
749 const CompletionCallback& callback) { | |
750 EnterFunction(buf_len); | |
751 DCHECK(completed_handshake_); | |
752 DCHECK(next_handshake_state_ == STATE_NONE); | |
753 DCHECK(user_read_callback_.is_null()); | 1038 DCHECK(user_read_callback_.is_null()); |
754 DCHECK(user_connect_callback_.is_null()); | 1039 DCHECK(user_connect_callback_.is_null()); |
755 DCHECK(!user_read_buf_); | 1040 DCHECK(!user_read_buf_); |
756 DCHECK(nss_bufs_); | 1041 DCHECK(nss_bufs_); |
757 | 1042 |
758 user_read_buf_ = buf; | 1043 user_read_buf_ = buf; |
759 user_read_buf_len_ = buf_len; | 1044 user_read_buf_len_ = buf_len; |
760 | 1045 |
761 int rv = DoReadLoop(OK); | 1046 int rv = DoReadLoop(OK); |
762 | |
763 if (rv == ERR_IO_PENDING) { | 1047 if (rv == ERR_IO_PENDING) { |
764 user_read_callback_ = callback; | 1048 user_read_callback_ = callback; |
765 } else { | 1049 } else { |
766 user_read_buf_ = NULL; | 1050 user_read_buf_ = NULL; |
767 user_read_buf_len_ = 0; | 1051 user_read_buf_len_ = 0; |
1052 | |
1053 if (!OnNetworkTaskRunner()) | |
1054 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); | |
Ryan Sleevi
2012/05/31 06:28:26
BUG: Here, |callback| was getting invoked regardle
| |
768 } | 1055 } |
769 LeaveFunction(rv); | 1056 |
770 return rv; | 1057 return rv; |
771 } | 1058 } |
772 | 1059 |
773 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, | 1060 int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len, |
774 const CompletionCallback& callback) { | 1061 const CompletionCallback& callback) { |
775 EnterFunction(buf_len); | 1062 if (!OnNSSTaskRunner()) { |
776 DCHECK(completed_handshake_); | 1063 DCHECK(OnNetworkTaskRunner()); |
777 DCHECK(next_handshake_state_ == STATE_NONE); | 1064 DCHECK(!detached_); |
1065 DCHECK(transport_); | |
1066 | |
1067 bool posted = nss_task_runner_->PostTask( | |
1068 FROM_HERE, | |
1069 base::Bind(IgnoreResult(&Core::Write), this, make_scoped_refptr(buf), | |
1070 buf_len, callback)); | |
1071 int rv = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; | |
1072 return rv; | |
1073 } | |
1074 | |
1075 DCHECK(OnNSSTaskRunner()); | |
1076 DCHECK(handshake_callback_called_); | |
1077 DCHECK_EQ(STATE_NONE, next_handshake_state_); | |
778 DCHECK(user_write_callback_.is_null()); | 1078 DCHECK(user_write_callback_.is_null()); |
779 DCHECK(user_connect_callback_.is_null()); | 1079 DCHECK(user_connect_callback_.is_null()); |
780 DCHECK(!user_write_buf_); | 1080 DCHECK(!user_write_buf_); |
781 DCHECK(nss_bufs_); | 1081 DCHECK(nss_bufs_); |
782 | 1082 |
783 user_write_buf_ = buf; | 1083 user_write_buf_ = buf; |
784 user_write_buf_len_ = buf_len; | 1084 user_write_buf_len_ = buf_len; |
785 | 1085 |
786 int rv = DoWriteLoop(OK); | 1086 int rv = DoWriteLoop(OK); |
787 | |
788 if (rv == ERR_IO_PENDING) { | 1087 if (rv == ERR_IO_PENDING) { |
789 user_write_callback_ = callback; | 1088 user_write_callback_ = callback; |
790 } else { | 1089 } else { |
791 user_write_buf_ = NULL; | 1090 user_write_buf_ = NULL; |
792 user_write_buf_len_ = 0; | 1091 user_write_buf_len_ = 0; |
793 } | 1092 |
794 LeaveFunction(rv); | 1093 if (!OnNetworkTaskRunner()) |
1094 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); | |
Ryan Sleevi
2012/05/31 06:28:26
BUG: Same as above - if a read failed, Detach() mi
| |
1095 } | |
1096 | |
795 return rv; | 1097 return rv; |
796 } | 1098 } |
797 | 1099 |
798 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { | 1100 bool SSLClientSocketNSS::Core::OnNSSTaskRunner() const { |
799 return transport_->socket()->SetReceiveBufferSize(size); | 1101 return nss_task_runner_->RunsTasksOnCurrentThread(); |
800 } | 1102 } |
801 | 1103 |
802 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) { | 1104 bool SSLClientSocketNSS::Core::OnNetworkTaskRunner() const { |
803 return transport_->socket()->SetSendBufferSize(size); | 1105 return network_task_runner_->RunsTasksOnCurrentThread(); |
804 } | 1106 } |
805 | 1107 |
806 int SSLClientSocketNSS::Init() { | 1108 // static |
807 EnterFunction(""); | 1109 SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler( |
808 // Initialize the NSS SSL library in a threadsafe way. This also | 1110 void* arg, |
809 // initializes the NSS base library. | 1111 PRFileDesc* socket, |
810 EnsureNSSSSLInit(); | 1112 PRBool checksig, |
811 if (!NSS_IsInitialized()) | 1113 PRBool is_server) { |
812 return ERR_UNEXPECTED; | 1114 #ifdef SSL_ENABLE_FALSE_START |
813 #if !defined(OS_MACOSX) && !defined(OS_WIN) | 1115 Core* core = reinterpret_cast<Core*>(arg); |
814 if (ssl_config_.cert_io_enabled) { | 1116 if (!core->handshake_callback_called_) { |
815 // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO | 1117 // Only need to turn off False Start in the initial handshake. Also, it is |
816 // loop by MessageLoopForIO::current(). | 1118 // unsafe to call SSL_OptionSet in a renegotiation because the "first |
817 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 1119 // handshake" lock isn't already held, which will result in an assertion |
818 EnsureNSSHttpIOInit(); | 1120 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet. |
1121 PRBool npn; | |
1122 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket, | |
1123 ssl_next_proto_nego_xtn, | |
1124 &npn); | |
1125 if (rv != SECSuccess || !npn) { | |
1126 // If the server doesn't support NPN, then we don't do False Start with | |
1127 // it. | |
1128 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); | |
1129 } | |
819 } | 1130 } |
820 #endif | 1131 #endif |
821 | 1132 |
822 LeaveFunction(""); | 1133 // Tell NSS to not verify the certificate. |
823 return OK; | 1134 return SECSuccess; |
824 } | 1135 } |
825 | 1136 |
826 int SSLClientSocketNSS::InitializeSSLOptions() { | 1137 #if defined(NSS_PLATFORM_CLIENT_AUTH) |
827 // Transport connected, now hook it up to nss | 1138 // static |
828 // TODO(port): specify rx and tx buffer sizes separately | 1139 SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler( |
829 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | 1140 void* arg, |
830 if (nss_fd_ == NULL) { | 1141 PRFileDesc* socket, |
831 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | 1142 CERTDistNames* ca_names, |
832 } | 1143 CERTCertList** result_certs, |
833 | 1144 void** result_private_key, |
834 // Grab pointer to buffers | 1145 CERTCertificate** result_nss_certificate, |
835 nss_bufs_ = memio_GetSecret(nss_fd_); | 1146 SECKEYPrivateKey** result_nss_private_key) { |
836 | 1147 Core* core = reinterpret_cast<Core*>(arg); |
837 /* Create SSL state machine */ | 1148 DCHECK(core->OnNSSTaskRunner()); |
838 /* Push SSL onto our fake I/O socket */ | 1149 |
839 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | 1150 core->PostOrRunCallback( |
840 if (nss_fd_ == NULL) { | 1151 FROM_HERE, |
841 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); | 1152 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, |
842 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. | 1153 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, |
843 } | 1154 scoped_refptr<NetLog::EventParameters>())); |
844 // TODO(port): set more ssl options! Check errors! | 1155 |
845 | 1156 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); |
846 int rv; | 1157 |
847 | 1158 // Check if a domain-bound certificate is requested. |
848 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); | 1159 if (DomainBoundCertNegotiated(socket)) { |
849 if (rv != SECSuccess) { | 1160 return core->DomainBoundClientAuthHandler(cert_types, |
850 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); | 1161 result_nss_certificate, |
851 return ERR_UNEXPECTED; | 1162 result_nss_private_key); |
852 } | 1163 } |
853 | 1164 |
854 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); | 1165 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; |
855 if (rv != SECSuccess) { | 1166 #if defined(OS_WIN) |
856 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); | 1167 if (core->ssl_config_.send_client_cert) { |
857 return ERR_UNEXPECTED; | 1168 if (core->ssl_config_.client_cert) { |
858 } | 1169 PCCERT_CONTEXT cert_context = |
859 | 1170 core->ssl_config_.client_cert->os_cert_handle(); |
860 // Don't do V2 compatible hellos because they don't support TLS extensions. | 1171 |
861 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE); | 1172 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; |
862 if (rv != SECSuccess) { | 1173 DWORD key_spec = 0; |
863 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO"); | 1174 BOOL must_free = FALSE; |
864 return ERR_UNEXPECTED; | 1175 BOOL acquired_key = CryptAcquireCertificatePrivateKey( |
865 } | 1176 cert_context, CRYPT_ACQUIRE_CACHE_FLAG, NULL, |
866 | 1177 &crypt_prov, &key_spec, &must_free); |
867 SSLVersionRange version_range; | 1178 |
868 version_range.min = ssl_config_.version_min; | 1179 if (acquired_key) { |
869 version_range.max = ssl_config_.version_max; | 1180 // Since we passed CRYPT_ACQUIRE_CACHE_FLAG, |must_free| must be false |
870 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | 1181 // according to the MSDN documentation. |
871 if (rv != SECSuccess) { | 1182 CHECK_EQ(must_free, FALSE); |
872 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | 1183 DCHECK_NE(key_spec, CERT_NCRYPT_KEY_SPEC); |
873 return ERR_NO_SSL_VERSIONS_ENABLED; | 1184 |
874 } | 1185 SECItem der_cert; |
875 | 1186 der_cert.type = siDERCertBuffer; |
876 for (std::vector<uint16>::const_iterator it = | 1187 der_cert.data = cert_context->pbCertEncoded; |
877 ssl_config_.disabled_cipher_suites.begin(); | 1188 der_cert.len = cert_context->cbCertEncoded; |
878 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | 1189 |
879 // This will fail if the specified cipher is not implemented by NSS, but | 1190 // TODO(rsleevi): Error checking for NSS allocation errors. |
880 // the failure is harmless. | 1191 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB(); |
881 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 1192 CERTCertificate* user_cert = CERT_NewTempCertificate( |
882 } | 1193 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); |
883 | 1194 if (!user_cert) { |
884 #ifdef SSL_ENABLE_SESSION_TICKETS | 1195 // Importing the certificate can fail for reasons including a serial |
885 // Support RFC 5077 | 1196 // number collision. See crbug.com/97355. |
886 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); | 1197 core->PostOrRunCallback( |
887 if (rv != SECSuccess) { | 1198 FROM_HERE, |
888 LogFailedNSSFunction( | 1199 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, |
889 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | 1200 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
890 } | 1201 make_scoped_refptr( |
1202 new NetLogIntegerParameter("cert_count", 0)))); | |
1203 return SECFailure; | |
1204 } | |
1205 CERTCertList* cert_chain = CERT_NewCertList(); | |
1206 CERT_AddCertToListTail(cert_chain, user_cert); | |
1207 | |
1208 // Add the intermediates. | |
1209 X509Certificate::OSCertHandles intermediates = | |
1210 core->ssl_config_.client_cert->GetIntermediateCertificates(); | |
1211 for (X509Certificate::OSCertHandles::const_iterator it = | |
1212 intermediates.begin(); it != intermediates.end(); ++it) { | |
1213 der_cert.data = (*it)->pbCertEncoded; | |
1214 der_cert.len = (*it)->cbCertEncoded; | |
1215 | |
1216 CERTCertificate* intermediate = CERT_NewTempCertificate( | |
1217 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | |
1218 if (!intermediate) { | |
1219 CERT_DestroyCertList(cert_chain); | |
1220 core->PostOrRunCallback( | |
1221 FROM_HERE, | |
1222 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1223 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1224 make_scoped_refptr( | |
1225 new NetLogIntegerParameter("cert_count", 0)))); | |
1226 return SECFailure; | |
1227 } | |
1228 CERT_AddCertToListTail(cert_chain, intermediate); | |
1229 } | |
1230 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>( | |
1231 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT))); | |
1232 key_context->cbSize = sizeof(*key_context); | |
1233 // NSS will free this context when no longer in use, but the | |
1234 // |must_free| result from CryptAcquireCertificatePrivateKey was false | |
1235 // so we increment the refcount to negate NSS's future decrement. | |
1236 CryptContextAddRef(crypt_prov, NULL, 0); | |
1237 key_context->hCryptProv = crypt_prov; | |
1238 key_context->dwKeySpec = key_spec; | |
1239 *result_private_key = key_context; | |
1240 *result_certs = cert_chain; | |
1241 | |
1242 int cert_count = 1 + intermediates.size(); | |
1243 core->PostOrRunCallback( | |
1244 FROM_HERE, | |
1245 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1246 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1247 make_scoped_refptr( | |
1248 new NetLogIntegerParameter("cert_count", | |
1249 cert_count)))); | |
1250 return SECSuccess; | |
1251 } | |
1252 LOG(WARNING) << "Client cert found without private key"; | |
1253 } | |
1254 | |
1255 // Send no client certificate. | |
1256 core->PostOrRunCallback( | |
1257 FROM_HERE, | |
1258 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1259 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1260 make_scoped_refptr( | |
1261 new NetLogIntegerParameter("cert_count", 0)))); | |
1262 return SECFailure; | |
1263 } | |
1264 | |
1265 core->nss_connection_state_.client_certs.clear(); | |
1266 | |
1267 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames); | |
1268 for (int i = 0; i < ca_names->nnames; ++i) { | |
1269 issuer_list[i].cbData = ca_names->names[i].len; | |
1270 issuer_list[i].pbData = ca_names->names[i].data; | |
1271 } | |
1272 | |
1273 // Client certificates of the user are in the "MY" system certificate store. | |
1274 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); | |
1275 if (!my_cert_store) { | |
1276 PLOG(ERROR) << "Could not open the \"MY\" system certificate store"; | |
1277 | |
1278 core->PostOrRunCallback( | |
1279 FROM_HERE, | |
1280 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1281 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1282 make_scoped_refptr( | |
1283 new NetLogIntegerParameter("cert_count", 0)))); | |
1284 return SECFailure; | |
1285 } | |
1286 | |
1287 // Enumerate the client certificates. | |
1288 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para; | |
1289 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para)); | |
1290 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para); | |
1291 find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH; | |
1292 find_by_issuer_para.cIssuer = ca_names->nnames; | |
1293 find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL; | |
1294 find_by_issuer_para.pfnFindCallback = ClientCertFindCallback; | |
1295 | |
1296 PCCERT_CHAIN_CONTEXT chain_context = NULL; | |
1297 DWORD find_flags = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG | | |
1298 CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG; | |
1299 | |
1300 for (;;) { | |
1301 // Find a certificate chain. | |
1302 chain_context = CertFindChainInStore(my_cert_store, | |
1303 X509_ASN_ENCODING, | |
1304 find_flags, | |
1305 CERT_CHAIN_FIND_BY_ISSUER, | |
1306 &find_by_issuer_para, | |
1307 chain_context); | |
1308 if (!chain_context) { | |
1309 DWORD err = GetLastError(); | |
1310 if (err != CRYPT_E_NOT_FOUND) | |
1311 DLOG(ERROR) << "CertFindChainInStore failed: " << err; | |
1312 break; | |
1313 } | |
1314 | |
1315 // Get the leaf certificate. | |
1316 PCCERT_CONTEXT cert_context = | |
1317 chain_context->rgpChain[0]->rgpElement[0]->pCertContext; | |
1318 // Create a copy the handle, so that we can close the "MY" certificate store | |
1319 // before returning from this function. | |
1320 PCCERT_CONTEXT cert_context2; | |
1321 BOOL ok = CertAddCertificateContextToStore(NULL, cert_context, | |
1322 CERT_STORE_ADD_USE_EXISTING, | |
1323 &cert_context2); | |
1324 if (!ok) { | |
1325 NOTREACHED(); | |
1326 continue; | |
1327 } | |
1328 | |
1329 // Copy the rest of the chain. Copying the chain stops gracefully if an | |
1330 // error is encountered, with the partial chain being used as the | |
1331 // intermediates, as opposed to failing to consider the client certificate | |
1332 // at all. | |
1333 net::X509Certificate::OSCertHandles intermediates; | |
1334 for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; i++) { | |
1335 PCCERT_CONTEXT intermediate_copy; | |
1336 ok = CertAddCertificateContextToStore( | |
1337 NULL, chain_context->rgpChain[0]->rgpElement[i]->pCertContext, | |
1338 CERT_STORE_ADD_USE_EXISTING, &intermediate_copy); | |
1339 if (!ok) { | |
1340 NOTREACHED(); | |
1341 break; | |
1342 } | |
1343 intermediates.push_back(intermediate_copy); | |
1344 } | |
1345 | |
1346 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | |
1347 cert_context2, intermediates); | |
1348 core->nss_connection_state_.client_certs.push_back(cert); | |
1349 | |
1350 X509Certificate::FreeOSCertHandle(cert_context2); | |
1351 for (net::X509Certificate::OSCertHandles::iterator it = | |
1352 intermediates.begin(); it != intermediates.end(); ++it) { | |
1353 net::X509Certificate::FreeOSCertHandle(*it); | |
1354 } | |
1355 } | |
1356 | |
1357 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG); | |
1358 DCHECK(ok); | |
1359 | |
1360 // Update the network task runner's view of the connection state now that | |
1361 // client certs have been detected. | |
1362 core->PostOrRunCallback( | |
1363 FROM_HERE, base::Bind(&Core::OnConnectionStateUpdated, core, | |
1364 core->nss_connection_state_)); | |
Ryan Sleevi
2012/05/31 06:28:26
BUG: |network_connection_state_.client_certs| wasn
| |
1365 | |
1366 // Tell NSS to suspend the client authentication. We will then abort the | |
1367 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
1368 return SECWouldBlock; | |
1369 #elif defined(OS_MACOSX) | |
1370 if (core->ssl_config_.send_client_cert) { | |
1371 if (core->ssl_config_.client_cert) { | |
1372 OSStatus os_error = noErr; | |
1373 SecIdentityRef identity = NULL; | |
1374 SecKeyRef private_key = NULL; | |
1375 CFArrayRef chain = | |
1376 core->ssl_config_.client_cert->CreateClientCertificateChain(); | |
1377 if (chain) { | |
1378 identity = reinterpret_cast<SecIdentityRef>( | |
1379 const_cast<void*>(CFArrayGetValueAtIndex(chain, 0))); | |
1380 } | |
1381 if (identity) | |
1382 os_error = SecIdentityCopyPrivateKey(identity, &private_key); | |
1383 | |
1384 if (chain && identity && os_error == noErr) { | |
1385 // TODO(rsleevi): Error checking for NSS allocation errors. | |
1386 *result_certs = CERT_NewCertList(); | |
1387 *result_private_key = private_key; | |
1388 | |
1389 for (CFIndex i = 0; i < CFArrayGetCount(chain); ++i) { | |
1390 CSSM_DATA cert_data; | |
1391 SecCertificateRef cert_ref; | |
1392 if (i == 0) { | |
1393 cert_ref = core->ssl_config_.client_cert->os_cert_handle(); | |
1394 } else { | |
1395 cert_ref = reinterpret_cast<SecCertificateRef>( | |
1396 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); | |
1397 } | |
1398 os_error = SecCertificateGetData(cert_ref, &cert_data); | |
1399 if (os_error != noErr) | |
1400 break; | |
1401 | |
1402 SECItem der_cert; | |
1403 der_cert.type = siDERCertBuffer; | |
1404 der_cert.data = cert_data.Data; | |
1405 der_cert.len = cert_data.Length; | |
1406 CERTCertificate* nss_cert = CERT_NewTempCertificate( | |
1407 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | |
1408 if (!nss_cert) { | |
1409 // In the event of an NSS error we make up an OS error and reuse | |
1410 // the error handling, below. | |
1411 os_error = errSecCreateChainFailed; | |
1412 break; | |
1413 } | |
1414 CERT_AddCertToListTail(*result_certs, nss_cert); | |
1415 } | |
1416 } | |
1417 if (os_error == noErr) { | |
1418 int cert_count = 0; | |
1419 if (chain) { | |
1420 cert_count = CFArrayGetCount(chain); | |
1421 CFRelease(chain); | |
1422 } | |
1423 core->PostOrRunCallback( | |
1424 FROM_HERE, | |
1425 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1426 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1427 make_scoped_refptr( | |
1428 new NetLogIntegerParameter("cert_count", | |
1429 cert_count)))); | |
1430 return SECSuccess; | |
1431 } | |
1432 OSSTATUS_LOG(WARNING, os_error) | |
1433 << "Client cert found, but could not be used"; | |
1434 if (*result_certs) { | |
1435 CERT_DestroyCertList(*result_certs); | |
1436 *result_certs = NULL; | |
1437 } | |
1438 if (*result_private_key) | |
1439 *result_private_key = NULL; | |
1440 if (private_key) | |
1441 CFRelease(private_key); | |
1442 if (chain) | |
1443 CFRelease(chain); | |
1444 } | |
1445 | |
1446 // Send no client certificate. | |
1447 core->PostOrRunCallback( | |
1448 FROM_HERE, | |
1449 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1450 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1451 make_scoped_refptr( | |
1452 new NetLogIntegerParameter("cert_count", 0)))); | |
1453 return SECFailure; | |
