Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(216)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 10454066: Move the core state machine of SSLClientSocketNSS into a thread-safe Core (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Review feedback Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/socket/ssl_client_socket_nss.h ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
60 #include <sslerr.h> 60 #include <sslerr.h>
61 #include <sslproto.h> 61 #include <sslproto.h>
62 62
63 #include <algorithm> 63 #include <algorithm>
64 #include <limits> 64 #include <limits>
65 #include <map> 65 #include <map>
66 66
67 #include "base/bind.h" 67 #include "base/bind.h"
68 #include "base/bind_helpers.h" 68 #include "base/bind_helpers.h"
69 #include "base/build_time.h" 69 #include "base/build_time.h"
70 #include "base/callback_helpers.h"
70 #include "base/compiler_specific.h" 71 #include "base/compiler_specific.h"
71 #include "base/logging.h" 72 #include "base/logging.h"
72 #include "base/memory/singleton.h" 73 #include "base/memory/singleton.h"
73 #include "base/metrics/histogram.h" 74 #include "base/metrics/histogram.h"
75 #include "base/single_thread_task_runner.h"
76 #include "base/stl_util.h"
74 #include "base/string_number_conversions.h" 77 #include "base/string_number_conversions.h"
75 #include "base/string_util.h" 78 #include "base/string_util.h"
76 #include "base/stringprintf.h" 79 #include "base/stringprintf.h"
80 #include "base/thread_task_runner_handle.h"
77 #include "base/threading/thread_restrictions.h" 81 #include "base/threading/thread_restrictions.h"
78 #include "base/values.h" 82 #include "base/values.h"
79 #include "crypto/ec_private_key.h" 83 #include "crypto/ec_private_key.h"
80 #include "crypto/rsa_private_key.h" 84 #include "crypto/rsa_private_key.h"
81 #include "crypto/scoped_nss_types.h" 85 #include "crypto/scoped_nss_types.h"
82 #include "net/base/address_list.h" 86 #include "net/base/address_list.h"
83 #include "net/base/asn1_util.h" 87 #include "net/base/asn1_util.h"
84 #include "net/base/cert_status_flags.h" 88 #include "net/base/cert_status_flags.h"
85 #include "net/base/cert_verifier.h" 89 #include "net/base/cert_verifier.h"
86 #include "net/base/connection_type_histograms.h" 90 #include "net/base/connection_type_histograms.h"
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
239 if (!CertGetCertificateContextProperty( 243 if (!CertGetCertificateContextProperty(
240 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) { 244 cert_context, CERT_KEY_PROV_INFO_PROP_ID, NULL, &size)) {
241 return FALSE; 245 return FALSE;
242 } 246 }
243 247
244 return TRUE; 248 return TRUE;
245 } 249 }
246 250
247 #endif 251 #endif
248 252
249 // PeerCertificateChain is a helper object which extracts the certificate
250 // chain, as given by the server, from an NSS socket and performs the needed
251 // resource management. The first element of the chain is the leaf certificate
252 // and the other elements are in the order given by the server.
253 class PeerCertificateChain {
254 public:
255 explicit PeerCertificateChain(PRFileDesc* nss_fd)
256 : num_certs_(0),
257 certs_(NULL) {
258 SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_, 0);
259 DCHECK_EQ(rv, SECSuccess);
260
261 certs_ = new CERTCertificate*[num_certs_];
262 const unsigned expected_num_certs = num_certs_;
263 rv = SSL_PeerCertificateChain(nss_fd, certs_, &num_certs_,
264 expected_num_certs);
265 DCHECK_EQ(rv, SECSuccess);
266 DCHECK_EQ(num_certs_, expected_num_certs);
267 }
268
269 ~PeerCertificateChain() {
270 for (unsigned i = 0; i < num_certs_; i++)
271 CERT_DestroyCertificate(certs_[i]);
272 delete[] certs_;
273 }
274
275 unsigned size() const { return num_certs_; }
276
277 CERTCertificate* operator[](unsigned i) {
278 DCHECK_LT(i, num_certs_);
279 return certs_[i];
280 }
281
282 std::vector<base::StringPiece> AsStringPieceVector() const {
283 std::vector<base::StringPiece> v(size());
284 for (unsigned i = 0; i < size(); i++) {
285 v[i] = base::StringPiece(
286 reinterpret_cast<const char*>(certs_[i]->derCert.data),
287 certs_[i]->derCert.len);
288 }
289
290 return v;
291 }
292
293 private:
294 unsigned num_certs_;
295 CERTCertificate** certs_;
296 };
297
298 void DestroyCertificates(CERTCertificate** certs, unsigned len) {
299 for (unsigned i = 0; i < len; i++)
300 CERT_DestroyCertificate(certs[i]);
301 }
302
303 // DNSValidationResult enumerates the possible outcomes from processing a 253 // DNSValidationResult enumerates the possible outcomes from processing a
304 // set of DNS records. 254 // set of DNS records.
305 enum DNSValidationResult { 255 enum DNSValidationResult {
306 DNSVR_SUCCESS, // the cert is immediately acceptable. 256 DNSVR_SUCCESS, // the cert is immediately acceptable.
307 DNSVR_FAILURE, // the cert is unconditionally rejected. 257 DNSVR_FAILURE, // the cert is unconditionally rejected.
308 DNSVR_CONTINUE, // perform CA validation as usual. 258 DNSVR_CONTINUE, // perform CA validation as usual.
309 }; 259 };
310 260
311 // VerifyCAARecords processes DNSSEC validated RRDATA for a number of DNS CAA 261 // VerifyCAARecords processes DNSSEC validated RRDATA for a number of DNS CAA
312 // records and checks them against the given chain. 262 // records and checks them against the given chain.
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
352 } 302 }
353 } 303 }
354 } 304 }
355 305
356 // If a CAA record was found, but nothing matched, then we reject the 306 // If a CAA record was found, but nothing matched, then we reject the
357 // certificate. 307 // certificate.
358 return DNSVR_FAILURE; 308 return DNSVR_FAILURE;
359 } 309 }
360 310
361 // CheckDNSSECChain tries to validate a DNSSEC chain embedded in 311 // CheckDNSSECChain tries to validate a DNSSEC chain embedded in
362 // |server_cert_nss_|. It returns true iff a chain is found that proves the 312 // |server_cert_nss|. It returns true iff a chain is found that proves the
363 // value of a CAA record that contains a valid public key fingerprint. 313 // value of a CAA record that contains a valid public key fingerprint.
364 // |port| contains the TCP port number that we connected to as CAA records can 314 // |port| contains the TCP port number that we connected to as CAA records can
365 // be specific to a given port. 315 // be specific to a given port.
366 DNSValidationResult CheckDNSSECChain( 316 DNSValidationResult CheckDNSSECChain(
367 const std::string& hostname, 317 const std::string& hostname,
368 CERTCertificate* server_cert_nss, 318 CERTCertificate* server_cert_nss,
369 uint16 port) { 319 uint16 port) {
370 if (!server_cert_nss) 320 if (!server_cert_nss)
371 return DNSVR_CONTINUE; 321 return DNSVR_CONTINUE;
372 322
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
414 if (verifier.rrtype() != kDNS_CAA) 364 if (verifier.rrtype() != kDNS_CAA)
415 return DNSVR_CONTINUE; 365 return DNSVR_CONTINUE;
416 366
417 DNSValidationResult r = VerifyCAARecords( 367 DNSValidationResult r = VerifyCAARecords(
418 server_cert_nss, verifier.rrdatas(), port); 368 server_cert_nss, verifier.rrdatas(), port);
419 SECITEM_FreeItem(&dnssec_embedded_chain, PR_FALSE); 369 SECITEM_FreeItem(&dnssec_embedded_chain, PR_FALSE);
420 370
421 return r; 371 return r;
422 } 372 }
423 373
374 bool DomainBoundCertNegotiated(PRFileDesc* socket) {
375 // TODO(wtc,mattm): this is temporary while DBC support is changed into
376 // Channel ID.
377 return false;
378 }
379
380 void DestroyCertificates(CERTCertificate** certs, size_t len) {
381 for (size_t i = 0; i < len; i++)
382 CERT_DestroyCertificate(certs[i]);
383 }
384
385 // Helper function to make it easier to call BoundNetLog::AddByteTransferEvent
386 // from within the SSLClientSocketNSS::Core.
387 // AddByteTransferEvent expects to receive a const char*, which within the
388 // Core is backed by an IOBuffer. If the "const char*" is bound via
389 // base::Bind and posted to another thread, and the IOBuffer that backs that
390 // pointer then goes out of scope on the origin thread, this would result in
391 // an invalid read of a stale pointer.
392 // Instead, provide a signature that accepts an IOBuffer*, so that a reference
393 // to the owning IOBuffer can be bound to the Callback. This ensures that the
394 // IOBuffer will stay alive long enough to cross threads if needed.
395 void LogByteTransferEvent(BoundNetLog* net_log, NetLog::EventType event_type,
396 int len, IOBuffer* buffer) {
397 if (!net_log)
398 return;
399 net_log->AddByteTransferEvent(event_type, len, buffer->data());
400 }
401
402 // PeerCertificateChain is a helper object which extracts the certificate
403 // chain, as given by the server, from an NSS socket and performs the needed
404 // resource management. The first element of the chain is the leaf certificate
405 // and the other elements are in the order given by the server.
406 class PeerCertificateChain {
407 public:
408 PeerCertificateChain() {}
409 PeerCertificateChain(const PeerCertificateChain& other);
410 ~PeerCertificateChain();
411 PeerCertificateChain& operator=(const PeerCertificateChain& other);
412
413 // Resets the current chain, freeing any resources, and updates the current
414 // chain to be a copy of the chain stored in |nss_fd|.
415 // If |nss_fd| is NULL, then the current certificate chain will be freed.
416 void Reset(PRFileDesc* nss_fd);
417
418 // Returns the current certificate chain as a vector of DER-encoded
419 // base::StringPieces. The returned vector remains valid until Reset is
420 // called.
421 std::vector<base::StringPiece> AsStringPieceVector() const;
422
423 bool empty() const { return certs_.empty(); }
424 size_t size() const { return certs_.size(); }
425
426 CERTCertificate* operator[](size_t index) const {
427 DCHECK_LT(index, certs_.size());
428 return certs_[index];
429 }
430
431 private:
432 std::vector<CERTCertificate*> certs_;
433 };
434
435 PeerCertificateChain::PeerCertificateChain(
436 const PeerCertificateChain& other) {
437 *this = other;
438 }
439
440 PeerCertificateChain::~PeerCertificateChain() {
441 Reset(NULL);
442 }
443
444 PeerCertificateChain& PeerCertificateChain::operator=(
wtc 2012/06/01 01:02:38 Because OnHandshakeStateUpdated calls this operato
Ryan Sleevi 2012/06/01 01:30:04 Yes. They are thread-safe atomic ops, with no lock
445 const PeerCertificateChain& other) {
446 if (this == &other)
447 return *this;
448
449 Reset(NULL);
450 certs_.reserve(other.certs_.size());
451 for (size_t i = 0; i < other.certs_.size(); ++i)
452 certs_.push_back(CERT_DupCertificate(other.certs_[i]));
453
454 return *this;
455 }
456
457 void PeerCertificateChain::Reset(PRFileDesc* nss_fd) {
458 for (size_t i = 0; i < certs_.size(); ++i)
459 CERT_DestroyCertificate(certs_[i]);
460 certs_.clear();
461
462 if (nss_fd == NULL)
463 return;
464
465 unsigned int num_certs = 0;
466 SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs, 0);
467 DCHECK_EQ(SECSuccess, rv);
468
469 // The handshake on |nss_fd| may not have completed.
wtc 2012/06/01 01:02:38 I believe we never call PeerCertificateChain::Rese
Ryan Sleevi 2012/06/01 01:30:04 This would either be a CHECK() (because vector_as_
470 if (num_certs == 0)
471 return;
472
473 certs_.resize(num_certs);
474 const unsigned int expected_num_certs = num_certs;
475 rv = SSL_PeerCertificateChain(nss_fd, vector_as_array(&certs_),
476 &num_certs, expected_num_certs);
477 DCHECK_EQ(SECSuccess, rv);
478 DCHECK_EQ(expected_num_certs, num_certs);
479 }
480
481 std::vector<base::StringPiece>
482 PeerCertificateChain::AsStringPieceVector() const {
483 std::vector<base::StringPiece> v(certs_.size());
484 for (unsigned i = 0; i < certs_.size(); i++) {
485 v[i] = base::StringPiece(
486 reinterpret_cast<const char*>(certs_[i]->derCert.data),
487 certs_[i]->derCert.len);
488 }
489
490 return v;
491 }
492
493 // HandshakeState is a helper struct used to pass handshake state between
494 // the NSS task runner and the network task runner.
495 //
496 // It contains variables that may be read or written on the NSS task runner,
wtc 2012/06/01 01:02:38 Nit: variables => members
497 // but which also need to be read from the network task runner. The NSS task
498 // runner will notify the network task runner whenever this state changes, so
499 // that the network task runner can safely make a copy, which avoids the need
500 // for locking.
501 struct HandshakeState {
502 HandshakeState() { Reset(); }
503
504 void Reset() {
505 next_proto_status = SSLClientSocket::kNextProtoUnsupported;
506 next_proto.clear();
507 server_protos.clear();
508 domain_bound_cert_type = CLIENT_CERT_INVALID_TYPE;
509 client_certs.clear();
510 server_cert_chain.Reset(NULL);
511 server_cert = NULL;
512 predicted_cert_chain_correct = false;
513 resumed_handshake = false;
514 ssl_connection_status = 0;
515 }
516
517 // Set to kNextProtoNegotiated if NPN was successfully negotiated, with the
518 // negotiated protocol stored in |next_proto|.
519 SSLClientSocket::NextProtoStatus next_proto_status;
520 std::string next_proto;
521 // If the server supports NPN, the protocols supported by the server.
522 std::string server_protos;
523
524 // The type of domain bound cert that was exchanged, or
525 // CLIENT_CERT_INVALID_TYPE if no domain bound cert was negotiated or sent.
526 SSLClientCertType domain_bound_cert_type;
527
528 // If the peer requests client certificate authentication, the set of
529 // certificates that matched the peer's criteria.
530 CertificateList client_certs;
531
532 // Set when the handshake fully completes.
533 //
534 // The server certificate is first received from NSS as an NSS certificate
535 // chain (|server_cert_chain|) and then converted into a platform-specific
536 // X509Certificate object (|server_cert|). It's possible for some
537 // certificates to be successfully parsed by NSS, and not by the platform
538 // libraries (i.e.: when running within a sandbox, different parsing
539 // algorithms, etc), so it's not safe to assume that |server_cert| will
540 // always be non-NULL.
541 PeerCertificateChain server_cert_chain;
542 scoped_refptr<X509Certificate> server_cert;
543
544 // True if the peer predicted a certificate chain (via
wtc 2012/06/01 01:02:38 "the peer predicted a certificate chain" is wrong.
545 // Core::SetPredictedCertificates) and that prediction matched what the
546 // server sent.
547 bool predicted_cert_chain_correct;
548
549 // True if the current handshake was the result of TLS session resumption.
550 bool resumed_handshake;
551
552 // The negotiated security parameters (TLS version, cipher, extensions)
wtc 2012/06/01 01:02:38 Nit: add "of the SSL connection" at the end.
553 int ssl_connection_status;
554 };
555
424 } // namespace 556 } // namespace
425 557
wtc 2012/06/01 01:02:38 Nit: delete this blank line.
426 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, 558
427 const HostPortPair& host_and_port, 559 // SSLClientSocketNSS::Core provides a thread-safe, ref-counted core that is
428 const SSLConfig& ssl_config, 560 // able to marshal data between NSS functions and an underlying transport
429 SSLHostInfo* ssl_host_info, 561 // socket.
430 const SSLClientSocketContext& context) 562 //
431 : transport_send_busy_(false), 563 // All public functions are meant to be called from the network task runner,
564 // and any callbacks supplied will be invoked there as well, provided that
565 // Detach() has not been called yet.
566 //
567 /////////////////////////////////////////////////////////////////////////////
568 //
569 // Threading within SSLClientSocketNSS and SSLClientSocketNSS::Core:
570 //
571 // Because NSS may block on either hardware or user input during operations
572 // such as signing, creating certificates, or locating private keys, the Core
573 // handles all of the interactions with the underlying NSS SSL socket, so
574 // that these blocking calls can be executed on a dedicated task runner.
575 //
576 // Note that the network task runner and the NSS task runner may be executing
577 // on the same thread. If that happens, then it's more performant to try to
578 // complete as much work as possible synchronously, even if it might block,
579 // rather than continually PostTask-ing to the same thread.
580 //
581 // Because NSS functions should only be called on the NSS task runner, while
582 // I/O resources should only be accessed on the network task runner, most
583 // public functions are implemented via three methods, each with different
584 // task runner affinities.
585 //
586 // In the single-threaded mode (where the network and NSS task runners run on
587 // the same thread), these are all attempted synchronously, while in the
588 // multi-threaded mode, message passing is used.
589 //
590 // 1) NSS Task Runner: Execute NSS function (DoPayloadRead, DoPayloadWrite,
591 // DoHandshake)
592 // 2) NSS Task Runner: Prepare data to go from NSS to an IO function:
593 // (BufferRecv, BufferSend)
594 // 3) Network Task Runner: Perform IO on that data (DoBufferRecv,
595 // DoBufferSend, DoGetDomainBoundCert, OnGetDomainBoundCertComplete)
596 // 4) Both Task Runners: Callback for asynchronous completion or to marshal
597 // data from the network task runner back to NSS (BufferRecvComplete,
598 // BufferSendComplete, OnHandshakeIOComplete)
599 //
600 /////////////////////////////////////////////////////////////////////////////
601 // Single-threaded example
602 //
603 // |--------------------------Network Task Runner--------------------------|
604 // SSLClientSocketNSS Core (Transport Socket)
605 // Read()
606 // |-------------------------V
607 // Read()
608 // |
609 // DoPayloadRead()
610 // |
611 // BufferRecv()
612 // |
613 // DoBufferRecv()
614 // |-------------------------V
615 // Read()
616 // V-------------------------|
617 // BufferRecvComplete()
618 // |
619 // PostOrRunCallback()
620 // V-------------------------|
621 // (Read Callback)
622 //
623 /////////////////////////////////////////////////////////////////////////////
624 // Multi-threaded example:
625 //
626 // |--------------------Network Task Runner-------------|--NSS Task Runner--|
627 // SSLClientSocketNSS Core Socket Core
628 // Read()
629 // |---------------------V
630 // Read()
631 // |-------------------------------V
632 // Read()
633 // |
634 // DoPayloadRead()
635 // |
636 // BufferRecv
637 // V-------------------------------|
638 // DoBufferRecv
639 // |----------------V
640 // Read()
641 // V----------------|
642 // BufferRecvComplete()
643 // |-------------------------------V
644 // BufferRecvComplete()
645 // |
646 // PostOrRunCallback()
647 // V-------------------------------|
648 // PostOrRunCallback()
649 // V---------------------|
650 // (Read Callback)
651 //
652 /////////////////////////////////////////////////////////////////////////////
653 class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
654 public:
655 // Creates a new Core.
656 //
657 // Any calls to NSS are executed on the |nss_task_runner|, while any calls
658 // that need to operate on the underlying transport, net log, or server
659 // bound certificate fetching will happen on the |network_task_runner|, so
660 // that their lifetimes match that of the owning SSLClientSocketNSS.
661 //
662 // The caller retains ownership of |transport|, |net_log|, and
663 // |server_bound_cert_service|, and they will not be accessed once Detach()
664 // has been called.
665 Core(base::SequencedTaskRunner* network_task_runner,
666 base::SingleThreadTaskRunner* nss_task_runner,
wtc 2012/06/01 01:02:38 Why do we use different types of task runners? net
Ryan Sleevi 2012/06/01 01:30:04 willchan can probably provide more, but the prefer
667 ClientSocketHandle* transport,
668 const HostPortPair& host_and_port,
669 const SSLConfig& ssl_config,
670 BoundNetLog* net_log,
671 ServerBoundCertService* server_bound_cert_service);
672
673 // Called on the network task runner.
674 // Transfers ownership of |socket|, an NSS SSL socket, and |buffers|, the
675 // underlying memio implementation, to the Core. Returns true if the Core
676 // was successfully registered with the socket.
677 bool Init(PRFileDesc* socket, memio_Private* buffers);
678
679 // Called on the network task runner.
680 // Sets the predicted certificate chain that the peer will send, for use
681 // with the TLS CachedInfo extension. If called, it must not be called
682 // before Init() or after Connect().
683 void SetPredictedCertificates(
684 const std::vector<std::string>& predicted_certificates);
685
686 // Called on the network task runner.
687 //
688 // Attempts to perform an SSL handshake. If the handshake cannot be
689 // completed synchronously, returns ERR_IO_PENDING, invoking |callback| on
690 // the network task runner once the handshake has completed. Otherwise,
691 // returns OK on success or a network error code on failure.
692 int Connect(const CompletionCallback& callback);
693
694 // Called on the network task runner.
695 // Signals that the resources owned by the network task runner are going
696 // away. No further callbacks will be invoked on the network task runner.
697 // May be called at any time.
698 void Detach();
699
700 // Called on the network task runner.
701 // Returns the current state of the underlying SSL socket. May be called at
702 // any time.
703 const HandshakeState& state() const { return network_handshake_state_; }
704
705 // Called on the network task runner.
706 // Read() and Write() mirror the net::Socket functions of the same name.
707 // If ERR_IO_PENDING is returned, |callback| will be invoked on the network
708 // task runner at a later point, unless the caller calls Detach().
709 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback);
710 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback);
711
712 private:
713 friend class base::RefCountedThreadSafe<Core>;
714 ~Core();
715
716 enum State {
717 STATE_NONE,
718 STATE_HANDSHAKE,
719 STATE_GET_DOMAIN_BOUND_CERT_COMPLETE,
720 };
721
722 bool OnNSSTaskRunner() const;
723 bool OnNetworkTaskRunner() const;
724
725 ////////////////////////////////////////////////////////////////////////////
726 // Methods that are ONLY called on the NSS task runner:
727 ////////////////////////////////////////////////////////////////////////////
728
729 // Called by NSS during full handshakes to allow the application to
730 // verify the certificate. Instead of verifying the certificate in the midst
731 // of the handshake, SECSuccess is always returned and the peer's certificate
732 // is verified afterwards.
733 // This behaviour is an artifact of the original SSLClientSocketWin
734 // implementation, which could not verify the peer's certificate until after
735 // the handshake had completed, as well as bugs in NSS that prevent
736 // SSL_RestartHandshakeAfterCertReq from working.
737 static SECStatus OwnAuthCertHandler(void* arg,
738 PRFileDesc* socket,
739 PRBool checksig,
740 PRBool is_server);
741
742 // Callbacks called by NSS when the peer requests client certificate
743 // authentication.
744 // See the documentation in third_party/nss/ssl/ssl.h for the meanings of
745 // the arguments.
746 #if defined(NSS_PLATFORM_CLIENT_AUTH)
747 // When NSS has been integrated with awareness of the underlying system
748 // cryptographic libraries, this callback allows the caller to supply a
749 // native platform certificate and key for use by NSS. At most, one of
750 // either (result_certs, result_private_key) or (result_nss_certificate,
751 // result_nss_private_key) should be set.
752 // |arg| contains a pointer to the current SSLClientSocketNSS::Core.
753 static SECStatus PlatformClientAuthHandler(
754 void* arg,
755 PRFileDesc* socket,
756 CERTDistNames* ca_names,
757 CERTCertList** result_certs,
758 void** result_private_key,
759 CERTCertificate** result_nss_certificate,
760 SECKEYPrivateKey** result_nss_private_key);
761 #else
762 static SECStatus ClientAuthHandler(void* arg,
763 PRFileDesc* socket,
764 CERTDistNames* ca_names,
765 CERTCertificate** result_certificate,
766 SECKEYPrivateKey** result_private_key);
767 #endif
768
769 // Called by NSS once the handshake has completed.
770 // |arg| contains a pointer to the current SSLClientSocketNSS::Core.
771 static void HandshakeCallback(PRFileDesc* socket, void* arg);
772
773 // Called by NSS if the peer supports the NPN handshake extension, to allow
774 // the application to select the protocol to use.
775 // See the documentation for SSLNextProtocolCallback in
776 // third_party/nss/ssl/ssl.h for the meanings of the arguments.
777 // |arg| contains a pointer to the current SSLClientSocketNSS::Core.
778 static SECStatus NextProtoCallback(void* arg,
779 PRFileDesc* fd,
780 const unsigned char* protos,
781 unsigned int protos_len,
782 unsigned char* proto_out,
783 unsigned int* proto_out_len,
784 unsigned int proto_max_len);
785
786 // Handles an NSS error generated while handshaking or performing IO.
787 // Returns a network error code mapped from the original NSS error.
788 int HandleNSSError(PRErrorCode error, bool handshake_error);
789
790 int DoHandshakeLoop(int last_io_result);
791 int DoReadLoop(int result);
792 int DoWriteLoop(int result);
793
794 int DoHandshake();
795 int DoGetDBCertComplete(int result);
796
797 int DoPayloadRead();
798 int DoPayloadWrite();
799
800 bool DoTransportIO();
801 int BufferRecv();
802 int BufferSend();
803
804 void OnRecvComplete(int result);
805 void OnSendComplete(int result);
806
807 void DoConnectCallback(int result);
808 void DoReadCallback(int result);
809 void DoWriteCallback(int result);
810
811 // Domain bound cert client auth handler.
812 // Returns the value the ClientAuthHandler function should return.
813 SECStatus DomainBoundClientAuthHandler(
814 const SECItem* cert_types,
815 CERTCertificate** result_certificate,
816 SECKEYPrivateKey** result_private_key);
817
818 // ImportDBCertAndKey is a helper function for turning a DER-encoded cert and
819 // key into a CERTCertificate and SECKEYPrivateKey. Returns OK upon success
820 // and an error code otherwise.
821 // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been
822 // set by a call to ServerBoundCertService->GetDomainBoundCert. The caller
823 // takes ownership of the |*cert| and |*key|.
824 int ImportDBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key);
825
826 // Updates the NSS and platform specific certificates.
827 void UpdateServerCert();
828 // Updates the nss_handshake_state_ with the negotiated security parameters.
829 void UpdateConnectionStatus();
830 // Record histograms for DBC support during full handshakes - resumed
831 // handshakes are ignored.
832 void RecordDomainBoundCertSupport() const;
833
834 ////////////////////////////////////////////////////////////////////////////
835 // Methods that are ONLY called on the network task runner:
836 ////////////////////////////////////////////////////////////////////////////
837 int DoBufferRecv(IOBuffer* buffer, int len);
838 int DoBufferSend(IOBuffer* buffer, int len);
839 int DoGetDomainBoundCert(const std::string& origin,
840 const std::vector<uint8>& requested_cert_types);
841
842 void OnGetDomainBoundCertComplete(int result);
843 void OnHandshakeStateUpdated(const HandshakeState& state);
844
845 ////////////////////////////////////////////////////////////////////////////
846 // Methods that are called on both the network task runner and the NSS
847 // task runner.
848 ////////////////////////////////////////////////////////////////////////////
849 void OnHandshakeIOComplete(int result);
850 void BufferRecvComplete(IOBuffer* buffer, int result);
851 void BufferSendComplete(int result);
852
853 // PostOrRunCallback is a helper function to ensure that |callback| is
854 // invoked on the network task runner, but only if Detach() has not yet
855 // been called.
856 void PostOrRunCallback(const tracked_objects::Location& location,
857 const base::Closure& callback);
858
859 ////////////////////////////////////////////////////////////////////////////
860 // Members that are ONLY accessed on the network task runner:
861 ////////////////////////////////////////////////////////////////////////////
862
863 // True if the owning SSLClientSocketNSS has called Detach(). No further
864 // callbacks will be invoked nor access to variables owned by the network
865 // task runner.
866 bool detached_;
867
868 // The underlying transport to use for network IO.
869 ClientSocketHandle* transport_;
870 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_;
871
872 // The current connection state. Mirrors |nss_handshake_state_|.
wtc 2012/06/01 01:02:38 Nit: connection state => handshake state Please f
873 HandshakeState network_handshake_state_;
874
875 ServerBoundCertService* server_bound_cert_service_;
876 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;
877
878 ////////////////////////////////////////////////////////////////////////////
879 // Members that are ONLY accessed on the NSS task runner:
880 ////////////////////////////////////////////////////////////////////////////
881 HostPortPair host_and_port_;
882 SSLConfig ssl_config_;
883
884 // NSS SSL socket.
885 PRFileDesc* nss_fd_;
886
887 // Buffers for the network end of the SSL state machine
888 memio_Private* nss_bufs_;
889
890 // The certificate chain, in DER form, that is expected to be received from
891 // the server.
892 std::vector<std::string> predicted_certs_;
893
894 State next_handshake_state_;
895
896 // True if domain bound certs were negotiated.
897 bool domain_bound_cert_xtn_negotiated_;
898 // True if the handshake state machine was interrupted for client auth.
899 bool client_auth_cert_needed_;
900 // True if NSS has called HandshakeCallback.
901 bool handshake_callback_called_;
902
903 HandshakeState nss_handshake_state_;
904
905 bool transport_recv_busy_;
906 bool transport_recv_eof_;
907 bool transport_send_busy_;
908
909 // Used by Read function.
910 scoped_refptr<IOBuffer> user_read_buf_;
911 int user_read_buf_len_;
912
913 // Used by Write function.
914 scoped_refptr<IOBuffer> user_write_buf_;
915 int user_write_buf_len_;
916
917 CompletionCallback user_connect_callback_;
918 CompletionCallback user_read_callback_;
919 CompletionCallback user_write_callback_;
920
921 ////////////////////////////////////////////////////////////////////////////
922 // Members that are accessed on both the network task runner and the NSS
923 // task runner.
924 ////////////////////////////////////////////////////////////////////////////
925 scoped_refptr<base::SequencedTaskRunner> network_task_runner_;
926 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner_;
927
928 // Dereferenced only on the network task runner, but bound to tasks destined
929 // for the network task runner from the NSS task runner.
930 base::WeakPtr<BoundNetLog> weak_net_log_;
931
932 // Written on the network task runner by the |server_bound_cert_service_|,
933 // prior to invoking OnHandshakeIOComplete.
934 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked
935 // on the NSS task runner.
936 SSLClientCertType domain_bound_cert_type_;
937 std::string domain_bound_private_key_;
938 std::string domain_bound_cert_;
939
940 DISALLOW_COPY_AND_ASSIGN(Core);
941 };
942
943 SSLClientSocketNSS::Core::Core(
944 base::SequencedTaskRunner* network_task_runner,
945 base::SingleThreadTaskRunner* nss_task_runner,
946 ClientSocketHandle* transport,
947 const HostPortPair& host_and_port,
948 const SSLConfig& ssl_config,
949 BoundNetLog* net_log,
950 ServerBoundCertService* server_bound_cert_service)
951 : detached_(false),
952 transport_(transport),
953 weak_net_log_factory_(net_log),
954 server_bound_cert_service_(server_bound_cert_service),
955 domain_bound_cert_request_handle_(NULL),
956 host_and_port_(host_and_port),
957 ssl_config_(ssl_config),
958 nss_fd_(NULL),
959 nss_bufs_(NULL),
960 next_handshake_state_(STATE_NONE),
961 domain_bound_cert_xtn_negotiated_(false),
962 client_auth_cert_needed_(false),
963 handshake_callback_called_(false),
432 transport_recv_busy_(false), 964 transport_recv_busy_(false),
433 transport_recv_eof_(false), 965 transport_recv_eof_(false),
434 transport_(transport_socket), 966 transport_send_busy_(false),
435 host_and_port_(host_and_port),
436 ssl_config_(ssl_config),
437 user_read_buf_len_(0), 967 user_read_buf_len_(0),
438 user_write_buf_len_(0), 968 user_write_buf_len_(0),
439 server_cert_nss_(NULL), 969 network_task_runner_(network_task_runner),
440 server_cert_verify_result_(NULL), 970 nss_task_runner_(nss_task_runner),
441 ssl_connection_status_(0), 971 weak_net_log_(weak_net_log_factory_.GetWeakPtr()),
442 client_auth_cert_needed_(false), 972 domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE) {
443 cert_verifier_(context.cert_verifier), 973 }
444 domain_bound_cert_xtn_negotiated_(false), 974
445 server_bound_cert_service_(context.server_bound_cert_service), 975 SSLClientSocketNSS::Core::~Core() {
446 domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE), 976 // TODO(wtc): Send SSL close_notify alert.
447 domain_bound_cert_request_handle_(NULL), 977 if (nss_fd_ != NULL) {
448 handshake_callback_called_(false), 978 PR_Close(nss_fd_);
449 completed_handshake_(false), 979 nss_fd_ = NULL;
450 ssl_session_cache_shard_(context.ssl_session_cache_shard), 980 }
451 predicted_cert_chain_correct_(false), 981 }
452 next_handshake_state_(STATE_NONE), 982
453 nss_fd_(NULL), 983 bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
454 nss_bufs_(NULL), 984 memio_Private* buffers) {
455 net_log_(transport_socket->socket()->NetLog()), 985 DCHECK(OnNetworkTaskRunner());
456 ssl_host_info_(ssl_host_info), 986 DCHECK(!nss_fd_);
457 transport_security_state_(context.transport_security_state), 987 DCHECK(!nss_bufs_);
458 next_proto_status_(kNextProtoUnsupported), 988
459 valid_thread_id_(base::kInvalidThreadId) { 989 nss_fd_ = socket;
460 EnterFunction(""); 990 nss_bufs_ = buffers;
461 } 991
462 992 SECStatus rv = SECSuccess;
463 SSLClientSocketNSS::~SSLClientSocketNSS() { 993
464 EnterFunction(""); 994 if (!ssl_config_.next_protos.empty()) {
465 Disconnect(); 995 rv = SSL_SetNextProtoCallback(
466 LeaveFunction(""); 996 nss_fd_, SSLClientSocketNSS::Core::NextProtoCallback, this);
467 } 997 if (rv != SECSuccess)
468 998 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoCallback", "");
469 // static 999 }
470 void SSLClientSocket::ClearSessionCache() { 1000
471 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't 1001 rv = SSL_AuthCertificateHook(
472 // bother initializing NSS just to clear an empty SSL session cache. 1002 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this);
473 if (!NSS_IsInitialized()) 1003 if (rv != SECSuccess) {
1004 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", "");
1005 return false;
1006 }
1007
1008 #if defined(NSS_PLATFORM_CLIENT_AUTH)
1009 rv = SSL_GetPlatformClientAuthDataHook(
1010 nss_fd_, SSLClientSocketNSS::Core::PlatformClientAuthHandler,
1011 this);
1012 #else
1013 rv = SSL_GetClientAuthDataHook(
1014 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this);
1015 #endif
1016 if (rv != SECSuccess) {
1017 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", "");
1018 return false;
1019 }
1020
1021 rv = SSL_HandshakeCallback(
1022 nss_fd_, SSLClientSocketNSS::Core::HandshakeCallback, this);
1023 if (rv != SECSuccess) {
1024 LogFailedNSSFunction(*weak_net_log_, "SSL_HandshakeCallback", "");
1025 return false;
1026 }
1027
1028 return true;
1029 }
1030
1031 void SSLClientSocketNSS::Core::SetPredictedCertificates(
1032 const std::vector<std::string>& predicted_certs) {
1033 if (predicted_certs.empty())
474 return; 1034 return;
475 1035
476 SSL_ClearSessionCache(); 1036 if (!OnNSSTaskRunner()) {
477 } 1037 DCHECK(!detached_);
478 1038 nss_task_runner_->PostTask(
479 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { 1039 FROM_HERE,
480 EnterFunction(""); 1040 base::Bind(&Core::SetPredictedCertificates, this, predicted_certs));
481 ssl_info->Reset();
482 if (!server_cert_nss_)
483 return; 1041 return;
484 1042 }
485 ssl_info->cert_status = server_cert_verify_result_->cert_status; 1043
486 ssl_info->cert = server_cert_verify_result_->verified_cert; 1044 DCHECK(nss_fd_);
487 ssl_info->connection_status = ssl_connection_status_; 1045
488 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; 1046 predicted_certs_ = predicted_certs;
489 for (std::vector<SHA1Fingerprint>::const_iterator 1047
490 i = side_pinned_public_keys_.begin(); 1048 scoped_array<CERTCertificate*> certs(
491 i != side_pinned_public_keys_.end(); i++) { 1049 new CERTCertificate*[predicted_certs.size()]);
492 ssl_info->public_key_hashes.push_back(*i); 1050
493 } 1051 for (size_t i = 0; i < predicted_certs.size(); i++) {
494 ssl_info->is_issued_by_known_root = 1052 SECItem derCert;
495 server_cert_verify_result_->is_issued_by_known_root; 1053 derCert.data = const_cast<uint8*>(reinterpret_cast<const uint8*>(
496 ssl_info->client_cert_sent = WasDomainBoundCertSent() || 1054 predicted_certs[i].data()));
497 (ssl_config_.send_client_cert && ssl_config_.client_cert); 1055 derCert.len = predicted_certs[i].size();
498 1056 certs[i] = CERT_NewTempCertificate(
499 PRUint16 cipher_suite = 1057 CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */,
500 SSLConnectionStatusToCipherSuite(ssl_connection_status_); 1058 PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */);
501 SSLCipherSuiteInfo cipher_info; 1059 if (!certs[i]) {
502 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite, 1060 DestroyCertificates(&certs[0], i);
503 &cipher_info, sizeof(cipher_info)); 1061 NOTREACHED();
504 if (ok == SECSuccess) { 1062 return;
505 ssl_info->security_bits = cipher_info.effectiveKeyBits;
506 } else {
507 ssl_info->security_bits = -1;
508 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError()
509 << " for cipherSuite " << cipher_suite;
510 }
511
512 PRBool last_handshake_resumed;
513 ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed);
514 if (ok == SECSuccess) {
515 if (last_handshake_resumed) {
516 ssl_info->handshake_type = SSLInfo::HANDSHAKE_RESUME;
517 } else {
518 ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL;
519 } 1063 }
520 } 1064 }
521 1065
522 LeaveFunction(""); 1066 SECStatus rv;
523 } 1067 #ifdef SSL_ENABLE_CACHED_INFO
524 1068 rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(),
525 void SSLClientSocketNSS::GetSSLCertRequestInfo( 1069 predicted_certs.size());
526 SSLCertRequestInfo* cert_request_info) { 1070 DCHECK_EQ(SECSuccess, rv);
527 EnterFunction(""); 1071 #else
528 // TODO(rch): switch SSLCertRequestInfo.host_and_port to a HostPortPair 1072 rv = SECFailure; // Not implemented.
529 cert_request_info->host_and_port = host_and_port_.ToString(); 1073 #endif
530 cert_request_info->client_certs = client_certs_; 1074 DestroyCertificates(&certs[0], predicted_certs.size());
531 LeaveFunction(cert_request_info->client_certs.size()); 1075
532 } 1076 if (rv != SECSuccess) {
533 1077 LOG(WARNING) << "SetPredictedCertificates failed: "
534 int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, 1078 << host_and_port_.ToString();
535 bool has_context, 1079 }
536 const base::StringPiece& context, 1080 }
537 unsigned char* out, 1081
538 unsigned int outlen) { 1082 int SSLClientSocketNSS::Core::Connect(const CompletionCallback& callback) {
539 if (!IsConnected()) 1083 if (!OnNSSTaskRunner()) {
540 return ERR_SOCKET_NOT_CONNECTED; 1084 DCHECK(!detached_);
541 SECStatus result = SSL_ExportKeyingMaterial( 1085 bool posted = nss_task_runner_->PostTask(
542 nss_fd_, label.data(), label.size(), has_context, 1086 FROM_HERE,
543 reinterpret_cast<const unsigned char*>(context.data()), 1087 base::Bind(IgnoreResult(&Core::Connect), this, callback));
544 context.length(), out, outlen); 1088 return posted ? ERR_IO_PENDING : ERR_ABORTED;
545 if (result != SECSuccess) { 1089 }
546 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); 1090
547 return MapNSSError(PORT_GetError()); 1091 DCHECK(OnNSSTaskRunner());
548 } 1092 DCHECK_EQ(STATE_NONE, next_handshake_state_);
549 return OK;
550 }
551
552 SSLClientSocket::NextProtoStatus
553 SSLClientSocketNSS::GetNextProto(std::string* proto,
554 std::string* server_protos) {
555 *proto = next_proto_;
556 *server_protos = server_protos_;
557 return next_proto_status_;
558 }
559
560 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) {
561 EnterFunction("");
562 DCHECK(transport_.get());
563 DCHECK(next_handshake_state_ == STATE_NONE);
564 DCHECK(user_read_callback_.is_null()); 1093 DCHECK(user_read_callback_.is_null());
565 DCHECK(user_write_callback_.is_null()); 1094 DCHECK(user_write_callback_.is_null());
566 DCHECK(user_connect_callback_.is_null()); 1095 DCHECK(user_connect_callback_.is_null());
567 DCHECK(!user_read_buf_); 1096 DCHECK(!user_read_buf_);
568 DCHECK(!user_write_buf_); 1097 DCHECK(!user_write_buf_);
569 1098
570 EnsureThreadIdAssigned(); 1099 next_handshake_state_ = STATE_HANDSHAKE;
571 1100 int rv = DoHandshakeLoop(OK);
572 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL);
573
574 int rv = Init();
575 if (rv != OK) {
576 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
577 return rv;
578 }
579
580 rv = InitializeSSLOptions();
581 if (rv != OK) {
582 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
583 return rv;
584 }
585
586 rv = InitializeSSLPeerName();
587 if (rv != OK) {
588 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
589 return rv;
590 }
591
592 if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) {
593 GotoState(STATE_LOAD_SSL_HOST_INFO);
594 } else {
595 GotoState(STATE_HANDSHAKE);
596 }
597
598 rv = DoHandshakeLoop(OK);
599 if (rv == ERR_IO_PENDING) { 1101 if (rv == ERR_IO_PENDING) {
600 user_connect_callback_ = callback; 1102 user_connect_callback_ = callback;
601 } else { 1103 } else if (rv > OK) {
602 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); 1104 rv = OK;
603 } 1105 }
604 1106 if (rv != ERR_IO_PENDING && !OnNetworkTaskRunner())
605 LeaveFunction(""); 1107 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
606 return rv > OK ? OK : rv; 1108
607 } 1109 return rv;
608 1110 }
609 void SSLClientSocketNSS::Disconnect() { 1111
610 EnterFunction(""); 1112 void SSLClientSocketNSS::Core::Detach() {
611 1113 DCHECK(OnNetworkTaskRunner());
612 CHECK(CalledOnValidThread()); 1114
613 1115 detached_ = true;
614 // Shut down anything that may call us back. 1116 transport_ = NULL;
615 verifier_.reset(); 1117 weak_net_log_factory_.InvalidateWeakPtrs();
616 transport_->socket()->Disconnect(); 1118
1119 network_handshake_state_.Reset();
617 1120
618 if (domain_bound_cert_request_handle_ != NULL) { 1121 if (domain_bound_cert_request_handle_ != NULL) {
619 server_bound_cert_service_->CancelRequest( 1122 server_bound_cert_service_->CancelRequest(
620 domain_bound_cert_request_handle_); 1123 domain_bound_cert_request_handle_);
621 domain_bound_cert_request_handle_ = NULL; 1124 domain_bound_cert_request_handle_ = NULL;
622 } 1125 }
623 1126 }
624 // TODO(wtc): Send SSL close_notify alert. 1127
625 if (nss_fd_ != NULL) { 1128 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len,
626 PR_Close(nss_fd_); 1129 const CompletionCallback& callback) {
627 nss_fd_ = NULL; 1130 if (!OnNSSTaskRunner()) {
628 } 1131 DCHECK(OnNetworkTaskRunner());
629 1132 DCHECK(!detached_);
630 // Reset object state. 1133 DCHECK(transport_);
631 user_connect_callback_.Reset(); 1134
632 user_read_callback_.Reset(); 1135 bool posted = nss_task_runner_->PostTask(
633 user_write_callback_.Reset(); 1136 FROM_HERE,
634 transport_send_busy_ = false; 1137 base::Bind(IgnoreResult(&Core::Read), this, make_scoped_refptr(buf),
635 transport_recv_busy_ = false; 1138 buf_len, callback));
636 transport_recv_eof_ = false; 1139 return posted ? ERR_IO_PENDING : ERR_ABORTED;
637 user_read_buf_ = NULL; 1140 }
638 user_read_buf_len_ = 0; 1141
639 user_write_buf_ = NULL; 1142 DCHECK(OnNSSTaskRunner());
640 user_write_buf_len_ = 0; 1143 DCHECK(handshake_callback_called_);
641 server_cert_ = NULL; 1144 DCHECK_EQ(STATE_NONE, next_handshake_state_);
642 if (server_cert_nss_) {
643 CERT_DestroyCertificate(server_cert_nss_);
644 server_cert_nss_ = NULL;
645 }
646 local_server_cert_verify_result_.Reset();
647 server_cert_verify_result_ = NULL;
648 ssl_connection_status_ = 0;
649 completed_handshake_ = false;
650 start_cert_verification_time_ = base::TimeTicks();
651 predicted_cert_chain_correct_ = false;
652 nss_bufs_ = NULL;
653 client_certs_.clear();
654 client_auth_cert_needed_ = false;
655 domain_bound_cert_xtn_negotiated_ = false;
656
657 LeaveFunction("");
658 }
659
660 bool SSLClientSocketNSS::IsConnected() const {
661 // Ideally, we should also check if we have received the close_notify alert
662 // message from the server, and return false in that case. We're not doing
663 // that, so this function may return a false positive. Since the upper
664 // layer (HttpNetworkTransaction) needs to handle a persistent connection
665 // closed by the server when we send a request anyway, a false positive in
666 // exchange for simpler code is a good trade-off.
667 EnterFunction("");
668 bool ret = completed_handshake_ && transport_->socket()->IsConnected();
669 LeaveFunction("");
670 return ret;
671 }
672
673 bool SSLClientSocketNSS::IsConnectedAndIdle() const {
674 // Unlike IsConnected, this method doesn't return a false positive.
675 //
676 // Strictly speaking, we should check if we have received the close_notify
677 // alert message from the server, and return false in that case. Although
678 // the close_notify alert message means EOF in the SSL layer, it is just
679 // bytes to the transport layer below, so
680 // transport_->socket()->IsConnectedAndIdle() returns the desired false
681 // when we receive close_notify.