1454 } | |
1455 | |
1456 core->nss_connection_state_.client_certs.clear(); | |
1457 | |
1458 // First, get the cert issuer names allowed by the server. | |
1459 std::vector<CertPrincipal> valid_issuers; | |
1460 int n = ca_names->nnames; | |
1461 for (int i = 0; i < n; i++) { | |
1462 // Parse each name into a CertPrincipal object. | |
1463 CertPrincipal p; | |
1464 if (p.ParseDistinguishedName(ca_names->names[i].data, | |
1465 ca_names->names[i].len)) { | |
1466 valid_issuers.push_back(p); | |
1467 } | |
1468 } | |
1469 | |
1470 // Now get the available client certs whose issuers are allowed by the server. | |
1471 X509Certificate::GetSSLClientCertificates( | |
1472 core->host_and_port_.host(), valid_issuers, | |
1473 &core->nss_connection_state_.client_certs); | |
1474 | |
1475 // Update the network task runner's view of the connection state now that | |
1476 // client certs have been detected. | |
1477 core->PostOrRunCallback( | |
1478 FROM_HERE, base::Bind(&Core::OnConnectionStateUpdated, core, | |
1479 core->nss_connection_state_)); | |
1480 | |
1481 // Tell NSS to suspend the client authentication. We will then abort the | |
1482 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
1483 return SECWouldBlock; | |
891 #else | 1484 #else |
892 #error "You need to install NSS-3.12 or later to build chromium" | 1485 return SECFailure; |
893 #endif | 1486 #endif |
894 | 1487 } |
895 #ifdef SSL_ENABLE_DEFLATE | 1488 |
896 // Some web servers have been found to break if TLS is used *or* if DEFLATE | 1489 #else // NSS_PLATFORM_CLIENT_AUTH |
897 // is advertised. Thus, if TLS is disabled (probably because we are doing | 1490 |
898 // SSLv3 fallback), we disable DEFLATE also. | 1491 // static |
899 // See http://crbug.com/31628 | 1492 // Based on Mozilla's NSS_GetClientAuthData. |
900 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, | 1493 SECStatus SSLClientSocketNSS::Core::ClientAuthHandler( |
901 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1); | 1494 void* arg, |
902 if (rv != SECSuccess) | 1495 PRFileDesc* socket, |
903 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE"); | 1496 CERTDistNames* ca_names, |
1497 CERTCertificate** result_certificate, | |
1498 SECKEYPrivateKey** result_private_key) { | |
1499 Core* core = reinterpret_cast<Core*>(arg); | |
1500 DCHECK(core->OnNSSTaskRunner()); | |
1501 | |
1502 core->PostOrRunCallback( | |
1503 FROM_HERE, | |
1504 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1505 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, | |
1506 scoped_refptr<NetLog::EventParameters>())); | |
1507 | |
1508 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | |
1509 | |
1510 // Check if a domain-bound certificate is requested. | |
1511 if (DomainBoundCertNegotiated(socket)) { | |
1512 return core->DomainBoundClientAuthHandler( | |
1513 cert_types, result_certificate, result_private_key); | |
1514 } | |
1515 | |
1516 // Regular client certificate requested. | |
1517 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; | |
1518 void* wincx = SSL_RevealPinArg(socket); | |
1519 | |
1520 // Second pass: a client certificate should have been selected. | |
1521 if (core->ssl_config_.send_client_cert) { | |
1522 if (core->ssl_config_.client_cert) { | |
1523 CERTCertificate* cert = CERT_DupCertificate( | |
1524 core->ssl_config_.client_cert->os_cert_handle()); | |
1525 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx); | |
1526 if (privkey) { | |
1527 // TODO(jsorianopastor): We should wait for server certificate | |
1528 // verification before sending our credentials. See | |
1529 // http://crbug.com/13934. | |
1530 *result_certificate = cert; | |
1531 *result_private_key = privkey; | |
1532 // A cert_count of -1 means the number of certificates is unknown. | |
1533 // NSS will construct the certificate chain. | |
1534 core->PostOrRunCallback( | |
1535 FROM_HERE, | |
1536 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1537 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1538 make_scoped_refptr( | |
1539 new NetLogIntegerParameter("cert_count", -1)))); | |
1540 | |
1541 return SECSuccess; | |
1542 } | |
1543 LOG(WARNING) << "Client cert found without private key"; | |
1544 } | |
1545 // Send no client certificate. | |
1546 core->PostOrRunCallback( | |
1547 FROM_HERE, | |
1548 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | |
1549 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1550 make_scoped_refptr( | |
1551 new NetLogIntegerParameter("cert_count", 0)))); | |
1552 return SECFailure; | |
1553 } | |
1554 | |
1555 core->nss_connection_state_.client_certs.clear(); | |
1556 | |
1557 // Iterate over all client certificates. | |
1558 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | |
1559 CERT_GetDefaultCertDB(), certUsageSSLClient, | |
1560 PR_FALSE, PR_FALSE, wincx); | |
1561 if (client_certs) { | |
1562 for (CERTCertListNode* node = CERT_LIST_HEAD(client_certs); | |
1563 !CERT_LIST_END(node, client_certs); | |
1564 node = CERT_LIST_NEXT(node)) { | |
1565 // Only offer unexpired certificates. | |
1566 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != | |
1567 secCertTimeValid) { | |
1568 continue; | |
1569 } | |
1570 // Filter by issuer. | |
1571 // | |
1572 // TODO(davidben): This does a binary comparison of the DER-encoded | |
1573 // issuers. We should match according to RFC 5280 sec. 7.1. We should find | |
1574 // an appropriate NSS function or add one if needbe. | |
1575 if (ca_names->nnames && | |
1576 NSS_CmpCertChainWCANames(node->cert, ca_names) != SECSuccess) { | |
1577 continue; | |
1578 } | |
1579 | |
1580 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( | |
1581 node->cert, net::X509Certificate::OSCertHandles()); | |
1582 core->nss_connection_state_.client_certs.push_back(x509_cert); | |
1583 } | |
1584 CERT_DestroyCertList(client_certs); | |
1585 } | |
1586 | |
1587 // Update the network task runner's view of the connection state now that | |
1588 // client certs have been detected. | |
1589 core->PostOrRunCallback( | |
1590 FROM_HERE, base::Bind(&Core::OnConnectionStateUpdated, core, | |
1591 core->nss_connection_state_)); | |
1592 | |
1593 // Tell NSS to suspend the client authentication. We will then abort the | |
1594 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
1595 return SECWouldBlock; | |
1596 } | |
1597 #endif // NSS_PLATFORM_CLIENT_AUTH | |
1598 | |
1599 // static | |
1600 void SSLClientSocketNSS::Core::HandshakeCallback( | |
1601 PRFileDesc* socket, | |
1602 void* arg) { | |
1603 Core* core = reinterpret_cast<Core*>(arg); | |
1604 DCHECK(core->OnNSSTaskRunner()); | |
1605 | |
1606 core->handshake_callback_called_ = true; | |
1607 | |
1608 ConnectionState* nss_state = &core->nss_connection_state_; | |
1609 | |
1610 PRBool last_handshake_resumed; | |
1611 SECStatus rv = SSL_HandshakeResumedSession(socket, &last_handshake_resumed); | |
1612 if (rv == SECSuccess && last_handshake_resumed) { | |
1613 nss_state->resumed_handshake = true; | |
1614 } else { | |
1615 nss_state->resumed_handshake = false; | |
1616 } | |
1617 | |
1618 core->RecordDomainBoundCertSupport(); | |
1619 core->UpdateServerCert(); | |
1620 core->UpdateConnectionStatus(); | |
1621 | |
1622 // We need to see if the predicted certificate chain (from | |
1623 // SetPredictedCertificates) matches the actual certificate chain. | |
1624 nss_state->predicted_cert_chain_correct = false; | |
1625 if (!core->predicted_certs_.empty()) { | |
1626 PeerCertificateChain& certs = nss_state->server_cert_chain; | |
1627 nss_state->predicted_cert_chain_correct = | |
1628 certs.size() == core->predicted_certs_.size(); | |
1629 | |
1630 if (nss_state->predicted_cert_chain_correct) { | |
1631 for (unsigned i = 0; i < certs.size(); i++) { | |
1632 if (certs[i]->derCert.len != core->predicted_certs_[i].size() || | |
1633 memcmp(certs[i]->derCert.data, core->predicted_certs_[i].data(), | |
1634 certs[i]->derCert.len) != 0) { | |
1635 nss_state->predicted_cert_chain_correct = false; | |
1636 break; | |
1637 } | |
1638 } | |
1639 } | |
1640 } | |
1641 | |
1642 // Update the network task runners view of the connection state whenever | |
1643 // a handshake has completed. | |
1644 core->PostOrRunCallback( | |
1645 FROM_HERE, base::Bind(&Core::OnConnectionStateUpdated, core, | |
1646 *nss_state)); | |
1647 } | |
1648 | |
1649 // static | |
1650 SECStatus SSLClientSocketNSS::Core::NextProtoCallback( | |
1651 void* arg, | |
1652 PRFileDesc* nss_fd, | |
1653 const unsigned char* protos, | |
1654 unsigned int protos_len, | |
1655 unsigned char* proto_out, | |
1656 unsigned int* proto_out_len, | |
1657 unsigned int proto_max_len) { | |
1658 Core* core = reinterpret_cast<Core*>(arg); | |
1659 DCHECK(core->OnNSSTaskRunner()); | |
1660 | |
1661 ConnectionState* nss_state = &core->nss_connection_state_; | |
1662 | |
1663 // For each protocol in server preference, see if we support it. | |
1664 for (unsigned int i = 0; i < protos_len; ) { | |
1665 const size_t len = protos[i]; | |
1666 for (std::vector<std::string>::const_iterator | |
1667 j = core->ssl_config_.next_protos.begin(); | |
1668 j != core->ssl_config_.next_protos.end(); j++) { | |
1669 // Having very long elements in the |next_protos| vector isn't a disaster | |
1670 // because they'll never be selected, but it does indicate an error | |
1671 // somewhere. | |
1672 DCHECK_LT(j->size(), 256u); | |
1673 | |
1674 if (j->size() == len && | |
1675 memcmp(&protos[i + 1], j->data(), len) == 0) { | |
1676 nss_state->next_proto_status = kNextProtoNegotiated; | |
1677 nss_state->next_proto = *j; | |
1678 break; | |
1679 } | |
1680 } | |
1681 | |
1682 if (nss_state->next_proto_status == kNextProtoNegotiated) | |
1683 break; | |
1684 | |
1685 // NSS ensures that the data in |protos| is well formed, so this will not | |
1686 // cause a jump past the end of the buffer. | |
1687 i += len + 1; | |
1688 } | |
1689 | |
1690 nss_state->server_protos.assign( | |
1691 reinterpret_cast<const char*>(protos), protos_len); | |
1692 | |
1693 // If we didn't find a protocol, we select the first one from our list. | |
1694 if (nss_state->next_proto_status != kNextProtoNegotiated) { | |
1695 nss_state->next_proto_status = kNextProtoNoOverlap; | |
1696 nss_state->next_proto = core->ssl_config_.next_protos[0]; | |
1697 } | |
1698 | |
1699 if (nss_state->next_proto.size() > proto_max_len) { | |
1700 PORT_SetError(SEC_ERROR_OUTPUT_LEN); | |
1701 return SECFailure; | |
1702 } | |
1703 memcpy(proto_out, nss_state->next_proto.data(), | |
1704 nss_state->next_proto.size()); | |
1705 *proto_out_len = nss_state->next_proto.size(); | |
1706 | |
1707 // Update the network task runner's view of the connection state now that | |
1708 // NPN negotiation has occurred. | |
1709 core->PostOrRunCallback( | |
1710 FROM_HERE, | |
1711 base::Bind(&Core::OnConnectionStateUpdated, core, | |
1712 core->nss_connection_state_)); | |
Ryan Sleevi
2012/05/31 06:28:26
BUG: If the handshake failed after NPN, we weren't
| |
1713 | |
1714 return SECSuccess; | |
1715 } | |
1716 | |
1717 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error, | |
1718 bool handshake_error) { | |
1719 DCHECK(OnNSSTaskRunner()); | |
1720 | |
1721 int net_error = handshake_error ? MapNSSHandshakeError(nss_error) : | |
1722 MapNSSError(nss_error); | |
1723 | |
1724 #if defined(OS_WIN) | |
1725 // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate | |
1726 // os_cert_handle() as an optimization. However, if the certificate | |
1727 // private key is stored on a smart card, and the smart card is removed, | |
1728 // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again, | |
1729 // preventing client certificate authentication. Because the | |
1730 // X509Certificate may outlive the individual SSLClientSocketNSS, due to | |
1731 // caching in X509Certificate, this failure ends up preventing client | |
1732 // certificate authentication with the same certificate for all future | |
1733 // attempts, even after the smart card has been re-inserted. By setting | |
1734 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will | |
1735 // typically be freed. This allows a new HCRYPTPROV to be obtained from | |
1736 // the certificate on the next attempt, which should succeed if the smart | |
1737 // card has been re-inserted, or will typically prompt the user to | |
1738 // re-insert the smart card if not. | |
1739 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || | |
1740 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && | |
1741 ssl_config_.send_client_cert && ssl_config_.client_cert) { | |
1742 CertSetCertificateContextProperty( | |
1743 ssl_config_.client_cert->os_cert_handle(), | |
1744 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); | |
1745 } | |
904 #endif | 1746 #endif |
905 | 1747 |
906 #ifdef SSL_ENABLE_FALSE_START | 1748 return net_error; |
907 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, | 1749 } |
908 ssl_config_.false_start_enabled); | 1750 |
909 if (rv != SECSuccess) | 1751 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) { |
910 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); | 1752 DCHECK(OnNSSTaskRunner()); |
911 #endif | 1753 |
912 | |
913 #ifdef SSL_ENABLE_RENEGOTIATION | |
914 // We allow servers to request renegotiation. Since we're a client, | |
915 // prohibiting this is rather a waste of time. Only servers are in a | |
916 // position to prevent renegotiation attacks. | |
917 // http://extendedsubset.com/?p=8 | |
918 | |
919 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | |
920 SSL_RENEGOTIATE_TRANSITIONAL); | |
921 if (rv != SECSuccess) { | |
922 LogFailedNSSFunction( | |
923 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); | |
924 } | |
925 #endif // SSL_ENABLE_RENEGOTIATION | |
926 | |
927 if (!ssl_config_.next_protos.empty()) { | |
928 rv = SSL_SetNextProtoCallback( | |
929 nss_fd_, SSLClientSocketNSS::NextProtoCallback, this); | |
930 if (rv != SECSuccess) | |
931 LogFailedNSSFunction(net_log_, "SSL_SetNextProtoCallback", ""); | |
932 } | |
933 | |
934 #ifdef SSL_CBC_RANDOM_IV | |
935 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, | |
936 ssl_config_.false_start_enabled); | |
937 if (rv != SECSuccess) | |
938 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV"); | |
939 #endif | |
940 | |
941 #ifdef SSL_ENABLE_OCSP_STAPLING | |
942 if (IsOCSPStaplingSupported()) { | |
943 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE); | |
944 if (rv != SECSuccess) { | |
945 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | |
946 "SSL_ENABLE_OCSP_STAPLING"); | |
947 } | |
948 } | |
949 #endif | |
950 | |
951 #ifdef SSL_ENABLE_CACHED_INFO | |
952 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO, | |
953 ssl_config_.cached_info_enabled); | |
954 if (rv != SECSuccess) | |
955 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO"); | |
956 #endif | |
957 | |
958 #ifdef SSL_ENABLE_OB_CERTS | |
959 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS, | |
960 ssl_config_.domain_bound_certs_enabled); | |
961 if (rv != SECSuccess) | |
962 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS"); | |
963 #endif | |
964 | |
965 #ifdef SSL_ENCRYPT_CLIENT_CERTS | |
966 // For now, enable the encrypted client certificates extension only if | |
967 // server-bound certificates are enabled. | |
968 rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS, | |
969 ssl_config_.domain_bound_certs_enabled); | |
970 if (rv != SECSuccess) | |
971 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS"); | |
972 #endif | |
973 | |
974 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
975 if (rv != SECSuccess) { | |
976 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | |
977 return ERR_UNEXPECTED; | |
978 } | |
979 | |
980 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | |
981 if (rv != SECSuccess) { | |
982 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); | |
983 return ERR_UNEXPECTED; | |
984 } | |
985 | |
986 #if defined(NSS_PLATFORM_CLIENT_AUTH) | |
987 rv = SSL_GetPlatformClientAuthDataHook(nss_fd_, PlatformClientAuthHandler, | |
988 this); | |
989 #else | |
990 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this); | |
991 #endif | |
992 if (rv != SECSuccess) { | |
993 LogFailedNSSFunction(net_log_, "SSL_GetClientAuthDataHook", ""); | |
994 return ERR_UNEXPECTED; | |
995 } | |
996 | |
997 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | |
998 if (rv != SECSuccess) { | |
999 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); | |
1000 return ERR_UNEXPECTED; | |
1001 } | |
1002 | |
1003 // Tell SSL the hostname we're trying to connect to. | |
1004 SSL_SetURL(nss_fd_, host_and_port_.host().c_str()); | |
1005 | |
1006 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | |
1007 SSL_ResetHandshake(nss_fd_, PR_FALSE); | |
1008 | |
1009 return OK; | |
1010 } | |
1011 | |
1012 int SSLClientSocketNSS::InitializeSSLPeerName() { | |
1013 // Tell NSS who we're connected to | |
1014 AddressList peer_address; | |
1015 int err = transport_->socket()->GetPeerAddress(&peer_address); | |
1016 if (err != OK) | |
1017 return err; | |
1018 | |
1019 SockaddrStorage storage; | |
1020 if (!peer_address.front().ToSockAddr(storage.addr, &storage.addr_len)) | |
1021 return ERR_UNEXPECTED; | |
1022 | |
1023 PRNetAddr peername; | |
1024 memset(&peername, 0, sizeof(peername)); | |
1025 DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername)); | |
1026 size_t len = std::min(static_cast<size_t>(storage.addr_len), | |
1027 sizeof(peername)); | |
1028 memcpy(&peername, storage.addr, len); | |
1029 | |
1030 // Adjust the address family field for BSD, whose sockaddr | |
1031 // structure has a one-byte length and one-byte address family | |
1032 // field at the beginning. PRNetAddr has a two-byte address | |
1033 // family field at the beginning. | |
1034 peername.raw.family = storage.addr->sa_family; | |
1035 | |
1036 memio_SetPeerName(nss_fd_, &peername); | |
1037 | |
1038 // Set the peer ID for session reuse. This is necessary when we create an | |
1039 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address | |
1040 // rather than the destination server's address in that case. | |
1041 std::string peer_id = host_and_port_.ToString(); | |
1042 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id. | |
1043 // This will cause session cache misses between sockets with different values | |
1044 // of ssl_session_cache_shard_ and this is used to partition the session cache | |
1045 // for incognito mode. | |
1046 if (!ssl_session_cache_shard_.empty()) { | |
1047 peer_id += "/" + ssl_session_cache_shard_; | |
1048 } | |
1049 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | |
1050 if (rv != SECSuccess) | |
1051 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); | |
1052 | |
1053 return OK; | |
1054 } | |
1055 | |
1056 | |
1057 // Sets server_cert_ and server_cert_nss_ if not yet set. | |
1058 void SSLClientSocketNSS::UpdateServerCert() { | |
1059 // We set the server_cert_ from HandshakeCallback(). | |
1060 if (server_cert_ == NULL) { | |
1061 server_cert_nss_ = SSL_PeerCertificate(nss_fd_); | |
1062 if (server_cert_nss_) { | |
1063 PeerCertificateChain certs(nss_fd_); | |
1064 // This call may fail when SSL is used inside sandbox. In that | |
1065 // case CreateFromDERCertChain() returns NULL. | |
1066 server_cert_ = X509Certificate::CreateFromDERCertChain( | |
1067 certs.AsStringPieceVector()); | |
1068 if (server_cert_) { | |
1069 net_log_.AddEvent( | |
1070 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | |
1071 make_scoped_refptr(new X509CertificateNetLogParam(server_cert_))); | |
1072 } | |
1073 } | |
1074 } | |
1075 } | |
1076 | |
1077 // Sets ssl_connection_status_. | |
1078 void SSLClientSocketNSS::UpdateConnectionStatus() { | |
1079 SSLChannelInfo channel_info; | |
1080 SECStatus ok = SSL_GetChannelInfo(nss_fd_, | |
1081 &channel_info, sizeof(channel_info)); | |
1082 if (ok == SECSuccess && | |
1083 channel_info.length == sizeof(channel_info) && | |
1084 channel_info.cipherSuite) { | |
1085 ssl_connection_status_ |= | |
1086 (static_cast<int>(channel_info.cipherSuite) & | |
1087 SSL_CONNECTION_CIPHERSUITE_MASK) << | |
1088 SSL_CONNECTION_CIPHERSUITE_SHIFT; | |
1089 | |
1090 ssl_connection_status_ |= | |
1091 (static_cast<int>(channel_info.compressionMethod) & | |
1092 SSL_CONNECTION_COMPRESSION_MASK) << | |
1093 SSL_CONNECTION_COMPRESSION_SHIFT; | |
1094 | |
1095 // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS | |
1096 // doesn't support them yet), so we use 0x0302 and 0x0303 directly. | |
1097 int version = SSL_CONNECTION_VERSION_UNKNOWN; | |
1098 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) { | |
1099 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL | |
1100 // version 2. | |
1101 version = SSL_CONNECTION_VERSION_SSL2; | |
1102 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) { | |