682 EnterFunction("");
683 bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle();
684 LeaveFunction("");
685 return ret;
686 }
687
688 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const {
689 return transport_->socket()->GetPeerAddress(address);
690 }
691
692 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const {
693 return transport_->socket()->GetLocalAddress(address);
694 }
695
696 const BoundNetLog& SSLClientSocketNSS::NetLog() const {
697 return net_log_;
698 }
699
700 void SSLClientSocketNSS::SetSubresourceSpeculation() {
701 if (transport_.get() && transport_->socket()) {
702 transport_->socket()->SetSubresourceSpeculation();
703 } else {
704 NOTREACHED();
705 }
706 }
707
708 void SSLClientSocketNSS::SetOmniboxSpeculation() {
709 if (transport_.get() && transport_->socket()) {
710 transport_->socket()->SetOmniboxSpeculation();
711 } else {
712 NOTREACHED();
713 }
714 }
715
716 bool SSLClientSocketNSS::WasEverUsed() const {
717 if (transport_.get() && transport_->socket()) {
718 return transport_->socket()->WasEverUsed();
719 }
720 NOTREACHED();
721 return false;
722 }
723
724 bool SSLClientSocketNSS::UsingTCPFastOpen() const {
725 if (transport_.get() && transport_->socket()) {
726 return transport_->socket()->UsingTCPFastOpen();
727 }
728 NOTREACHED();
729 return false;
730 }
731
732 int64 SSLClientSocketNSS::NumBytesRead() const {
733 if (transport_.get() && transport_->socket()) {
734 return transport_->socket()->NumBytesRead();
735 }
736 NOTREACHED();
737 return -1;
738 }
739
740 base::TimeDelta SSLClientSocketNSS::GetConnectTimeMicros() const {
741 if (transport_.get() && transport_->socket()) {
742 return transport_->socket()->GetConnectTimeMicros();
743 }
744 NOTREACHED();
745 return base::TimeDelta::FromMicroseconds(-1);
746 }
747
748 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len,
749 const CompletionCallback& callback) {
750 EnterFunction(buf_len);
751 DCHECK(completed_handshake_);
752 DCHECK(next_handshake_state_ == STATE_NONE);
753 DCHECK(user_read_callback_.is_null()); 1145 DCHECK(user_read_callback_.is_null());
754 DCHECK(user_connect_callback_.is_null()); 1146 DCHECK(user_connect_callback_.is_null());
755 DCHECK(!user_read_buf_); 1147 DCHECK(!user_read_buf_);
756 DCHECK(nss_bufs_); 1148 DCHECK(nss_bufs_);
757 1149
758 user_read_buf_ = buf; 1150 user_read_buf_ = buf;
759 user_read_buf_len_ = buf_len; 1151 user_read_buf_len_ = buf_len;
760 1152
761 int rv = DoReadLoop(OK); 1153 int rv = DoReadLoop(OK);
762
763 if (rv == ERR_IO_PENDING) { 1154 if (rv == ERR_IO_PENDING) {
764 user_read_callback_ = callback; 1155 user_read_callback_ = callback;
765 } else { 1156 } else {
766 user_read_buf_ = NULL; 1157 user_read_buf_ = NULL;
767 user_read_buf_len_ = 0; 1158 user_read_buf_len_ = 0;
1159
1160 if (!OnNetworkTaskRunner())
1161 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
wtc 2012/06/01 01:02:38 Nit: it is slightly clearer to do: if (!OnNetwor
768 } 1162 }
769 LeaveFunction(rv); 1163
770 return rv; 1164 return rv;
771 } 1165 }
772 1166
773 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len, 1167 int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len,
774 const CompletionCallback& callback) { 1168 const CompletionCallback& callback) {
775 EnterFunction(buf_len); 1169 if (!OnNSSTaskRunner()) {
776 DCHECK(completed_handshake_); 1170 DCHECK(OnNetworkTaskRunner());
777 DCHECK(next_handshake_state_ == STATE_NONE); 1171 DCHECK(!detached_);
1172 DCHECK(transport_);
1173
1174 bool posted = nss_task_runner_->PostTask(
1175 FROM_HERE,
1176 base::Bind(IgnoreResult(&Core::Write), this, make_scoped_refptr(buf),
1177 buf_len, callback));
1178 int rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
1179 return rv;
1180 }
1181
1182 DCHECK(OnNSSTaskRunner());
1183 DCHECK(handshake_callback_called_);
1184 DCHECK_EQ(STATE_NONE, next_handshake_state_);
778 DCHECK(user_write_callback_.is_null()); 1185 DCHECK(user_write_callback_.is_null());
779 DCHECK(user_connect_callback_.is_null()); 1186 DCHECK(user_connect_callback_.is_null());
780 DCHECK(!user_write_buf_); 1187 DCHECK(!user_write_buf_);
781 DCHECK(nss_bufs_); 1188 DCHECK(nss_bufs_);
782 1189
783 user_write_buf_ = buf; 1190 user_write_buf_ = buf;
784 user_write_buf_len_ = buf_len; 1191 user_write_buf_len_ = buf_len;
785 1192
786 int rv = DoWriteLoop(OK); 1193 int rv = DoWriteLoop(OK);
787
788 if (rv == ERR_IO_PENDING) { 1194 if (rv == ERR_IO_PENDING) {
789 user_write_callback_ = callback; 1195 user_write_callback_ = callback;
790 } else { 1196 } else {
791 user_write_buf_ = NULL; 1197 user_write_buf_ = NULL;
792 user_write_buf_len_ = 0; 1198 user_write_buf_len_ = 0;
793 } 1199
1200 if (!OnNetworkTaskRunner())
1201 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv));
1202 }
1203
1204 return rv;
1205 }
1206
1207 bool SSLClientSocketNSS::Core::OnNSSTaskRunner() const {
1208 return nss_task_runner_->RunsTasksOnCurrentThread();
1209 }
1210
1211 bool SSLClientSocketNSS::Core::OnNetworkTaskRunner() const {
1212 return network_task_runner_->RunsTasksOnCurrentThread();
wtc 2012/06/01 01:02:38 Is this test cheap? We do these tests a lot.
Ryan Sleevi 2012/06/01 01:30:04 These are backed by MessageLoopProxyImpl::RunsTask
1213 }
1214
1215 // static
1216 SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
1217 void* arg,
1218 PRFileDesc* socket,
1219 PRBool checksig,
1220 PRBool is_server) {
1221 #ifdef SSL_ENABLE_FALSE_START
1222 Core* core = reinterpret_cast<Core*>(arg);
1223 if (!core->handshake_callback_called_) {
1224 // Only need to turn off False Start in the initial handshake. Also, it is
1225 // unsafe to call SSL_OptionSet in a renegotiation because the "first
1226 // handshake" lock isn't already held, which will result in an assertion
1227 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet.
1228 PRBool npn;
1229 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket,
1230 ssl_next_proto_nego_xtn,
1231 &npn);
1232 if (rv != SECSuccess || !npn) {
1233 // If the server doesn't support NPN, then we don't do False Start with
1234 // it.
1235 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
1236 }
1237 }
1238 #endif
1239
1240 // Tell NSS to not verify the certificate.
1241 return SECSuccess;
1242 }
1243
1244 #if defined(NSS_PLATFORM_CLIENT_AUTH)
1245 // static
1246 SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler(
1247 void* arg,
1248 PRFileDesc* socket,
1249 CERTDistNames* ca_names,
1250 CERTCertList** result_certs,
1251 void** result_private_key,
1252 CERTCertificate** result_nss_certificate,
1253 SECKEYPrivateKey** result_nss_private_key) {
1254 Core* core = reinterpret_cast<Core*>(arg);
1255 DCHECK(core->OnNSSTaskRunner());
1256
1257 core->PostOrRunCallback(
1258 FROM_HERE,
1259 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1260 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED,
1261 scoped_refptr<NetLog::EventParameters>()));
1262
1263 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
1264
1265 // Check if a domain-bound certificate is requested.
1266 if (DomainBoundCertNegotiated(socket)) {
1267 return core->DomainBoundClientAuthHandler(cert_types,
1268 result_nss_certificate,
1269 result_nss_private_key);
1270 }
1271
1272 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
1273 #if defined(OS_WIN)
1274 if (core->ssl_config_.send_client_cert) {
1275 if (core->ssl_config_.client_cert) {
1276 PCCERT_CONTEXT cert_context =
1277 core->ssl_config_.client_cert->os_cert_handle();
1278
1279 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0;
1280 DWORD key_spec = 0;
1281 BOOL must_free = FALSE;
1282 BOOL acquired_key = CryptAcquireCertificatePrivateKey(
1283 cert_context, CRYPT_ACQUIRE_CACHE_FLAG, NULL,
1284 &crypt_prov, &key_spec, &must_free);
1285
1286 if (acquired_key) {
1287 // Since we passed CRYPT_ACQUIRE_CACHE_FLAG, |must_free| must be false
1288 // according to the MSDN documentation.
1289 CHECK_EQ(must_free, FALSE);
1290 DCHECK_NE(key_spec, CERT_NCRYPT_KEY_SPEC);
1291
1292 SECItem der_cert;
1293 der_cert.type = siDERCertBuffer;
1294 der_cert.data = cert_context->pbCertEncoded;
1295 der_cert.len = cert_context->cbCertEncoded;
1296
1297 // TODO(rsleevi): Error checking for NSS allocation errors.
1298 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB();
1299 CERTCertificate* user_cert = CERT_NewTempCertificate(
1300 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE);
1301 if (!user_cert) {
1302 // Importing the certificate can fail for reasons including a serial
1303 // number collision. See crbug.com/97355.
1304 core->PostOrRunCallback(
1305 FROM_HERE,
1306 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1307 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1308 make_scoped_refptr(
1309 new NetLogIntegerParameter("cert_count", 0))));
1310 return SECFailure;
1311 }
1312 CERTCertList* cert_chain = CERT_NewCertList();
1313 CERT_AddCertToListTail(cert_chain, user_cert);
1314
1315 // Add the intermediates.
1316 X509Certificate::OSCertHandles intermediates =
1317 core->ssl_config_.client_cert->GetIntermediateCertificates();
1318 for (X509Certificate::OSCertHandles::const_iterator it =
1319 intermediates.begin(); it != intermediates.end(); ++it) {
1320 der_cert.data = (*it)->pbCertEncoded;
1321 der_cert.len = (*it)->cbCertEncoded;
1322
1323 CERTCertificate* intermediate = CERT_NewTempCertificate(
1324 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE);
1325 if (!intermediate) {
1326 CERT_DestroyCertList(cert_chain);
1327 core->PostOrRunCallback(
1328 FROM_HERE,
1329 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1330 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1331 make_scoped_refptr(
1332 new NetLogIntegerParameter("cert_count", 0))));
1333 return SECFailure;
1334 }
1335 CERT_AddCertToListTail(cert_chain, intermediate);
1336 }
1337 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>(
1338 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT)));
1339 key_context->cbSize = sizeof(*key_context);
1340 // NSS will free this context when no longer in use, but the
1341 // |must_free| result from CryptAcquireCertificatePrivateKey was false
1342 // so we increment the refcount to negate NSS's future decrement.
1343 CryptContextAddRef(crypt_prov, NULL, 0);
1344 key_context->hCryptProv = crypt_prov;
1345 key_context->dwKeySpec = key_spec;
1346 *result_private_key = key_context;
1347 *result_certs = cert_chain;
1348
1349 int cert_count = 1 + intermediates.size();
1350 core->PostOrRunCallback(
1351 FROM_HERE,
1352 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1353 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1354 make_scoped_refptr(
1355 new NetLogIntegerParameter("cert_count",
1356 cert_count))));
1357 return SECSuccess;
1358 }
1359 LOG(WARNING) << "Client cert found without private key";
1360 }
1361
1362 // Send no client certificate.
1363 core->PostOrRunCallback(
1364 FROM_HERE,
1365 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1366 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1367 make_scoped_refptr(
1368 new NetLogIntegerParameter("cert_count", 0))));
1369 return SECFailure;
1370 }
1371
1372 core->nss_handshake_state_.client_certs.clear();
1373
1374 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames);
1375 for (int i = 0; i < ca_names->nnames; ++i) {
1376 issuer_list[i].cbData = ca_names->names[i].len;
1377 issuer_list[i].pbData = ca_names->names[i].data;
1378 }
1379
1380 // Client certificates of the user are in the "MY" system certificate store.
1381 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY");
1382 if (!my_cert_store) {
1383 PLOG(ERROR) << "Could not open the \"MY\" system certificate store";
1384
1385 core->PostOrRunCallback(
1386 FROM_HERE,
1387 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1388 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1389 make_scoped_refptr(
1390 new NetLogIntegerParameter("cert_count", 0))));
1391 return SECFailure;
1392 }
1393
1394 // Enumerate the client certificates.
1395 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para;
1396 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para));
1397 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para);
1398 find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH;
1399 find_by_issuer_para.cIssuer = ca_names->nnames;
1400 find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL;
1401 find_by_issuer_para.pfnFindCallback = ClientCertFindCallback;
1402
1403 PCCERT_CHAIN_CONTEXT chain_context = NULL;
1404 DWORD find_flags = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG |
1405 CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG;
1406
1407 for (;;) {
1408 // Find a certificate chain.
1409 chain_context = CertFindChainInStore(my_cert_store,
1410 X509_ASN_ENCODING,
1411 find_flags,
1412 CERT_CHAIN_FIND_BY_ISSUER,
1413 &find_by_issuer_para,
1414 chain_context);
1415 if (!chain_context) {
1416 DWORD err = GetLastError();
1417 if (err != CRYPT_E_NOT_FOUND)
1418 DLOG(ERROR) << "CertFindChainInStore failed: " << err;
1419 break;
1420 }
1421
1422 // Get the leaf certificate.
1423 PCCERT_CONTEXT cert_context =
1424 chain_context->rgpChain[0]->rgpElement[0]->pCertContext;
1425 // Create a copy the handle, so that we can close the "MY" certificate store
1426 // before returning from this function.
1427 PCCERT_CONTEXT cert_context2;
1428 BOOL ok = CertAddCertificateContextToStore(NULL, cert_context,
1429 CERT_STORE_ADD_USE_EXISTING,
1430 &cert_context2);
1431 if (!ok) {
1432 NOTREACHED();
1433 continue;
1434 }
1435
1436 // Copy the rest of the chain. Copying the chain stops gracefully if an
1437 // error is encountered, with the partial chain being used as the
1438 // intermediates, as opposed to failing to consider the client certificate
1439 // at all.
1440 net::X509Certificate::OSCertHandles intermediates;
1441 for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; i++) {
1442 PCCERT_CONTEXT intermediate_copy;
1443 ok = CertAddCertificateContextToStore(
1444 NULL, chain_context->rgpChain[0]->rgpElement[i]->pCertContext,
1445 CERT_STORE_ADD_USE_EXISTING, &intermediate_copy);
1446 if (!ok) {
1447 NOTREACHED();
1448 break;
1449 }
1450 intermediates.push_back(intermediate_copy);
1451 }
1452
1453 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
1454 cert_context2, intermediates);
1455 core->nss_handshake_state_.client_certs.push_back(cert);
1456
1457 X509Certificate::FreeOSCertHandle(cert_context2);
1458 for (net::X509Certificate::OSCertHandles::iterator it =
1459 intermediates.begin(); it != intermediates.end(); ++it) {
1460 net::X509Certificate::FreeOSCertHandle(*it);
1461 }
1462 }
1463
1464 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG);
1465 DCHECK(ok);
1466
1467 // Update the network task runner's view of the connection state now that
1468 // client certs have been detected.
1469 core->PostOrRunCallback(
1470 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
1471 core->nss_handshake_state_));
1472
1473 // Tell NSS to suspend the client authentication. We will then abort the
1474 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
1475 return SECWouldBlock;
1476 #elif defined(OS_MACOSX)
1477 if (core->ssl_config_.send_client_cert) {
1478 if (core->ssl_config_.client_cert) {
1479 OSStatus os_error = noErr;
1480 SecIdentityRef identity = NULL;
1481 SecKeyRef private_key = NULL;
1482 CFArrayRef chain =
1483 core->ssl_config_.client_cert->CreateClientCertificateChain();
1484 if (chain) {
1485 identity = reinterpret_cast<SecIdentityRef>(
1486 const_cast<void*>(CFArrayGetValueAtIndex(chain, 0)));
1487 }
1488 if (identity)
1489 os_error = SecIdentityCopyPrivateKey(identity, &private_key);
1490
1491 if (chain && identity && os_error == noErr) {
1492 // TODO(rsleevi): Error checking for NSS allocation errors.
1493 *result_certs = CERT_NewCertList();
1494 *result_private_key = private_key;
1495
1496 for (CFIndex i = 0; i < CFArrayGetCount(chain); ++i) {
1497 CSSM_DATA cert_data;
1498 SecCertificateRef cert_ref;
1499 if (i == 0) {
1500 cert_ref = core->ssl_config_.client_cert->os_cert_handle();
1501 } else {
1502 cert_ref = reinterpret_cast<SecCertificateRef>(
1503 const_cast<void*>(CFArrayGetValueAtIndex(chain, i)));
1504 }
1505 os_error = SecCertificateGetData(cert_ref, &cert_data);
1506 if (os_error != noErr)
1507 break;
1508
1509 SECItem der_cert;
1510 der_cert.type = siDERCertBuffer;
1511 der_cert.data = cert_data.Data;
1512 der_cert.len = cert_data.Length;
1513 CERTCertificate* nss_cert = CERT_NewTempCertificate(
1514 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE);
1515 if (!nss_cert) {
1516 // In the event of an NSS error we make up an OS error and reuse
1517 // the error handling, below.
1518 os_error = errSecCreateChainFailed;
1519 break;
1520 }
1521 CERT_AddCertToListTail(*result_certs, nss_cert);
1522 }
1523 }
1524 if (os_error == noErr) {
1525 int cert_count = 0;
1526 if (chain) {
1527 cert_count = CFArrayGetCount(chain);
1528 CFRelease(chain);
1529 }
1530 core->PostOrRunCallback(
1531 FROM_HERE,
1532 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1533 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1534 make_scoped_refptr(
1535 new NetLogIntegerParameter("cert_count",
1536 cert_count))));
1537 return SECSuccess;
1538 }
1539 OSSTATUS_LOG(WARNING, os_error)
1540 << "Client cert found, but could not be used";
1541 if (*result_certs) {
1542 CERT_DestroyCertList(*result_certs);
1543 *result_certs = NULL;
1544 }
1545 if (*result_private_key)
1546 *result_private_key = NULL;
1547 if (private_key)
1548 CFRelease(private_key);
1549 if (chain)
1550 CFRelease(chain);
1551 }
1552
1553 // Send no client certificate.
1554 core->PostOrRunCallback(
1555 FROM_HERE,
1556 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1557 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1558 make_scoped_refptr(
1559 new NetLogIntegerParameter("cert_count", 0))));
1560 return SECFailure;
1561 }
1562
1563 core->nss_handshake_state_.client_certs.clear();
1564
1565 // First, get the cert issuer names allowed by the server.
1566 std::vector<CertPrincipal> valid_issuers;
1567 int n = ca_names->nnames;
1568 for (int i = 0; i < n; i++) {
1569 // Parse each name into a CertPrincipal object.
1570 CertPrincipal p;
1571 if (p.ParseDistinguishedName(ca_names->names[i].data,
1572 ca_names->names[i].len)) {
1573 valid_issuers.push_back(p);
1574 }
1575 }
1576
1577 // Now get the available client certs whose issuers are allowed by the server.
1578 X509Certificate::GetSSLClientCertificates(
1579 core->host_and_port_.host(), valid_issuers,
1580 &core->nss_handshake_state_.client_certs);
1581
1582 // Update the network task runner's view of the connection state now that
1583 // client certs have been detected.
1584 core->PostOrRunCallback(
1585 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
1586 core->nss_handshake_state_));
1587
1588 // Tell NSS to suspend the client authentication. We will then abort the
1589 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
1590 return SECWouldBlock;
1591 #else
1592 return SECFailure;
1593 #endif
1594 }
1595
1596 #else // NSS_PLATFORM_CLIENT_AUTH
1597
1598 // static
1599 // Based on Mozilla's NSS_GetClientAuthData.
1600 SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
1601 void* arg,
1602 PRFileDesc* socket,
1603 CERTDistNames* ca_names,
1604 CERTCertificate** result_certificate,
1605 SECKEYPrivateKey** result_private_key) {
1606 Core* core = reinterpret_cast<Core*>(arg);
1607 DCHECK(core->OnNSSTaskRunner());
1608
1609 core->PostOrRunCallback(
1610 FROM_HERE,
1611 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1612 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED,
1613 scoped_refptr<NetLog::EventParameters>()));
1614
1615 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
1616
1617 // Check if a domain-bound certificate is requested.
1618 if (DomainBoundCertNegotiated(socket)) {
1619 return core->DomainBoundClientAuthHandler(
1620 cert_types, result_certificate, result_private_key);
1621 }
1622
1623 // Regular client certificate requested.
1624 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
1625 void* wincx = SSL_RevealPinArg(socket);
1626
1627 // Second pass: a client certificate should have been selected.
1628 if (core->ssl_config_.send_client_cert) {
1629 if (core->ssl_config_.client_cert) {
1630 CERTCertificate* cert = CERT_DupCertificate(
1631 core->ssl_config_.client_cert->os_cert_handle());
1632 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx);
1633 if (privkey) {
1634 // TODO(jsorianopastor): We should wait for server certificate
1635 // verification before sending our credentials. See
1636 // http://crbug.com/13934.
1637 *result_certificate = cert;
1638 *result_private_key = privkey;
1639 // A cert_count of -1 means the number of certificates is unknown.
1640 // NSS will construct the certificate chain.
1641 core->PostOrRunCallback(
1642 FROM_HERE,
1643 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1644 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1645 make_scoped_refptr(
1646 new NetLogIntegerParameter("cert_count", -1))));
1647
1648 return SECSuccess;
1649 }
1650 LOG(WARNING) << "Client cert found without private key";
1651 }
1652 // Send no client certificate.
1653 core->PostOrRunCallback(
1654 FROM_HERE,
1655 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_,
1656 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1657 make_scoped_refptr(
1658 new NetLogIntegerParameter("cert_count", 0))));
1659 return SECFailure;
1660 }
1661
1662 core->nss_handshake_state_.client_certs.clear();
1663
1664 // Iterate over all client certificates.
1665 CERTCertList* client_certs = CERT_FindUserCertsByUsage(
1666 CERT_GetDefaultCertDB(), certUsageSSLClient,
1667 PR_FALSE, PR_FALSE, wincx);
1668 if (client_certs) {
1669 for (CERTCertListNode* node = CERT_LIST_HEAD(client_certs);
1670 !CERT_LIST_END(node, client_certs);
1671 node = CERT_LIST_NEXT(node)) {
1672 // Only offer unexpired certificates.
1673 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
1674 secCertTimeValid) {
1675 continue;
1676 }
1677 // Filter by issuer.
1678 //
1679 // TODO(davidben): This does a binary comparison of the DER-encoded
1680 // issuers. We should match according to RFC 5280 sec. 7.1. We should find
1681 // an appropriate NSS function or add one if needbe.
1682 if (ca_names->nnames &&
1683 NSS_CmpCertChainWCANames(node->cert, ca_names) != SECSuccess) {
1684 continue;
1685 }
1686
1687 X509Certificate* x509_cert = X509Certificate::CreateFromHandle(
1688 node->cert, net::X509Certificate::OSCertHandles());
1689 core->nss_handshake_state_.client_certs.push_back(x509_cert);
1690 }
1691 CERT_DestroyCertList(client_certs);
1692 }
1693
1694 // Update the network task runner's view of the connection state now that
1695 // client certs have been detected.
1696 core->PostOrRunCallback(
1697 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
1698 core->nss_handshake_state_));
1699
1700 // Tell NSS to suspend the client authentication. We will then abort the
1701 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
1702 return SECWouldBlock;
1703 }
1704 #endif // NSS_PLATFORM_CLIENT_AUTH
1705
1706 // static
1707 void SSLClientSocketNSS::Core::HandshakeCallback(
1708 PRFileDesc* socket,
1709 void* arg) {
1710 Core* core = reinterpret_cast<Core*>(arg);
1711 DCHECK(core->OnNSSTaskRunner());
1712
1713 core->handshake_callback_called_ = true;
1714
1715 HandshakeState* nss_state = &core->nss_handshake_state_;
1716
1717 PRBool last_handshake_resumed;
1718 SECStatus rv = SSL_HandshakeResumedSession(socket, &last_handshake_resumed);
1719 if (rv == SECSuccess && last_handshake_resumed) {
1720 nss_state->resumed_handshake = true;
1721 } else {
1722 nss_state->resumed_handshake = false;
1723 }
1724
1725 core->RecordDomainBoundCertSupport();
1726 core->UpdateServerCert();
1727 core->UpdateConnectionStatus();
1728
1729 // We need to see if the predicted certificate chain (from
1730 // SetPredictedCertificates) matches the actual certificate chain.
1731 nss_state->predicted_cert_chain_correct = false;
1732 if (!core->predicted_certs_.empty()) {
1733 PeerCertificateChain& certs = nss_state->server_cert_chain;
1734 nss_state->predicted_cert_chain_correct =
1735 certs.size() == core->predicted_certs_.size();
1736
1737 if (nss_state->predicted_cert_chain_correct) {
1738 for (unsigned i = 0; i < certs.size(); i++) {
1739 if (certs[i]->derCert.len != core->predicted_certs_[i].size() ||
1740 memcmp(certs[i]->derCert.data, core->predicted_certs_[i].data(),
1741 certs[i]->derCert.len) != 0) {
1742 nss_state->predicted_cert_chain_correct = false;
1743 break;
1744 }
1745 }
1746 }
1747 }
1748
1749 // Update the network task runners view of the connection state whenever
1750 // a handshake has completed.
1751 core->PostOrRunCallback(
1752 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
1753 *nss_state));
1754 }
1755
1756 // static
1757 SECStatus SSLClientSocketNSS::Core::NextProtoCallback(
1758 void* arg,
1759 PRFileDesc* nss_fd,
1760 const unsigned char* protos,
1761 unsigned int protos_len,
1762 unsigned char* proto_out,
1763 unsigned int* proto_out_len,
1764 unsigned int proto_max_len) {
1765 Core* core = reinterpret_cast<Core*>(arg);
1766 DCHECK(core->OnNSSTaskRunner());
1767
1768 HandshakeState* nss_state = &core->nss_handshake_state_;
1769
1770 // For each protocol in server preference, see if we support it.
1771 for (unsigned int i = 0; i < protos_len; ) {
1772 const size_t len = protos[i];
1773 for (std::vector<std::string>::const_iterator
1774 j = core->ssl_config_.next_protos.begin();
1775 j != core->ssl_config_.next_protos.end(); j++) {
1776 // Having very long elements in the |next_protos| vector isn't a disaster
1777 // because they'll never be selected, but it does indicate an error
1778 // somewhere.
1779 DCHECK_LT(j->size(), 256u);
1780
1781 if (j->size() == len &&
1782 memcmp(&protos[i + 1], j->data(), len) == 0) {
1783 nss_state->next_proto_status = kNextProtoNegotiated;
1784 nss_state->next_proto = *j;
1785 break;
1786 }
1787 }
1788
1789 if (nss_state->next_proto_status == kNextProtoNegotiated)
1790 break;
1791
1792 // NSS ensures that the data in |protos| is well formed, so this will not
1793 // cause a jump past the end of the buffer.
1794 i += len + 1;
1795 }
1796
1797 nss_state->server_protos.assign(
1798 reinterpret_cast<const char*>(protos), protos_len);
1799
1800 // If we didn't find a protocol, we select the first one from our list.
1801 if (nss_state->next_proto_status != kNextProtoNegotiated) {
1802 nss_state->next_proto_status = kNextProtoNoOverlap;
1803 nss_state->next_proto = core->ssl_config_.next_protos[0];
1804 }
1805
1806 if (nss_state->next_proto.size() > proto_max_len) {
1807 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
1808 return SECFailure;
1809 }
1810 memcpy(proto_out, nss_state->next_proto.data(),
1811 nss_state->next_proto.size());
1812 *proto_out_len = nss_state->next_proto.size();
1813
1814 // Update the network task runner's view of the connection state now that
1815 // NPN negotiation has occurred.
1816 core->PostOrRunCallback(
1817 FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
1818 *nss_state));
1819
1820 return SECSuccess;
1821 }
1822
1823 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error,
1824 bool handshake_error) {
1825 DCHECK(OnNSSTaskRunner());
1826
1827 int net_error = handshake_error ? MapNSSHandshakeError(nss_error) :
1828 MapNSSError(nss_error);
1829
1830 #if defined(OS_WIN)
1831 // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate
1832 // os_cert_handle() as an optimization. However, if the certificate
1833 // private key is stored on a smart card, and the smart card is removed,
1834 // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again,
1835 // preventing client certificate authentication. Because the
1836 // X509Certificate may outlive the individual SSLClientSocketNSS, due to
1837 // caching in X509Certificate, this failure ends up preventing client
1838 // certificate authentication with the same certificate for all future
1839 // attempts, even after the smart card has been re-inserted. By setting
1840 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will
1841 // typically be freed. This allows a new HCRYPTPROV to be obtained from
1842 // the certificate on the next attempt, which should succeed if the smart
1843 // card has been re-inserted, or will typically prompt the user to
1844 // re-insert the smart card if not.
1845 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY ||
1846 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) &&
1847 ssl_config_.send_client_cert && ssl_config_.client_cert) {
1848 CertSetCertificateContextProperty(
1849 ssl_config_.client_cert->os_cert_handle(),
1850 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
1851 }
1852 #endif
1853
1854 return net_error;
1855 }
1856
1857 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) {
1858 DCHECK(OnNSSTaskRunner());
1859
1860 int rv = last_io_result;
1861 do {
1862 // Default to STATE_NONE for next state.
1863 State state = next_handshake_state_;
1864 GotoState(STATE_NONE);
1865
1866 switch (state) {
1867 case STATE_HANDSHAKE:
1868 rv = DoHandshake();
1869 break;
1870 case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE:
1871 rv = DoGetDBCertComplete(rv);
1872 break;
1873 case STATE_NONE:
1874 default:
1875 rv = ERR_UNEXPECTED;
1876 LOG(DFATAL) << "unexpected state " << state;
1877 break;
1878 }
1879
1880 // Do the actual network I/O
1881 bool network_moved = DoTransportIO();
1882 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
1883 // In general we exit the loop if rv is ERR_IO_PENDING. In this
1884 // special case we keep looping even if rv is ERR_IO_PENDING because
1885 // the transport IO may allow DoHandshake to make progress.
1886 DCHECK(rv == OK || rv == ERR_IO_PENDING);
1887 rv = OK; // This causes us to stay in the loop.
1888 }
1889 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
1890 return rv;
1891 }
1892
1893 int SSLClientSocketNSS::Core::DoReadLoop(int result) {
1894 DCHECK(OnNSSTaskRunner());
1895 DCHECK(handshake_callback_called_);
1896 DCHECK_EQ(STATE_NONE, next_handshake_state_);
1897
1898 if (result < 0)
1899 return result;
1900
1901 if (!nss_bufs_) {
1902 LOG(DFATAL) << "!nss_bufs_";
1903 int rv = ERR_UNEXPECTED;
1904 PostOrRunCallback(
1905 FROM_HERE,
1906 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
1907 NetLog::TYPE_SSL_READ_ERROR,
1908 make_scoped_refptr(new SSLErrorParams(rv, 0))));
1909 return rv;
1910 }
1911
1912 bool network_moved;
1913 int rv;
1914 do {
1915 rv = DoPayloadRead();
1916 network_moved = DoTransportIO();
1917 } while (rv == ERR_IO_PENDING && network_moved);
1918
1919 return rv;
1920 }
1921
1922 int SSLClientSocketNSS::Core::DoWriteLoop(int result) {
1923 DCHECK(OnNSSTaskRunner());
1924 DCHECK(handshake_callback_called_);
1925 DCHECK_EQ(STATE_NONE, next_handshake_state_);
1926
1927 if (result < 0)
1928 return result;
1929
1930 if (!nss_bufs_) {
1931 LOG(DFATAL) << "!nss_bufs_";
1932 int rv = ERR_UNEXPECTED;
1933 PostOrRunCallback(
1934 FROM_HERE,
1935 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
1936 NetLog::TYPE_SSL_READ_ERROR,
1937 make_scoped_refptr(new SSLErrorParams(rv, 0))));
1938 return rv;
1939 }
1940
1941 bool network_moved;
1942 int rv;
1943 do {
1944 rv = DoPayloadWrite();
1945 network_moved = DoTransportIO();
1946 } while (rv == ERR_IO_PENDING && network_moved);
1947
794 LeaveFunction(rv); 1948 LeaveFunction(rv);
795 return rv; 1949 return rv;
796 } 1950 }
797 1951
798 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { 1952 int SSLClientSocketNSS::Core::DoHandshake() {
799 return transport_->socket()->SetReceiveBufferSize(size); 1953 DCHECK(OnNSSTaskRunner());
800 } 1954
801 1955 int net_error = net::OK;
802 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) { 1956 SECStatus rv = SSL_ForceHandshake(nss_fd_);
803 return transport_->socket()->SetSendBufferSize(size); 1957
804 } 1958 // TODO(rkn): Handle the case in which server-bound cert generation takes
805 1959 // too long and the server has closed the connection. Report some new error
806 int SSLClientSocketNSS::Init() { 1960 // code so that the higher level code will attempt to delete the socket and
807 EnterFunction(""); 1961 // redo the handshake.
808 // Initialize the NSS SSL library in a threadsafe way. This also 1962 if (client_auth_cert_needed_) {
809 // initializes the NSS base library. 1963 if (domain_bound_cert_xtn_negotiated_) {
810 EnsureNSSSSLInit(); 1964 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE);
811 if (!NSS_IsInitialized()) 1965 net_error = ERR_IO_PENDING;
812 return ERR_UNEXPECTED; 1966 } else {
813 #if !defined(OS_MACOSX) && !defined(OS_WIN) 1967 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
814 if (ssl_config_.cert_io_enabled) { 1968 PostOrRunCallback(
815 // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO 1969 FROM_HERE,
816 // loop by MessageLoopForIO::current(). 1970 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
817 // X509Certificate::Verify() runs on a worker thread of CertVerifier. 1971 NetLog::TYPE_SSL_HANDSHAKE_ERROR,
818 EnsureNSSHttpIOInit(); 1972 make_scoped_refptr(new SSLErrorParams(net_error, 0))));
819 } 1973
820 #endif 1974 // If the handshake already succeeded (because the server requests but
821 1975 // doesn't require a client cert), we need to invalidate the SSL session
822 LeaveFunction(""); 1976 // so that we won't try to resume the non-client-authenticated session in
1977 // the next handshake. This will cause the server to ask for a client
1978 // cert again.
1979 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess)
1980 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError();
1981 }
1982 } else if (rv == SECSuccess) {
1983 if (!handshake_callback_called_) {
1984 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 -
1985 // SSL_ForceHandshake returned SECSuccess prematurely.
1986 rv = SECFailure;
1987 net_error = ERR_SSL_PROTOCOL_ERROR;
1988 PostOrRunCallback(
1989 FROM_HERE,
1990 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
1991 NetLog::TYPE_SSL_HANDSHAKE_ERROR,
1992 make_scoped_refptr(
1993 new SSLErrorParams(net_error, 0))));
1994 } else {
1995 #if defined(SSL_ENABLE_OCSP_STAPLING)
1996 // TODO(agl): figure out how to plumb an OCSP response into the Mac
1997 // system library and update IsOCSPStaplingSupported for Mac.
1998 if (!nss_handshake_state_.predicted_cert_chain_correct &&
1999 IsOCSPStaplingSupported()) {
2000 unsigned int len = 0;
2001 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len);
2002 if (len) {
2003 const unsigned int orig_len = len;
2004 scoped_array<uint8> ocsp_response(new uint8[orig_len]);
2005 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len);
2006 DCHECK_EQ(orig_len, len);
2007
2008 #if defined(OS_WIN)
2009 if (nss_handshake_state_.server_cert) {
2010 CRYPT_DATA_BLOB ocsp_response_blob;
2011 ocsp_response_blob.cbData = len;
2012 ocsp_response_blob.pbData = ocsp_response.get();
2013 BOOL ok = CertSetCertificateContextProperty(
2014 nss_handshake_state_.server_cert->os_cert_handle(),
2015 CERT_OCSP_RESPONSE_PROP_ID,
2016 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG,
2017 &ocsp_response_blob);
2018 if (!ok) {
2019 VLOG(1) << "Failed to set OCSP response property: "
2020 << GetLastError();
2021 }
2022 }
2023 #elif defined(USE_NSS)
2024 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response =
2025 GetCacheOCSPResponseFromSideChannelFunction();
2026 SECItem ocsp_response_item;
2027 ocsp_response_item.type = siBuffer;
2028 ocsp_response_item.data = ocsp_response.get();
2029 ocsp_response_item.len = len;
2030
2031 cache_ocsp_response(
2032 CERT_GetDefaultCertDB(),
2033 nss_handshake_state_.server_cert_chain[0], PR_Now(),
2034 &ocsp_response_item, NULL);
2035 #endif
2036 }
2037 }
2038 #endif
2039 }
2040 // Done!
2041 } else {
2042 PRErrorCode prerr = PR_GetError();
2043 net_error = HandleNSSError(prerr, true);
2044
2045 // If not done, stay in this state
2046 if (net_error == ERR_IO_PENDING) {
2047 GotoState(STATE_HANDSHAKE);
2048 } else {
2049 PostOrRunCallback(
2050 FROM_HERE,
2051 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
2052 NetLog::TYPE_SSL_HANDSHAKE_ERROR,
2053 make_scoped_refptr(
2054 new SSLErrorParams(net_error, prerr))));
2055 }
2056 }
2057
2058 return net_error;
2059 }
2060
2061 int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) {
2062 SECStatus rv;
2063 PostOrRunCallback(
2064 FROM_HERE,
2065 base::Bind(&BoundNetLog::EndEventWithNetErrorCode, weak_net_log_,
2066 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, result));
2067
2068 client_auth_cert_needed_ = false;
2069 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE;
2070
2071 if (result != OK) {
2072 // Failed to get a DBC. Proceed without.
2073 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, NULL, NULL, NULL);
2074 if (rv != SECSuccess)
2075 return MapNSSError(PORT_GetError());
2076
2077 GotoState(STATE_HANDSHAKE);
2078 return OK;
2079 }
2080
2081 CERTCertificate* cert;
2082 SECKEYPrivateKey* key;
2083 int error = ImportDBCertAndKey(&cert, &key);
2084 if (error != OK)
2085 return error;
2086
2087 CERTCertificateList* cert_chain =
2088 CERT_CertChainFromCert(cert, certUsageSSLClient, PR_FALSE);
2089
2090 PostOrRunCallback(
2091 FROM_HERE,
2092 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
2093 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2094 make_scoped_refptr(
2095 new NetLogIntegerParameter("cert_count",
2096 cert_chain->len))));
2097
2098 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain);
2099 if (rv != SECSuccess)
2100 return MapNSSError(PORT_GetError());
2101
2102 GotoState(STATE_HANDSHAKE);
823 return OK; 2103 return OK;
824 } 2104 }
825 2105
826 int SSLClientSocketNSS::InitializeSSLOptions() { 2106 int SSLClientSocketNSS::Core::DoPayloadRead() {
827 // Transport connected, now hook it up to nss 2107 DCHECK(OnNSSTaskRunner());
828 // TODO(port): specify rx and tx buffer sizes separately 2108 DCHECK(user_read_buf_);
829 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); 2109 DCHECK_GT(user_read_buf_len_, 0);
830 if (nss_fd_ == NULL) { 2110
831 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. 2111 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_);
832 } 2112 if (client_auth_cert_needed_) {
833 2113 // We don't need to invalidate the non-client-authenticated SSL session
834 // Grab pointer to buffers 2114 // because the server will renegotiate anyway.
835 nss_bufs_ = memio_GetSecret(nss_fd_); 2115 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
836 2116 PostOrRunCallback(
837 /* Create SSL state machine */ 2117 FROM_HERE,
838 /* Push SSL onto our fake I/O socket */ 2118 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
839 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); 2119 NetLog::TYPE_SSL_READ_ERROR,
840 if (nss_fd_ == NULL) { 2120 make_scoped_refptr(new SSLErrorParams(rv, 0))));
841 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); 2121 return rv;
842 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. 2122 }
843 } 2123 if (rv >= 0) {
844 // TODO(port): set more ssl options! Check errors! 2124 PostOrRunCallback(
845 2125 FROM_HERE,
2126 base::Bind(&LogByteTransferEvent, weak_net_log_,
2127 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
2128 scoped_refptr<IOBuffer>(user_read_buf_)));
2129 return rv;
2130 }
2131 PRErrorCode prerr = PR_GetError();
2132 if (prerr == PR_WOULD_BLOCK_ERROR)
2133 return ERR_IO_PENDING;
2134
2135 rv = HandleNSSError(prerr, false);
2136 PostOrRunCallback(
2137 FROM_HERE,
2138 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
2139 NetLog::TYPE_SSL_READ_ERROR,
2140 make_scoped_refptr(new SSLErrorParams(rv, prerr))));
2141 return rv;
2142 }
2143
2144 int SSLClientSocketNSS::Core::DoPayloadWrite() {
2145 DCHECK(OnNSSTaskRunner());
2146
2147 DCHECK(user_write_buf_);
2148
2149 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
2150 if (rv >= 0) {
2151 PostOrRunCallback(
2152 FROM_HERE,
2153 base::Bind(&LogByteTransferEvent, weak_net_log_,
2154 NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
2155 scoped_refptr<IOBuffer>(user_write_buf_)));
2156 return rv;
2157 }
2158 PRErrorCode prerr = PR_GetError();
2159 if (prerr == PR_WOULD_BLOCK_ERROR)
2160 return ERR_IO_PENDING;
2161
2162 rv = HandleNSSError(prerr, false);
2163 PostOrRunCallback(
2164 FROM_HERE,
2165 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
2166 NetLog::TYPE_SSL_WRITE_ERROR,
2167 make_scoped_refptr(new SSLErrorParams(rv, prerr))));
2168 return rv;
2169 }
2170
2171 // Do as much network I/O as possible between the buffer and the
2172 // transport socket. Return true if some I/O performed, false
2173 // otherwise (error or ERR_IO_PENDING).
2174 bool SSLClientSocketNSS::Core::DoTransportIO() {
2175 DCHECK(OnNSSTaskRunner());
2176
2177 bool network_moved = false;
2178 if (nss_bufs_ != NULL) {
2179 int rv;
2180 // Read and write as much data as we can. The loop is neccessary
2181 // because Write() may return synchronously.
2182 do {
2183 rv = BufferSend();
2184 if (rv > 0)
2185 network_moved = true;
2186 } while (rv > 0);
2187 if (!transport_recv_eof_ && BufferRecv() >= 0)
2188 network_moved = true;
2189 }
2190 return network_moved;
2191 }
2192
2193 int SSLClientSocketNSS::Core::BufferRecv() {
2194 DCHECK(OnNSSTaskRunner());
2195
2196 if (transport_recv_busy_)
2197 return ERR_IO_PENDING;
2198
2199 char* buf;
2200 int nb = memio_GetReadParams(nss_bufs_, &buf);
846 int rv; 2201 int rv;
847 2202 if (!nb) {
848 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); 2203 // buffer too full to read into, so no I/O possible at moment
849 if (rv != SECSuccess) { 2204 rv = ERR_IO_PENDING;
850 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); 2205 } else {
851 return ERR_UNEXPECTED; 2206 scoped_refptr<IOBuffer> read_buffer(new IOBuffer(nb));
852 } 2207 if (OnNetworkTaskRunner()) {
853 2208 rv = DoBufferRecv(read_buffer, nb);
854 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); 2209 } else {
855 if (rv != SECSuccess) { 2210 bool posted = network_task_runner_->PostTask(
856 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); 2211 FROM_HERE,
857 return ERR_UNEXPECTED; 2212 base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer,
858 } 2213 nb));
859 2214 rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
860 // Don't do V2 compatible hellos because they don't support TLS extensions. 2215 }
861 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE); 2216
862 if (rv != SECSuccess) { 2217 if (rv == ERR_IO_PENDING) {
863 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO"); 2218 transport_recv_busy_ = true;
864 return ERR_UNEXPECTED; 2219 } else {
865 } 2220 if (rv > 0) {
866 2221 memcpy(buf, read_buffer->data(), rv);
867 SSLVersionRange version_range; 2222 } else if (rv == 0) {
868 version_range.min = ssl_config_.version_min; 2223 transport_recv_eof_ = true;
869 version_range.max = ssl_config_.version_max; 2224 }
870 rv = SSL_VersionRangeSet(nss_fd_, &version_range); 2225 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv));
871 if (rv != SECSuccess) { 2226 }
872 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); 2227 }
873 return ERR_NO_SSL_VERSIONS_ENABLED; 2228 return rv;
874 } 2229 }
875 2230
876 for (std::vector<uint16>::const_iterator it = 2231 // Return 0 for EOF,
877 ssl_config_.disabled_cipher_suites.begin(); 2232 // > 0 for bytes transferred immediately,
878 it != ssl_config_.disabled_cipher_suites.end(); ++it) { 2233 // < 0 for error (or the non-error ERR_IO_PENDING).