1103 version = SSL_CONNECTION_VERSION_SSL3; | |
1104 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) { | |
1105 version = SSL_CONNECTION_VERSION_TLS1; | |
1106 } else if (channel_info.protocolVersion == 0x0302) { | |
1107 version = SSL_CONNECTION_VERSION_TLS1_1; | |
1108 } else if (channel_info.protocolVersion == 0x0303) { | |
1109 version = SSL_CONNECTION_VERSION_TLS1_2; | |
1110 } | |
1111 ssl_connection_status_ |= | |
1112 (version & SSL_CONNECTION_VERSION_MASK) << | |
1113 SSL_CONNECTION_VERSION_SHIFT; | |
1114 } | |
1115 | |
1116 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6. | |
1117 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test | |
1118 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension. | |
1119 #if defined(SSL_MAX_EXTENSIONS) | |
1120 PRBool peer_supports_renego_ext; | |
1121 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn, | |
1122 &peer_supports_renego_ext); | |
1123 if (ok == SECSuccess) { | |
1124 if (!peer_supports_renego_ext) { | |
1125 ssl_connection_status_ |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; | |
1126 // Log an informational message if the server does not support secure | |
1127 // renegotiation (RFC 5746). | |
1128 VLOG(1) << "The server " << host_and_port_.ToString() | |
1129 << " does not support the TLS renegotiation_info extension."; | |
1130 } | |
1131 UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported", | |
1132 peer_supports_renego_ext, 2); | |
1133 } | |
1134 #endif | |
1135 | |
1136 if (ssl_config_.version_fallback) | |
1137 ssl_connection_status_ |= SSL_CONNECTION_VERSION_FALLBACK; | |
1138 } | |
1139 | |
1140 void SSLClientSocketNSS::DoReadCallback(int rv) { | |
1141 EnterFunction(rv); | |
1142 DCHECK(rv != ERR_IO_PENDING); | |
1143 DCHECK(!user_read_callback_.is_null()); | |
1144 | |
1145 // Since Run may result in Read being called, clear |user_read_callback_| | |
1146 // up front. | |
1147 CompletionCallback c = user_read_callback_; | |
1148 user_read_callback_.Reset(); | |
1149 user_read_buf_ = NULL; | |
1150 user_read_buf_len_ = 0; | |
1151 c.Run(rv); | |
1152 LeaveFunction(""); | |
1153 } | |
1154 | |
1155 void SSLClientSocketNSS::DoWriteCallback(int rv) { | |
1156 EnterFunction(rv); | |
1157 DCHECK(rv != ERR_IO_PENDING); | |
1158 DCHECK(!user_write_callback_.is_null()); | |
1159 | |
1160 // Since Run may result in Write being called, clear |user_write_callback_| | |
1161 // up front. | |
1162 CompletionCallback c = user_write_callback_; | |
1163 user_write_callback_.Reset(); | |
1164 user_write_buf_ = NULL; | |
1165 user_write_buf_len_ = 0; | |
1166 c.Run(rv); | |
1167 LeaveFunction(""); | |
1168 } | |
1169 | |
1170 // As part of Connect(), the SSLClientSocketNSS object performs an SSL | |
1171 // handshake. This requires network IO, which in turn calls | |
1172 // BufferRecvComplete() with a non-zero byte count. This byte count eventually | |
1173 // winds its way through the state machine and ends up being passed to the | |
1174 // callback. For Read() and Write(), that's what we want. But for Connect(), | |
1175 // the caller expects OK (i.e. 0) for success. | |
1176 // | |
1177 void SSLClientSocketNSS::DoConnectCallback(int rv) { | |
1178 EnterFunction(rv); | |
1179 DCHECK_NE(rv, ERR_IO_PENDING); | |
1180 DCHECK(!user_connect_callback_.is_null()); | |
1181 | |
1182 CompletionCallback c = user_connect_callback_; | |
1183 user_connect_callback_.Reset(); | |
1184 c.Run(rv > OK ? OK : rv); | |
1185 LeaveFunction(""); | |
1186 } | |
1187 | |
1188 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { | |
1189 EnterFunction(result); | |
1190 int rv = DoHandshakeLoop(result); | |
1191 if (rv != ERR_IO_PENDING) { | |
1192 net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_CONNECT, rv); | |
1193 DoConnectCallback(rv); | |
1194 } | |
1195 LeaveFunction(""); | |
1196 } | |
1197 | |
1198 void SSLClientSocketNSS::OnSendComplete(int result) { | |
1199 EnterFunction(result); | |
1200 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
1201 // In handshake phase. | |
1202 OnHandshakeIOComplete(result); | |
1203 LeaveFunction(""); | |
1204 return; | |
1205 } | |
1206 | |
1207 // OnSendComplete may need to call DoPayloadRead while the renegotiation | |
1208 // handshake is in progress. | |
1209 int rv_read = ERR_IO_PENDING; | |
1210 int rv_write = ERR_IO_PENDING; | |
1211 bool network_moved; | |
1212 do { | |
1213 if (user_read_buf_) | |
1214 rv_read = DoPayloadRead(); | |
1215 if (user_write_buf_) | |
1216 rv_write = DoPayloadWrite(); | |
1217 network_moved = DoTransportIO(); | |
1218 } while (rv_read == ERR_IO_PENDING && | |
1219 rv_write == ERR_IO_PENDING && | |
1220 (user_read_buf_ || user_write_buf_) && | |
1221 network_moved); | |
1222 | |
1223 if (user_read_buf_ && rv_read != ERR_IO_PENDING) | |
1224 DoReadCallback(rv_read); | |
1225 if (user_write_buf_ && rv_write != ERR_IO_PENDING) | |
1226 DoWriteCallback(rv_write); | |
1227 | |
1228 LeaveFunction(""); | |
1229 } | |
1230 | |
1231 void SSLClientSocketNSS::OnRecvComplete(int result) { | |
1232 EnterFunction(result); | |
1233 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
1234 // In handshake phase. | |
1235 OnHandshakeIOComplete(result); | |
1236 LeaveFunction(""); | |
1237 return; | |
1238 } | |
1239 | |
1240 // Network layer received some data, check if client requested to read | |
1241 // decrypted data. | |
1242 if (!user_read_buf_) { | |
1243 LeaveFunction(""); | |
1244 return; | |
1245 } | |
1246 | |
1247 int rv = DoReadLoop(result); | |
1248 if (rv != ERR_IO_PENDING) | |
1249 DoReadCallback(rv); | |
1250 LeaveFunction(""); | |
1251 } | |
1252 | |
1253 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { | |
1254 EnterFunction(last_io_result); | |
1255 int rv = last_io_result; | 1754 int rv = last_io_result; |
1256 do { | 1755 do { |
1257 // Default to STATE_NONE for next state. | 1756 // Default to STATE_NONE for next state. |
1258 // (This is a quirk carried over from the windows | |
1259 // implementation. It makes reading the logs a bit harder.) | |
1260 // State handlers can and often do call GotoState just | |
1261 // to stay in the current state. | |
1262 State state = next_handshake_state_; | 1757 State state = next_handshake_state_; |
1263 GotoState(STATE_NONE); | 1758 GotoState(STATE_NONE); |
1759 | |
1264 switch (state) { | 1760 switch (state) { |
1265 case STATE_LOAD_SSL_HOST_INFO: | |
1266 DCHECK(rv == OK || rv == ERR_IO_PENDING); | |
1267 rv = DoLoadSSLHostInfo(); | |
1268 break; | |
1269 case STATE_HANDSHAKE: | 1761 case STATE_HANDSHAKE: |
1270 rv = DoHandshake(); | 1762 rv = DoHandshake(); |
1271 break; | 1763 break; |
1272 case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE: | 1764 case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE: |
1273 rv = DoGetDBCertComplete(rv); | 1765 rv = DoGetDBCertComplete(rv); |
1274 break; | 1766 break; |
1275 case STATE_VERIFY_DNSSEC: | |
1276 rv = DoVerifyDNSSEC(rv); | |
1277 break; | |
1278 case STATE_VERIFY_CERT: | |
1279 DCHECK(rv == OK); | |
1280 rv = DoVerifyCert(rv); | |
1281 break; | |
1282 case STATE_VERIFY_CERT_COMPLETE: | |
1283 rv = DoVerifyCertComplete(rv); | |
1284 break; | |
1285 case STATE_NONE: | 1767 case STATE_NONE: |
1286 default: | 1768 default: |
1287 rv = ERR_UNEXPECTED; | 1769 rv = ERR_UNEXPECTED; |
1288 LOG(DFATAL) << "unexpected state " << state; | 1770 LOG(DFATAL) << "unexpected state " << state; |
1289 break; | 1771 break; |
1290 } | 1772 } |
1291 | 1773 |
1292 // Do the actual network I/O | 1774 // Do the actual network I/O |
1293 bool network_moved = DoTransportIO(); | 1775 bool network_moved = DoTransportIO(); |
1294 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { | 1776 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { |
1295 // In general we exit the loop if rv is ERR_IO_PENDING. In this | 1777 // In general we exit the loop if rv is ERR_IO_PENDING. In this |
1296 // special case we keep looping even if rv is ERR_IO_PENDING because | 1778 // special case we keep looping even if rv is ERR_IO_PENDING because |
1297 // the transport IO may allow DoHandshake to make progress. | 1779 // the transport IO may allow DoHandshake to make progress. |
1298 DCHECK(rv == OK || rv == ERR_IO_PENDING); | 1780 DCHECK(rv == OK || rv == ERR_IO_PENDING); |
1299 rv = OK; // This causes us to stay in the loop. | 1781 rv = OK; // This causes us to stay in the loop. |
1300 } | 1782 } |
1301 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); | 1783 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); |
1302 LeaveFunction(""); | |
1303 return rv; | 1784 return rv; |
1304 } | 1785 } |
1305 | 1786 |
1306 int SSLClientSocketNSS::DoReadLoop(int result) { | 1787 int SSLClientSocketNSS::Core::DoReadLoop(int result) { |
1307 EnterFunction(""); | 1788 DCHECK(OnNSSTaskRunner()); |
1308 DCHECK(completed_handshake_); | 1789 DCHECK(handshake_callback_called_); |
1309 DCHECK(next_handshake_state_ == STATE_NONE); | 1790 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1310 | 1791 |
1311 if (result < 0) | 1792 if (result < 0) |
1312 return result; | 1793 return result; |
1313 | 1794 |
1314 if (!nss_bufs_) { | 1795 if (!nss_bufs_) { |
1315 LOG(DFATAL) << "!nss_bufs_"; | 1796 LOG(DFATAL) << "!nss_bufs_"; |
1316 int rv = ERR_UNEXPECTED; | 1797 int rv = ERR_UNEXPECTED; |
1317 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 1798 PostOrRunCallback( |
1318 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 1799 FROM_HERE, |
1800 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
1801 NetLog::TYPE_SSL_READ_ERROR, | |
1802 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | |
1319 return rv; | 1803 return rv; |
1320 } | 1804 } |
1321 | 1805 |
1322 bool network_moved; | 1806 bool network_moved; |
1323 int rv; | 1807 int rv; |
1324 do { | 1808 do { |
1325 rv = DoPayloadRead(); | 1809 rv = DoPayloadRead(); |
1326 network_moved = DoTransportIO(); | 1810 network_moved = DoTransportIO(); |
1327 } while (rv == ERR_IO_PENDING && network_moved); | 1811 } while (rv == ERR_IO_PENDING && network_moved); |
1328 | 1812 |
1329 LeaveFunction(""); | |
1330 return rv; | 1813 return rv; |
1331 } | 1814 } |
1332 | 1815 |
1333 int SSLClientSocketNSS::DoWriteLoop(int result) { | 1816 int SSLClientSocketNSS::Core::DoWriteLoop(int result) { |
1334 EnterFunction(""); | 1817 DCHECK(OnNSSTaskRunner()); |
1335 DCHECK(completed_handshake_); | 1818 DCHECK(handshake_callback_called_); |
1336 DCHECK(next_handshake_state_ == STATE_NONE); | 1819 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1337 | 1820 |
1338 if (result < 0) | 1821 if (result < 0) |
1339 return result; | 1822 return result; |
1340 | 1823 |
1341 if (!nss_bufs_) { | 1824 if (!nss_bufs_) { |
1342 LOG(DFATAL) << "!nss_bufs_"; | 1825 LOG(DFATAL) << "!nss_bufs_"; |
1343 int rv = ERR_UNEXPECTED; | 1826 int rv = ERR_UNEXPECTED; |
1344 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | 1827 PostOrRunCallback( |
1345 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 1828 FROM_HERE, |
1829 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
1830 NetLog::TYPE_SSL_READ_ERROR, | |
1831 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | |
1346 return rv; | 1832 return rv; |
1347 } | 1833 } |
1348 | 1834 |
1349 bool network_moved; | 1835 bool network_moved; |
1350 int rv; | 1836 int rv; |
1351 do { | 1837 do { |
1352 rv = DoPayloadWrite(); | 1838 rv = DoPayloadWrite(); |
1353 network_moved = DoTransportIO(); | 1839 network_moved = DoTransportIO(); |
1354 } while (rv == ERR_IO_PENDING && network_moved); | 1840 } while (rv == ERR_IO_PENDING && network_moved); |
1355 | 1841 |
1356 LeaveFunction(""); | 1842 LeaveFunction(rv); |
1357 return rv; | 1843 return rv; |
1358 } | 1844 } |
1359 | 1845 |
1360 bool SSLClientSocketNSS::LoadSSLHostInfo() { | 1846 int SSLClientSocketNSS::Core::DoHandshake() { |
1361 const SSLHostInfo::State& state(ssl_host_info_->state()); | 1847 DCHECK(OnNSSTaskRunner()); |
1362 | 1848 |
1363 if (state.certs.empty()) | |
1364 return true; | |
1365 | |
1366 const std::vector<std::string>& certs_in = state.certs; | |
1367 scoped_array<CERTCertificate*> certs(new CERTCertificate*[certs_in.size()]); | |
1368 | |
1369 for (size_t i = 0; i < certs_in.size(); i++) { | |
1370 SECItem derCert; | |
1371 derCert.data = | |
1372 const_cast<uint8*>(reinterpret_cast<const uint8*>(certs_in[i].data())); | |
1373 derCert.len = certs_in[i].size(); | |
1374 certs[i] = CERT_NewTempCertificate( | |
1375 CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */, | |
1376 PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */); | |
1377 if (!certs[i]) { | |
1378 DestroyCertificates(&certs[0], i); | |
1379 NOTREACHED(); | |
1380 return false; | |
1381 } | |
1382 } | |
1383 | |
1384 SECStatus rv; | |
1385 #ifdef SSL_ENABLE_CACHED_INFO | |
1386 rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), certs_in.size()); | |
1387 DCHECK_EQ(SECSuccess, rv); | |
1388 #else | |
1389 rv = SECFailure; // Not implemented. | |
1390 #endif | |
1391 DestroyCertificates(&certs[0], certs_in.size()); | |
1392 | |
1393 return rv == SECSuccess; | |
1394 } | |
1395 | |
1396 int SSLClientSocketNSS::DoLoadSSLHostInfo() { | |
1397 EnterFunction(""); | |
1398 int rv = ssl_host_info_->WaitForDataReady( | |
1399 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
1400 base::Unretained(this))); | |
1401 GotoState(STATE_HANDSHAKE); | |
1402 | |
1403 if (rv == OK) { | |
1404 if (!LoadSSLHostInfo()) | |
1405 LOG(WARNING) << "LoadSSLHostInfo failed: " << host_and_port_.ToString(); | |
1406 } else { | |
1407 DCHECK_EQ(ERR_IO_PENDING, rv); | |
1408 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
1409 } | |
1410 | |
1411 LeaveFunction(""); | |
1412 return rv; | |
1413 } | |
1414 | |
1415 int SSLClientSocketNSS::DoHandshake() { | |
1416 EnterFunction(""); | |
1417 int net_error = net::OK; | 1849 int net_error = net::OK; |
1418 SECStatus rv = SSL_ForceHandshake(nss_fd_); | 1850 SECStatus rv = SSL_ForceHandshake(nss_fd_); |
1419 | 1851 |
1420 // TODO(rkn): Handle the case in which server-bound cert generation takes | 1852 // TODO(rkn): Handle the case in which server-bound cert generation takes |
1421 // too long and the server has closed the connection. Report some new error | 1853 // too long and the server has closed the connection. Report some new error |
1422 // code so that the higher level code will attempt to delete the socket and | 1854 // code so that the higher level code will attempt to delete the socket and |
1423 // redo the handshake. | 1855 // redo the handshake. |
1424 | |
1425 if (client_auth_cert_needed_) { | 1856 if (client_auth_cert_needed_) { |
1426 if (domain_bound_cert_xtn_negotiated_) { | 1857 if (domain_bound_cert_xtn_negotiated_) { |
1427 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE); | 1858 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE); |
1428 net_error = ERR_IO_PENDING; | 1859 net_error = ERR_IO_PENDING; |
1429 } else { | 1860 } else { |
1430 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1861 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
1431 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1862 PostOrRunCallback( |
1432 make_scoped_refptr(new SSLErrorParams(net_error, 0))); | 1863 FROM_HERE, |
1864 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
1865 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
1866 make_scoped_refptr(new SSLErrorParams(net_error, 0)))); | |
1867 | |
1433 // If the handshake already succeeded (because the server requests but | 1868 // If the handshake already succeeded (because the server requests but |
1434 // doesn't require a client cert), we need to invalidate the SSL session | 1869 // doesn't require a client cert), we need to invalidate the SSL session |
1435 // so that we won't try to resume the non-client-authenticated session in | 1870 // so that we won't try to resume the non-client-authenticated session in |
1436 // the next handshake. This will cause the server to ask for a client | 1871 // the next handshake. This will cause the server to ask for a client |
1437 // cert again. | 1872 // cert again. |
1438 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) { | 1873 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) |
1439 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); | 1874 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); |
1440 } | |
1441 } | 1875 } |
1442 } else if (rv == SECSuccess) { | 1876 } else if (rv == SECSuccess) { |
1443 if (handshake_callback_called_) { | 1877 if (!handshake_callback_called_) { |
1444 // We need to see if the predicted certificate chain (in | 1878 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - |
1445 // |ssl_host_info_->state().certs) matches the actual certificate chain | 1879 // SSL_ForceHandshake returned SECSuccess prematurely. |
1446 // before we call SaveSSLHostInfo, as that will update | 1880 rv = SECFailure; |
1447 // |ssl_host_info_|. | 1881 net_error = ERR_SSL_PROTOCOL_ERROR; |
1448 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty()) { | 1882 PostOrRunCallback( |
1449 PeerCertificateChain certs(nss_fd_); | 1883 FROM_HERE, |
1450 const SSLHostInfo::State& state = ssl_host_info_->state(); | 1884 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
1451 predicted_cert_chain_correct_ = certs.size() == state.certs.size(); | 1885 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
1452 if (predicted_cert_chain_correct_) { | 1886 make_scoped_refptr( |
1453 for (unsigned i = 0; i < certs.size(); i++) { | 1887 new SSLErrorParams(net_error, 0)))); |
1454 if (certs[i]->derCert.len != state.certs[i].size() || | 1888 } else { |
1455 memcmp(certs[i]->derCert.data, state.certs[i].data(), | 1889 #if defined(SSL_ENABLE_OCSP_STAPLING) |
1456 certs[i]->derCert.len) != 0) { | |
1457 predicted_cert_chain_correct_ = false; | |
1458 break; | |
1459 } | |
1460 } | |
1461 } | |
1462 } | |
1463 | |
1464 #if defined(SSL_ENABLE_OCSP_STAPLING) | |
1465 // TODO(agl): figure out how to plumb an OCSP response into the Mac | 1890 // TODO(agl): figure out how to plumb an OCSP response into the Mac |
1466 // system library and update IsOCSPStaplingSupported for Mac. | 1891 // system library and update IsOCSPStaplingSupported for Mac. |
1467 if (!predicted_cert_chain_correct_ && IsOCSPStaplingSupported()) { | 1892 if (!nss_connection_state_.predicted_cert_chain_correct && |
1893 IsOCSPStaplingSupported()) { | |
1468 unsigned int len = 0; | 1894 unsigned int len = 0; |
1469 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len); | 1895 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len); |
1470 if (len) { | 1896 if (len) { |
1471 const unsigned int orig_len = len; | 1897 const unsigned int orig_len = len; |
1472 scoped_array<uint8> ocsp_response(new uint8[orig_len]); | 1898 scoped_array<uint8> ocsp_response(new uint8[orig_len]); |
1473 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len); | 1899 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len); |
1474 DCHECK_EQ(orig_len, len); | 1900 DCHECK_EQ(orig_len, len); |
1475 | 1901 |
1476 #if defined(OS_WIN) | 1902 #if defined(OS_WIN) |
1477 CRYPT_DATA_BLOB ocsp_response_blob; | 1903 if (nss_connection_state_.server_cert) { |
1478 ocsp_response_blob.cbData = len; | 1904 CRYPT_DATA_BLOB ocsp_response_blob; |
1479 ocsp_response_blob.pbData = ocsp_response.get(); | 1905 ocsp_response_blob.cbData = len; |
1480 BOOL ok = CertSetCertificateContextProperty( | 1906 ocsp_response_blob.pbData = ocsp_response.get(); |
1481 server_cert_->os_cert_handle(), | 1907 BOOL ok = CertSetCertificateContextProperty( |
1482 CERT_OCSP_RESPONSE_PROP_ID, | 1908 nss_connection_state_.server_cert->os_cert_handle(), |
1483 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, | 1909 CERT_OCSP_RESPONSE_PROP_ID, |
1484 &ocsp_response_blob); | 1910 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, |
1485 if (!ok) { | 1911 &ocsp_response_blob); |
1486 VLOG(1) << "Failed to set OCSP response property: " | 1912 if (!ok) { |
1487 << GetLastError(); | 1913 VLOG(1) << "Failed to set OCSP response property: " |
1914 << GetLastError(); | |
1915 } | |
1488 } | 1916 } |
1489 #elif defined(USE_NSS) | 1917 #elif defined(USE_NSS) |
1490 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = | 1918 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = |
1491 GetCacheOCSPResponseFromSideChannelFunction(); | 1919 GetCacheOCSPResponseFromSideChannelFunction(); |
1492 SECItem ocsp_response_item; | 1920 SECItem ocsp_response_item; |
1493 ocsp_response_item.type = siBuffer; | 1921 ocsp_response_item.type = siBuffer; |
1494 ocsp_response_item.data = ocsp_response.get(); | 1922 ocsp_response_item.data = ocsp_response.get(); |
1495 ocsp_response_item.len = len; | 1923 ocsp_response_item.len = len; |
1496 | 1924 |
1497 cache_ocsp_response( | 1925 cache_ocsp_response( |
1498 CERT_GetDefaultCertDB(), server_cert_nss_, PR_Now(), | 1926 CERT_GetDefaultCertDB(), |