879 // This will fail if the specified cipher is not implemented by NSS, but 2234 int SSLClientSocketNSS::Core::BufferSend() {
880 // the failure is harmless. 2235 DCHECK(OnNSSTaskRunner());
881 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); 2236
882 } 2237 if (transport_send_busy_)
883 2238 return ERR_IO_PENDING;
884 #ifdef SSL_ENABLE_SESSION_TICKETS 2239
885 // Support RFC 5077 2240 const char* buf1;
886 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); 2241 const char* buf2;
887 if (rv != SECSuccess) { 2242 unsigned int len1, len2;
888 LogFailedNSSFunction( 2243 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2);
889 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); 2244 const unsigned int len = len1 + len2;
890 } 2245
891 #else 2246 int rv = 0;
892 #error "You need to install NSS-3.12 or later to build chromium" 2247 if (len) {
893 #endif 2248 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len));
894 2249 memcpy(send_buffer->data(), buf1, len1);
895 #ifdef SSL_ENABLE_DEFLATE 2250 memcpy(send_buffer->data() + len1, buf2, len2);
896 // Some web servers have been found to break if TLS is used *or* if DEFLATE 2251
897 // is advertised. Thus, if TLS is disabled (probably because we are doing 2252 if (OnNetworkTaskRunner()) {
898 // SSLv3 fallback), we disable DEFLATE also. 2253 rv = DoBufferSend(send_buffer, len);
899 // See http://crbug.com/31628 2254 } else {
900 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, 2255 bool posted = network_task_runner_->PostTask(
901 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1); 2256 FROM_HERE,
902 if (rv != SECSuccess) 2257 base::Bind(IgnoreResult(&Core::DoBufferSend), this, send_buffer,
903 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE"); 2258 len));
904 #endif 2259 rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
905 2260 }
906 #ifdef SSL_ENABLE_FALSE_START 2261
907 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, 2262 if (rv == ERR_IO_PENDING) {
908 ssl_config_.false_start_enabled); 2263 transport_send_busy_ = true;
909 if (rv != SECSuccess) 2264 } else {
910 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START"); 2265 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv));
911 #endif 2266 }
912 2267 }
913 #ifdef SSL_ENABLE_RENEGOTIATION 2268
914 // We allow servers to request renegotiation. Since we're a client, 2269 return rv;
915 // prohibiting this is rather a waste of time. Only servers are in a 2270 }
916 // position to prevent renegotiation attacks. 2271
917 // http://extendedsubset.com/?p=8 2272 void SSLClientSocketNSS::Core::OnRecvComplete(int result) {
918 2273 DCHECK(OnNSSTaskRunner());
919 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, 2274
920 SSL_RENEGOTIATE_TRANSITIONAL);
921 if (rv != SECSuccess) {
922 LogFailedNSSFunction(
923 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
924 }
925 #endif // SSL_ENABLE_RENEGOTIATION
926
927 if (!ssl_config_.next_protos.empty()) {
928 rv = SSL_SetNextProtoCallback(
929 nss_fd_, SSLClientSocketNSS::NextProtoCallback, this);
930 if (rv != SECSuccess)
931 LogFailedNSSFunction(net_log_, "SSL_SetNextProtoCallback", "");
932 }
933
934 #ifdef SSL_CBC_RANDOM_IV
935 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV,
936 ssl_config_.false_start_enabled);
937 if (rv != SECSuccess)
938 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
939 #endif
940
941 #ifdef SSL_ENABLE_OCSP_STAPLING
942 if (IsOCSPStaplingSupported()) {
943 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
944 if (rv != SECSuccess) {
945 LogFailedNSSFunction(net_log_, "SSL_OptionSet",
946 "SSL_ENABLE_OCSP_STAPLING");
947 }
948 }
949 #endif
950
951 #ifdef SSL_ENABLE_CACHED_INFO
952 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
953 ssl_config_.cached_info_enabled);
954 if (rv != SECSuccess)
955 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO");
956 #endif
957
958 #ifdef SSL_ENABLE_OB_CERTS
959 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS,
960 ssl_config_.domain_bound_certs_enabled);
961 if (rv != SECSuccess)
962 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS");
963 #endif
964
965 #ifdef SSL_ENCRYPT_CLIENT_CERTS
966 // For now, enable the encrypted client certificates extension only if
967 // server-bound certificates are enabled.
968 rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS,
969 ssl_config_.domain_bound_certs_enabled);
970 if (rv != SECSuccess)
971 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS");
972 #endif
973
974 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
975 if (rv != SECSuccess) {
976 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
977 return ERR_UNEXPECTED;
978 }
979
980 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
981 if (rv != SECSuccess) {
982 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", "");
983 return ERR_UNEXPECTED;
984 }
985
986 #if defined(NSS_PLATFORM_CLIENT_AUTH)
987 rv = SSL_GetPlatformClientAuthDataHook(nss_fd_, PlatformClientAuthHandler,
988 this);
989 #else
990 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this);
991 #endif
992 if (rv != SECSuccess) {
993 LogFailedNSSFunction(net_log_, "SSL_GetClientAuthDataHook", "");
994 return ERR_UNEXPECTED;
995 }
996
997 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this);
998 if (rv != SECSuccess) {
999 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", "");
1000 return ERR_UNEXPECTED;
1001 }
1002
1003 // Tell SSL the hostname we're trying to connect to.
1004 SSL_SetURL(nss_fd_, host_and_port_.host().c_str());
1005
1006 // Tell SSL we're a client; needed if not letting NSPR do socket I/O
1007 SSL_ResetHandshake(nss_fd_, PR_FALSE);
1008
1009 return OK;
1010 }
1011
1012 int SSLClientSocketNSS::InitializeSSLPeerName() {
1013 // Tell NSS who we're connected to
1014 AddressList peer_address;
1015 int err = transport_->socket()->GetPeerAddress(&peer_address);
1016 if (err != OK)
1017 return err;
1018
1019 SockaddrStorage storage;
1020 if (!peer_address.front().ToSockAddr(storage.addr, &storage.addr_len))
1021 return ERR_UNEXPECTED;
1022
1023 PRNetAddr peername;
1024 memset(&peername, 0, sizeof(peername));
1025 DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername));
1026 size_t len = std::min(static_cast<size_t>(storage.addr_len),
1027 sizeof(peername));
1028 memcpy(&peername, storage.addr, len);
1029
1030 // Adjust the address family field for BSD, whose sockaddr
1031 // structure has a one-byte length and one-byte address family
1032 // field at the beginning. PRNetAddr has a two-byte address
1033 // family field at the beginning.
1034 peername.raw.family = storage.addr->sa_family;
1035
1036 memio_SetPeerName(nss_fd_, &peername);
1037
1038 // Set the peer ID for session reuse. This is necessary when we create an
1039 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
1040 // rather than the destination server's address in that case.
1041 std::string peer_id = host_and_port_.ToString();
1042 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id.
1043 // This will cause session cache misses between sockets with different values
1044 // of ssl_session_cache_shard_ and this is used to partition the session cache
1045 // for incognito mode.
1046 if (!ssl_session_cache_shard_.empty()) {
1047 peer_id += "/" + ssl_session_cache_shard_;
1048 }
1049 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
1050 if (rv != SECSuccess)
1051 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
1052
1053 return OK;
1054 }
1055
1056
1057 // Sets server_cert_ and server_cert_nss_ if not yet set.
1058 void SSLClientSocketNSS::UpdateServerCert() {
1059 // We set the server_cert_ from HandshakeCallback().
1060 if (server_cert_ == NULL) {
1061 server_cert_nss_ = SSL_PeerCertificate(nss_fd_);
1062 if (server_cert_nss_) {
1063 PeerCertificateChain certs(nss_fd_);
1064 // This call may fail when SSL is used inside sandbox. In that
1065 // case CreateFromDERCertChain() returns NULL.
1066 server_cert_ = X509Certificate::CreateFromDERCertChain(
1067 certs.AsStringPieceVector());
1068 if (server_cert_) {
1069 net_log_.AddEvent(
1070 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
1071 make_scoped_refptr(new X509CertificateNetLogParam(server_cert_)));
1072 }
1073 }
1074 }
1075 }
1076
1077 // Sets ssl_connection_status_.
1078 void SSLClientSocketNSS::UpdateConnectionStatus() {
1079 SSLChannelInfo channel_info;
1080 SECStatus ok = SSL_GetChannelInfo(nss_fd_,
1081 &channel_info, sizeof(channel_info));
1082 if (ok == SECSuccess &&
1083 channel_info.length == sizeof(channel_info) &&
1084 channel_info.cipherSuite) {
1085 ssl_connection_status_ |=
1086 (static_cast<int>(channel_info.cipherSuite) &
1087 SSL_CONNECTION_CIPHERSUITE_MASK) <<
1088 SSL_CONNECTION_CIPHERSUITE_SHIFT;
1089
1090 ssl_connection_status_ |=
1091 (static_cast<int>(channel_info.compressionMethod) &
1092 SSL_CONNECTION_COMPRESSION_MASK) <<
1093 SSL_CONNECTION_COMPRESSION_SHIFT;
1094
1095 // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS
1096 // doesn't support them yet), so we use 0x0302 and 0x0303 directly.
1097 int version = SSL_CONNECTION_VERSION_UNKNOWN;
1098 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) {
1099 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL
1100 // version 2.
1101 version = SSL_CONNECTION_VERSION_SSL2;
1102 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) {
1103 version = SSL_CONNECTION_VERSION_SSL3;
1104 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) {
1105 version = SSL_CONNECTION_VERSION_TLS1;
1106 } else if (channel_info.protocolVersion == 0x0302) {
1107 version = SSL_CONNECTION_VERSION_TLS1_1;
1108 } else if (channel_info.protocolVersion == 0x0303) {
1109 version = SSL_CONNECTION_VERSION_TLS1_2;
1110 }
1111 ssl_connection_status_ |=
1112 (version & SSL_CONNECTION_VERSION_MASK) <<
1113 SSL_CONNECTION_VERSION_SHIFT;
1114 }
1115
1116 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
1117 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
1118 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
1119 #if defined(SSL_MAX_EXTENSIONS)
1120 PRBool peer_supports_renego_ext;
1121 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
1122 &peer_supports_renego_ext);
1123 if (ok == SECSuccess) {
1124 if (!peer_supports_renego_ext) {
1125 ssl_connection_status_ |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
1126 // Log an informational message if the server does not support secure
1127 // renegotiation (RFC 5746).
1128 VLOG(1) << "The server " << host_and_port_.ToString()
1129 << " does not support the TLS renegotiation_info extension.";
1130 }
1131 UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported",
1132 peer_supports_renego_ext, 2);
1133 }
1134 #endif
1135
1136 if (ssl_config_.version_fallback)
1137 ssl_connection_status_ |= SSL_CONNECTION_VERSION_FALLBACK;
1138 }
1139
1140 void SSLClientSocketNSS::DoReadCallback(int rv) {
1141 EnterFunction(rv);
1142 DCHECK(rv != ERR_IO_PENDING);
1143 DCHECK(!user_read_callback_.is_null());
1144
1145 // Since Run may result in Read being called, clear |user_read_callback_|
1146 // up front.
1147 CompletionCallback c = user_read_callback_;
1148 user_read_callback_.Reset();
1149 user_read_buf_ = NULL;
1150 user_read_buf_len_ = 0;
1151 c.Run(rv);
1152 LeaveFunction("");
1153 }
1154
1155 void SSLClientSocketNSS::DoWriteCallback(int rv) {
1156 EnterFunction(rv);
1157 DCHECK(rv != ERR_IO_PENDING);
1158 DCHECK(!user_write_callback_.is_null());
1159
1160 // Since Run may result in Write being called, clear |user_write_callback_|
1161 // up front.
1162 CompletionCallback c = user_write_callback_;
1163 user_write_callback_.Reset();
1164 user_write_buf_ = NULL;
1165 user_write_buf_len_ = 0;
1166 c.Run(rv);
1167 LeaveFunction("");
1168 }
1169
1170 // As part of Connect(), the SSLClientSocketNSS object performs an SSL
1171 // handshake. This requires network IO, which in turn calls
1172 // BufferRecvComplete() with a non-zero byte count. This byte count eventually
1173 // winds its way through the state machine and ends up being passed to the
1174 // callback. For Read() and Write(), that's what we want. But for Connect(),
1175 // the caller expects OK (i.e. 0) for success.
1176 //
1177 void SSLClientSocketNSS::DoConnectCallback(int rv) {
1178 EnterFunction(rv);
1179 DCHECK_NE(rv, ERR_IO_PENDING);
1180 DCHECK(!user_connect_callback_.is_null());
1181
1182 CompletionCallback c = user_connect_callback_;
1183 user_connect_callback_.Reset();
1184 c.Run(rv > OK ? OK : rv);
1185 LeaveFunction("");
1186 }
1187
1188 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) {
1189 EnterFunction(result);
1190 int rv = DoHandshakeLoop(result);
1191 if (rv != ERR_IO_PENDING) {
1192 net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_CONNECT, rv);
1193 DoConnectCallback(rv);
1194 }
1195 LeaveFunction("");
1196 }
1197
1198 void SSLClientSocketNSS::OnSendComplete(int result) {
1199 EnterFunction(result);
1200 if (next_handshake_state_ == STATE_HANDSHAKE) { 2275 if (next_handshake_state_ == STATE_HANDSHAKE) {
1201 // In handshake phase.
1202 OnHandshakeIOComplete(result); 2276 OnHandshakeIOComplete(result);
1203 LeaveFunction("");
1204 return; 2277 return;
1205 } 2278 }
1206 2279
2280 // Network layer received some data, check if client requested to read
2281 // decrypted data.
2282 if (!user_read_buf_)
2283 return;
2284
2285 int rv = DoReadLoop(result);
2286 if (rv != ERR_IO_PENDING)
2287 DoReadCallback(rv);
2288 }
2289
2290 void SSLClientSocketNSS::Core::OnSendComplete(int result) {
2291 DCHECK(OnNSSTaskRunner());
2292
2293 if (next_handshake_state_ == STATE_HANDSHAKE) {
2294 OnHandshakeIOComplete(result);
2295 return;
2296 }
2297
1207 // OnSendComplete may need to call DoPayloadRead while the renegotiation 2298 // OnSendComplete may need to call DoPayloadRead while the renegotiation
1208 // handshake is in progress. 2299 // handshake is in progress.
1209 int rv_read = ERR_IO_PENDING; 2300 int rv_read = ERR_IO_PENDING;
1210 int rv_write = ERR_IO_PENDING; 2301 int rv_write = ERR_IO_PENDING;
1211 bool network_moved; 2302 bool network_moved;
1212 do { 2303 do {
1213 if (user_read_buf_) 2304 if (user_read_buf_)
1214 rv_read = DoPayloadRead(); 2305 rv_read = DoPayloadRead();
1215 if (user_write_buf_) 2306 if (user_write_buf_)
1216 rv_write = DoPayloadWrite(); 2307 rv_write = DoPayloadWrite();
1217 network_moved = DoTransportIO(); 2308 network_moved = DoTransportIO();
1218 } while (rv_read == ERR_IO_PENDING && 2309 } while (rv_read == ERR_IO_PENDING &&
1219 rv_write == ERR_IO_PENDING && 2310 rv_write == ERR_IO_PENDING &&
1220 (user_read_buf_ || user_write_buf_) && 2311 (user_read_buf_ || user_write_buf_) &&
1221 network_moved); 2312 network_moved);
1222 2313
1223 if (user_read_buf_ && rv_read != ERR_IO_PENDING) 2314 if (user_read_buf_ && rv_read != ERR_IO_PENDING)
1224 DoReadCallback(rv_read); 2315 DoReadCallback(rv_read);
1225 if (user_write_buf_ && rv_write != ERR_IO_PENDING) 2316 if (user_write_buf_ && rv_write != ERR_IO_PENDING)
1226 DoWriteCallback(rv_write); 2317 DoWriteCallback(rv_write);
1227
1228 LeaveFunction("");
1229 } 2318 }
1230 2319
1231 void SSLClientSocketNSS::OnRecvComplete(int result) { 2320 // As part of Connect(), the SSLClientSocketNSS object performs an SSL
1232 EnterFunction(result); 2321 // handshake. This requires network IO, which in turn calls
1233 if (next_handshake_state_ == STATE_HANDSHAKE) { 2322 // BufferRecvComplete() with a non-zero byte count. This byte count eventually
1234 // In handshake phase. 2323 // winds its way through the state machine and ends up being passed to the
1235 OnHandshakeIOComplete(result); 2324 // callback. For Read() and Write(), that's what we want. But for Connect(),
1236 LeaveFunction(""); 2325 // the caller expects OK (i.e. 0) for success.
1237 return; 2326 void SSLClientSocketNSS::Core::DoConnectCallback(int rv) {
2327 DCHECK(OnNSSTaskRunner());
2328 DCHECK_NE(rv, ERR_IO_PENDING);
2329 DCHECK(!user_connect_callback_.is_null());
2330
2331 base::Closure c = base::Bind(
2332 base::ResetAndReturn(&user_connect_callback_),
2333 rv > OK ? OK : rv);
2334 PostOrRunCallback(FROM_HERE, c);
2335 }
2336
2337 void SSLClientSocketNSS::Core::DoReadCallback(int rv) {
2338 DCHECK(OnNSSTaskRunner());
2339 DCHECK_NE(ERR_IO_PENDING, rv);
2340 DCHECK(!user_read_callback_.is_null());
2341
2342 user_read_buf_ = NULL;
2343 user_read_buf_len_ = 0;
2344 base::Closure c = base::Bind(
2345 base::ResetAndReturn(&user_read_callback_),
2346 rv);
2347 PostOrRunCallback(FROM_HERE, c);
2348 }
2349
2350 void SSLClientSocketNSS::Core::DoWriteCallback(int rv) {
2351 DCHECK(OnNSSTaskRunner());
2352 DCHECK_NE(ERR_IO_PENDING, rv);
2353 DCHECK(!user_write_callback_.is_null());
2354
2355 // Since Run may result in Write being called, clear |user_write_callback_|
2356 // up front.
2357 user_write_buf_ = NULL;
2358 user_write_buf_len_ = 0;
2359 base::Closure c = base::Bind(
2360 base::ResetAndReturn(&user_write_callback_),
2361 rv);
2362 PostOrRunCallback(FROM_HERE, c);
2363 }
2364
2365 SECStatus SSLClientSocketNSS::Core::DomainBoundClientAuthHandler(
2366 const SECItem* cert_types,
2367 CERTCertificate** result_certificate,
2368 SECKEYPrivateKey** result_private_key) {
2369 DCHECK(OnNSSTaskRunner());
2370
2371 domain_bound_cert_xtn_negotiated_ = true;
2372
2373 // We have negotiated the domain-bound certificate extension.
2374 std::string origin = "https://" + host_and_port_.ToString();
2375 std::vector<uint8> requested_cert_types(cert_types->data,
2376 cert_types->data + cert_types->len);
2377 int error = ERR_UNEXPECTED;
2378 if (OnNetworkTaskRunner()) {
2379 error = DoGetDomainBoundCert(origin, requested_cert_types);
2380 } else {
2381 bool posted = network_task_runner_->PostTask(
2382 FROM_HERE,
2383 base::Bind(IgnoreResult(&Core::DoGetDomainBoundCert), this, origin,
2384 requested_cert_types));
2385 error = posted ? ERR_IO_PENDING : ERR_ABORTED;
1238 } 2386 }
1239 2387
1240 // Network layer received some data, check if client requested to read 2388 if (error == ERR_IO_PENDING) {
1241 // decrypted data. 2389 // Asynchronous case.
1242 if (!user_read_buf_) { 2390 client_auth_cert_needed_ = true;
1243 LeaveFunction(""); 2391 return SECWouldBlock;
1244 return;
1245 } 2392 }
1246 2393
1247 int rv = DoReadLoop(result); 2394 PostOrRunCallback(
1248 if (rv != ERR_IO_PENDING) 2395 FROM_HERE,
1249 DoReadCallback(rv); 2396 base::Bind(&BoundNetLog::EndEventWithNetErrorCode, weak_net_log_,
1250 LeaveFunction(""); 2397 NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, error));
1251 } 2398 SECStatus rv = SECSuccess;
2399 if (error == OK) {
2400 // Synchronous success.
2401 int result = ImportDBCertAndKey(result_certificate, result_private_key);
2402 if (result != OK) {
2403 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE;
2404 rv = SECFailure;
2405 }
2406 } else {
2407 rv = SECFailure;
2408 }
1252 2409
1253 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { 2410 int cert_count = (rv == SECSuccess) ? 1 : 0;
1254 EnterFunction(last_io_result); 2411 PostOrRunCallback(
1255 int rv = last_io_result; 2412 FROM_HERE,
1256 do { 2413 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
1257 // Default to STATE_NONE for next state. 2414 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
1258 // (This is a quirk carried over from the windows 2415 make_scoped_refptr(
1259 // implementation. It makes reading the logs a bit harder.) 2416 new NetLogIntegerParameter("cert_count",
1260 // State handlers can and often do call GotoState just 2417 cert_count))));
1261 // to stay in the current state.
1262 State state = next_handshake_state_;
1263 GotoState(STATE_NONE);
1264 switch (state) {
1265 case STATE_LOAD_SSL_HOST_INFO:
1266 DCHECK(rv == OK || rv == ERR_IO_PENDING);
1267 rv = DoLoadSSLHostInfo();
1268 break;
1269 case STATE_HANDSHAKE:
1270 rv = DoHandshake();
1271 break;
1272 case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE:
1273 rv = DoGetDBCertComplete(rv);
1274 break;
1275 case STATE_VERIFY_DNSSEC:
1276 rv = DoVerifyDNSSEC(rv);
1277 break;
1278 case STATE_VERIFY_CERT:
1279 DCHECK(rv == OK);
1280 rv = DoVerifyCert(rv);
1281 break;
1282 case STATE_VERIFY_CERT_COMPLETE:
1283 rv = DoVerifyCertComplete(rv);
1284 break;
1285 case STATE_NONE:
1286 default:
1287 rv = ERR_UNEXPECTED;
1288 LOG(DFATAL) << "unexpected state " << state;
1289 break;
1290 }
1291
1292 // Do the actual network I/O
1293 bool network_moved = DoTransportIO();
1294 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) {
1295 // In general we exit the loop if rv is ERR_IO_PENDING. In this
1296 // special case we keep looping even if rv is ERR_IO_PENDING because
1297 // the transport IO may allow DoHandshake to make progress.
1298 DCHECK(rv == OK || rv == ERR_IO_PENDING);
1299 rv = OK; // This causes us to stay in the loop.
1300 }
1301 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
1302 LeaveFunction("");
1303 return rv; 2418 return rv;
1304 } 2419 }
1305 2420
1306 int SSLClientSocketNSS::DoReadLoop(int result) { 2421 int SSLClientSocketNSS::Core::ImportDBCertAndKey(CERTCertificate** cert,
1307 EnterFunction(""); 2422 SECKEYPrivateKey** key) {
1308 DCHECK(completed_handshake_);
1309 DCHECK(next_handshake_state_ == STATE_NONE);
1310
1311 if (result < 0)
1312 return result;
1313
1314 if (!nss_bufs_) {
1315 LOG(DFATAL) << "!nss_bufs_";
1316 int rv = ERR_UNEXPECTED;
1317 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR,
1318 make_scoped_refptr(new SSLErrorParams(rv, 0)));
1319 return rv;
1320 }
1321
1322 bool network_moved;
1323 int rv;
1324 do {
1325 rv = DoPayloadRead();
1326 network_moved = DoTransportIO();
1327 } while (rv == ERR_IO_PENDING && network_moved);
1328
1329 LeaveFunction("");
1330 return rv;
1331 }
1332
1333 int SSLClientSocketNSS::DoWriteLoop(int result) {
1334 EnterFunction("");
1335 DCHECK(completed_handshake_);
1336 DCHECK(next_handshake_state_ == STATE_NONE);
1337
1338 if (result < 0)
1339 return result;
1340
1341 if (!nss_bufs_) {
1342 LOG(DFATAL) << "!nss_bufs_";
1343 int rv = ERR_UNEXPECTED;
1344 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
1345 make_scoped_refptr(new SSLErrorParams(rv, 0)));
1346 return rv;
1347 }
1348
1349 bool network_moved;
1350 int rv;
1351 do {
1352 rv = DoPayloadWrite();
1353 network_moved = DoTransportIO();
1354 } while (rv == ERR_IO_PENDING && network_moved);
1355
1356 LeaveFunction("");
1357 return rv;
1358 }
1359
1360 bool SSLClientSocketNSS::LoadSSLHostInfo() {
1361 const SSLHostInfo::State& state(ssl_host_info_->state());
1362
1363 if (state.certs.empty())
1364 return true;
1365
1366 const std::vector<std::string>& certs_in = state.certs;
1367 scoped_array<CERTCertificate*> certs(new CERTCertificate*[certs_in.size()]);
1368
1369 for (size_t i = 0; i < certs_in.size(); i++) {
1370 SECItem derCert;
1371 derCert.data =
1372 const_cast<uint8*>(reinterpret_cast<const uint8*>(certs_in[i].data()));
1373 derCert.len = certs_in[i].size();
1374 certs[i] = CERT_NewTempCertificate(
1375 CERT_GetDefaultCertDB(), &derCert, NULL /* no nickname given */,
1376 PR_FALSE /* not permanent */, PR_TRUE /* copy DER data */);
1377 if (!certs[i]) {
1378 DestroyCertificates(&certs[0], i);
1379 NOTREACHED();
1380 return false;
1381 }
1382 }
1383
1384 SECStatus rv;
1385 #ifdef SSL_ENABLE_CACHED_INFO
1386 rv = SSL_SetPredictedPeerCertificates(nss_fd_, certs.get(), certs_in.size());
1387 DCHECK_EQ(SECSuccess, rv);
1388 #else
1389 rv = SECFailure; // Not implemented.
1390 #endif
1391 DestroyCertificates(&certs[0], certs_in.size());
1392
1393 return rv == SECSuccess;
1394 }
1395
1396 int SSLClientSocketNSS::DoLoadSSLHostInfo() {
1397 EnterFunction("");
1398 int rv = ssl_host_info_->WaitForDataReady(
1399 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
1400 base::Unretained(this)));
1401 GotoState(STATE_HANDSHAKE);
1402
1403 if (rv == OK) {
1404 if (!LoadSSLHostInfo())
1405 LOG(WARNING) << "LoadSSLHostInfo failed: " << host_and_port_.ToString();
1406 } else {
1407 DCHECK_EQ(ERR_IO_PENDING, rv);
1408 GotoState(STATE_LOAD_SSL_HOST_INFO);
1409 }
1410
1411 LeaveFunction("");
1412 return rv;
1413 }
1414
1415 int SSLClientSocketNSS::DoHandshake() {
1416 EnterFunction("");
1417 int net_error = net::OK;
1418 SECStatus rv = SSL_ForceHandshake(nss_fd_);
1419
1420 // TODO(rkn): Handle the case in which server-bound cert generation takes
1421 // too long and the server has closed the connection. Report some new error
1422 // code so that the higher level code will attempt to delete the socket and
1423 // redo the handshake.
1424
1425 if (client_auth_cert_needed_) {
1426 if (domain_bound_cert_xtn_negotiated_) {
1427 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE);
1428 net_error = ERR_IO_PENDING;
1429 } else {
1430 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
1431 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
1432 make_scoped_refptr(new SSLErrorParams(net_error, 0)));
1433 // If the handshake already succeeded (because the server requests but
1434 // doesn't require a client cert), we need to invalidate the SSL session
1435 // so that we won't try to resume the non-client-authenticated session in
1436 // the next handshake. This will cause the server to ask for a client
1437 // cert again.
1438 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) {
1439 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError();
1440 }
1441 }
1442 } else if (rv == SECSuccess) {
1443 if (handshake_callback_called_) {
1444 // We need to see if the predicted certificate chain (in
1445 // |ssl_host_info_->state().certs) matches the actual certificate chain
1446 // before we call SaveSSLHostInfo, as that will update
1447 // |ssl_host_info_|.
1448 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty()) {
1449 PeerCertificateChain certs(nss_fd_);
1450 const SSLHostInfo::State& state = ssl_host_info_->state();
1451 predicted_cert_chain_correct_ = certs.size() == state.certs.size();
1452 if (predicted_cert_chain_correct_) {
1453 for (unsigned i = 0; i < certs.size(); i++) {
1454 if (certs[i]->derCert.len != state.certs[i].size() ||
1455 memcmp(certs[i]->derCert.data, state.certs[i].data(),
1456 certs[i]->derCert.len) != 0) {
1457 predicted_cert_chain_correct_ = false;
1458 break;
1459 }
1460 }
1461 }
1462 }
1463
1464 #if defined(SSL_ENABLE_OCSP_STAPLING)
1465 // TODO(agl): figure out how to plumb an OCSP response into the Mac
1466 // system library and update IsOCSPStaplingSupported for Mac.
1467 if (!predicted_cert_chain_correct_ && IsOCSPStaplingSupported()) {
1468 unsigned int len = 0;
1469 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len);
1470 if (len) {
1471 const unsigned int orig_len = len;
1472 scoped_array<uint8> ocsp_response(new uint8[orig_len]);
1473 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len);
1474 DCHECK_EQ(orig_len, len);
1475
1476 #if defined(OS_WIN)
1477 CRYPT_DATA_BLOB ocsp_response_blob;
1478 ocsp_response_blob.cbData = len;
1479 ocsp_response_blob.pbData = ocsp_response.get();
1480 BOOL ok = CertSetCertificateContextProperty(
1481 server_cert_->os_cert_handle(),
1482 CERT_OCSP_RESPONSE_PROP_ID,
1483 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG,
1484 &ocsp_response_blob);
1485 if (!ok) {
1486 VLOG(1) << "Failed to set OCSP response property: "
1487 << GetLastError();
1488 }
1489 #elif defined(USE_NSS)
1490 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response =
1491 GetCacheOCSPResponseFromSideChannelFunction();
1492 SECItem ocsp_response_item;
1493 ocsp_response_item.type = siBuffer;
1494 ocsp_response_item.data = ocsp_response.get();
1495 ocsp_response_item.len = len;
1496
1497 cache_ocsp_response(
1498 CERT_GetDefaultCertDB(), server_cert_nss_, PR_Now(),
1499 &ocsp_response_item, NULL);
1500 #endif
1501 }
1502 }
1503 #endif
1504
1505 SaveSSLHostInfo();
1506 // SSL handshake is completed. Let's verify the certificate.
1507 GotoState(STATE_VERIFY_DNSSEC);
1508 // Done!
1509 } else {
1510 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 -
1511 // SSL_ForceHandshake returned SECSuccess prematurely.
1512 rv = SECFailure;
1513 net_error = ERR_SSL_PROTOCOL_ERROR;
1514 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
1515 make_scoped_refptr(new SSLErrorParams(net_error, 0)));
1516 }
1517 } else {
1518 PRErrorCode prerr = PR_GetError();
1519 net_error = HandleNSSError(prerr, true);
1520
1521 // If not done, stay in this state
1522 if (net_error == ERR_IO_PENDING) {
1523 GotoState(STATE_HANDSHAKE);
1524 } else {
1525 net_log_.AddEvent(
1526 NetLog::TYPE_SSL_HANDSHAKE_ERROR,
1527 make_scoped_refptr(new SSLErrorParams(net_error, prerr)));
1528 }
1529 }
1530
1531 LeaveFunction("");
1532 return net_error;
1533 }
1534
1535 int SSLClientSocketNSS::ImportDBCertAndKey(CERTCertificate** cert,
1536 SECKEYPrivateKey** key) {
1537 // Set the certificate. 2423 // Set the certificate.
1538 SECItem cert_item; 2424 SECItem cert_item;
1539 cert_item.data = (unsigned char*) domain_bound_cert_.data(); 2425 cert_item.data = (unsigned char*) domain_bound_cert_.data();
1540 cert_item.len = domain_bound_cert_.size(); 2426 cert_item.len = domain_bound_cert_.size();
1541 *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), 2427 *cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
1542 &cert_item, 2428 &cert_item,
1543 NULL, 2429 NULL,
1544 PR_FALSE, 2430 PR_FALSE,
1545 PR_TRUE); 2431 PR_TRUE);
1546 if (*cert == NULL) 2432 if (*cert == NULL)
(...skipping 22 matching lines...) Expand all
1569 } 2455 }
1570 2456
1571 default: 2457 default:
1572 NOTREACHED(); 2458 NOTREACHED();
1573 return ERR_INVALID_ARGUMENT; 2459 return ERR_INVALID_ARGUMENT;
1574 } 2460 }
1575 2461
1576 return OK; 2462 return OK;
1577 } 2463 }
1578 2464
1579 int SSLClientSocketNSS::DoGetDBCertComplete(int result) { 2465 void SSLClientSocketNSS::Core::UpdateServerCert() {
1580 SECStatus rv; 2466 nss_handshake_state_.server_cert_chain.Reset(nss_fd_);
1581 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, 2467 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain(
1582 result); 2468 nss_handshake_state_.server_cert_chain.AsStringPieceVector());
1583 client_auth_cert_needed_ = false; 2469 if (nss_handshake_state_.server_cert) {
2470 PostOrRunCallback(
2471 FROM_HERE,
2472 base::Bind(&BoundNetLog::AddEvent, weak_net_log_,
2473 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
2474 make_scoped_refptr(
2475 new X509CertificateNetLogParam(
2476 nss_handshake_state_.server_cert))));
2477 }
2478 }
2479
2480 void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
2481 SSLChannelInfo channel_info;
2482 SECStatus ok = SSL_GetChannelInfo(nss_fd_,
2483 &channel_info, sizeof(channel_info));
2484 if (ok == SECSuccess &&
2485 channel_info.length == sizeof(channel_info) &&
2486 channel_info.cipherSuite) {
2487 nss_handshake_state_.ssl_connection_status |=
2488 (static_cast<int>(channel_info.cipherSuite) &
2489 SSL_CONNECTION_CIPHERSUITE_MASK) <<
2490 SSL_CONNECTION_CIPHERSUITE_SHIFT;
2491
2492 nss_handshake_state_.ssl_connection_status |=
2493 (static_cast<int>(channel_info.compressionMethod) &
2494 SSL_CONNECTION_COMPRESSION_MASK) <<
2495 SSL_CONNECTION_COMPRESSION_SHIFT;
2496
2497 // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS
2498 // doesn't support them yet), so we use 0x0302 and 0x0303 directly.
2499 int version = SSL_CONNECTION_VERSION_UNKNOWN;
2500 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) {
2501 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL
2502 // version 2.
2503 version = SSL_CONNECTION_VERSION_SSL2;
2504 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) {
2505 version = SSL_CONNECTION_VERSION_SSL3;
2506 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) {
2507 version = SSL_CONNECTION_VERSION_TLS1;
2508 } else if (channel_info.protocolVersion == 0x0302) {
2509 version = SSL_CONNECTION_VERSION_TLS1_1;
2510 } else if (channel_info.protocolVersion == 0x0303) {
2511 version = SSL_CONNECTION_VERSION_TLS1_2;
2512 }
2513 nss_handshake_state_.ssl_connection_status |=
2514 (version & SSL_CONNECTION_VERSION_MASK) <<
2515 SSL_CONNECTION_VERSION_SHIFT;
2516 }
2517
2518 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
2519 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
2520 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
2521 #if defined(SSL_MAX_EXTENSIONS)
2522 PRBool peer_supports_renego_ext;
2523 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
2524 &peer_supports_renego_ext);
2525 if (ok == SECSuccess) {
2526 if (!peer_supports_renego_ext) {
2527 nss_handshake_state_.ssl_connection_status |=
2528 SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
2529 // Log an informational message if the server does not support secure
2530 // renegotiation (RFC 5746).
2531 VLOG(1) << "The server " << host_and_port_.ToString()
2532 << " does not support the TLS renegotiation_info extension.";
2533 }
2534 UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported",
2535 peer_supports_renego_ext, 2);
2536 }
2537 #endif
2538
2539 if (ssl_config_.version_fallback) {
2540 nss_handshake_state_.ssl_connection_status |=
2541 SSL_CONNECTION_VERSION_FALLBACK;
2542 }
2543 }
2544
2545 void SSLClientSocketNSS::Core::RecordDomainBoundCertSupport() const {
2546 if (nss_handshake_state_.resumed_handshake)
2547 return;
2548
2549 // Since this enum is used for a histogram, do not change or re-use values.
2550 enum {
2551 DISABLED = 0,
2552 CLIENT_ONLY = 1,
2553 CLIENT_AND_SERVER = 2,
2554 DOMAIN_BOUND_CERT_USAGE_MAX
2555 } supported = DISABLED;
2556 #ifdef SSL_ENABLE_OB_CERTS
2557 if (domain_bound_cert_xtn_negotiated_)
2558 supported = CLIENT_AND_SERVER;
2559 else if (ssl_config_.domain_bound_certs_enabled)
2560 supported = CLIENT_ONLY;
2561 #endif
2562 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
2563 DOMAIN_BOUND_CERT_USAGE_MAX);
2564 }
2565
2566 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) {
2567 DCHECK(OnNetworkTaskRunner());
2568 DCHECK_GT(len, 0);
2569
2570 if (detached_)
2571 return ERR_ABORTED;
2572
2573 int rv = transport_->socket()->Read(
2574 read_buffer, len,
2575 base::Bind(&Core::BufferRecvComplete, base::Unretained(this),
2576 scoped_refptr<IOBuffer>(read_buffer)));
2577
2578 if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
2579 nss_task_runner_->PostTask(
2580 FROM_HERE, base::Bind(&Core::BufferRecvComplete, this,
2581 scoped_refptr<IOBuffer>(read_buffer), rv));
2582 return rv;
2583 }
2584
2585 return rv;
2586 }
2587
2588 int SSLClientSocketNSS::Core::DoBufferSend(IOBuffer* send_buffer, int len) {
2589 DCHECK(OnNetworkTaskRunner());
2590 DCHECK_GT(len, 0);
2591
2592 if (detached_)
2593 return ERR_ABORTED;
2594
2595 int rv = transport_->socket()->Write(
2596 send_buffer, len,
2597 base::Bind(&Core::BufferSendComplete,
2598 base::Unretained(this)));
2599
2600 if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
2601 nss_task_runner_->PostTask(
2602 FROM_HERE,
2603 base::Bind(&Core::BufferSendComplete, this, rv));
2604 return rv;
2605 }
2606
2607 return rv;
2608 }
2609
2610 int SSLClientSocketNSS::Core::DoGetDomainBoundCert(
2611 const std::string& origin,
2612 const std::vector<uint8>& requested_cert_types) {
2613 DCHECK(OnNetworkTaskRunner());
2614
2615 if (detached_)
2616 return ERR_FAILED;
2617
2618 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL);
2619
2620 int rv = server_bound_cert_service_->GetDomainBoundCert(
2621 origin,
2622 requested_cert_types,
2623 &domain_bound_cert_type_,
2624 &domain_bound_private_key_,
2625 &domain_bound_cert_,
2626 base::Bind(&Core::OnGetDomainBoundCertComplete, base::Unretained(this)),
2627 &domain_bound_cert_request_handle_);
2628
2629 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) {
2630 nss_task_runner_->PostTask(
2631 FROM_HERE,
2632 base::Bind(&Core::OnHandshakeIOComplete, this, rv));
2633 return ERR_IO_PENDING;
2634 }
2635
2636 return rv;
2637 }
2638
2639 void SSLClientSocketNSS::Core::OnHandshakeStateUpdated(
2640 const HandshakeState& state) {
2641 network_handshake_state_ = state;
2642 }
2643
2644 void SSLClientSocketNSS::Core::BufferSendComplete(int result) {
2645 if (!OnNSSTaskRunner()) {
2646 if (detached_)
2647 return;
2648
2649 nss_task_runner_->PostTask(
2650 FROM_HERE, base::Bind(&Core::BufferSendComplete, this, result));
2651 return;
2652 }
2653
2654 DCHECK(OnNSSTaskRunner());
2655
2656 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result));
2657 transport_send_busy_ = false;
2658 OnSendComplete(result);
2659 }
2660
2661 void SSLClientSocketNSS::Core::OnHandshakeIOComplete(int result) {
2662 if (!OnNSSTaskRunner()) {
2663 if (detached_)
2664 return;
2665
2666 nss_task_runner_->PostTask(
2667 FROM_HERE, base::Bind(&Core::OnHandshakeIOComplete, this, result));
2668 return;
2669 }
2670
2671 DCHECK(OnNSSTaskRunner());
2672
2673 int rv = DoHandshakeLoop(result);
2674 if (rv != ERR_IO_PENDING)
2675 DoConnectCallback(rv);
2676 }
2677
2678 void SSLClientSocketNSS::Core::OnGetDomainBoundCertComplete(int result) {
2679 DCHECK(OnNetworkTaskRunner());
2680
1584 domain_bound_cert_request_handle_ = NULL; 2681 domain_bound_cert_request_handle_ = NULL;
1585 2682 OnHandshakeIOComplete(result);
1586 if (result != OK) { 2683 }
1587 // Failed to get a DBC. Proceed without. 2684
1588 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, NULL, NULL, NULL); 2685 void SSLClientSocketNSS::Core::BufferRecvComplete(
1589 if (rv != SECSuccess) 2686 IOBuffer* read_buffer,
1590 return MapNSSError(PORT_GetError()); 2687 int result) {
2688 DCHECK(read_buffer);
2689
2690 if (!OnNSSTaskRunner()) {
2691 if (detached_)
2692 return;
2693
2694 nss_task_runner_->PostTask(
2695 FROM_HERE, base::Bind(&Core::BufferRecvComplete, this,
2696 scoped_refptr<IOBuffer>(read_buffer), result));
2697 return;
2698 }
2699
2700 DCHECK(OnNSSTaskRunner());
2701
2702 if (result > 0) {
2703 char* buf;
2704 int nb = memio_GetReadParams(nss_bufs_, &buf);
2705 CHECK_GE(nb, result);
2706 memcpy(buf, read_buffer->data(), result);
2707 } else if (result == 0) {
2708 transport_recv_eof_ = true;
2709 }
2710
2711 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result));
2712 transport_recv_busy_ = false;
2713 OnRecvComplete(result);
2714 }
2715
2716 void SSLClientSocketNSS::Core::PostOrRunCallback(
2717 const tracked_objects::Location& location,
2718 const base::Closure& task) {
2719 if (!OnNetworkTaskRunner()) {
2720 network_task_runner_->PostTask(
2721 FROM_HERE,
2722 base::Bind(&Core::PostOrRunCallback, this,
2723 location, task));
2724 return;
2725 }
2726
2727 DCHECK(OnNetworkTaskRunner());
wtc 2012/06/01 01:02:38 Remove this DCHECK. It will never fail because of
Ryan Sleevi 2012/06/01 01:30:04 Note that I pretty liberally sprinkled DCHECKs as
2728
2729 if (detached_ || task.is_null())
wtc 2012/06/01 01:02:38 It seems that |task| should not be null, right? D
Ryan Sleevi 2012/06/01 01:30:04 task.is_null() if bound to a WeakPtr that has been
2730 return;
2731 task.Run();
2732 }
2733
2734 SSLClientSocketNSS::SSLClientSocketNSS(
2735 base::SingleThreadTaskRunner* nss_task_runner,
2736 ClientSocketHandle* transport_socket,
2737 const HostPortPair& host_and_port,
2738 const SSLConfig& ssl_config,
2739 SSLHostInfo* ssl_host_info,
2740 const SSLClientSocketContext& context)
2741 : nss_task_runner_(nss_task_runner),
2742 transport_(transport_socket),
2743 host_and_port_(host_and_port),
2744 ssl_config_(ssl_config),
2745 server_cert_verify_result_(NULL),
2746 cert_verifier_(context.cert_verifier),
2747 server_bound_cert_service_(context.server_bound_cert_service),
2748 ssl_session_cache_shard_(context.ssl_session_cache_shard),
2749 completed_handshake_(false),
2750 next_handshake_state_(STATE_NONE),
2751 nss_fd_(NULL),
2752 net_log_(transport_socket->socket()->NetLog()),
2753 ssl_host_info_(ssl_host_info),
2754 transport_security_state_(context.transport_security_state),
2755 valid_thread_id_(base::kInvalidThreadId) {
2756 EnterFunction("");
2757 InitCore();
2758 LeaveFunction("");
2759 }
2760
2761 SSLClientSocketNSS::~SSLClientSocketNSS() {
2762 EnterFunction("");
2763 Disconnect();
2764 LeaveFunction("");
2765 }
2766
2767 // static
2768 void SSLClientSocket::ClearSessionCache() {
2769 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't
2770 // bother initializing NSS just to clear an empty SSL session cache.
2771 if (!NSS_IsInitialized())
2772 return;
2773
2774 SSL_ClearSessionCache();
2775 }
2776
2777 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
2778 EnterFunction("");
2779 ssl_info->Reset();
2780 if (core_->state().server_cert_chain.empty() ||
2781 !core_->state().server_cert_chain[0]) {
2782 return;
2783 }
2784
2785 ssl_info->cert_status = server_cert_verify_result_->cert_status;
2786 ssl_info->cert = server_cert_verify_result_->verified_cert;
2787 ssl_info->connection_status =
2788 core_->state().ssl_connection_status;
2789 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes;
2790 for (std::vector<SHA1Fingerprint>::const_iterator
2791 i = side_pinned_public_keys_.begin();
2792 i != side_pinned_public_keys_.end(); i++) {
2793 ssl_info->public_key_hashes.push_back(*i);
2794 }
2795 ssl_info->is_issued_by_known_root =
2796 server_cert_verify_result_->is_issued_by_known_root;
2797 ssl_info->client_cert_sent = WasDomainBoundCertSent() ||
2798 (ssl_config_.send_client_cert && ssl_config_.client_cert);
2799
2800 PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite(
2801 core_->state().ssl_connection_status);
2802 SSLCipherSuiteInfo cipher_info;
2803 SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite,
2804 &cipher_info, sizeof(cipher_info));
2805 if (ok == SECSuccess) {
2806 ssl_info->security_bits = cipher_info.effectiveKeyBits;
2807 } else {
2808 ssl_info->security_bits = -1;
2809 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError()
2810 << " for cipherSuite " << cipher_suite;
2811 }
2812
2813 ssl_info->handshake_type = core_->state().resumed_handshake ?
2814 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
2815
2816 LeaveFunction("");
2817 }
2818
2819 void SSLClientSocketNSS::GetSSLCertRequestInfo(
2820 SSLCertRequestInfo* cert_request_info) {
2821 EnterFunction("");
2822 // TODO(rch): switch SSLCertRequestInfo.host_and_port to a HostPortPair
2823 cert_request_info->host_and_port = host_and_port_.ToString();
2824 cert_request_info->client_certs = core_->state().client_certs;
2825 LeaveFunction(cert_request_info->client_certs.size());
2826 }
2827
2828 int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
2829 bool has_context,
2830 const base::StringPiece& context,
2831 unsigned char* out,
2832 unsigned int outlen) {
2833 if (!IsConnected())
2834 return ERR_SOCKET_NOT_CONNECTED;
2835
2836 // SSL_ExportKeyingMaterial may block the current thread if |core_| is in
2837 // the midst of a handshake.
2838 SECStatus result = SSL_ExportKeyingMaterial(
2839 nss_fd_, label.data(), label.size(), has_context,
2840 reinterpret_cast<const unsigned char*>(context.data()),
2841 context.length(), out, outlen);
2842 if (result != SECSuccess) {
2843 LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", "");
2844 return MapNSSError(PORT_GetError());
2845 }
2846 return OK;
2847 }
2848
2849 SSLClientSocket::NextProtoStatus
2850 SSLClientSocketNSS::GetNextProto(std::string* proto,
2851 std::string* server_protos) {
2852 *proto = core_->state().next_proto;
2853 *server_protos = core_->state().server_protos;
2854 return core_->state().next_proto_status;
2855 }
2856
2857 int SSLClientSocketNSS::Connect(const CompletionCallback& callback) {
2858 EnterFunction("");
2859 DCHECK(transport_.get());
2860 DCHECK_EQ(STATE_NONE, next_handshake_state_);
2861 DCHECK(user_connect_callback_.is_null());
2862
2863 EnsureThreadIdAssigned();
2864
2865 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT, NULL);
2866
2867 int rv = Init();
2868 if (rv != OK) {
2869 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
2870 return rv;
2871 }
2872
2873 rv = InitializeSSLOptions();
2874 if (rv != OK) {
2875 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
2876 return rv;
2877 }
2878
2879 rv = InitializeSSLPeerName();
2880 if (rv != OK) {
2881 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
2882 return rv;
2883 }
2884
2885 if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) {
2886 GotoState(STATE_LOAD_SSL_HOST_INFO);
2887 } else {
1591 GotoState(STATE_HANDSHAKE); 2888 GotoState(STATE_HANDSHAKE);
1592 return OK; 2889 }
1593 } 2890
1594 2891 rv = DoHandshakeLoop(OK);
1595 CERTCertificate* cert; 2892 if (rv == ERR_IO_PENDING) {
1596 SECKEYPrivateKey* key; 2893 user_connect_callback_ = callback;
1597 int error = ImportDBCertAndKey(&cert, &key); 2894 } else {
1598 if (error != OK) 2895 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
1599 return error; 2896 }
1600 2897
1601 CERTCertificateList* cert_chain = CERT_CertChainFromCert(cert, 2898 LeaveFunction("");
1602 certUsageSSLClient, 2899 return rv > OK ? OK : rv;
1603 PR_FALSE); 2900 }
1604 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, 2901
1605 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 2902 void SSLClientSocketNSS::Disconnect() {
1606 cert_chain->len))); 2903 EnterFunction("");
1607 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); 2904
2905 CHECK(CalledOnValidThread());
2906
2907 // Shut down anything that may call us back.