1927 nss_connection_state_.server_cert_chain[0], PR_Now(), | |
1499 &ocsp_response_item, NULL); | 1928 &ocsp_response_item, NULL); |
1500 #endif | 1929 #endif |
1501 } | 1930 } |
1502 } | 1931 } |
1503 #endif | 1932 #endif |
1504 | |
1505 SaveSSLHostInfo(); | |
1506 // SSL handshake is completed. Let's verify the certificate. | |
1507 GotoState(STATE_VERIFY_DNSSEC); | |
1508 // Done! | |
1509 } else { | |
1510 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - | |
1511 // SSL_ForceHandshake returned SECSuccess prematurely. | |
1512 rv = SECFailure; | |
1513 net_error = ERR_SSL_PROTOCOL_ERROR; | |
1514 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
1515 make_scoped_refptr(new SSLErrorParams(net_error, 0))); | |
1516 } | 1933 } |
1934 // Done! | |
1517 } else { | 1935 } else { |
1518 PRErrorCode prerr = PR_GetError(); | 1936 PRErrorCode prerr = PR_GetError(); |
1519 net_error = HandleNSSError(prerr, true); | 1937 net_error = HandleNSSError(prerr, true); |
1520 | 1938 |
1521 // If not done, stay in this state | 1939 // If not done, stay in this state |
1522 if (net_error == ERR_IO_PENDING) { | 1940 if (net_error == ERR_IO_PENDING) { |
1523 GotoState(STATE_HANDSHAKE); | 1941 GotoState(STATE_HANDSHAKE); |
1524 } else { | 1942 } else { |
1525 net_log_.AddEvent( | 1943 PostOrRunCallback( |
1526 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1944 FROM_HERE, |
1527 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); | 1945 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
1946 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
1947 make_scoped_refptr( | |
1948 new SSLErrorParams(net_error, prerr)))); | |
1528 } | 1949 } |
1529 } | 1950 } |
1530 | 1951 |
1531 LeaveFunction(""); | |
1532 return net_error; | 1952 return net_error; |
1533 } | 1953 } |
1534 | 1954 |
1535 int SSLClientSocketNSS::ImportDBCertAndKey(CERTCertificate** cert, | 1955 int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) { |
1536 SECKEYPrivateKey** key) { | 1956 SECStatus rv; |
1537 // Set the certificate. | 1957 PostOrRunCallback( |
1538 SECItem cert_item; | 1958 FROM_HERE, |
1539 cert_item.data = (unsigned char*) domain_bound_cert_.data(); | 1959 base::Bind(&BoundNetLog::EndEventWithNetErrorCode, weak_net_log_, |
1540 cert_item.len = domain_bound_cert_.size(); | 1960 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, result)); |
1541 *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), | |
1542 &cert_item, | |
1543 NULL, | |
1544 PR_FALSE, | |
1545 PR_TRUE); | |
1546 if (*cert == NULL) | |
1547 return MapNSSError(PORT_GetError()); | |
1548 | 1961 |
1549 // Set the private key. | |
1550 switch (domain_bound_cert_type_) { | |
1551 case CLIENT_CERT_ECDSA_SIGN: { | |
1552 SECKEYPublicKey* public_key = NULL; | |
1553 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | |
1554 ServerBoundCertService::kEPKIPassword, | |
1555 reinterpret_cast<const unsigned char*>( | |
1556 domain_bound_private_key_.data()), | |
1557 domain_bound_private_key_.size(), | |
1558 &(*cert)->subjectPublicKeyInfo, | |
1559 false, | |
1560 false, | |
1561 key, | |
1562 &public_key)) { | |
1563 CERT_DestroyCertificate(*cert); | |
1564 *cert = NULL; | |
1565 return MapNSSError(PORT_GetError()); | |
1566 } | |
1567 SECKEY_DestroyPublicKey(public_key); | |
1568 break; | |
1569 } | |
1570 | |
1571 default: | |
1572 NOTREACHED(); | |
1573 return ERR_INVALID_ARGUMENT; | |
1574 } | |
1575 | |
1576 return OK; | |
1577 } | |
1578 | |
1579 int SSLClientSocketNSS::DoGetDBCertComplete(int result) { | |
1580 SECStatus rv; | |
1581 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, | |
1582 result); | |
1583 client_auth_cert_needed_ = false; | 1962 client_auth_cert_needed_ = false; |
1584 domain_bound_cert_request_handle_ = NULL; | 1963 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE; |
1585 | 1964 |
1586 if (result != OK) { | 1965 if (result != OK) { |
1587 // Failed to get a DBC. Proceed without. | 1966 // Failed to get a DBC. Proceed without. |
1588 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, NULL, NULL, NULL); | 1967 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, NULL, NULL, NULL); |
1589 if (rv != SECSuccess) | 1968 if (rv != SECSuccess) |
1590 return MapNSSError(PORT_GetError()); | 1969 return MapNSSError(PORT_GetError()); |
1970 | |
1591 GotoState(STATE_HANDSHAKE); | 1971 GotoState(STATE_HANDSHAKE); |
1592 return OK; | 1972 return OK; |
1593 } | 1973 } |
1594 | 1974 |
1595 CERTCertificate* cert; | 1975 CERTCertificate* cert; |
1596 SECKEYPrivateKey* key; | 1976 SECKEYPrivateKey* key; |
1597 int error = ImportDBCertAndKey(&cert, &key); | 1977 int error = ImportDBCertAndKey(&cert, &key); |
1598 if (error != OK) | 1978 if (error != OK) |
1599 return error; | 1979 return error; |
1600 | 1980 |
1601 CERTCertificateList* cert_chain = CERT_CertChainFromCert(cert, | 1981 CERTCertificateList* cert_chain = |
1602 certUsageSSLClient, | 1982 CERT_CertChainFromCert(cert, certUsageSSLClient, PR_FALSE); |
1603 PR_FALSE); | 1983 |
1604 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1984 PostOrRunCallback( |
1605 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | 1985 FROM_HERE, |
1606 cert_chain->len))); | 1986 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
1987 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1988 make_scoped_refptr( | |
1989 new NetLogIntegerParameter("cert_count", | |
1990 cert_chain->len)))); | |
1991 | |
1607 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); | 1992 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); |
1608 if (rv != SECSuccess) | 1993 if (rv != SECSuccess) |
1609 return MapNSSError(PORT_GetError()); | 1994 return MapNSSError(PORT_GetError()); |
1610 | 1995 |
1611 GotoState(STATE_HANDSHAKE); | 1996 GotoState(STATE_HANDSHAKE); |
1612 set_domain_bound_cert_type(domain_bound_cert_type_); | |
1613 return OK; | 1997 return OK; |
1614 } | 1998 } |
1615 | 1999 |
1616 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) { | 2000 int SSLClientSocketNSS::Core::DoPayloadRead() { |
1617 DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(), | 2001 DCHECK(OnNSSTaskRunner()); |
1618 server_cert_nss_, | |
1619 host_and_port_.port()); | |
1620 if (r == DNSVR_SUCCESS) { | |
1621 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; | |
1622 local_server_cert_verify_result_.verified_cert = server_cert_; | |
1623 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1624 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
1625 return OK; | |
1626 } | |
1627 | |
1628 GotoState(STATE_VERIFY_CERT); | |
1629 | |
1630 return OK; | |
1631 } | |
1632 | |
1633 int SSLClientSocketNSS::DoVerifyCert(int result) { | |
1634 DCHECK(server_cert_nss_); | |
1635 | |
1636 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
1637 | |
1638 // If the certificate is expected to be bad we can use the | |
1639 // expectation as the cert status. Don't use |server_cert_| here | |
1640 // because it can be set to NULL in case we failed to create | |
1641 // X509Certificate in UpdateServerCert(). This may happen when this | |
1642 // code is used inside sandbox. | |
1643 base::StringPiece der_cert( | |
1644 reinterpret_cast<char*>(server_cert_nss_->derCert.data), | |
1645 server_cert_nss_->derCert.len); | |
1646 CertStatus cert_status; | |
1647 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | |
1648 DCHECK(start_cert_verification_time_.is_null()); | |
1649 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | |
1650 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1651 local_server_cert_verify_result_.Reset(); | |
1652 local_server_cert_verify_result_.cert_status = cert_status; | |
1653 local_server_cert_verify_result_.verified_cert = server_cert_; | |
1654 return OK; | |
1655 } | |
1656 | |
1657 // We may have failed to create X509Certificate object if we are | |
1658 // running inside sandbox. | |
1659 if (!server_cert_) { | |
1660 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1661 local_server_cert_verify_result_.Reset(); | |
1662 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | |
1663 return ERR_CERT_INVALID; | |
1664 } | |
1665 | |
1666 start_cert_verification_time_ = base::TimeTicks::Now(); | |
1667 | |
1668 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() && | |
1669 predicted_cert_chain_correct_) { | |
1670 // If the SSLHostInfo had a prediction for the certificate chain of this | |
1671 // server then it will have optimistically started a verification of that | |
1672 // chain. So, if the prediction was correct, we should wait for that | |
1673 // verification to finish rather than start our own. | |
1674 net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL); | |
1675 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2); | |
1676 base::TimeTicks end_time = ssl_host_info_->verification_end_time(); | |
1677 if (end_time.is_null()) | |
1678 end_time = base::TimeTicks::Now(); | |
1679 UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved", | |
1680 end_time - ssl_host_info_->verification_start_time()); | |
1681 server_cert_verify_result_ = &ssl_host_info_->cert_verify_result(); | |
1682 return ssl_host_info_->WaitForCertVerification( | |
1683 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
1684 base::Unretained(this))); | |
1685 } else { | |
1686 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | |
1687 } | |
1688 | |
1689 int flags = 0; | |
1690 if (ssl_config_.rev_checking_enabled) | |
1691 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | |
1692 if (ssl_config_.verify_ev_cert) | |
1693 flags |= X509Certificate::VERIFY_EV_CERT; | |
1694 if (ssl_config_.cert_io_enabled) | |
1695 flags |= X509Certificate::VERIFY_CERT_IO_ENABLED; | |
1696 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | |
1697 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
1698 return verifier_->Verify( | |
1699 server_cert_, host_and_port_.host(), flags, | |
1700 SSLConfigService::GetCRLSet(), | |
1701 &local_server_cert_verify_result_, | |
1702 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
1703 base::Unretained(this)), | |
1704 net_log_); | |
1705 } | |
1706 | |
1707 // Derived from AuthCertificateCallback() in | |
1708 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | |
1709 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | |
1710 verifier_.reset(); | |
1711 | |
1712 if (!start_cert_verification_time_.is_null()) { | |
1713 base::TimeDelta verify_time = | |
1714 base::TimeTicks::Now() - start_cert_verification_time_; | |
1715 if (result == OK) | |
1716 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | |
1717 else | |
1718 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | |
1719 } | |
1720 | |
1721 // We used to remember the intermediate CA certs in the NSS database | |
1722 // persistently. However, NSS opens a connection to the SQLite database | |
1723 // during NSS initialization and doesn't close the connection until NSS | |
1724 // shuts down. If the file system where the database resides is gone, | |
1725 // the database connection goes bad. What's worse, the connection won't | |
1726 // recover when the file system comes back. Until this NSS or SQLite bug | |
1727 // is fixed, we need to avoid using the NSS database for non-essential | |
1728 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and | |
1729 // http://crbug.com/15630 for more info. | |
1730 | |
1731 // TODO(hclam): Skip logging if server cert was expected to be bad because | |
1732 // |server_cert_verify_result_| doesn't contain all the information about | |
1733 // the cert. | |
1734 if (result == OK) | |
1735 LogConnectionTypeMetrics(); | |
1736 | |
1737 completed_handshake_ = true; | |
1738 | |
1739 if (!user_read_callback_.is_null()) { | |
1740 int rv = DoReadLoop(OK); | |
1741 if (rv != ERR_IO_PENDING) | |
1742 DoReadCallback(rv); | |
1743 } | |
1744 | |
1745 #if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID) | |
1746 // Take care of any mandates for public key pinning. | |
1747 // | |
1748 // Pinning is only enabled for official builds to make sure that others don't | |
1749 // end up with pins that cannot be easily updated. | |
1750 // | |
1751 // TODO(agl): we might have an issue here where a request for foo.example.com | |
1752 // merges into a SPDY connection to www.example.com, and gets a different | |
1753 // certificate. | |
1754 | |
1755 const CertStatus cert_status = server_cert_verify_result_->cert_status; | |
1756 if ((result == OK || (IsCertificateError(result) && | |
1757 IsCertStatusMinorError(cert_status))) && | |
1758 server_cert_verify_result_->is_issued_by_known_root && | |
1759 transport_security_state_) { | |
1760 bool sni_available = | |
1761 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | |
1762 ssl_config_.version_fallback; | |
1763 const std::string& host = host_and_port_.host(); | |
1764 | |
1765 TransportSecurityState::DomainState domain_state; | |
1766 if (transport_security_state_->GetDomainState(host, sni_available, | |
1767 &domain_state) && | |
1768 domain_state.HasPins()) { | |
1769 if (!domain_state.IsChainOfPublicKeysPermitted( | |
1770 server_cert_verify_result_->public_key_hashes)) { | |
1771 const base::Time build_time = base::GetBuildTime(); | |
1772 // Pins are not enforced if the build is sufficiently old. Chrome | |
1773 // users should get updates every six weeks or so, but it's possible | |
1774 // that some users will stop getting updates for some reason. We | |
1775 // don't want those users building up as a pool of people with bad | |
1776 // pins. | |
1777 if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) { | |
1778 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | |
1779 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | |
1780 TransportSecurityState::ReportUMAOnPinFailure(host); | |
1781 } | |
1782 } else { | |
1783 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | |
1784 } | |
1785 } | |
1786 } | |
1787 #endif | |
1788 | |
1789 // Exit DoHandshakeLoop and return the result to the caller to Connect. | |
1790 DCHECK(next_handshake_state_ == STATE_NONE); | |
1791 return result; | |
1792 } | |
1793 | |
1794 int SSLClientSocketNSS::DoPayloadRead() { | |
1795 EnterFunction(user_read_buf_len_); | |
1796 DCHECK(user_read_buf_); | 2002 DCHECK(user_read_buf_); |
1797 DCHECK_GT(user_read_buf_len_, 0); | 2003 DCHECK_GT(user_read_buf_len_, 0); |
2004 | |
1798 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); | 2005 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); |
1799 if (client_auth_cert_needed_) { | 2006 if (client_auth_cert_needed_) { |
1800 // We don't need to invalidate the non-client-authenticated SSL session | 2007 // We don't need to invalidate the non-client-authenticated SSL session |
1801 // because the server will renegotiate anyway. | 2008 // because the server will renegotiate anyway. |
1802 LeaveFunction(""); | |
1803 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 2009 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
1804 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 2010 PostOrRunCallback( |
1805 make_scoped_refptr(new SSLErrorParams(rv, 0))); | 2011 FROM_HERE, |
2012 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
2013 NetLog::TYPE_SSL_READ_ERROR, | |
2014 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | |
1806 return rv; | 2015 return rv; |
1807 } | 2016 } |
1808 if (rv >= 0) { | 2017 if (rv >= 0) { |
1809 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | 2018 PostOrRunCallback( |
1810 user_read_buf_->data()); | 2019 FROM_HERE, |
1811 LeaveFunction(""); | 2020 base::Bind(&LogByteTransferEvent, weak_net_log_, |
2021 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | |
2022 scoped_refptr<IOBuffer>(user_read_buf_))); | |
1812 return rv; | 2023 return rv; |
1813 } | 2024 } |
1814 PRErrorCode prerr = PR_GetError(); | 2025 PRErrorCode prerr = PR_GetError(); |
1815 if (prerr == PR_WOULD_BLOCK_ERROR) { | 2026 if (prerr == PR_WOULD_BLOCK_ERROR) |
1816 LeaveFunction(""); | |
1817 return ERR_IO_PENDING; | 2027 return ERR_IO_PENDING; |
1818 } | 2028 |
1819 LeaveFunction(""); | |
1820 rv = HandleNSSError(prerr, false); | 2029 rv = HandleNSSError(prerr, false); |
1821 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 2030 PostOrRunCallback( |
1822 make_scoped_refptr(new SSLErrorParams(rv, prerr))); | 2031 FROM_HERE, |
2032 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
2033 NetLog::TYPE_SSL_READ_ERROR, | |
2034 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); | |
1823 return rv; | 2035 return rv; |
1824 } | 2036 } |
1825 | 2037 |
1826 int SSLClientSocketNSS::DoPayloadWrite() { | 2038 int SSLClientSocketNSS::Core::DoPayloadWrite() { |
1827 EnterFunction(user_write_buf_len_); | 2039 DCHECK(OnNSSTaskRunner()); |
2040 | |
1828 DCHECK(user_write_buf_); | 2041 DCHECK(user_write_buf_); |
2042 | |
1829 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | 2043 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); |
1830 if (rv >= 0) { | 2044 if (rv >= 0) { |
1831 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 2045 PostOrRunCallback( |
1832 user_write_buf_->data()); | 2046 FROM_HERE, |
1833 LeaveFunction(""); | 2047 base::Bind(&LogByteTransferEvent, weak_net_log_, |
2048 NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | |
2049 scoped_refptr<IOBuffer>(user_write_buf_))); | |
1834 return rv; | 2050 return rv; |
1835 } | 2051 } |
1836 PRErrorCode prerr = PR_GetError(); | 2052 PRErrorCode prerr = PR_GetError(); |
1837 if (prerr == PR_WOULD_BLOCK_ERROR) { | 2053 if (prerr == PR_WOULD_BLOCK_ERROR) |
1838 LeaveFunction(""); | |
1839 return ERR_IO_PENDING; | 2054 return ERR_IO_PENDING; |
1840 } | 2055 |
1841 LeaveFunction(""); | |
1842 rv = HandleNSSError(prerr, false); | 2056 rv = HandleNSSError(prerr, false); |
1843 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | 2057 PostOrRunCallback( |
1844 make_scoped_refptr(new SSLErrorParams(rv, prerr))); | 2058 FROM_HERE, |
2059 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
2060 NetLog::TYPE_SSL_WRITE_ERROR, | |
2061 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); | |
1845 return rv; | 2062 return rv; |
1846 } | 2063 } |
1847 | 2064 |
1848 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { | |
1849 UpdateConnectionTypeHistograms(CONNECTION_SSL); | |
1850 if (server_cert_verify_result_->has_md5) | |
1851 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); | |
1852 if (server_cert_verify_result_->has_md2) | |
1853 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); | |
1854 if (server_cert_verify_result_->has_md4) | |
1855 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); | |
1856 if (server_cert_verify_result_->has_md5_ca) | |
1857 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); | |
1858 if (server_cert_verify_result_->has_md2_ca) | |
1859 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | |
1860 int ssl_version = SSLConnectionStatusToVersion(ssl_connection_status_); | |
1861 switch (ssl_version) { | |
1862 case SSL_CONNECTION_VERSION_SSL2: | |
1863 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2); | |
1864 break; | |
1865 case SSL_CONNECTION_VERSION_SSL3: | |
1866 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3); | |
1867 break; | |
1868 case SSL_CONNECTION_VERSION_TLS1: | |
1869 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1); | |
1870 break; | |
1871 case SSL_CONNECTION_VERSION_TLS1_1: | |
1872 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | |
1873 break; | |
1874 case SSL_CONNECTION_VERSION_TLS1_2: | |
1875 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | |
1876 break; | |
1877 }; | |
1878 } | |
1879 | |
1880 // SaveSSLHostInfo saves the certificate chain of the connection so that we can | |
1881 // start verification faster in the future. | |
1882 void SSLClientSocketNSS::SaveSSLHostInfo() { | |
1883 if (!ssl_host_info_.get()) | |
1884 return; | |
1885 | |
1886 // If the SSLHostInfo hasn't managed to load from disk yet then we can't save | |
1887 // anything. | |
1888 if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK) | |
1889 return; | |
1890 | |
1891 SSLHostInfo::State* state = ssl_host_info_->mutable_state(); | |
1892 | |
1893 state->certs.clear(); | |
1894 PeerCertificateChain certs(nss_fd_); | |
1895 for (unsigned i = 0; i < certs.size(); i++) { | |
1896 if (certs[i]->derCert.len > std::numeric_limits<uint16>::max()) | |
1897 return; | |
1898 | |
1899 state->certs.push_back(std::string( | |
1900 reinterpret_cast<char*>(certs[i]->derCert.data), | |
1901 certs[i]->derCert.len)); | |
1902 } | |
1903 | |
1904 ssl_host_info_->Persist(); | |
1905 } | |
1906 | |
1907 // Do as much network I/O as possible between the buffer and the | 2065 // Do as much network I/O as possible between the buffer and the |
1908 // transport socket. Return true if some I/O performed, false | 2066 // transport socket. Return true if some I/O performed, false |
1909 // otherwise (error or ERR_IO_PENDING). | 2067 // otherwise (error or ERR_IO_PENDING). |
1910 bool SSLClientSocketNSS::DoTransportIO() { | 2068 bool SSLClientSocketNSS::Core::DoTransportIO() { |
1911 EnterFunction(""); | 2069 DCHECK(OnNSSTaskRunner()); |
2070 | |
1912 bool network_moved = false; | 2071 bool network_moved = false; |
1913 if (nss_bufs_ != NULL) { | 2072 if (nss_bufs_ != NULL) { |
1914 int rv; | 2073 int rv; |
1915 // Read and write as much data as we can. The loop is neccessary | 2074 // Read and write as much data as we can. The loop is neccessary |
1916 // because Write() may return synchronously. | 2075 // because Write() may return synchronously. |
1917 do { | 2076 do { |
1918 rv = BufferSend(); | 2077 rv = BufferSend(); |
1919 if (rv > 0) | 2078 if (rv > 0) |
1920 network_moved = true; | 2079 network_moved = true; |
1921 } while (rv > 0); | 2080 } while (rv > 0); |
1922 if (!transport_recv_eof_ && BufferRecv() >= 0) | 2081 if (!transport_recv_eof_ && BufferRecv() >= 0) |
1923 network_moved = true; | 2082 network_moved = true; |
1924 } | 2083 } |
1925 LeaveFunction(network_moved); | |
1926 return network_moved; | 2084 return network_moved; |
1927 } | 2085 } |
1928 | 2086 |
2087 int SSLClientSocketNSS::Core::BufferRecv() { | |
2088 DCHECK(OnNSSTaskRunner()); | |
2089 | |
2090 if (transport_recv_busy_) | |
2091 return ERR_IO_PENDING; | |
2092 | |
2093 char* buf; | |
2094 int nb = memio_GetReadParams(nss_bufs_, &buf); | |
2095 int rv; | |
2096 if (!nb) { | |
2097 // buffer too full to read into, so no I/O possible at moment | |
2098 rv = ERR_IO_PENDING; | |
2099 } else { | |
2100 scoped_refptr<IOBuffer> read_buffer(new IOBuffer(nb)); | |
2101 if (OnNetworkTaskRunner()) { | |
2102 rv = DoBufferRecv(read_buffer, nb); | |
2103 } else { | |
2104 bool posted = network_task_runner_->PostTask( | |
2105 FROM_HERE, | |
2106 base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer, | |
2107 nb)); | |
2108 rv = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; | |
2109 } | |
2110 | |
2111 if (rv == ERR_IO_PENDING) { | |
2112 transport_recv_busy_ = true; | |
2113 } else { | |
2114 if (rv > 0) { | |
2115 memcpy(buf, read_buffer->data(), rv); | |
2116 } else if (rv == 0) { | |
2117 transport_recv_eof_ = true; | |
2118 } | |
2119 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv)); | |
2120 } | |
2121 } | |
2122 return rv; | |
2123 } | |
2124 | |
1929 // Return 0 for EOF, | 2125 // Return 0 for EOF, |
1930 // > 0 for bytes transferred immediately, | 2126 // > 0 for bytes transferred immediately, |
1931 // < 0 for error (or the non-error ERR_IO_PENDING). | 2127 // < 0 for error (or the non-error ERR_IO_PENDING). |
1932 int SSLClientSocketNSS::BufferSend() { | 2128 int SSLClientSocketNSS::Core::BufferSend() { |
2129 DCHECK(OnNSSTaskRunner()); | |
2130 | |
1933 if (transport_send_busy_) | 2131 if (transport_send_busy_) |
1934 return ERR_IO_PENDING; | 2132 return ERR_IO_PENDING; |
1935 | 2133 |
1936 EnterFunction(""); | |
1937 const char* buf1; | 2134 const char* buf1; |
1938 const char* buf2; | 2135 const char* buf2; |
1939 unsigned int len1, len2; | 2136 unsigned int len1, len2; |
1940 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); | 2137 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); |
1941 const unsigned int len = len1 + len2; | 2138 const unsigned int len = len1 + len2; |
1942 | 2139 |
1943 int rv = 0; | 2140 int rv = 0; |
1944 if (len) { | 2141 if (len) { |
1945 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); | 2142 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); |
1946 memcpy(send_buffer->data(), buf1, len1); | 2143 memcpy(send_buffer->data(), buf1, len1); |
1947 memcpy(send_buffer->data() + len1, buf2, len2); | 2144 memcpy(send_buffer->data() + len1, buf2, len2); |
1948 rv = transport_->socket()->Write( | 2145 |
1949 send_buffer, len, | 2146 if (OnNetworkTaskRunner()) { |
1950 base::Bind(&SSLClientSocketNSS::BufferSendComplete, | 2147 rv = DoBufferSend(send_buffer, len); |
1951 base::Unretained(this))); | 2148 } else { |
2149 bool posted = network_task_runner_->PostTask( | |
2150 FROM_HERE, | |
2151 base::Bind(IgnoreResult(&Core::DoBufferSend), this, send_buffer, | |
2152 len)); | |
2153 rv = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; | |
2154 } | |
2155 | |
1952 if (rv == ERR_IO_PENDING) { | 2156 if (rv == ERR_IO_PENDING) { |
1953 transport_send_busy_ = true; | 2157 transport_send_busy_ = true; |
1954 } else { | 2158 } else { |
1955 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); | 2159 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); |
1956 } | 2160 } |
1957 } | 2161 } |
1958 | 2162 |
1959 LeaveFunction(rv); | |
1960 return rv; | 2163 return rv; |
1961 } | 2164 } |
1962 | 2165 |
1963 void SSLClientSocketNSS::BufferSendComplete(int result) { | 2166 void SSLClientSocketNSS::Core::OnRecvComplete(int result) { |
1964 EnterFunction(result); | 2167 DCHECK(OnNSSTaskRunner()); |
1965 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result)); | 2168 |
1966 transport_send_busy_ = false; | 2169 if (next_handshake_state_ == STATE_HANDSHAKE) { |
1967 OnSendComplete(result); | 2170 OnHandshakeIOComplete(result); |
1968 LeaveFunction(""); | 2171 return; |
1969 } | 2172 } |
1970 | 2173 |
1971 int SSLClientSocketNSS::BufferRecv() { | 2174 // Network layer received some data, check if client requested to read |
1972 if (transport_recv_busy_) return ERR_IO_PENDING; | 2175 // decrypted data. |
1973 | 2176 if (!user_read_buf_) |
1974 char* buf; | 2177 return; |
1975 int nb = memio_GetReadParams(nss_bufs_, &buf); | 2178 |
1976 EnterFunction(nb); | 2179 int rv = DoReadLoop(result); |
1977 int rv; | 2180 if (rv != ERR_IO_PENDING) |
1978 if (!nb) { | 2181 DoReadCallback(rv); |
1979 // buffer too full to read into, so no I/O possible at moment | 2182 } |
1980 rv = ERR_IO_PENDING; | 2183 |
1981 } else { | 2184 void SSLClientSocketNSS::Core::OnSendComplete(int result) { |
1982 recv_buffer_ = new IOBuffer(nb); | 2185 DCHECK(OnNSSTaskRunner()); |
1983 rv = transport_->socket()->Read( | 2186 |
1984 recv_buffer_, nb, | 2187 if (next_handshake_state_ == STATE_HANDSHAKE) { |
1985 base::Bind(&SSLClientSocketNSS::BufferRecvComplete, | 2188 OnHandshakeIOComplete(result); |
1986 base::Unretained(this))); | 2189 return; |
1987 if (rv == ERR_IO_PENDING) { | 2190 } |
1988 transport_recv_busy_ = true; | 2191 |
1989 } else { | 2192 // OnSendComplete may need to call DoPayloadRead while the renegotiation |
1990 if (rv > 0) { | 2193 // handshake is in progress. |
1991 memcpy(buf, recv_buffer_->data(), rv); | 2194 int rv_read = ERR_IO_PENDING; |
1992 } else if (rv == 0) { | 2195 int rv_write = ERR_IO_PENDING; |
1993 transport_recv_eof_ = true; | 2196 bool network_moved; |
1994 } | 2197 do { |
1995 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv)); | 2198 if (user_read_buf_) |
1996 recv_buffer_ = NULL; | 2199 rv_read = DoPayloadRead(); |
1997 } | 2200 if (user_write_buf_) |
1998 } | 2201 rv_write = DoPayloadWrite(); |
1999 LeaveFunction(rv); | 2202 network_moved = DoTransportIO(); |
2000 return rv; | 2203 } while (rv_read == ERR_IO_PENDING && |
2001 } | 2204 rv_write == ERR_IO_PENDING && |
2002 | 2205 (user_read_buf_ || user_write_buf_) && |
2003 void SSLClientSocketNSS::BufferRecvComplete(int result) { | 2206 network_moved); |
2004 EnterFunction(result); | 2207 |
2005 if (result > 0) { | 2208 if (user_read_buf_ && rv_read != ERR_IO_PENDING) |
2006 char* buf; | 2209 DoReadCallback(rv_read); |
2007 memio_GetReadParams(nss_bufs_, &buf); | 2210 if (user_write_buf_ && rv_write != ERR_IO_PENDING) |
2008 memcpy(buf, recv_buffer_->data(), result); | 2211 DoWriteCallback(rv_write); |
2009 } else if (result == 0) { | 2212 } |
2010 transport_recv_eof_ = true; | 2213 |
2011 } | 2214 // As part of Connect(), the SSLClientSocketNSS object performs an SSL |
2012 recv_buffer_ = NULL; | 2215 // handshake. This requires network IO, which in turn calls |
2013 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result)); | 2216 // BufferRecvComplete() with a non-zero byte count. This byte count eventually |
2014 transport_recv_busy_ = false; | 2217 // winds its way through the state machine and ends up being passed to the |
2015 OnRecvComplete(result); | 2218 // callback. For Read() and Write(), that's what we want. But for Connect(), |
2016 LeaveFunction(""); | 2219 // the caller expects OK (i.e. 0) for success. |
2017 } | 2220 void SSLClientSocketNSS::Core::DoConnectCallback(int rv) { |
2018 | 2221 DCHECK(OnNSSTaskRunner()); |
2019 int SSLClientSocketNSS::HandleNSSError(PRErrorCode nss_error, | 2222 DCHECK_NE(rv, ERR_IO_PENDING); |
2020 bool handshake_error) { | 2223 DCHECK(!user_connect_callback_.is_null()); |
2021 int net_error = handshake_error ? MapNSSHandshakeError(nss_error) : | 2224 |
2022 MapNSSError(nss_error); | 2225 base::Closure c = base::Bind( |
2023 | 2226 base::ResetAndReturn(&user_connect_callback_), |
2024 #if defined(OS_WIN) | 2227 rv > OK ? OK : rv); |
2025 // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate | 2228 PostOrRunCallback(FROM_HERE, c); |
2026 // os_cert_handle() as an optimization. However, if the certificate | 2229 } |
2027 // private key is stored on a smart card, and the smart card is removed, | 2230 |
2028 // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again, | 2231 void SSLClientSocketNSS::Core::DoReadCallback(int rv) { |
2029 // preventing client certificate authentication. Because the | 2232 DCHECK(OnNSSTaskRunner()); |
2030 // X509Certificate may outlive the individual SSLClientSocketNSS, due to | 2233 DCHECK_NE(ERR_IO_PENDING, rv); |
2031 // caching in X509Certificate, this failure ends up preventing client | 2234 DCHECK(!user_read_callback_.is_null()); |
2032 // certificate authentication with the same certificate for all future | 2235 |
2033 // attempts, even after the smart card has been re-inserted. By setting | 2236 user_read_buf_ = NULL; |
2034 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will | 2237 user_read_buf_len_ = 0; |
2035 // typically be freed. This allows a new HCRYPTPROV to be obtained from | 2238 base::Closure c = base::Bind( |
2036 // the certificate on the next attempt, which should succeed if the smart | 2239 base::ResetAndReturn(&user_read_callback_), |
2037 // card has been re-inserted, or will typically prompt the user to | 2240 rv); |
2038 // re-insert the smart card if not. | 2241 PostOrRunCallback(FROM_HERE, c); |
2039 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || | 2242 } |
2040 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && | 2243 |
2041 ssl_config_.send_client_cert && ssl_config_.client_cert) { | 2244 void SSLClientSocketNSS::Core::DoWriteCallback(int rv) { |
2042 CertSetCertificateContextProperty( | 2245 DCHECK(OnNSSTaskRunner()); |
2043 ssl_config_.client_cert->os_cert_handle(), | 2246 DCHECK_NE(ERR_IO_PENDING, rv); |
2044 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); | 2247 DCHECK(!user_write_callback_.is_null()); |
2045 } | 2248 |
2046 #endif | 2249 // Since Run may result in Write being called, clear |user_write_callback_| |
2047 | 2250 // up front. |
2048 return net_error; | 2251 user_write_buf_ = NULL; |
2049 } | 2252 user_write_buf_len_ = 0; |
2050 | 2253 base::Closure c = base::Bind( |
2051 // static | 2254 base::ResetAndReturn(&user_write_callback_), |
2052 // NSS calls this if an incoming certificate needs to be verified. | 2255 rv); |
2053 // Do nothing but return SECSuccess. | 2256 PostOrRunCallback(FROM_HERE, c); |
2054 // This is called only in full handshake mode. | 2257 } |
2055 // Peer certificate is retrieved in HandshakeCallback() later, which is called | 2258 |
2056 // in full handshake mode or in resumption handshake mode. | 2259 SECStatus SSLClientSocketNSS::Core::DomainBoundClientAuthHandler( |
2057 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, | |
2058 PRFileDesc* socket, | |
2059 PRBool checksig, | |
2060 PRBool is_server) { | |
2061 #ifdef SSL_ENABLE_FALSE_START | |
2062 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | |
2063 if (!that->server_cert_nss_) { | |
2064 // Only need to turn off False Start in the initial handshake. Also, it is | |
2065 // unsafe to call SSL_OptionSet in a renegotiation because the "first | |
2066 // handshake" lock isn't already held, which will result in an assertion | |
2067 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet. | |
2068 PRBool npn; | |
2069 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket, | |
2070 ssl_next_proto_nego_xtn, | |
2071 &npn); | |
2072 if (rv != SECSuccess || !npn) { | |
2073 // If the server doesn't support NPN, then we don't do False Start with | |
2074 // it. | |
2075 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); | |
2076 } | |
2077 } | |
2078 #endif | |
2079 | |
2080 // Tell NSS to not verify the certificate. | |
2081 return SECSuccess; | |
2082 } | |
2083 | |
2084 // static | |
2085 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) { | |
2086 // TODO(wtc,mattm): this is temporary while DBC support is changed into | |
2087 // Channel ID. | |
2088 return false; | |
2089 } | |
2090 | |
2091 SECStatus SSLClientSocketNSS::DomainBoundClientAuthHandler( | |
2092 const SECItem* cert_types, | 2260 const SECItem* cert_types, |
2093 CERTCertificate** result_certificate, | 2261 CERTCertificate** result_certificate, |
2094 SECKEYPrivateKey** result_private_key) { | 2262 SECKEYPrivateKey** result_private_key) { |
2263 DCHECK(OnNSSTaskRunner()); | |
2264 | |
2095 domain_bound_cert_xtn_negotiated_ = true; | 2265 domain_bound_cert_xtn_negotiated_ = true; |
2096 | 2266 |
2097 // We have negotiated the domain-bound certificate extension. | 2267 // We have negotiated the domain-bound certificate extension. |
2098 std::string origin = "https://" + host_and_port_.ToString(); | 2268 std::string origin = "https://" + host_and_port_.ToString(); |
2099 std::vector<uint8> requested_cert_types(cert_types->data, | 2269 std::vector<uint8> requested_cert_types(cert_types->data, |
2100 cert_types->data + cert_types->len); | 2270 cert_types->data + cert_types->len); |
2101 net_log_.BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL); | 2271 int error = ERR_UNEXPECTED; |
2102 int error = server_bound_cert_service_->GetDomainBoundCert( | 2272 if (OnNetworkTaskRunner()) { |
2103 origin, | 2273 error = DoGetDomainBoundCert(origin, requested_cert_types); |
2104 requested_cert_types, | 2274 } else { |
2105 &domain_bound_cert_type_, | 2275 bool posted = network_task_runner_->PostTask( |
2106 &domain_bound_private_key_, | 2276 FROM_HERE, |
2107 &domain_bound_cert_, | 2277 base::Bind(IgnoreResult(&Core::DoGetDomainBoundCert), this, origin, |
2108 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | 2278 requested_cert_types)); |
2109 base::Unretained(this)), | 2279 error = posted ? ERR_IO_PENDING : ERR_UNEXPECTED; |
2110 &domain_bound_cert_request_handle_); | 2280 } |
2111 | 2281 |
2112 if (error == ERR_IO_PENDING) { | 2282 if (error == ERR_IO_PENDING) { |
2113 // Asynchronous case. | 2283 // Asynchronous case. |
2114 client_auth_cert_needed_ = true; | 2284 client_auth_cert_needed_ = true; |
2115 return SECWouldBlock; | 2285 return SECWouldBlock; |
2116 } | 2286 } |
2117 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, | 2287 |
2118 error); | 2288 PostOrRunCallback( |
2119 | 2289 FROM_HERE, |
2290 base::Bind(&BoundNetLog::EndEventWithNetErrorCode, weak_net_log_, | |
2291 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, error)); | |
2120 SECStatus rv = SECSuccess; | 2292 SECStatus rv = SECSuccess; |
2121 if (error == OK) { | 2293 if (error == OK) { |
2122 // Synchronous success. | 2294 // Synchronous success. |
2123 int result = ImportDBCertAndKey(result_certificate, | 2295 int result = ImportDBCertAndKey(result_certificate, result_private_key); |
2124 result_private_key); | 2296 if (result != OK) { |
2125 if (result == OK) { | 2297 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE; |
2126 set_domain_bound_cert_type(domain_bound_cert_type_); | |
2127 } else { | |
2128 rv = SECFailure; | 2298 rv = SECFailure; |
2129 } | 2299 } |
2130 } else { | 2300 } else { |
2131 rv = SECFailure; // Synchronous failure. | 2301 rv = SECFailure; |
2132 } | 2302 } |
2133 | 2303 |
2134 int cert_count = (rv == SECSuccess) ? 1 : 0; | 2304 int cert_count = (rv == SECSuccess) ? 1 : 0; |
2135 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 2305 PostOrRunCallback( |
2136 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | 2306 FROM_HERE, |
2137 cert_count))); | 2307 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, |
2308 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2309 make_scoped_refptr( | |
2310 new NetLogIntegerParameter("cert_count", | |
2311 cert_count)))); | |
2138 return rv; | 2312 return rv; |
2139 } | 2313 } |
2140 | 2314 |
2141 #if defined(NSS_PLATFORM_CLIENT_AUTH) | 2315 int SSLClientSocketNSS::Core::ImportDBCertAndKey(CERTCertificate** cert, |
2142 // static | 2316 SECKEYPrivateKey** key) { |
2143 // NSS calls this if a client certificate is needed. | 2317 // Set the certificate. |
2144 SECStatus SSLClientSocketNSS::PlatformClientAuthHandler( | 2318 SECItem cert_item; |
2145 void* arg, | 2319 cert_item.data = (unsigned char*) domain_bound_cert_.data(); |
2146 PRFileDesc* socket, | 2320 cert_item.len = domain_bound_cert_.size(); |
2147 CERTDistNames* ca_names, | 2321 *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), |
2148 CERTCertList** result_certs, | 2322 &cert_item, |
2149 void** result_private_key, | 2323 NULL, |
2150 CERTCertificate** result_nss_certificate, | 2324 PR_FALSE, |
2151 SECKEYPrivateKey** result_nss_private_key) { | 2325 PR_TRUE); |
2152 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 2326 if (*cert == NULL) |
2153 | 2327 return MapNSSError(PORT_GetError()); |
2154 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL); | 2328 |
2155 | 2329 // Set the private key. |
2156 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | 2330 switch (domain_bound_cert_type_) { |
2157 | 2331 case CLIENT_CERT_ECDSA_SIGN: { |
2158 // Check if a domain-bound certificate is requested. | 2332 SECKEYPublicKey* public_key = NULL; |
2159 if (DomainBoundCertNegotiated(socket)) { | 2333 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( |
2160 return that->DomainBoundClientAuthHandler( | 2334 ServerBoundCertService::kEPKIPassword, |
2161 cert_types, result_nss_certificate, result_nss_private_key); | 2335 reinterpret_cast<const unsigned char*>( |
2162 } | 2336 domain_bound_private_key_.data()), |
2163 | 2337 domain_bound_private_key_.size(), |
2164 that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert; | 2338 &(*cert)->subjectPublicKeyInfo, |
2165 #if defined(OS_WIN) | 2339 false, |
2166 if (that->ssl_config_.send_client_cert) { | 2340 false, |
2167 if (that->ssl_config_.client_cert) { | 2341 key, |
2168 PCCERT_CONTEXT cert_context = | 2342 &public_key)) { |
2169 that->ssl_config_.client_cert->os_cert_handle(); | 2343 CERT_DestroyCertificate(*cert); |
2170 | 2344 *cert = NULL; |
2171 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; | 2345 return MapNSSError(PORT_GetError()); |
2172 DWORD key_spec = 0; | |
2173 BOOL must_free = FALSE; | |
2174 BOOL acquired_key = CryptAcquireCertificatePrivateKey( | |
2175 cert_context, CRYPT_ACQUIRE_CACHE_FLAG, NULL, | |
2176 &crypt_prov, &key_spec, &must_free); | |
2177 | |
2178 if (acquired_key) { | |
2179 // Since we passed CRYPT_ACQUIRE_CACHE_FLAG, |must_free| must be false | |
2180 // according to the MSDN documentation. | |
2181 CHECK_EQ(must_free, FALSE); | |
2182 DCHECK_NE(key_spec, CERT_NCRYPT_KEY_SPEC); | |
2183 | |
2184 SECItem der_cert; | |
2185 der_cert.type = siDERCertBuffer; | |
2186 der_cert.data = cert_context->pbCertEncoded; | |
2187 der_cert.len = cert_context->cbCertEncoded; | |
2188 | |
2189 // TODO(rsleevi): Error checking for NSS allocation errors. | |
2190 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB(); | |
2191 CERTCertificate* user_cert = CERT_NewTempCertificate( | |
2192 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | |
2193 if (!user_cert) { | |
2194 // Importing the certificate can fail for reasons including a serial | |
2195 // number collision. See crbug.com/97355. | |
2196 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2197 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2198 return SECFailure; | |
2199 } | |
2200 CERTCertList* cert_chain = CERT_NewCertList(); | |
2201 CERT_AddCertToListTail(cert_chain, user_cert); | |
2202 | |
2203 // Add the intermediates. | |
2204 X509Certificate::OSCertHandles intermediates = | |
2205 that->ssl_config_.client_cert->GetIntermediateCertificates(); | |
2206 for (X509Certificate::OSCertHandles::const_iterator it = | |
2207 intermediates.begin(); it != intermediates.end(); ++it) { | |
2208 der_cert.data = (*it)->pbCertEncoded; | |