2908 core_->Detach();
2909 verifier_.reset();
2910 transport_->socket()->Disconnect();
2911
2912 // Reset object state.
2913 user_connect_callback_.Reset();
2914 local_server_cert_verify_result_.Reset();
2915 server_cert_verify_result_ = NULL;
2916 completed_handshake_ = false;
2917 start_cert_verification_time_ = base::TimeTicks();
2918 InitCore();
2919
2920 LeaveFunction("");
2921 }
2922
2923 bool SSLClientSocketNSS::IsConnected() const {
2924 // Ideally, we should also check if we have received the close_notify alert
2925 // message from the server, and return false in that case. We're not doing
2926 // that, so this function may return a false positive. Since the upper
2927 // layer (HttpNetworkTransaction) needs to handle a persistent connection
2928 // closed by the server when we send a request anyway, a false positive in
2929 // exchange for simpler code is a good trade-off.
2930 EnterFunction("");
2931 bool ret = completed_handshake_ && transport_->socket()->IsConnected();
2932 LeaveFunction("");
2933 return ret;
2934 }
2935
2936 bool SSLClientSocketNSS::IsConnectedAndIdle() const {
2937 // Unlike IsConnected, this method doesn't return a false positive.
2938 //
2939 // Strictly speaking, we should check if we have received the close_notify
2940 // alert message from the server, and return false in that case. Although
2941 // the close_notify alert message means EOF in the SSL layer, it is just
2942 // bytes to the transport layer below, so
2943 // transport_->socket()->IsConnectedAndIdle() returns the desired false
2944 // when we receive close_notify.
2945 EnterFunction("");
2946 bool ret = completed_handshake_ && transport_->socket()->IsConnectedAndIdle();
2947 LeaveFunction("");
2948 return ret;
2949 }
2950
2951 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const {
2952 return transport_->socket()->GetPeerAddress(address);
2953 }
2954
2955 int SSLClientSocketNSS::GetLocalAddress(IPEndPoint* address) const {
2956 return transport_->socket()->GetLocalAddress(address);
2957 }
2958
2959 const BoundNetLog& SSLClientSocketNSS::NetLog() const {
2960 return net_log_;
2961 }
2962
2963 void SSLClientSocketNSS::SetSubresourceSpeculation() {
2964 if (transport_.get() && transport_->socket()) {
2965 transport_->socket()->SetSubresourceSpeculation();
2966 } else {
2967 NOTREACHED();
2968 }
2969 }
2970
2971 void SSLClientSocketNSS::SetOmniboxSpeculation() {
2972 if (transport_.get() && transport_->socket()) {
2973 transport_->socket()->SetOmniboxSpeculation();
2974 } else {
2975 NOTREACHED();
2976 }
2977 }
2978
2979 bool SSLClientSocketNSS::WasEverUsed() const {
2980 if (transport_.get() && transport_->socket()) {
2981 return transport_->socket()->WasEverUsed();
2982 }
2983 NOTREACHED();
2984 return false;
2985 }
2986
2987 bool SSLClientSocketNSS::UsingTCPFastOpen() const {
2988 if (transport_.get() && transport_->socket()) {
2989 return transport_->socket()->UsingTCPFastOpen();
2990 }
2991 NOTREACHED();
2992 return false;
2993 }
2994
2995 int64 SSLClientSocketNSS::NumBytesRead() const {
2996 if (transport_.get() && transport_->socket()) {
2997 return transport_->socket()->NumBytesRead();
2998 }
2999 NOTREACHED();
3000 return -1;
3001 }
3002
3003 base::TimeDelta SSLClientSocketNSS::GetConnectTimeMicros() const {
3004 if (transport_.get() && transport_->socket()) {
3005 return transport_->socket()->GetConnectTimeMicros();
3006 }
3007 NOTREACHED();
3008 return base::TimeDelta::FromMicroseconds(-1);
3009 }
3010
3011 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len,
3012 const CompletionCallback& callback) {
3013 DCHECK(core_);
3014
3015 EnterFunction(buf_len);
3016 int rv = core_->Read(buf, buf_len, callback);
3017 LeaveFunction(rv);
3018
3019 return rv;
3020 }
3021
3022 int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len,
3023 const CompletionCallback& callback) {
3024 DCHECK(core_);
3025
3026 EnterFunction(buf_len);
3027 int rv = core_->Write(buf, buf_len, callback);
3028 LeaveFunction(rv);
3029
3030 return rv;
3031 }
3032
3033 bool SSLClientSocketNSS::SetReceiveBufferSize(int32 size) {
3034 return transport_->socket()->SetReceiveBufferSize(size);
3035 }
3036
3037 bool SSLClientSocketNSS::SetSendBufferSize(int32 size) {
3038 return transport_->socket()->SetSendBufferSize(size);
3039 }
3040
3041 int SSLClientSocketNSS::Init() {
3042 EnterFunction("");
3043 // Initialize the NSS SSL library in a threadsafe way. This also
3044 // initializes the NSS base library.
3045 EnsureNSSSSLInit();
3046 if (!NSS_IsInitialized())
3047 return ERR_UNEXPECTED;
3048 #if !defined(OS_MACOSX) && !defined(OS_WIN)
3049 if (ssl_config_.cert_io_enabled) {
3050 // We must call EnsureNSSHttpIOInit() here, on the IO thread, to get the IO
3051 // loop by MessageLoopForIO::current().
3052 // X509Certificate::Verify() runs on a worker thread of CertVerifier.
3053 EnsureNSSHttpIOInit();
3054 }
3055 #endif
3056
3057 LeaveFunction("");
3058 return OK;
3059 }
3060
3061 void SSLClientSocketNSS::InitCore() {
3062 core_ = new Core(base::ThreadTaskRunnerHandle::Get(), nss_task_runner_,
3063 transport_.get(), host_and_port_, ssl_config_, &net_log_,
3064 server_bound_cert_service_);
3065 }
3066
3067 int SSLClientSocketNSS::InitializeSSLOptions() {
3068 // Transport connected, now hook it up to nss
3069 // TODO(port): specify rx and tx buffer sizes separately
3070 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize);
3071 if (nss_fd_ == NULL) {
3072 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code.
3073 }
3074
3075 // Grab pointer to buffers
3076 memio_Private* nss_bufs = memio_GetSecret(nss_fd_);
3077
3078 /* Create SSL state machine */
3079 /* Push SSL onto our fake I/O socket */
3080 nss_fd_ = SSL_ImportFD(NULL, nss_fd_);
3081 if (nss_fd_ == NULL) {
3082 LogFailedNSSFunction(net_log_, "SSL_ImportFD", "");
3083 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code.
3084 }
3085 // TODO(port): set more ssl options! Check errors!
3086
3087 int rv;
3088
3089 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE);
3090 if (rv != SECSuccess) {
3091 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY");
3092 return ERR_UNEXPECTED;
3093 }
3094
3095 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE);
3096 if (rv != SECSuccess) {
3097 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2");
3098 return ERR_UNEXPECTED;
3099 }
3100
3101 // Don't do V2 compatible hellos because they don't support TLS extensions.
3102 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
3103 if (rv != SECSuccess) {
3104 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO");
3105 return ERR_UNEXPECTED;
3106 }
3107
3108 SSLVersionRange version_range;
3109 version_range.min = ssl_config_.version_min;
3110 version_range.max = ssl_config_.version_max;
3111 rv = SSL_VersionRangeSet(nss_fd_, &version_range);
3112 if (rv != SECSuccess) {
3113 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", "");
3114 return ERR_NO_SSL_VERSIONS_ENABLED;
3115 }
3116
3117 for (std::vector<uint16>::const_iterator it =
3118 ssl_config_.disabled_cipher_suites.begin();
3119 it != ssl_config_.disabled_cipher_suites.end(); ++it) {
3120 // This will fail if the specified cipher is not implemented by NSS, but
3121 // the failure is harmless.
3122 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
3123 }
3124
3125 #ifdef SSL_ENABLE_SESSION_TICKETS
3126 // Support RFC 5077
3127 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
3128 if (rv != SECSuccess) {
3129 LogFailedNSSFunction(
3130 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
3131 }
3132 #else
3133 #error "You need to install NSS-3.12 or later to build chromium"
3134 #endif
3135
3136 #ifdef SSL_ENABLE_DEFLATE
3137 // Some web servers have been found to break if TLS is used *or* if DEFLATE
3138 // is advertised. Thus, if TLS is disabled (probably because we are doing
3139 // SSLv3 fallback), we disable DEFLATE also.
3140 // See http://crbug.com/31628
3141 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE,
3142 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1);
1608 if (rv != SECSuccess) 3143 if (rv != SECSuccess)
1609 return MapNSSError(PORT_GetError()); 3144 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_DEFLATE");
1610 3145 #endif
3146
3147 #ifdef SSL_ENABLE_FALSE_START
3148 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
3149 ssl_config_.false_start_enabled);
3150 if (rv != SECSuccess)
3151 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
3152 #endif
3153
3154 #ifdef SSL_ENABLE_RENEGOTIATION
3155 // We allow servers to request renegotiation. Since we're a client,
3156 // prohibiting this is rather a waste of time. Only servers are in a
3157 // position to prevent renegotiation attacks.
3158 // http://extendedsubset.com/?p=8
3159
3160 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION,
3161 SSL_RENEGOTIATE_TRANSITIONAL);
3162 if (rv != SECSuccess) {
3163 LogFailedNSSFunction(
3164 net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
3165 }
3166 #endif // SSL_ENABLE_RENEGOTIATION
3167
3168 #ifdef SSL_CBC_RANDOM_IV
3169 rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV,
3170 ssl_config_.false_start_enabled);
3171 if (rv != SECSuccess)
3172 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
3173 #endif
3174
3175 #ifdef SSL_ENABLE_OCSP_STAPLING
3176 if (IsOCSPStaplingSupported()) {
3177 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
3178 if (rv != SECSuccess) {
3179 LogFailedNSSFunction(net_log_, "SSL_OptionSet",
3180 "SSL_ENABLE_OCSP_STAPLING");
3181 }
3182 }
3183 #endif
3184
3185 #ifdef SSL_ENABLE_CACHED_INFO
3186 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
3187 ssl_config_.cached_info_enabled);
3188 if (rv != SECSuccess)
3189 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_CACHED_INFO");
3190 #endif
3191
3192 #ifdef SSL_ENABLE_OB_CERTS
3193 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS,
3194 ssl_config_.domain_bound_certs_enabled);
3195 if (rv != SECSuccess)
3196 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS");
3197 #endif
3198
3199 #ifdef SSL_ENCRYPT_CLIENT_CERTS
3200 // For now, enable the encrypted client certificates extension only if
3201 // server-bound certificates are enabled.
3202 rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS,
3203 ssl_config_.domain_bound_certs_enabled);
3204 if (rv != SECSuccess)
3205 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS");
3206 #endif
3207
3208 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
3209 if (rv != SECSuccess) {
3210 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT");
3211 return ERR_UNEXPECTED;
3212 }
3213
3214 if (!core_->Init(nss_fd_, nss_bufs))
3215 return ERR_UNEXPECTED;
3216
3217 // Tell SSL the hostname we're trying to connect to.
3218 SSL_SetURL(nss_fd_, host_and_port_.host().c_str());
3219
3220 // Tell SSL we're a client; needed if not letting NSPR do socket I/O
3221 SSL_ResetHandshake(nss_fd_, PR_FALSE);
3222
3223 return OK;
3224 }
3225
3226 int SSLClientSocketNSS::InitializeSSLPeerName() {
3227 // Tell NSS who we're connected to
3228 AddressList peer_address;
3229 int err = transport_->socket()->GetPeerAddress(&peer_address);
3230 if (err != OK)
3231 return err;
3232
3233 SockaddrStorage storage;
3234 if (!peer_address.front().ToSockAddr(storage.addr, &storage.addr_len))
3235 return ERR_UNEXPECTED;
3236
3237 PRNetAddr peername;
3238 memset(&peername, 0, sizeof(peername));
3239 DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername));
3240 size_t len = std::min(static_cast<size_t>(storage.addr_len),
3241 sizeof(peername));
3242 memcpy(&peername, storage.addr, len);
3243
3244 // Adjust the address family field for BSD, whose sockaddr
3245 // structure has a one-byte length and one-byte address family
3246 // field at the beginning. PRNetAddr has a two-byte address
3247 // family field at the beginning.
3248 peername.raw.family = storage.addr->sa_family;
3249
3250 memio_SetPeerName(nss_fd_, &peername);
3251
3252 // Set the peer ID for session reuse. This is necessary when we create an
3253 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
3254 // rather than the destination server's address in that case.
3255 std::string peer_id = host_and_port_.ToString();
3256 // If the ssl_session_cache_shard_ is non-empty, we append it to the peer id.
3257 // This will cause session cache misses between sockets with different values
3258 // of ssl_session_cache_shard_ and this is used to partition the session cache
3259 // for incognito mode.
3260 if (!ssl_session_cache_shard_.empty()) {
3261 peer_id += "/" + ssl_session_cache_shard_;
3262 }
3263 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
3264 if (rv != SECSuccess)
3265 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
3266
3267 return OK;
3268 }
3269
3270 void SSLClientSocketNSS::DoConnectCallback(int rv) {
3271 EnterFunction(rv);
3272 DCHECK_NE(ERR_IO_PENDING, rv);
3273 DCHECK(!user_connect_callback_.is_null());
3274
3275 base::ResetAndReturn(&user_connect_callback_).Run(rv > OK ? OK : rv);
3276 LeaveFunction("");
3277 }
3278
3279 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) {
3280 EnterFunction(result);
3281 int rv = DoHandshakeLoop(result);
3282 if (rv != ERR_IO_PENDING) {
3283 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
3284 DoConnectCallback(rv);
3285 }
3286 LeaveFunction("");
3287 }
3288
3289 void SSLClientSocketNSS::LoadSSLHostInfo() {
3290 const SSLHostInfo::State& state(ssl_host_info_->state());
3291
3292 if (state.certs.empty())
3293 return;
3294
3295 const std::vector<std::string>& certs_in = state.certs;
3296 core_->SetPredictedCertificates(certs_in);
3297 }
3298
3299 int SSLClientSocketNSS::DoLoadSSLHostInfo() {
3300 EnterFunction("");
3301 int rv = ssl_host_info_->WaitForDataReady(
3302 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
3303 base::Unretained(this)));
1611 GotoState(STATE_HANDSHAKE); 3304 GotoState(STATE_HANDSHAKE);
1612 set_domain_bound_cert_type(domain_bound_cert_type_); 3305
1613 return OK; 3306 if (rv == OK) {
1614 } 3307 LoadSSLHostInfo();
3308 } else {
3309 DCHECK_EQ(ERR_IO_PENDING, rv);
3310 GotoState(STATE_LOAD_SSL_HOST_INFO);
3311 }
3312
3313 LeaveFunction("");
3314 return rv;
3315 }
3316
3317 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
3318 EnterFunction(last_io_result);
3319 int rv = last_io_result;
3320 do {
3321 // Default to STATE_NONE for next state.
3322 // (This is a quirk carried over from the windows
3323 // implementation. It makes reading the logs a bit harder.)
3324 // State handlers can and often do call GotoState just
3325 // to stay in the current state.
3326 State state = next_handshake_state_;
3327 GotoState(STATE_NONE);
3328 switch (state) {
3329 case STATE_LOAD_SSL_HOST_INFO:
3330 DCHECK(rv == OK || rv == ERR_IO_PENDING);
3331 rv = DoLoadSSLHostInfo();
3332 break;
3333 case STATE_HANDSHAKE:
3334 rv = DoHandshake();
3335 break;
3336 case STATE_HANDSHAKE_COMPLETE:
3337 rv = DoHandshakeComplete(rv);
3338 break;
3339 case STATE_VERIFY_DNSSEC:
3340 rv = DoVerifyDNSSEC(rv);
3341 break;
3342 case STATE_VERIFY_CERT:
3343 DCHECK(rv == OK);
3344 rv = DoVerifyCert(rv);
3345 break;
3346 case STATE_VERIFY_CERT_COMPLETE:
3347 rv = DoVerifyCertComplete(rv);
3348 break;
3349 case STATE_NONE:
3350 default:
3351 rv = ERR_UNEXPECTED;
3352 LOG(DFATAL) << "unexpected state " << state;
3353 break;
3354 }
3355 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE);
3356 LeaveFunction("");
3357 return rv;
3358 }
3359
3360 int SSLClientSocketNSS::DoHandshake() {
3361 EnterFunction("");
3362 int rv = core_->Connect(
3363 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
3364 base::Unretained(this)));
3365 GotoState(STATE_HANDSHAKE_COMPLETE);
3366
3367 LeaveFunction(rv);
3368 return rv;
3369 }
3370
3371 int SSLClientSocketNSS::DoHandshakeComplete(int result) {
3372 EnterFunction(result);
3373
3374 if (result == OK) {
3375 SaveSSLHostInfo();
3376 // SSL handshake is completed. Let's verify the certificate.
3377 GotoState(STATE_VERIFY_DNSSEC);
3378 // Done!
3379 }
3380 if (core_->state().domain_bound_cert_type != CLIENT_CERT_INVALID_TYPE)
3381 set_domain_bound_cert_type(core_->state().domain_bound_cert_type);
3382
3383 LeaveFunction(result);
3384 return result;
3385 }
3386
1615 3387
1616 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) { 3388 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) {
1617 DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(), 3389 DCHECK(!core_->state().server_cert_chain.empty());
1618 server_cert_nss_, 3390 DCHECK(core_->state().server_cert_chain[0]);
1619 host_and_port_.port()); 3391
3392 DNSValidationResult r = CheckDNSSECChain(
3393 host_and_port_.host(), core_->state().server_cert_chain[0],
3394 host_and_port_.port());
1620 if (r == DNSVR_SUCCESS) { 3395 if (r == DNSVR_SUCCESS) {
1621 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; 3396 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC;
1622 local_server_cert_verify_result_.verified_cert = server_cert_; 3397 local_server_cert_verify_result_.verified_cert =
3398 core_->state().server_cert;
1623 server_cert_verify_result_ = &local_server_cert_verify_result_; 3399 server_cert_verify_result_ = &local_server_cert_verify_result_;
1624 GotoState(STATE_VERIFY_CERT_COMPLETE); 3400 GotoState(STATE_VERIFY_CERT_COMPLETE);
1625 return OK; 3401 return OK;
1626 } 3402 }
1627 3403
1628 GotoState(STATE_VERIFY_CERT); 3404 GotoState(STATE_VERIFY_CERT);
1629 3405
1630 return OK; 3406 return OK;
1631 } 3407 }
1632 3408
1633 int SSLClientSocketNSS::DoVerifyCert(int result) { 3409 int SSLClientSocketNSS::DoVerifyCert(int result) {
1634 DCHECK(server_cert_nss_); 3410 DCHECK(!core_->state().server_cert_chain.empty());
3411 DCHECK(core_->state().server_cert_chain[0]);
1635 3412
1636 GotoState(STATE_VERIFY_CERT_COMPLETE); 3413 GotoState(STATE_VERIFY_CERT_COMPLETE);
1637 3414
1638 // If the certificate is expected to be bad we can use the 3415 // If the certificate is expected to be bad we can use the expectation as
1639 // expectation as the cert status. Don't use |server_cert_| here 3416 // the cert status.
1640 // because it can be set to NULL in case we failed to create
1641 // X509Certificate in UpdateServerCert(). This may happen when this
1642 // code is used inside sandbox.
1643 base::StringPiece der_cert( 3417 base::StringPiece der_cert(
1644 reinterpret_cast<char*>(server_cert_nss_->derCert.data), 3418 reinterpret_cast<char*>(
1645 server_cert_nss_->derCert.len); 3419 core_->state().server_cert_chain[0]->derCert.data),
3420 core_->state().server_cert_chain[0]->derCert.len);
1646 CertStatus cert_status; 3421 CertStatus cert_status;
1647 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { 3422 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) {
1648 DCHECK(start_cert_verification_time_.is_null()); 3423 DCHECK(start_cert_verification_time_.is_null());
1649 VLOG(1) << "Received an expected bad cert with status: " << cert_status; 3424 VLOG(1) << "Received an expected bad cert with status: " << cert_status;
1650 server_cert_verify_result_ = &local_server_cert_verify_result_; 3425 server_cert_verify_result_ = &local_server_cert_verify_result_;
1651 local_server_cert_verify_result_.Reset(); 3426 local_server_cert_verify_result_.Reset();
1652 local_server_cert_verify_result_.cert_status = cert_status; 3427 local_server_cert_verify_result_.cert_status = cert_status;
1653 local_server_cert_verify_result_.verified_cert = server_cert_; 3428 local_server_cert_verify_result_.verified_cert =
3429 core_->state().server_cert;
1654 return OK; 3430 return OK;
1655 } 3431 }
1656 3432
1657 // We may have failed to create X509Certificate object if we are 3433 // We may have failed to create X509Certificate object if we are
1658 // running inside sandbox. 3434 // running inside sandbox.
1659 if (!server_cert_) { 3435 if (!core_->state().server_cert) {
1660 server_cert_verify_result_ = &local_server_cert_verify_result_; 3436 server_cert_verify_result_ = &local_server_cert_verify_result_;
1661 local_server_cert_verify_result_.Reset(); 3437 local_server_cert_verify_result_.Reset();
1662 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; 3438 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
1663 return ERR_CERT_INVALID; 3439 return ERR_CERT_INVALID;
1664 } 3440 }
1665 3441
1666 start_cert_verification_time_ = base::TimeTicks::Now(); 3442 start_cert_verification_time_ = base::TimeTicks::Now();
1667 3443
1668 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() && 3444 if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() &&
1669 predicted_cert_chain_correct_) { 3445 core_->state().predicted_cert_chain_correct) {
1670 // If the SSLHostInfo had a prediction for the certificate chain of this 3446 // If the SSLHostInfo had a prediction for the certificate chain of this
1671 // server then it will have optimistically started a verification of that 3447 // server then it will have optimistically started a verification of that
1672 // chain. So, if the prediction was correct, we should wait for that 3448 // chain. So, if the prediction was correct, we should wait for that
1673 // verification to finish rather than start our own. 3449 // verification to finish rather than start our own.