2209 der_cert.len = (*it)->cbCertEncoded; | |
2210 | |
2211 CERTCertificate* intermediate = CERT_NewTempCertificate( | |
2212 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | |
2213 if (!intermediate) { | |
2214 CERT_DestroyCertList(cert_chain); | |
2215 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2216 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
2217 0))); | |
2218 return SECFailure; | |
2219 } | |
2220 CERT_AddCertToListTail(cert_chain, intermediate); | |
2221 } | |
2222 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>( | |
2223 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT))); | |
2224 key_context->cbSize = sizeof(*key_context); | |
2225 // NSS will free this context when no longer in use, but the | |
2226 // |must_free| result from CryptAcquireCertificatePrivateKey was false | |
2227 // so we increment the refcount to negate NSS's future decrement. | |
2228 CryptContextAddRef(crypt_prov, NULL, 0); | |
2229 key_context->hCryptProv = crypt_prov; | |
2230 key_context->dwKeySpec = key_spec; | |
2231 *result_private_key = key_context; | |
2232 *result_certs = cert_chain; | |
2233 | |
2234 int cert_count = 1 + intermediates.size(); | |
2235 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2236 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
2237 cert_count))); | |
2238 return SECSuccess; | |
2239 } | 2346 } |
2240 LOG(WARNING) << "Client cert found without private key"; | 2347 SECKEY_DestroyPublicKey(public_key); |
2241 } | |
2242 // Send no client certificate. | |
2243 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2244 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2245 return SECFailure; | |
2246 } | |
2247 | |
2248 that->client_certs_.clear(); | |
2249 | |
2250 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames); | |
2251 for (int i = 0; i < ca_names->nnames; ++i) { | |
2252 issuer_list[i].cbData = ca_names->names[i].len; | |
2253 issuer_list[i].pbData = ca_names->names[i].data; | |
2254 } | |
2255 | |
2256 // Client certificates of the user are in the "MY" system certificate store. | |
2257 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); | |
2258 if (!my_cert_store) { | |
2259 LOG(ERROR) << "Could not open the \"MY\" system certificate store: " | |
2260 << GetLastError(); | |
2261 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2262 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2263 return SECFailure; | |
2264 } | |
2265 | |
2266 // Enumerate the client certificates. | |
2267 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para; | |
2268 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para)); | |
2269 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para); | |
2270 find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH; | |
2271 find_by_issuer_para.cIssuer = ca_names->nnames; | |
2272 find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL; | |
2273 find_by_issuer_para.pfnFindCallback = ClientCertFindCallback; | |
2274 | |
2275 PCCERT_CHAIN_CONTEXT chain_context = NULL; | |
2276 DWORD find_flags = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG | | |
2277 CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG; | |
2278 | |
2279 for (;;) { | |
2280 // Find a certificate chain. | |
2281 chain_context = CertFindChainInStore(my_cert_store, | |
2282 X509_ASN_ENCODING, | |
2283 find_flags, | |
2284 CERT_CHAIN_FIND_BY_ISSUER, | |
2285 &find_by_issuer_para, | |
2286 chain_context); | |
2287 if (!chain_context) { | |
2288 DWORD err = GetLastError(); | |
2289 if (err != CRYPT_E_NOT_FOUND) | |
2290 DLOG(ERROR) << "CertFindChainInStore failed: " << err; | |
2291 break; | 2348 break; |
2292 } | 2349 } |
2293 | 2350 |
2294 // Get the leaf certificate. | 2351 default: |
2295 PCCERT_CONTEXT cert_context = | |
2296 chain_context->rgpChain[0]->rgpElement[0]->pCertContext; | |
2297 // Create a copy the handle, so that we can close the "MY" certificate store | |
2298 // before returning from this function. | |
2299 PCCERT_CONTEXT cert_context2; | |
2300 BOOL ok = CertAddCertificateContextToStore(NULL, cert_context, | |
2301 CERT_STORE_ADD_USE_EXISTING, | |
2302 &cert_context2); | |
2303 if (!ok) { | |
2304 NOTREACHED(); | 2352 NOTREACHED(); |
2305 continue; | 2353 return ERR_INVALID_ARGUMENT; |
2354 } | |
2355 | |
2356 return OK; | |
2357 } | |
2358 | |
2359 void SSLClientSocketNSS::Core::UpdateServerCert() { | |
2360 nss_connection_state_.server_cert_chain.Reset(nss_fd_); | |
2361 nss_connection_state_.server_cert = X509Certificate::CreateFromDERCertChain( | |
2362 nss_connection_state_.server_cert_chain.AsStringPieceVector()); | |
2363 if (nss_connection_state_.server_cert) { | |
2364 PostOrRunCallback( | |
2365 FROM_HERE, | |
2366 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | |
2367 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | |
2368 make_scoped_refptr( | |
2369 new X509CertificateNetLogParam( | |
2370 nss_connection_state_.server_cert)))); | |
2371 } | |
2372 } | |
2373 | |
2374 void SSLClientSocketNSS::Core::UpdateConnectionStatus() { | |
2375 SSLChannelInfo channel_info; | |
2376 SECStatus ok = SSL_GetChannelInfo(nss_fd_, | |
2377 &channel_info, sizeof(channel_info)); | |
2378 if (ok == SECSuccess && | |
2379 channel_info.length == sizeof(channel_info) && | |
2380 channel_info.cipherSuite) { | |
2381 nss_connection_state_.ssl_connection_status |= | |
2382 (static_cast<int>(channel_info.cipherSuite) & | |
2383 SSL_CONNECTION_CIPHERSUITE_MASK) << | |
2384 SSL_CONNECTION_CIPHERSUITE_SHIFT; | |
2385 | |
2386 nss_connection_state_.ssl_connection_status |= | |
2387 (static_cast<int>(channel_info.compressionMethod) & | |
2388 SSL_CONNECTION_COMPRESSION_MASK) << | |
2389 SSL_CONNECTION_COMPRESSION_SHIFT; | |
2390 | |
2391 // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS | |
2392 // doesn't support them yet), so we use 0x0302 and 0x0303 directly. | |
2393 int version = SSL_CONNECTION_VERSION_UNKNOWN; | |
2394 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) { | |
2395 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL | |
2396 // version 2. | |
2397 version = SSL_CONNECTION_VERSION_SSL2; | |
2398 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) { | |
2399 version = SSL_CONNECTION_VERSION_SSL3; | |
2400 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) { | |
2401 version = SSL_CONNECTION_VERSION_TLS1; | |
2402 } else if (channel_info.protocolVersion == 0x0302) { | |
2403 version = SSL_CONNECTION_VERSION_TLS1_1; | |
2404 } else if (channel_info.protocolVersion == 0x0303) { | |
2405 version = SSL_CONNECTION_VERSION_TLS1_2; | |
2306 } | 2406 } |
2307 | 2407 nss_connection_state_.ssl_connection_status |= |
2308 // Copy the rest of the chain. Copying the chain stops gracefully if an | 2408 (version & SSL_CONNECTION_VERSION_MASK) << |
2309 // error is encountered, with the partial chain being used as the | 2409 SSL_CONNECTION_VERSION_SHIFT; |
2310 // intermediates, as opposed to failing to consider the client certificate | 2410 } |
2311 // at all. | 2411 |
2312 net::X509Certificate::OSCertHandles intermediates; | 2412 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6. |
2313 for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; i++) { | 2413 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test |
2314 PCCERT_CONTEXT intermediate_copy; | 2414 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension. |
2315 ok = CertAddCertificateContextToStore( | 2415 #if defined(SSL_MAX_EXTENSIONS) |
2316 NULL, chain_context->rgpChain[0]->rgpElement[i]->pCertContext, | 2416 PRBool peer_supports_renego_ext; |
2317 CERT_STORE_ADD_USE_EXISTING, &intermediate_copy); | 2417 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn, |
2318 if (!ok) { | 2418 &peer_supports_renego_ext); |
2319 NOTREACHED(); | 2419 if (ok == SECSuccess) { |
2320 break; | 2420 if (!peer_supports_renego_ext) { |
2321 } | 2421 nss_connection_state_.ssl_connection_status |= |
2322 intermediates.push_back(intermediate_copy); | 2422 SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; |
2423 // Log an informational message if the server does not support secure | |
2424 // renegotiation (RFC 5746). | |
2425 VLOG(1) << "The server " << host_and_port_.ToString() | |
2426 << " does not support the TLS renegotiation_info extension."; | |
2323 } | 2427 } |
2324 | 2428 UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported", |
2325 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 2429 peer_supports_renego_ext, 2); |
2326 cert_context2, intermediates); | 2430 } |
2327 that->client_certs_.push_back(cert); | |
2328 | |
2329 X509Certificate::FreeOSCertHandle(cert_context2); | |
2330 for (net::X509Certificate::OSCertHandles::iterator it = | |
2331 intermediates.begin(); it != intermediates.end(); ++it) { | |
2332 net::X509Certificate::FreeOSCertHandle(*it); | |
2333 } | |
2334 } | |
2335 | |
2336 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG); | |
2337 DCHECK(ok); | |
2338 | |
2339 // Tell NSS to suspend the client authentication. We will then abort the | |
2340 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
2341 return SECWouldBlock; | |
2342 #elif defined(OS_MACOSX) | |
2343 if (that->ssl_config_.send_client_cert) { | |
2344 if (that->ssl_config_.client_cert) { | |
2345 OSStatus os_error = noErr; | |
2346 SecIdentityRef identity = NULL; | |
2347 SecKeyRef private_key = NULL; | |
2348 CFArrayRef chain = | |
2349 that->ssl_config_.client_cert->CreateClientCertificateChain(); | |
2350 if (chain) { | |
2351 identity = reinterpret_cast<SecIdentityRef>( | |
2352 const_cast<void*>(CFArrayGetValueAtIndex(chain, 0))); | |
2353 } | |
2354 if (identity) | |
2355 os_error = SecIdentityCopyPrivateKey(identity, &private_key); | |
2356 | |
2357 if (chain && identity && os_error == noErr) { | |
2358 // TODO(rsleevi): Error checking for NSS allocation errors. | |
2359 *result_certs = CERT_NewCertList(); | |
2360 *result_private_key = private_key; | |
2361 | |
2362 for (CFIndex i = 0; i < CFArrayGetCount(chain); ++i) { | |
2363 CSSM_DATA cert_data; | |
2364 SecCertificateRef cert_ref; | |
2365 if (i == 0) { | |
2366 cert_ref = that->ssl_config_.client_cert->os_cert_handle(); | |
2367 } else { | |
2368 cert_ref = reinterpret_cast<SecCertificateRef>( | |
2369 const_cast<void*>(CFArrayGetValueAtIndex(chain, i))); | |
2370 } | |
2371 os_error = SecCertificateGetData(cert_ref, &cert_data); | |
2372 if (os_error != noErr) | |
2373 break; | |
2374 | |
2375 SECItem der_cert; | |
2376 der_cert.type = siDERCertBuffer; | |
2377 der_cert.data = cert_data.Data; | |
2378 der_cert.len = cert_data.Length; | |
2379 CERTCertificate* nss_cert = CERT_NewTempCertificate( | |
2380 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | |
2381 if (!nss_cert) { | |
2382 // In the event of an NSS error we make up an OS error and reuse | |
2383 // the error handling, below. | |
2384 os_error = errSecCreateChainFailed; | |
2385 break; | |
2386 } | |
2387 CERT_AddCertToListTail(*result_certs, nss_cert); | |
2388 } | |
2389 } | |
2390 if (os_error == noErr) { | |
2391 int cert_count = 0; | |
2392 if (chain) { | |
2393 cert_count = CFArrayGetCount(chain); | |
2394 CFRelease(chain); | |
2395 } | |
2396 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2397 make_scoped_refptr(new NetLogIntegerParameter("cert_count", | |
2398 cert_count))); | |
2399 return SECSuccess; | |
2400 } | |
2401 OSSTATUS_LOG(WARNING, os_error) | |
2402 << "Client cert found, but could not be used"; | |
2403 if (*result_certs) { | |
2404 CERT_DestroyCertList(*result_certs); | |
2405 *result_certs = NULL; | |
2406 } | |
2407 if (*result_private_key) | |
2408 *result_private_key = NULL; | |
2409 if (private_key) | |
2410 CFRelease(private_key); | |
2411 if (chain) | |
2412 CFRelease(chain); | |
2413 } | |
2414 // Send no client certificate. | |
2415 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2416 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2417 return SECFailure; | |
2418 } | |
2419 | |
2420 that->client_certs_.clear(); | |
2421 | |
2422 // First, get the cert issuer names allowed by the server. | |
2423 std::vector<CertPrincipal> valid_issuers; | |
2424 int n = ca_names->nnames; | |
2425 for (int i = 0; i < n; i++) { | |
2426 // Parse each name into a CertPrincipal object. | |
2427 CertPrincipal p; | |
2428 if (p.ParseDistinguishedName(ca_names->names[i].data, | |
2429 ca_names->names[i].len)) { | |
2430 valid_issuers.push_back(p); | |
2431 } | |
2432 } | |
2433 | |
2434 // Now get the available client certs whose issuers are allowed by the server. | |
2435 X509Certificate::GetSSLClientCertificates(that->host_and_port_.host(), | |
2436 valid_issuers, | |
2437 &that->client_certs_); | |
2438 | |
2439 // Tell NSS to suspend the client authentication. We will then abort the | |
2440 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
2441 return SECWouldBlock; | |
2442 #else | |
2443 return SECFailure; | |
2444 #endif | 2431 #endif |
2445 } | 2432 |
2446 | 2433 if (ssl_config_.version_fallback) { |
2447 #else // NSS_PLATFORM_CLIENT_AUTH | 2434 nss_connection_state_.ssl_connection_status |= |
2448 | 2435 SSL_CONNECTION_VERSION_FALLBACK; |
2449 // static | 2436 } |
2450 // NSS calls this if a client certificate is needed. | 2437 } |
2451 // Based on Mozilla's NSS_GetClientAuthData. | 2438 |
2452 SECStatus SSLClientSocketNSS::ClientAuthHandler( | 2439 void SSLClientSocketNSS::Core::RecordDomainBoundCertSupport() const { |
2453 void* arg, | 2440 if (nss_connection_state_.resumed_handshake) |
2454 PRFileDesc* socket, | |
2455 CERTDistNames* ca_names, | |
2456 CERTCertificate** result_certificate, | |
2457 SECKEYPrivateKey** result_private_key) { | |
2458 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | |
2459 | |
2460 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL); | |
2461 | |
2462 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | |
2463 | |
2464 // Check if a domain-bound certificate is requested. | |
2465 if (DomainBoundCertNegotiated(socket)) { | |
2466 return that->DomainBoundClientAuthHandler( | |
2467 cert_types, result_certificate, result_private_key); | |
2468 } | |
2469 | |
2470 // Regular client certificate requested. | |
2471 that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert; | |
2472 void* wincx = SSL_RevealPinArg(socket); | |
2473 | |
2474 // Second pass: a client certificate should have been selected. | |
2475 if (that->ssl_config_.send_client_cert) { | |
2476 if (that->ssl_config_.client_cert) { | |
2477 CERTCertificate* cert = CERT_DupCertificate( | |
2478 that->ssl_config_.client_cert->os_cert_handle()); | |
2479 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx); | |
2480 if (privkey) { | |
2481 // TODO(jsorianopastor): We should wait for server certificate | |
2482 // verification before sending our credentials. See | |
2483 // http://crbug.com/13934. | |
2484 *result_certificate = cert; | |
2485 *result_private_key = privkey; | |
2486 // A cert_count of -1 means the number of certificates is unknown. | |
2487 // NSS will construct the certificate chain. | |
2488 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2489 make_scoped_refptr(new NetLogIntegerParameter("cert_count", -1))); | |
2490 return SECSuccess; | |
2491 } | |
2492 LOG(WARNING) << "Client cert found without private key"; | |
2493 } | |
2494 // Send no client certificate. | |
2495 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
2496 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0))); | |
2497 return SECFailure; | |
2498 } | |
2499 | |
2500 // Iterate over all client certificates. | |
2501 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | |
2502 CERT_GetDefaultCertDB(), certUsageSSLClient, | |
2503 PR_FALSE, PR_FALSE, wincx); | |
2504 if (client_certs) { | |
2505 for (CERTCertListNode* node = CERT_LIST_HEAD(client_certs); | |
2506 !CERT_LIST_END(node, client_certs); | |
2507 node = CERT_LIST_NEXT(node)) { | |
2508 // Only offer unexpired certificates. | |
2509 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) != | |
2510 secCertTimeValid) | |
2511 continue; | |
2512 // Filter by issuer. | |
2513 // | |
2514 // TODO(davidben): This does a binary comparison of the DER-encoded | |
2515 // issuers. We should match according to RFC 5280 sec. 7.1. We should find | |
2516 // an appropriate NSS function or add one if needbe. | |
2517 if (ca_names->nnames && | |
2518 NSS_CmpCertChainWCANames(node->cert, ca_names) != SECSuccess) | |
2519 continue; | |
2520 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( | |
2521 node->cert, net::X509Certificate::OSCertHandles()); | |
2522 that->client_certs_.push_back(x509_cert); | |
2523 } | |
2524 CERT_DestroyCertList(client_certs); | |
2525 } | |
2526 | |
2527 // Tell NSS to suspend the client authentication. We will then abort the | |
2528 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. | |
2529 return SECWouldBlock; | |
2530 } | |
2531 #endif // NSS_PLATFORM_CLIENT_AUTH | |
2532 | |
2533 void SSLClientSocketNSS::RecordDomainBoundCertSupport() const { | |
2534 PRBool last_handshake_resumed; | |
2535 SECStatus ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed); | |
2536 if (ok != SECSuccess || last_handshake_resumed) | |
2537 return; | 2441 return; |
2538 | 2442 |
2539 // Since this enum is used for a histogram, do not change or re-use values. | 2443 // Since this enum is used for a histogram, do not change or re-use values. |
2540 enum { | 2444 enum { |
2541 DISABLED = 0, | 2445 DISABLED = 0, |
2542 CLIENT_ONLY = 1, | 2446 CLIENT_ONLY = 1, |
2543 CLIENT_AND_SERVER = 2, | 2447 CLIENT_AND_SERVER = 2, |
2544 DOMAIN_BOUND_CERT_USAGE_MAX | 2448 DOMAIN_BOUND_CERT_USAGE_MAX |
2545 } supported = DISABLED; | 2449 } supported = DISABLED; |
2546 #ifdef SSL_ENABLE_OB_CERTS | 2450 #ifdef SSL_ENABLE_OB_CERTS |
2547 if (domain_bound_cert_xtn_negotiated_) | 2451 if (domain_bound_cert_xtn_negotiated_) |
2548 supported = CLIENT_AND_SERVER; | 2452 supported = CLIENT_AND_SERVER; |
2549 else if (ssl_config_.domain_bound_certs_enabled) | 2453 else if (ssl_config_.domain_bound_certs_enabled) |
2550 supported = CLIENT_ONLY; | 2454 supported = CLIENT_ONLY; |
2551 #endif | 2455 #endif |
2552 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2456 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
2553 DOMAIN_BOUND_CERT_USAGE_MAX); | 2457 DOMAIN_BOUND_CERT_USAGE_MAX); |
2554 } | 2458 } |
2555 | 2459 |
2460 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) { | |
2461 DCHECK(OnNetworkTaskRunner()); | |
2462 DCHECK_GT(len, 0); | |
2463 | |
2464 if (detached_) | |
2465 return ERR_UNEXPECTED; | |
2466 | |
2467 int rv = transport_->socket()->Read( | |
2468 read_buffer, len, | |
2469 base::Bind(&Core::BufferRecvComplete, base::Unretained(this), | |
2470 scoped_refptr<IOBuffer>(read_buffer))); | |
2471 | |
2472 if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) { | |
2473 nss_task_runner_->PostTask( | |
2474 FROM_HERE, base::Bind(&Core::BufferRecvComplete, this, | |
2475 scoped_refptr<IOBuffer>(read_buffer), rv)); | |
2476 return rv; | |
2477 } | |
2478 | |
2479 return rv; | |
2480 } | |
2481 | |
2482 int SSLClientSocketNSS::Core::DoBufferSend(IOBuffer* send_buffer, int len) { | |
2483 DCHECK(OnNetworkTaskRunner()); | |
2484 DCHECK_GT(len, 0); | |
2485 | |
2486 if (detached_) | |
2487 return ERR_UNEXPECTED; | |
2488 | |
2489 int rv = transport_->socket()->Write( | |
2490 send_buffer, len, | |
2491 base::Bind(&Core::BufferSendComplete, | |
2492 base::Unretained(this))); | |
2493 | |
2494 if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) { | |
2495 nss_task_runner_->PostTask( | |
2496 FROM_HERE, | |
2497 base::Bind(&Core::BufferSendComplete, this, rv)); | |
2498 return rv; | |
2499 } | |
2500 | |
2501 return rv; | |
2502 } | |
2503 | |
2504 int SSLClientSocketNSS::Core::DoGetDomainBoundCert( | |
2505 const std::string& origin, | |
2506 const std::vector<uint8>& requested_cert_types) { | |
2507 DCHECK(OnNetworkTaskRunner()); | |
2508 | |
2509 if (detached_) | |
2510 return ERR_FAILED; | |
2511 | |
2512 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL); | |
2513 | |
2514 int rv = server_bound_cert_service_->GetDomainBoundCert( | |
2515 origin, | |
2516 requested_cert_types, | |
2517 &domain_bound_cert_type_, | |
2518 &domain_bound_private_key_, | |
2519 &domain_bound_cert_, | |
2520 base::Bind(&Core::OnGetDomainBoundCertComplete, base::Unretained(this)), | |
2521 &domain_bound_cert_request_handle_); | |
2522 | |
2523 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { | |
2524 nss_task_runner_->PostTask( | |
2525 FROM_HERE, | |
2526 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); | |
2527 return ERR_IO_PENDING; | |
2528 } | |
2529 | |
2530 return rv; | |
2531 } | |
2532 | |
2533 void SSLClientSocketNSS::Core::OnConnectionStateUpdated( | |
2534 const ConnectionState& state) { | |
2535 network_connection_state_ = state; | |
2536 } | |
2537 | |
2538 void SSLClientSocketNSS::Core::BufferSendComplete(int result) { | |
2539 if (!OnNSSTaskRunner()) { | |
2540 if (detached_) | |
2541 return; | |
2542 | |
2543 nss_task_runner_->PostTask( | |
2544 FROM_HERE, base::Bind(&Core::BufferSendComplete, this, result)); | |
2545 return; | |
2546 } | |
2547 | |
2548 DCHECK(OnNSSTaskRunner()); | |
2549 | |
2550 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result)); | |
2551 transport_send_busy_ = false; | |
2552 OnSendComplete(result); | |
2553 } | |
2554 | |
2555 void SSLClientSocketNSS::Core::OnHandshakeIOComplete(int result) { | |
2556 if (!OnNSSTaskRunner()) { | |
2557 if (detached_) | |
2558 return; | |
2559 | |
2560 nss_task_runner_->PostTask( | |
2561 FROM_HERE, base::Bind(&Core::OnHandshakeIOComplete, this, result)); | |
2562 return; | |
2563 } | |
2564 | |
2565 DCHECK(OnNSSTaskRunner()); | |
2566 | |
2567 int rv = DoHandshakeLoop(result); | |
2568 if (rv != ERR_IO_PENDING) | |
2569 DoConnectCallback(rv); | |
2570 } | |
2571 | |
2572 void SSLClientSocketNSS::Core::OnGetDomainBoundCertComplete(int result) { | |
2573 DCHECK(OnNetworkTaskRunner()); | |
2574 | |
2575 domain_bound_cert_request_handle_ = NULL; | |
2576 OnHandshakeIOComplete(result); | |
2577 } | |
2578 | |
2579 void SSLClientSocketNSS::Core::BufferRecvComplete( | |
2580 IOBuffer* read_buffer, | |
2581 int result) { | |
2582 DCHECK(read_buffer); | |
2583 | |
2584 if (!OnNSSTaskRunner()) { | |
2585 if (detached_) | |
2586 return; | |
2587 | |
2588 nss_task_runner_->PostTask( | |
2589 FROM_HERE, base::Bind(&Core::BufferRecvComplete, this, | |
2590 scoped_refptr<IOBuffer>(read_buffer), result)); | |
2591 return; | |
2592 } | |
2593 | |
2594 DCHECK(OnNSSTaskRunner()); | |
2595 | |
2596 if (result > 0) { | |
2597 char* buf; | |
2598 int nb = memio_GetReadParams(nss_bufs_, &buf); | |
2599 CHECK_GE(nb, result); | |
2600 memcpy(buf, read_buffer->data(), result); | |
2601 } else if (result == 0) { | |
2602 transport_recv_eof_ = true; | |
2603 } | |
2604 | |
2605 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result)); | |
2606 transport_recv_busy_ = false; | |
2607 OnRecvComplete(result); | |
2608 } | |
2609 | |
2610 void SSLClientSocketNSS::Core::PostOrRunCallback( | |
2611 const tracked_objects::Location& location, | |
2612 const base::Closure& task) { | |
2613 if (!OnNetworkTaskRunner()) { | |
2614 network_task_runner_->PostTask( | |
2615 FROM_HERE, | |
2616 base::Bind(&Core::PostOrRunCallback, this, | |
2617 location, task)); | |
Ryan Sleevi
2012/05/31 06:28:26
Turns out this was defeating the whole purpose of
| |
2618 return; | |
2619 } | |
2620 | |
2621 DCHECK(OnNetworkTaskRunner()); | |
2622 | |
2623 if (detached_ || task.is_null()) | |
2624 return; | |
2625 task.Run(); | |
2626 } | |
2627 | |
2628 SSLClientSocketNSS::SSLClientSocketNSS( | |
2629 base::SingleThreadTaskRunner* network_task_runner, | |
2630 base::SingleThreadTaskRunner* nss_task_runner, | |
2631 ClientSocketHandle* transport_socket, | |
2632 const HostPortPair& host_and_port, | |
2633 const SSLConfig& ssl_config, | |
2634 SSLHostInfo* ssl_host_info, | |
2635 const SSLClientSocketContext& context) | |
2636 : network_task_runner_(network_task_runner), | |
2637 nss_task_runner_(nss_task_runner), | |
2638 transport_(transport_socket), | |
2639 host_and_port_(host_and_port), | |
2640 ssl_config_(ssl_config), | |
2641 server_cert_verify_result_(NULL), | |
2642 cert_verifier_(context.cert_verifier), | |
2643 server_bound_cert_service_(context.server_bound_cert_service), | |
2644 ssl_session_cache_shard_(context.ssl_session_cache_shard), | |
2645 completed_handshake_(false), | |
2646 next_handshake_state_(STATE_NONE), | |
2647 nss_fd_(NULL), | |
2648 net_log_(transport_socket->socket()->NetLog()), | |
2649 ssl_host_info_(ssl_host_info), | |
2650 transport_security_state_(context.transport_security_state), | |
2651 valid_thread_id_(base::kInvalidThreadId) { | |
2652 EnterFunction(""); | |
2653 InitCore(); | |
2654 LeaveFunction(""); | |
2655 } | |
2656 | |
2657 SSLClientSocketNSS::~SSLClientSocketNSS() { | |
2658 EnterFunction(""); | |
2659 Disconnect(); | |
2660 LeaveFunction(""); | |
2661 } | |
2662 | |
2556 // static | 2663 // static |
2557 // NSS calls this when handshake is completed. | 2664 void SSLClientSocket::ClearSessionCache() { |
2558 // After the SSL handshake is finished, use CertVerifier to verify | 2665 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't |
2559 // the saved server certificate. | 2666 // bother initializing NSS just to clear an empty SSL session cache. |
2560 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, | 2667 if (!NSS_IsInitialized()) |
2561 void* arg) { | 2668 return; |
2562 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 2669 |
2563 | 2670 SSL_ClearSessionCache(); |
2564 that->handshake_callback_called_ = true; | 2671 } |
2565 | 2672 |
2566 that->RecordDomainBoundCertSupport(); | 2673 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { |
2567 that->UpdateServerCert(); | 2674 EnterFunction(""); |
2568 that->UpdateConnectionStatus(); | 2675 ssl_info->Reset(); |
2569 } | 2676 if (core_->state().server_cert_chain.size() == 0 || |
2570 | 2677 !core_->state().server_cert_chain[0]) { |
2571 // NextProtoCallback is called by NSS during the handshake, if the server | 2678 return; |
2572 // supports NPN, to select a protocol from the list that the server offered. | 2679 } |
2573 // See the comment in net/third_party/nss/ssl/ssl.h for the meanings of the | 2680 |
2574 // arguments. | 2681 ssl_info->cert_status = server_cert_verify_result_->cert_status; |
2575 // static | 2682 ssl_info->cert = server_cert_verify_result_->verified_cert; |
2576 SECStatus | 2683 ssl_info->connection_status = |
2577 SSLClientSocketNSS::NextProtoCallback(void* arg, | 2684 core_->state().ssl_connection_status; |
2578 PRFileDesc* nss_fd, | 2685 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; |
2579 const unsigned char* protos, | 2686 for (std::vector<SHA1Fingerprint>::const_iterator |
2580 unsigned int protos_len, | 2687 i = side_pinned_public_keys_.begin(); |
2581 unsigned char* proto_out, | 2688 i != side_pinned_public_keys_.end(); i++) { |
2582 unsigned int* proto_out_len, | 2689 ssl_info->public_key_hashes.push_back(*i); |
2583 unsigned int proto_max_len) { | 2690 } |
2584 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 2691 ssl_info->is_issued_by_known_root = |
2585 | 2692 server_cert_verify_result_->is_issued_by_known_root; |
2586 // For each protocol in server preference, see if we support it. | 2693 ssl_info->client_cert_sent = WasDomainBoundCertSent() || |
2587 for (unsigned int i = 0; i < protos_len; ) { | 2694 (ssl_config_.send_client_cert && ssl_config_.client_cert); |
2588 const size_t len = protos[i]; | 2695 |
2589 for (std::vector<std::string>::const_iterator | 2696 PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite( |
2590 j = that->ssl_config_.next_protos.begin(); | 2697 core_->state().ssl_connection_status); |
2591 j != that->ssl_config_.next_protos.end(); j++) { | 2698 SSLCipherSuiteInfo cipher_info; |
2592 // Having very long elements in the |next_protos| vector isn't a disaster | 2699 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, |
2593 // because they'll never be selected, but it does indicate an error | 2700 &cipher_info, sizeof(cipher_info)); |
2594 // somewhere. | 2701 if (ok == SECSuccess) { |
2595 DCHECK_LT(j->size(), 256u); | 2702 ssl_info->security_bits = cipher_info.effectiveKeyBits; |
2596 | 2703 } else { |
2597 if (j->size() == len && | 2704 ssl_info->security_bits = -1; |
2598 memcmp(&protos[i + 1], j->data(), len) == 0) { | 2705 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() |
2599 that->next_proto_status_ = kNextProtoNegotiated; | 2706 << " for cipherSuite " << cipher_suite; |
2600 that->next_proto_ = *j; | 2707 } |
2708 | |
2709 ssl_info->handshake_type = core_->state().resumed_handshake ? | |
2710 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL; | |
2711 | |
2712 LeaveFunction(""); | |
2713 } | |
2714 | |
2715 void SSLClientSocketNSS::GetSSLCertRequestInfo( | |
2716 SSLCertRequestInfo* cert_request_info) { | |
2717 EnterFunction(""); | |
2718 // TODO(rch): switch SSLCertRequestInfo.host_and_port to a HostPortPair | |
2719 cert_request_info->host_and_port = host_and_port_.ToString(); | |
2720 cert_request_info->client_certs = core_->state().client_certs; | |
2721 LeaveFunction(cert_request_info->client_certs.size()); | |
2722 } | |
2723 | |
2724 int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, | |
2725 bool has_context, | |
2726 const base::StringPiece& context, | |
2727 unsigned char* out, | |
2728 unsigned int outlen) { | |
2729 if (!IsConnected()) | |
2730 return ERR_SOCKET_NOT_CONNECTED; | |
2731 | |
2732 // SSL_ExportKeyingMaterial may block the current thread if |core_| is in | |
2733 // the midst of a handshake. | |
2734 SECStatus result = SSL_ExportKeyingMaterial( | |
2735 nss_fd_, label.data(), label.size(), has_context, | |
2736 reinterpret_cast<const unsigned char*>(context.data()), | |
2737 context.length(), out, outlen); | |
2738 if (result != SECSuccess) { | |
2739 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); | |
2740 return MapNSSError(PORT_GetError()); | |
2741 } | |
2742 return OK; | |
2743 } | |
2744 | |
2745 SSLClientSocket::NextProtoStatus | |
2746 SSLClientSocketNSS::GetNextProto(std::string* proto, | |
2747 std::string* server_protos) { | |
2748 *proto = core_->state().next_proto; | |
2749 *server_protos = core_->state().server_protos; | |
2750 return core_->state().next_proto_status; | |
2751 } | |
2752 | |
2753 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) { | |
2754 EnterFunction(""); | |
2755 DCHECK(transport_.get()); | |
2756 DCHECK(next_handshake_state_ == STATE_NONE); | |
2757 DCHECK(user_connect_callback_.is_null()); | |
2758 | |
2759 EnsureThreadIdAssigned(); | |
2760 | |
2761 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL); | |
2762 | |
2763 int rv = Init(); | |
2764 if (rv != OK) { | |
2765 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2766 return rv; | |
2767 } | |
2768 | |
2769 rv = InitializeSSLOptions(); | |
2770 if (rv != OK) { | |
2771 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2772 return rv; | |
2773 } | |
2774 | |
2775 rv = InitializeSSLPeerName(); | |
2776 if (rv != OK) { | |
2777 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2778 return rv; | |
2779 } | |
2780 | |
2781 if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) { | |
2782 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
2783 } else { | |
2784 GotoState(STATE_HANDSHAKE); | |
2785 } | |
2786 | |
2787 rv = DoHandshakeLoop(OK); | |
2788 if (rv == ERR_IO_PENDING) { | |
2789 user_connect_callback_ = callback; | |
2790 } else { | |
2791 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
2792 } | |
2793 | |
2794 LeaveFunction(""); | |
2795 return rv > OK ? OK : rv; | |
2796 } | |
2797 | |
2798 void SSLClientSocketNSS::Disconnect() { | |
2799 EnterFunction(""); | |
2800 | |
2801 CHECK(CalledOnValidThread()); | |
2802 | |
2803 // Shut down anything that may call us back. | |
2804 core_->Detach(); | |
2805 verifier_.reset(); | |
2806 transport_->socket()->Disconnect(); | |
2807 | |
2808 // Reset object state. | |
2809 user_connect_callback_.Reset(); | |
2810 local_server_cert_verify_result_.Reset(); | |
2811 server_cert_verify_result_ = NULL; | |
2812 completed_handshake_ = false; | |
2813 start_cert_verification_time_ = base::TimeTicks(); | |
2814 InitCore(); | |
2815 | |
2816 LeaveFunction(""); | |
2817 } | |
2818 | |
2819 bool SSLClientSocketNSS::IsConnected() const { | |
2820 // Ideally, we should also check if we have received the close_notify alert | |
2821 // message from the server, and return false in that case. We're not doing | |
2822 // that, so this function may return a false positive. Since the upper | |
2823 // layer (HttpNetworkTransaction) needs to handle a persistent connection | |
2824 // closed by the server when we send a request anyway, a false positive in | |
2825 // exchange for simpler code is a good trade-off. | |
2826 EnterFunction(""); | |
2827 bool ret = completed_handshake_ && transport_->socket()->IsConnected(); | |
2828 LeaveFunction(""); | |
2829 return ret; | |
2830 } | |
2831 | |
2832 bool SSLClientSocketNSS::IsConnectedAndIdle() const { | |
2833 // Unlike IsConnected, this method doesn't return a false positive. | |
2834 // | |
2835 // Strictly speaking, we should check if we have received the close_notify | |
2836 // alert message from the server, and return false in that case. Although | |
2837 // the close_notify alert message means EOF in the SSL layer, it is just | |
2838 // bytes to the transport layer below, so | |
2839 // transport_->socket()->IsConnectedAndIdle() returns the desired false | |
2840 // when we receive close_notify. | |
2841 EnterFunction(""); | |
2842 bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle(); | |
2843 LeaveFunction(""); | |
2844 return ret; | |
2845 } | |
2846 | |
2847 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const { | |
2848 return transport_->socket()->GetPeerAddress(address); | |
2849 } | |
2850 | |
2851 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const { | |
2852 return transport_->socket()->GetLocalAddress(address); | |
2853 } | |
2854 | |
2855 const BoundNetLog& SSLClientSocketNSS::NetLog() const { | |
2856 return net_log_; | |
2857 } | |
2858 | |
2859 void SSLClientSocketNSS::SetSubresourceSpeculation() { | |
2860 if (transport_.get() && transport_->socket()) { | |
2861 transport_->socket()->SetSubresourceSpeculation(); | |
2862 } else { | |
2863 NOTREACHED(); | |
2864 } | |
2865 } | |
2866 | |
2867 void SSLClientSocketNSS::SetOmniboxSpeculation() { | |
2868 if (transport_.get() && transport_->socket()) { | |
2869 transport_->socket()->SetOmniboxSpeculation(); | |
2870 } else { | |
2871 NOTREACHED(); | |
2872 } | |
2873 } | |
2874 | |
2875 bool SSLClientSocketNSS::WasEverUsed() const { | |
2876 if (transport_.get() && transport_->socket()) { | |
2877 return transport_->socket()->WasEverUsed(); | |
2878 } | |
2879 NOTREACHED(); | |
2880 return false; | |
2881 } | |
2882 | |
2883 bool SSLClientSocketNSS::UsingTCPFastOpen() const { | |
2884 if (transport_.get() && transport_->socket()) { | |
2885 return transport_->socket()->UsingTCPFastOpen(); | |
2886 } | |
2887 NOTREACHED(); | |
2888 return false; | |
2889 } | |
2890 | |
2891 int64 SSLClientSocketNSS::NumBytesRead() const { | |
2892 if (transport_.get() && transport_->socket()) { | |
2893 return transport_->socket()->NumBytesRead(); | |
2894 } | |
2895 NOTREACHED(); | |
2896 return -1; | |
2897 } | |
2898 | |
2899 base::TimeDelta SSLClientSocketNSS::GetConnectTimeMicros() const { | |
2900 if (transport_.get() && transport_->socket()) { | |
2901 return transport_->socket()->GetConnectTimeMicros(); | |
2902 } | |
2903 NOTREACHED(); | |
2904 return base::TimeDelta::FromMicroseconds(-1); | |
2905 } | |
2906 | |
2907 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, | |
2908 const CompletionCallback& callback) { | |
2909 DCHECK(core_); | |
2910 | |
2911 EnterFunction(buf_len); | |
2912 int rv = core_->Read(buf, buf_len, callback); | |
2913 LeaveFunction(rv); | |
2914 | |
2915 return rv; | |
2916 } | |
2917 | |
2918 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, | |
2919 const CompletionCallback& callback) { | |
2920 DCHECK(core_); | |
2921 | |
2922 EnterFunction(buf_len); | |
2923 int rv = core_->Write(buf, buf_len, callback); | |
2924 LeaveFunction(rv); | |
2925 | |
2926 return rv; | |
2927 } | |
2928 | |
2929 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { | |
2930 return transport_->socket()->SetReceiveBufferSize(size); | |
2931 } | |
2932 | |
2933 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) { | |
2934 return transport_->socket()->SetSendBufferSize(size); | |
2935 } | |
2936 | |
2937 int SSLClientSocketNSS::Init() { | |
2938 EnterFunction(""); | |
2939 // Initialize the NSS SSL library in a threadsafe way. This also | |
2940 // initializes the NSS base library. | |
2941 EnsureNSSSSLInit(); | |
2942 if (!NSS_IsInitialized()) | |
2943 return ERR_UNEXPECTED; | |
2944 #if !defined(OS_MACOSX) && !defined(OS_WIN) | |
2945 if (ssl_config_.cert_io_enabled) { | |
2946 // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO | |
2947 // loop by MessageLoopForIO::current(). | |
2948 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | |
2949 EnsureNSSHttpIOInit(); | |
2950 } | |
2951 #endif | |
2952 | |
2953 LeaveFunction(""); | |
2954 return OK; | |
2955 } | |
2956 | |
2957 void SSLClientSocketNSS::InitCore() { | |
2958 core_ = new Core(network_task_runner_, nss_task_runner_, transport_.get(), | |
2959 host_and_port_, ssl_config_, &net_log_, | |
2960 server_bound_cert_service_); | |
2961 } | |
2962 | |
2963 int SSLClientSocketNSS::InitializeSSLOptions() { | |
2964 // Transport connected, now hook it up to nss | |
2965 // TODO(port): specify rx and tx buffer sizes separately | |
2966 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | |
2967 if (nss_fd_ == NULL) { | |
2968 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | |
2969 } | |
2970 | |
2971 // Grab pointer to buffers | |
2972 memio_Private* nss_bufs = memio_GetSecret(nss_fd_); | |
2973 | |
2974 /* Create SSL state machine */ | |
2975 /* Push SSL onto our fake I/O socket */ | |
2976 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | |
2977 if (nss_fd_ == NULL) { | |
2978 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); | |
2979 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. | |
2980 } | |
2981 // TODO(port): set more ssl options! Check errors! | |
2982 | |
2983 int rv; | |
2984 | |
2985 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); | |
2986 if (rv != SECSuccess) { | |
2987 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); | |
2988 return ERR_UNEXPECTED; | |
2989 } | |
2990 | |
2991 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); | |
2992 if (rv != SECSuccess) { | |
2993 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); | |
2994 return ERR_UNEXPECTED; | |
2995 } | |
2996 | |
2997 // Don't do V2 compatible hellos because they don't support TLS extensions. | |
2998 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE); | |
2999 if (rv != SECSuccess) { | |
3000 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO"); | |
3001 return ERR_UNEXPECTED; | |
3002 } | |
3003 | |
3004 SSLVersionRange version_range; | |
3005 version_range.min = ssl_config_.version_min; | |
3006 version_range.max = ssl_config_.version_max; | |
3007 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | |
3008 if (rv != SECSuccess) { | |
3009 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | |
3010 return ERR_NO_SSL_VERSIONS_ENABLED; | |
3011 } | |
3012 | |
3013 for (std::vector<uint16>::const_iterator it = | |
3014 ssl_config_.disabled_cipher_suites.begin(); | |
3015 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | |
3016 // This will fail if the specified cipher is not implemented by NSS, but | |
3017 // the failure is harmless. | |
3018 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | |
3019 } | |
3020 | |
3021 #ifdef SSL_ENABLE_SESSION_TICKETS | |
3022 // Support RFC 5077 | |
3023 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); | |
3024 if (rv != SECSuccess) { | |
3025 LogFailedNSSFunction( | |
3026 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); | |
3027 } | |
3028 #else | |
3029 #error "You need to install NSS-3.12 or later to build chromium" | |
3030 #endif | |
3031 | |
3032 #ifdef SSL_ENABLE_DEFLATE | |
3033 // Some web servers have been found to break if TLS is used *or* if DEFLATE | |
3034 // is advertised. Thus, if TLS is disabled (probably because we are doing | |
3035 // SSLv3 fallback), we disable DEFLATE also. | |
3036 // See http://crbug.com/31628 | |
3037 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, | |
3038 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1); | |
3039 if (rv != SECSuccess) | |
3040 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE"); | |
3041 #endif | |
3042 | |
3043 #ifdef SSL_ENABLE_FALSE_START | |
3044 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, | |
3045 ssl_config_.false_start_enabled); | |
3046 if (rv != SECSuccess) | |
3047 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); | |
3048 #endif | |
3049 | |
3050 #ifdef SSL_ENABLE_RENEGOTIATION | |
3051 // We allow servers to request renegotiation. Since we're a client, | |
3052 // prohibiting this is rather a waste of time. Only servers are in a | |
3053 // position to prevent renegotiation attacks. | |
3054 // http://extendedsubset.com/?p=8 | |
3055 | |
3056 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | |
3057 SSL_RENEGOTIATE_TRANSITIONAL); | |
3058 if (rv != SECSuccess) { | |
3059 LogFailedNSSFunction( | |
3060 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION"); | |
3061 } | |
3062 #endif // SSL_ENABLE_RENEGOTIATION | |
3063 | |
3064 #ifdef SSL_CBC_RANDOM_IV | |
3065 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, | |
3066 ssl_config_.false_start_enabled); | |
3067 if (rv != SECSuccess) | |
3068 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV"); | |
3069 #endif | |
3070 | |
3071 #ifdef SSL_ENABLE_OCSP_STAPLING | |
3072 if (IsOCSPStaplingSupported()) { | |
3073 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE); | |
3074 if (rv != SECSuccess) { | |
3075 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | |
3076 "SSL_ENABLE_OCSP_STAPLING"); | |
3077 } | |
3078 } | |
3079 #endif | |
3080 | |
3081 #ifdef SSL_ENABLE_CACHED_INFO | |
3082 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO, | |
3083 ssl_config_.cached_info_enabled); | |
3084 if (rv != SECSuccess) | |
3085 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO"); | |
3086 #endif | |
3087 | |
3088 #ifdef SSL_ENABLE_OB_CERTS | |
3089 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS, | |
3090 ssl_config_.domain_bound_certs_enabled); | |
3091 if (rv != SECSuccess) | |
3092 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS"); | |
3093 #endif | |
3094 | |
3095 #ifdef SSL_ENCRYPT_CLIENT_CERTS | |
3096 // For now, enable the encrypted client certificates extension only if | |
3097 // server-bound certificates are enabled. | |
3098 rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS, | |
3099 ssl_config_.domain_bound_certs_enabled); | |
3100 if (rv != SECSuccess) | |
3101 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS"); | |
3102 #endif | |
3103 | |
3104 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | |
3105 if (rv != SECSuccess) { | |
3106 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | |
3107 return ERR_UNEXPECTED; | |
3108 } | |
3109 | |
3110 rv = core_->Init(nss_fd_, nss_bufs); | |
3111 if (rv != SECSuccess) | |
3112 return ERR_UNEXPECTED; | |
3113 | |
3114 // Tell SSL the hostname we're trying to connect to. | |
3115 SSL_SetURL(nss_fd_, host_and_port_.host().c_str()); | |
3116 | |
3117 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | |
3118 SSL_ResetHandshake(nss_fd_, PR_FALSE); | |
3119 | |
3120 return OK; | |
3121 } | |
3122 | |
3123 int SSLClientSocketNSS::InitializeSSLPeerName() { | |
3124 // Tell NSS who we're connected to | |
3125 AddressList peer_address; | |
3126 int err = transport_->socket()->GetPeerAddress(&peer_address); | |
3127 if (err != OK) | |
3128 return err; | |
3129 | |
3130 SockaddrStorage storage; | |
3131 if (!peer_address.front().ToSockAddr(storage.addr, &storage.addr_len)) | |
3132 return ERR_UNEXPECTED; | |
3133 | |
3134 PRNetAddr peername; | |
3135 memset(&peername, 0, sizeof(peername)); | |
3136 DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername)); | |
3137 size_t len = std::min(static_cast<size_t>(storage.addr_len), | |
3138 sizeof(peername)); | |
3139 memcpy(&peername, storage.addr, len); | |
3140 | |
3141 // Adjust the address family field for BSD, whose sockaddr | |
3142 // structure has a one-byte length and one-byte address family | |
3143 // field at the beginning. PRNetAddr has a two-byte address | |
3144 // family field at the beginning. | |
3145 peername.raw.family = storage.addr->sa_family; | |
3146 | |
3147 memio_SetPeerName(nss_fd_, &peername); | |
3148 | |
3149 // Set the peer ID for session reuse. This is necessary when we create an | |
3150 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address | |
3151 // rather than the destination server's address in that case. | |
3152 std::string peer_id = host_and_port_.ToString(); | |
3153 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id. | |
3154 // This will cause session cache misses between sockets with different values | |
3155 // of ssl_session_cache_shard_ and this is used to partition the session cache | |
3156 // for incognito mode. | |
3157 if (!ssl_session_cache_shard_.empty()) { | |
3158 peer_id += "/" + ssl_session_cache_shard_; | |
3159 } | |
3160 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | |
3161 if (rv != SECSuccess) | |
3162 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); | |
3163 | |
3164 return OK; | |
3165 } | |
3166 | |
3167 void SSLClientSocketNSS::DoConnectCallback(int rv) { | |
3168 EnterFunction(rv); | |
3169 DCHECK_NE(ERR_IO_PENDING, rv); | |
3170 DCHECK(!user_connect_callback_.is_null()); | |
3171 | |
3172 base::ResetAndReturn(&user_connect_callback_).Run(rv > OK ? OK : rv); | |
3173 LeaveFunction(""); | |
3174 } | |
3175 | |
3176 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { | |
3177 EnterFunction(result); | |
3178 int rv = DoHandshakeLoop(result); | |
3179 if (rv != ERR_IO_PENDING) { | |
3180 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
3181 DoConnectCallback(rv); | |
3182 } | |
3183 LeaveFunction(""); | |
3184 } | |
3185 | |
3186 void SSLClientSocketNSS::LoadSSLHostInfo() { | |
3187 const SSLHostInfo::State& state(ssl_host_info_->state()); | |
3188 | |
3189 if (state.certs.empty()) | |
3190 return; | |
3191 | |
3192 const std::vector<std::string>& certs_in = state.certs; | |
3193 core_->SetPredictedCertificates(certs_in); | |
3194 } | |
3195 | |
3196 int SSLClientSocketNSS::DoLoadSSLHostInfo() { | |
3197 EnterFunction(""); | |
3198 int rv = ssl_host_info_->WaitForDataReady( | |
3199 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3200 base::Unretained(this))); | |
3201 GotoState(STATE_HANDSHAKE); | |
3202 | |
3203 if (rv == OK) { | |
3204 LoadSSLHostInfo(); | |
3205 } else { | |
3206 DCHECK_EQ(ERR_IO_PENDING, rv); | |
3207 GotoState(STATE_LOAD_SSL_HOST_INFO); | |
3208 } | |
3209 | |
3210 LeaveFunction(""); | |
3211 return rv; | |
3212 } | |
3213 | |
3214 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { | |
3215 EnterFunction(last_io_result); | |
3216 int rv = last_io_result; | |
3217 do { | |
3218 // Default to STATE_NONE for next state. | |
3219 // (This is a quirk carried over from the windows | |
3220 // implementation. It makes reading the logs a bit harder.) | |
3221 // State handlers can and often do call GotoState just | |
3222 // to stay in the current state. | |
3223 State state = next_handshake_state_; | |
3224 GotoState(STATE_NONE); | |
3225 switch (state) { | |
3226 case STATE_LOAD_SSL_HOST_INFO: | |
3227 DCHECK(rv == OK || rv == ERR_IO_PENDING); | |
3228 rv = DoLoadSSLHostInfo(); | |
2601 break; | 3229 break; |
3230 case STATE_HANDSHAKE: | |
3231 rv = DoHandshake(); | |
3232 break; | |
3233 case STATE_HANDSHAKE_COMPLETE: | |
3234 rv = DoHandshakeComplete(rv); | |
3235 break; | |
3236 case STATE_VERIFY_DNSSEC: | |
3237 rv = DoVerifyDNSSEC(rv); | |
3238 break; | |
3239 case STATE_VERIFY_CERT: | |
3240 DCHECK(rv == OK); | |
3241 rv = DoVerifyCert(rv); | |
3242 break; | |
3243 case STATE_VERIFY_CERT_COMPLETE: | |
3244 rv = DoVerifyCertComplete(rv); | |
3245 break; | |
3246 case STATE_NONE: | |
3247 default: | |
3248 rv = ERR_UNEXPECTED; | |
3249 LOG(DFATAL) << "unexpected state " << state; | |
3250 break; | |
3251 } | |
3252 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); | |
3253 LeaveFunction(""); | |
3254 return rv; | |
3255 } | |
3256 | |
3257 int SSLClientSocketNSS::DoHandshake() { | |
3258 EnterFunction(""); | |
3259 int rv = core_->Connect( | |
3260 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3261 base::Unretained(this))); | |
3262 GotoState(STATE_HANDSHAKE_COMPLETE); | |
3263 | |
3264 LeaveFunction(rv); | |
3265 return rv; | |
3266 } | |
3267 | |
3268 int SSLClientSocketNSS::DoHandshakeComplete(int result) { | |
3269 EnterFunction(result); | |
3270 | |
3271 if (result == OK) { | |
3272 SaveSSLHostInfo(); | |
3273 // SSL handshake is completed. Let's verify the certificate. | |
3274 GotoState(STATE_VERIFY_DNSSEC); | |
3275 // Done! | |
3276 } | |
3277 if (core_->state().domain_bound_cert_type != CLIENT_CERT_INVALID_TYPE) | |
3278 set_domain_bound_cert_type(core_->state().domain_bound_cert_type); | |
3279 | |
3280 LeaveFunction(result); | |
3281 return result; | |
3282 } | |
3283 | |
3284 | |
3285 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) { | |
3286 DCHECK_GT(core_->state().server_cert_chain.size(), 0u); | |
3287 DCHECK(core_->state().server_cert_chain[0]); | |
3288 | |
3289 DNSValidationResult r = CheckDNSSECChain( | |
3290 host_and_port_.host(), core_->state().server_cert_chain[0], | |
3291 host_and_port_.port()); | |
3292 if (r == DNSVR_SUCCESS) { | |
3293 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; | |
3294 local_server_cert_verify_result_.verified_cert = | |
3295 core_->state().server_cert; | |
3296 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3297 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
3298 return OK; | |
3299 } | |
3300 | |
3301 GotoState(STATE_VERIFY_CERT); | |
3302 | |
3303 return OK; | |
3304 } | |
3305 | |
3306 int SSLClientSocketNSS::DoVerifyCert(int result) { | |
3307 DCHECK_GT(core_->state().server_cert_chain.size(), 0u); | |
3308 DCHECK(core_->state().server_cert_chain[0]); | |
3309 | |
3310 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
3311 | |
3312 // If the certificate is expected to be bad we can use the expectation as | |
3313 // the cert status. | |
3314 base::StringPiece der_cert( | |
3315 reinterpret_cast<char*>( | |
3316 core_->state().server_cert_chain[0]->derCert.data), | |
3317 core_->state().server_cert_chain[0]->derCert.len); | |
3318 CertStatus cert_status; | |
3319 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | |
3320 DCHECK(start_cert_verification_time_.is_null()); | |
3321 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | |
3322 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3323 local_server_cert_verify_result_.Reset(); | |
3324 local_server_cert_verify_result_.cert_status = cert_status; | |
3325 local_server_cert_verify_result_.verified_cert = | |
3326 core_->state().server_cert; | |
3327 return OK; | |
3328 } | |
3329 | |
3330 // We may have failed to create X509Certificate object if we are | |
3331 // running inside sandbox. | |
3332 if (!core_->state().server_cert) { | |
3333 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3334 local_server_cert_verify_result_.Reset(); | |
3335 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | |
3336 return ERR_CERT_INVALID; | |
3337 } | |
3338 | |
3339 start_cert_verification_time_ = base::TimeTicks::Now(); | |
3340 | |
3341 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() && | |
3342 core_->state().predicted_cert_chain_correct) { | |
3343 // If the SSLHostInfo had a prediction for the certificate chain of this | |
3344 // server then it will have optimistically started a verification of that | |
3345 // chain. So, if the prediction was correct, we should wait for that | |
3346 // verification to finish rather than start our own. | |
3347 net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL); | |
3348 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2); | |
3349 base::TimeTicks end_time = ssl_host_info_->verification_end_time(); | |
3350 if (end_time.is_null()) | |
3351 end_time = base::TimeTicks::Now(); | |
3352 UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved", | |
3353 end_time - ssl_host_info_->verification_start_time()); | |
3354 server_cert_verify_result_ = &ssl_host_info_->cert_verify_result(); | |
3355 return ssl_host_info_->WaitForCertVerification( | |
3356 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3357 base::Unretained(this))); | |
3358 } else { | |
3359 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | |
3360 } | |
3361 | |
3362 int flags = 0; | |
3363 if (ssl_config_.rev_checking_enabled) | |
3364 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | |
3365 if (ssl_config_.verify_ev_cert) | |
3366 flags |= X509Certificate::VERIFY_EV_CERT; | |
3367 if (ssl_config_.cert_io_enabled) | |
3368 flags |= X509Certificate::VERIFY_CERT_IO_ENABLED; | |
3369 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | |
3370 server_cert_verify_result_ = &local_server_cert_verify_result_; | |
3371 return verifier_->Verify( | |
3372 core_->state().server_cert, host_and_port_.host(), flags, | |
3373 SSLConfigService::GetCRLSet(), &local_server_cert_verify_result_, | |
3374 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | |
3375 base::Unretained(this)), | |
3376 net_log_); | |
3377 } | |
3378 | |
3379 // Derived from AuthCertificateCallback() in | |
3380 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | |
3381 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | |
3382 verifier_.reset(); | |
3383 | |
3384 if (!start_cert_verification_time_.is_null()) { | |
3385 base::TimeDelta verify_time = | |
3386 base::TimeTicks::Now() - start_cert_verification_time_; | |
3387 if (result == OK) | |
3388 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | |
3389 else | |
3390 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | |
3391 } | |
3392 | |
3393 // We used to remember the intermediate CA certs in the NSS database | |
3394 // persistently. However, NSS opens a connection to the SQLite database | |
3395 // during NSS initialization and doesn't close the connection until NSS | |
3396 // shuts down. If the file system where the database resides is gone, | |
3397 // the database connection goes bad. What's worse, the connection won't | |
3398 // recover when the file system comes back. Until this NSS or SQLite bug | |
3399 // is fixed, we need to avoid using the NSS database for non-essential | |
3400 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and | |
3401 // http://crbug.com/15630 for more info. | |
3402 | |
3403 // TODO(hclam): Skip logging if server cert was expected to be bad because | |
3404 // |server_cert_verify_result_| doesn't contain all the information about | |
3405 // the cert. | |
3406 if (result == OK) | |
3407 LogConnectionTypeMetrics(); | |
3408 | |
3409 completed_handshake_ = true; | |
3410 | |
3411 #if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID) | |
3412 // Take care of any mandates for public key pinning. | |
3413 // | |
3414 // Pinning is only enabled for official builds to make sure that others don't | |
3415 // end up with pins that cannot be easily updated. | |
3416 // | |
3417 // TODO(agl): we might have an issue here where a request for foo.example.com | |
3418 // merges into a SPDY connection to www.example.com, and gets a different | |
3419 // certificate. | |
3420 | |
3421 const CertStatus cert_status = server_cert_verify_result_->cert_status; | |
3422 if ((result == OK || (IsCertificateError(result) && | |
3423 IsCertStatusMinorError(cert_status))) && | |
3424 server_cert_verify_result_->is_issued_by_known_root && | |
3425 transport_security_state_) { | |
3426 bool sni_available = | |
3427 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | |
3428 ssl_config_.version_fallback; | |
3429 const std::string& host = host_and_port_.host(); | |
3430 | |
3431 TransportSecurityState::DomainState domain_state; | |
3432 if (transport_security_state_->GetDomainState(host, sni_available, | |
3433 &domain_state) && | |
3434 domain_state.HasPins()) { | |
3435 if (!domain_state.IsChainOfPublicKeysPermitted( | |
3436 server_cert_verify_result_->public_key_hashes)) { | |
3437 const base::Time build_time = base::GetBuildTime(); | |
3438 // Pins are not enforced if the build is sufficiently old. Chrome | |
3439 // users should get updates every six weeks or so, but it's possible | |
3440 // that some users will stop getting updates for some reason. We | |
3441 // don't want those users building up as a pool of people with bad | |
3442 // pins. | |
3443 if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) { | |
3444 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | |
3445 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | |
3446 TransportSecurityState::ReportUMAOnPinFailure(host); | |
3447 } | |
3448 } else { | |
3449 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | |
2602 } | 3450 } |
2603 } | 3451 } |
2604 | 3452 } |
2605 if (that->next_proto_status_ == kNextProtoNegotiated) | 3453 #endif |
3454 | |
3455 // Exit DoHandshakeLoop and return the result to the caller to Connect. | |
3456 DCHECK(next_handshake_state_ == STATE_NONE); | |
3457 return result; | |
3458 } | |
3459 | |
3460 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { | |
3461 UpdateConnectionTypeHistograms(CONNECTION_SSL); | |
3462 if (server_cert_verify_result_->has_md5) | |
3463 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); | |
3464 if (server_cert_verify_result_->has_md2) | |
3465 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); | |
3466 if (server_cert_verify_result_->has_md4) | |
3467 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); | |
3468 if (server_cert_verify_result_->has_md5_ca) | |
3469 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); | |
3470 if (server_cert_verify_result_->has_md2_ca) | |
3471 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | |
3472 int ssl_version = SSLConnectionStatusToVersion( | |
3473 core_->state().ssl_connection_status); | |
3474 switch (ssl_version) { | |
3475 case SSL_CONNECTION_VERSION_SSL2: | |
3476 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2); | |
2606 break; | 3477 break; |
2607 | 3478 case SSL_CONNECTION_VERSION_SSL3: |
2608 // NSS checks that the data in |protos| is well formed, so we know that | 3479 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3); |
2609 // this doesn't cause us to jump off the end of the buffer. | 3480 break; |
2610 i += len + 1; | 3481 case SSL_CONNECTION_VERSION_TLS1: |
2611 } | 3482 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1); |
2612 | 3483 break; |
2613 that->server_protos_.assign( | 3484 case SSL_CONNECTION_VERSION_TLS1_1: |
2614 reinterpret_cast<const char*>(protos), protos_len); | 3485 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
2615 | 3486 break; |
2616 // If we didn't find a protocol, we select the first one from our list. | 3487 case SSL_CONNECTION_VERSION_TLS1_2: |
2617 if (that->next_proto_status_ != kNextProtoNegotiated) { | 3488 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
2618 that->next_proto_status_ = kNextProtoNoOverlap; | 3489 break; |
2619 that->next_proto_ = that->ssl_config_.next_protos[0]; | 3490 }; |
2620 } | 3491 } |
2621 | 3492 |
2622 if (that->next_proto_.size() > proto_max_len) { | 3493 // SaveSSLHostInfo saves the certificate chain of the connection so that we can |
2623 PORT_SetError(SEC_ERROR_OUTPUT_LEN); | 3494 // start verification faster in the future. |
2624 return SECFailure; | 3495 void SSLClientSocketNSS::SaveSSLHostInfo() { |
2625 } | 3496 if (!ssl_host_info_.get()) |
2626 memcpy(proto_out, that->next_proto_.data(), that->next_proto_.size()); | 3497 return; |
2627 *proto_out_len = that->next_proto_.size(); | 3498 |
2628 return SECSuccess; | 3499 // If the SSLHostInfo hasn't managed to load from disk yet then we can't save |
3500 // anything. | |
3501 if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK) | |
3502 return; | |
3503 | |
3504 SSLHostInfo::State* state = ssl_host_info_->mutable_state(); | |
3505 | |
3506 state->certs.clear(); | |
3507 const PeerCertificateChain& certs = core_->state().server_cert_chain; | |
3508 for (unsigned i = 0; i < certs.size(); i++) { | |
3509 if (certs[i] == NULL || | |
3510 certs[i]->derCert.len > std::numeric_limits<uint16>::max()) { | |
3511 return; | |
3512 } | |
3513 | |
3514 state->certs.push_back(std::string( | |
3515 reinterpret_cast<char*>(certs[i]->derCert.data), | |
3516 certs[i]->derCert.len)); | |
3517 } | |
3518 | |
3519 ssl_host_info_->Persist(); | |
2629 } | 3520 } |
2630 | 3521 |
2631 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { | 3522 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { |
2632 base::AutoLock auto_lock(lock_); | 3523 base::AutoLock auto_lock(lock_); |
2633 if (valid_thread_id_ != base::kInvalidThreadId) | 3524 if (valid_thread_id_ != base::kInvalidThreadId) |
2634 return; | 3525 return; |
2635 valid_thread_id_ = base::PlatformThread::CurrentId(); | 3526 valid_thread_id_ = base::PlatformThread::CurrentId(); |
2636 } | 3527 } |
2637 | 3528 |
2638 bool SSLClientSocketNSS::CalledOnValidThread() const { | 3529 bool SSLClientSocketNSS::CalledOnValidThread() const { |
2639 EnsureThreadIdAssigned(); | 3530 EnsureThreadIdAssigned(); |
2640 base::AutoLock auto_lock(lock_); | 3531 base::AutoLock auto_lock(lock_); |
2641 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3532 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
2642 } | 3533 } |
2643 | 3534 |
2644 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3535 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
2645 return server_bound_cert_service_; | 3536 return server_bound_cert_service_; |
2646 } | 3537 } |
2647 | 3538 |
2648 } // namespace net | 3539 } // namespace net |
OLD | NEW |