1674 net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL); 3450 net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED, NULL);
1675 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2); 3451 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2);
1676 base::TimeTicks end_time = ssl_host_info_->verification_end_time(); 3452 base::TimeTicks end_time = ssl_host_info_->verification_end_time();
1677 if (end_time.is_null()) 3453 if (end_time.is_null())
1678 end_time = base::TimeTicks::Now(); 3454 end_time = base::TimeTicks::Now();
1679 UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved", 3455 UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved",
1680 end_time - ssl_host_info_->verification_start_time()); 3456 end_time - ssl_host_info_->verification_start_time());
1681 server_cert_verify_result_ = &ssl_host_info_->cert_verify_result(); 3457 server_cert_verify_result_ = &ssl_host_info_->cert_verify_result();
1682 return ssl_host_info_->WaitForCertVerification( 3458 return ssl_host_info_->WaitForCertVerification(
1683 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, 3459 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
1684 base::Unretained(this))); 3460 base::Unretained(this)));
1685 } else { 3461 } else {
1686 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); 3462 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2);
1687 } 3463 }
1688 3464
1689 int flags = 0; 3465 int flags = 0;
1690 if (ssl_config_.rev_checking_enabled) 3466 if (ssl_config_.rev_checking_enabled)
1691 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 3467 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
1692 if (ssl_config_.verify_ev_cert) 3468 if (ssl_config_.verify_ev_cert)
1693 flags |= X509Certificate::VERIFY_EV_CERT; 3469 flags |= X509Certificate::VERIFY_EV_CERT;
1694 if (ssl_config_.cert_io_enabled) 3470 if (ssl_config_.cert_io_enabled)
1695 flags |= X509Certificate::VERIFY_CERT_IO_ENABLED; 3471 flags |= X509Certificate::VERIFY_CERT_IO_ENABLED;
1696 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); 3472 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
1697 server_cert_verify_result_ = &local_server_cert_verify_result_; 3473 server_cert_verify_result_ = &local_server_cert_verify_result_;
1698 return verifier_->Verify( 3474 return verifier_->Verify(
1699 server_cert_, host_and_port_.host(), flags, 3475 core_->state().server_cert, host_and_port_.host(), flags,
1700 SSLConfigService::GetCRLSet(), 3476 SSLConfigService::GetCRLSet(), &local_server_cert_verify_result_,
1701 &local_server_cert_verify_result_,
1702 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, 3477 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
1703 base::Unretained(this)), 3478 base::Unretained(this)),
1704 net_log_); 3479 net_log_);
1705 } 3480 }
1706 3481
1707 // Derived from AuthCertificateCallback() in 3482 // Derived from AuthCertificateCallback() in
1708 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. 3483 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp.
1709 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { 3484 int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
1710 verifier_.reset(); 3485 verifier_.reset();
1711 3486
(...skipping 17 matching lines...) Expand all
1729 // http://crbug.com/15630 for more info. 3504 // http://crbug.com/15630 for more info.
1730 3505
1731 // TODO(hclam): Skip logging if server cert was expected to be bad because 3506 // TODO(hclam): Skip logging if server cert was expected to be bad because
1732 // |server_cert_verify_result_| doesn't contain all the information about 3507 // |server_cert_verify_result_| doesn't contain all the information about
1733 // the cert. 3508 // the cert.
1734 if (result == OK) 3509 if (result == OK)
1735 LogConnectionTypeMetrics(); 3510 LogConnectionTypeMetrics();
1736 3511
1737 completed_handshake_ = true; 3512 completed_handshake_ = true;
1738 3513
1739 if (!user_read_callback_.is_null()) {
1740 int rv = DoReadLoop(OK);
1741 if (rv != ERR_IO_PENDING)
1742 DoReadCallback(rv);
1743 }
1744
1745 #if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID) 3514 #if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID)
1746 // Take care of any mandates for public key pinning. 3515 // Take care of any mandates for public key pinning.
1747 // 3516 //
1748 // Pinning is only enabled for official builds to make sure that others don't 3517 // Pinning is only enabled for official builds to make sure that others don't
1749 // end up with pins that cannot be easily updated. 3518 // end up with pins that cannot be easily updated.
1750 // 3519 //
1751 // TODO(agl): we might have an issue here where a request for foo.example.com 3520 // TODO(agl): we might have an issue here where a request for foo.example.com
1752 // merges into a SPDY connection to www.example.com, and gets a different 3521 // merges into a SPDY connection to www.example.com, and gets a different
1753 // certificate. 3522 // certificate.
1754 3523
(...skipping 25 matching lines...) Expand all
1780 TransportSecurityState::ReportUMAOnPinFailure(host); 3549 TransportSecurityState::ReportUMAOnPinFailure(host);
1781 } 3550 }
1782 } else { 3551 } else {
1783 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); 3552 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
1784 } 3553 }
1785 } 3554 }
1786 } 3555 }
1787 #endif 3556 #endif
1788 3557
1789 // Exit DoHandshakeLoop and return the result to the caller to Connect. 3558 // Exit DoHandshakeLoop and return the result to the caller to Connect.
1790 DCHECK(next_handshake_state_ == STATE_NONE); 3559 DCHECK_EQ(STATE_NONE, next_handshake_state_);
1791 return result; 3560 return result;
1792 } 3561 }
1793 3562
1794 int SSLClientSocketNSS::DoPayloadRead() {
1795 EnterFunction(user_read_buf_len_);
1796 DCHECK(user_read_buf_);
1797 DCHECK_GT(user_read_buf_len_, 0);
1798 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_);
1799 if (client_auth_cert_needed_) {
1800 // We don't need to invalidate the non-client-authenticated SSL session
1801 // because the server will renegotiate anyway.
1802 LeaveFunction("");
1803 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
1804 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR,
1805 make_scoped_refptr(new SSLErrorParams(rv, 0)));
1806 return rv;
1807 }
1808 if (rv >= 0) {
1809 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
1810 user_read_buf_->data());
1811 LeaveFunction("");
1812 return rv;
1813 }
1814 PRErrorCode prerr = PR_GetError();
1815 if (prerr == PR_WOULD_BLOCK_ERROR) {
1816 LeaveFunction("");
1817 return ERR_IO_PENDING;
1818 }
1819 LeaveFunction("");
1820 rv = HandleNSSError(prerr, false);
1821 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR,
1822 make_scoped_refptr(new SSLErrorParams(rv, prerr)));
1823 return rv;
1824 }
1825
1826 int SSLClientSocketNSS::DoPayloadWrite() {
1827 EnterFunction(user_write_buf_len_);
1828 DCHECK(user_write_buf_);
1829 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
1830 if (rv >= 0) {
1831 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
1832 user_write_buf_->data());
1833 LeaveFunction("");
1834 return rv;
1835 }
1836 PRErrorCode prerr = PR_GetError();
1837 if (prerr == PR_WOULD_BLOCK_ERROR) {
1838 LeaveFunction("");
1839 return ERR_IO_PENDING;
1840 }
1841 LeaveFunction("");
1842 rv = HandleNSSError(prerr, false);
1843 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
1844 make_scoped_refptr(new SSLErrorParams(rv, prerr)));
1845 return rv;
1846 }
1847
1848 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { 3563 void SSLClientSocketNSS::LogConnectionTypeMetrics() const {
1849 UpdateConnectionTypeHistograms(CONNECTION_SSL); 3564 UpdateConnectionTypeHistograms(CONNECTION_SSL);
1850 if (server_cert_verify_result_->has_md5) 3565 if (server_cert_verify_result_->has_md5)
1851 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); 3566 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5);
1852 if (server_cert_verify_result_->has_md2) 3567 if (server_cert_verify_result_->has_md2)
1853 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); 3568 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2);
1854 if (server_cert_verify_result_->has_md4) 3569 if (server_cert_verify_result_->has_md4)
1855 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); 3570 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4);
1856 if (server_cert_verify_result_->has_md5_ca) 3571 if (server_cert_verify_result_->has_md5_ca)
1857 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); 3572 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA);
1858 if (server_cert_verify_result_->has_md2_ca) 3573 if (server_cert_verify_result_->has_md2_ca)
1859 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); 3574 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
1860 int ssl_version = SSLConnectionStatusToVersion(ssl_connection_status_); 3575 int ssl_version = SSLConnectionStatusToVersion(
3576 core_->state().ssl_connection_status);
1861 switch (ssl_version) { 3577 switch (ssl_version) {
1862 case SSL_CONNECTION_VERSION_SSL2: 3578 case SSL_CONNECTION_VERSION_SSL2:
1863 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2); 3579 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2);
1864 break; 3580 break;
1865 case SSL_CONNECTION_VERSION_SSL3: 3581 case SSL_CONNECTION_VERSION_SSL3:
1866 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3); 3582 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3);
1867 break; 3583 break;
1868 case SSL_CONNECTION_VERSION_TLS1: 3584 case SSL_CONNECTION_VERSION_TLS1:
1869 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1); 3585 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1);
1870 break; 3586 break;
(...skipping 13 matching lines...) Expand all
1884 return; 3600 return;
1885 3601
1886 // If the SSLHostInfo hasn't managed to load from disk yet then we can't save 3602 // If the SSLHostInfo hasn't managed to load from disk yet then we can't save
1887 // anything. 3603 // anything.
1888 if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK) 3604 if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK)
1889 return; 3605 return;
1890 3606
1891 SSLHostInfo::State* state = ssl_host_info_->mutable_state(); 3607 SSLHostInfo::State* state = ssl_host_info_->mutable_state();
1892 3608
1893 state->certs.clear(); 3609 state->certs.clear();
1894 PeerCertificateChain certs(nss_fd_); 3610 const PeerCertificateChain& certs = core_->state().server_cert_chain;
1895 for (unsigned i = 0; i < certs.size(); i++) { 3611 for (unsigned i = 0; i < certs.size(); i++) {
1896 if (certs[i]->derCert.len > std::numeric_limits<uint16>::max()) 3612 if (certs[i] == NULL ||
3613 certs[i]->derCert.len > std::numeric_limits<uint16>::max()) {
1897 return; 3614 return;
3615 }
1898 3616
1899 state->certs.push_back(std::string( 3617 state->certs.push_back(std::string(
1900 reinterpret_cast<char*>(certs[i]->derCert.data), 3618 reinterpret_cast<char*>(certs[i]->derCert.data),
1901 certs[i]->derCert.len)); 3619 certs[i]->derCert.len));
1902 } 3620 }
1903 3621
1904 ssl_host_info_->Persist(); 3622 ssl_host_info_->Persist();
1905 } 3623 }
1906 3624
1907 // Do as much network I/O as possible between the buffer and the
1908 // transport socket. Return true if some I/O performed, false
1909 // otherwise (error or ERR_IO_PENDING).
1910 bool SSLClientSocketNSS::DoTransportIO() {
1911 EnterFunction("");
1912 bool network_moved = false;
1913 if (nss_bufs_ != NULL) {
1914 int rv;
1915 // Read and write as much data as we can. The loop is neccessary
1916 // because Write() may return synchronously.
1917 do {
1918 rv = BufferSend();
1919 if (rv > 0)
1920 network_moved = true;
1921 } while (rv > 0);
1922 if (!transport_recv_eof_ && BufferRecv() >= 0)
1923 network_moved = true;
1924 }
1925 LeaveFunction(network_moved);
1926 return network_moved;
1927 }
1928
1929 // Return 0 for EOF,
1930 // > 0 for bytes transferred immediately,
1931 // < 0 for error (or the non-error ERR_IO_PENDING).
1932 int SSLClientSocketNSS::BufferSend() {
1933 if (transport_send_busy_)
1934 return ERR_IO_PENDING;
1935
1936 EnterFunction("");
1937 const char* buf1;
1938 const char* buf2;
1939 unsigned int len1, len2;
1940 memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2);
1941 const unsigned int len = len1 + len2;
1942
1943 int rv = 0;
1944 if (len) {
1945 scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len));
1946 memcpy(send_buffer->data(), buf1, len1);
1947 memcpy(send_buffer->data() + len1, buf2, len2);
1948 rv = transport_->socket()->Write(
1949 send_buffer, len,
1950 base::Bind(&SSLClientSocketNSS::BufferSendComplete,
1951 base::Unretained(this)));
1952 if (rv == ERR_IO_PENDING) {
1953 transport_send_busy_ = true;
1954 } else {
1955 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv));
1956 }
1957 }
1958
1959 LeaveFunction(rv);
1960 return rv;
1961 }
1962
1963 void SSLClientSocketNSS::BufferSendComplete(int result) {
1964 EnterFunction(result);
1965 memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result));
1966 transport_send_busy_ = false;
1967 OnSendComplete(result);
1968 LeaveFunction("");
1969 }
1970
1971 int SSLClientSocketNSS::BufferRecv() {
1972 if (transport_recv_busy_) return ERR_IO_PENDING;
1973
1974 char* buf;
1975 int nb = memio_GetReadParams(nss_bufs_, &buf);
1976 EnterFunction(nb);
1977 int rv;
1978 if (!nb) {
1979 // buffer too full to read into, so no I/O possible at moment
1980 rv = ERR_IO_PENDING;
1981 } else {
1982 recv_buffer_ = new IOBuffer(nb);
1983 rv = transport_->socket()->Read(
1984 recv_buffer_, nb,
1985 base::Bind(&SSLClientSocketNSS::BufferRecvComplete,
1986 base::Unretained(this)));
1987 if (rv == ERR_IO_PENDING) {
1988 transport_recv_busy_ = true;
1989 } else {
1990 if (rv > 0) {
1991 memcpy(buf, recv_buffer_->data(), rv);
1992 } else if (rv == 0) {
1993 transport_recv_eof_ = true;
1994 }
1995 memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv));
1996 recv_buffer_ = NULL;
1997 }
1998 }
1999 LeaveFunction(rv);
2000 return rv;
2001 }
2002
2003 void SSLClientSocketNSS::BufferRecvComplete(int result) {
2004 EnterFunction(result);
2005 if (result > 0) {
2006 char* buf;
2007 memio_GetReadParams(nss_bufs_, &buf);
2008 memcpy(buf, recv_buffer_->data(), result);
2009 } else if (result == 0) {
2010 transport_recv_eof_ = true;
2011 }
2012 recv_buffer_ = NULL;
2013 memio_PutReadResult(nss_bufs_, MapErrorToNSS(result));
2014 transport_recv_busy_ = false;
2015 OnRecvComplete(result);
2016 LeaveFunction("");
2017 }
2018
2019 int SSLClientSocketNSS::HandleNSSError(PRErrorCode nss_error,
2020 bool handshake_error) {
2021 int net_error = handshake_error ? MapNSSHandshakeError(nss_error) :
2022 MapNSSError(nss_error);
2023
2024 #if defined(OS_WIN)
2025 // On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate
2026 // os_cert_handle() as an optimization. However, if the certificate
2027 // private key is stored on a smart card, and the smart card is removed,
2028 // the cached HCRYPTPROV will not be able to obtain the HCRYPTKEY again,
2029 // preventing client certificate authentication. Because the
2030 // X509Certificate may outlive the individual SSLClientSocketNSS, due to
2031 // caching in X509Certificate, this failure ends up preventing client
2032 // certificate authentication with the same certificate for all future
2033 // attempts, even after the smart card has been re-inserted. By setting
2034 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will
2035 // typically be freed. This allows a new HCRYPTPROV to be obtained from
2036 // the certificate on the next attempt, which should succeed if the smart
2037 // card has been re-inserted, or will typically prompt the user to
2038 // re-insert the smart card if not.
2039 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY ||
2040 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) &&
2041 ssl_config_.send_client_cert && ssl_config_.client_cert) {
2042 CertSetCertificateContextProperty(
2043 ssl_config_.client_cert->os_cert_handle(),
2044 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
2045 }
2046 #endif
2047
2048 return net_error;
2049 }
2050
2051 // static
2052 // NSS calls this if an incoming certificate needs to be verified.
2053 // Do nothing but return SECSuccess.
2054 // This is called only in full handshake mode.
2055 // Peer certificate is retrieved in HandshakeCallback() later, which is called
2056 // in full handshake mode or in resumption handshake mode.
2057 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg,
2058 PRFileDesc* socket,
2059 PRBool checksig,
2060 PRBool is_server) {
2061 #ifdef SSL_ENABLE_FALSE_START
2062 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
2063 if (!that->server_cert_nss_) {
2064 // Only need to turn off False Start in the initial handshake. Also, it is
2065 // unsafe to call SSL_OptionSet in a renegotiation because the "first
2066 // handshake" lock isn't already held, which will result in an assertion
2067 // failure in the ssl_Get1stHandshakeLock call in SSL_OptionSet.
2068 PRBool npn;
2069 SECStatus rv = SSL_HandshakeNegotiatedExtension(socket,
2070 ssl_next_proto_nego_xtn,
2071 &npn);
2072 if (rv != SECSuccess || !npn) {
2073 // If the server doesn't support NPN, then we don't do False Start with
2074 // it.
2075 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
2076 }
2077 }
2078 #endif
2079
2080 // Tell NSS to not verify the certificate.
2081 return SECSuccess;
2082 }
2083
2084 // static
2085 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) {
2086 // TODO(wtc,mattm): this is temporary while DBC support is changed into
2087 // Channel ID.
2088 return false;
2089 }
2090
2091 SECStatus SSLClientSocketNSS::DomainBoundClientAuthHandler(
2092 const SECItem* cert_types,
2093 CERTCertificate** result_certificate,
2094 SECKEYPrivateKey** result_private_key) {
2095 domain_bound_cert_xtn_negotiated_ = true;
2096
2097 // We have negotiated the domain-bound certificate extension.
2098 std::string origin = "https://" + host_and_port_.ToString();
2099 std::vector<uint8> requested_cert_types(cert_types->data,
2100 cert_types->data + cert_types->len);
2101 net_log_.BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL);
2102 int error = server_bound_cert_service_->GetDomainBoundCert(
2103 origin,
2104 requested_cert_types,
2105 &domain_bound_cert_type_,
2106 &domain_bound_private_key_,
2107 &domain_bound_cert_,
2108 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
2109 base::Unretained(this)),
2110 &domain_bound_cert_request_handle_);
2111
2112 if (error == ERR_IO_PENDING) {
2113 // Asynchronous case.
2114 client_auth_cert_needed_ = true;
2115 return SECWouldBlock;
2116 }
2117 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT,
2118 error);
2119
2120 SECStatus rv = SECSuccess;
2121 if (error == OK) {
2122 // Synchronous success.
2123 int result = ImportDBCertAndKey(result_certificate,
2124 result_private_key);
2125 if (result == OK) {
2126 set_domain_bound_cert_type(domain_bound_cert_type_);
2127 } else {
2128 rv = SECFailure;
2129 }
2130 } else {
2131 rv = SECFailure; // Synchronous failure.
2132 }
2133
2134 int cert_count = (rv == SECSuccess) ? 1 : 0;
2135 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2136 make_scoped_refptr(new NetLogIntegerParameter("cert_count",
2137 cert_count)));
2138 return rv;
2139 }
2140
2141 #if defined(NSS_PLATFORM_CLIENT_AUTH)
2142 // static
2143 // NSS calls this if a client certificate is needed.
2144 SECStatus SSLClientSocketNSS::PlatformClientAuthHandler(
2145 void* arg,
2146 PRFileDesc* socket,
2147 CERTDistNames* ca_names,
2148 CERTCertList** result_certs,
2149 void** result_private_key,
2150 CERTCertificate** result_nss_certificate,
2151 SECKEYPrivateKey** result_nss_private_key) {
2152 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
2153
2154 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL);
2155
2156 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
2157
2158 // Check if a domain-bound certificate is requested.
2159 if (DomainBoundCertNegotiated(socket)) {
2160 return that->DomainBoundClientAuthHandler(
2161 cert_types, result_nss_certificate, result_nss_private_key);
2162 }
2163
2164 that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert;
2165 #if defined(OS_WIN)
2166 if (that->ssl_config_.send_client_cert) {
2167 if (that->ssl_config_.client_cert) {
2168 PCCERT_CONTEXT cert_context =
2169 that->ssl_config_.client_cert->os_cert_handle();
2170
2171 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0;
2172 DWORD key_spec = 0;
2173 BOOL must_free = FALSE;
2174 BOOL acquired_key = CryptAcquireCertificatePrivateKey(
2175 cert_context, CRYPT_ACQUIRE_CACHE_FLAG, NULL,
2176 &crypt_prov, &key_spec, &must_free);
2177
2178 if (acquired_key) {
2179 // Since we passed CRYPT_ACQUIRE_CACHE_FLAG, |must_free| must be false
2180 // according to the MSDN documentation.
2181 CHECK_EQ(must_free, FALSE);
2182 DCHECK_NE(key_spec, CERT_NCRYPT_KEY_SPEC);
2183
2184 SECItem der_cert;
2185 der_cert.type = siDERCertBuffer;
2186 der_cert.data = cert_context->pbCertEncoded;
2187 der_cert.len = cert_context->cbCertEncoded;
2188
2189 // TODO(rsleevi): Error checking for NSS allocation errors.
2190 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB();
2191 CERTCertificate* user_cert = CERT_NewTempCertificate(
2192 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE);
2193 if (!user_cert) {
2194 // Importing the certificate can fail for reasons including a serial
2195 // number collision. See crbug.com/97355.
2196 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2197 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)));
2198 return SECFailure;
2199 }
2200 CERTCertList* cert_chain = CERT_NewCertList();
2201 CERT_AddCertToListTail(cert_chain, user_cert);
2202
2203 // Add the intermediates.
2204 X509Certificate::OSCertHandles intermediates =
2205 that->ssl_config_.client_cert->GetIntermediateCertificates();
2206 for (X509Certificate::OSCertHandles::const_iterator it =
2207 intermediates.begin(); it != intermediates.end(); ++it) {
2208 der_cert.data = (*it)->pbCertEncoded;
2209 der_cert.len = (*it)->cbCertEncoded;
2210
2211 CERTCertificate* intermediate = CERT_NewTempCertificate(
2212 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE);
2213 if (!intermediate) {
2214 CERT_DestroyCertList(cert_chain);
2215 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2216 make_scoped_refptr(new NetLogIntegerParameter("cert_count",
2217 0)));
2218 return SECFailure;
2219 }
2220 CERT_AddCertToListTail(cert_chain, intermediate);
2221 }
2222 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>(
2223 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT)));
2224 key_context->cbSize = sizeof(*key_context);
2225 // NSS will free this context when no longer in use, but the
2226 // |must_free| result from CryptAcquireCertificatePrivateKey was false
2227 // so we increment the refcount to negate NSS's future decrement.
2228 CryptContextAddRef(crypt_prov, NULL, 0);
2229 key_context->hCryptProv = crypt_prov;
2230 key_context->dwKeySpec = key_spec;
2231 *result_private_key = key_context;
2232 *result_certs = cert_chain;
2233
2234 int cert_count = 1 + intermediates.size();
2235 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2236 make_scoped_refptr(new NetLogIntegerParameter("cert_count",
2237 cert_count)));
2238 return SECSuccess;
2239 }
2240 LOG(WARNING) << "Client cert found without private key";
2241 }
2242 // Send no client certificate.
2243 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2244 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)));
2245 return SECFailure;
2246 }
2247
2248 that->client_certs_.clear();
2249
2250 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames);
2251 for (int i = 0; i < ca_names->nnames; ++i) {
2252 issuer_list[i].cbData = ca_names->names[i].len;
2253 issuer_list[i].pbData = ca_names->names[i].data;
2254 }
2255
2256 // Client certificates of the user are in the "MY" system certificate store.
2257 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY");
2258 if (!my_cert_store) {
2259 LOG(ERROR) << "Could not open the \"MY\" system certificate store: "
2260 << GetLastError();
2261 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2262 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)));
2263 return SECFailure;
2264 }
2265
2266 // Enumerate the client certificates.
2267 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para;
2268 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para));
2269 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para);
2270 find_by_issuer_para.pszUsageIdentifier = szOID_PKIX_KP_CLIENT_AUTH;
2271 find_by_issuer_para.cIssuer = ca_names->nnames;
2272 find_by_issuer_para.rgIssuer = ca_names->nnames ? &issuer_list[0] : NULL;
2273 find_by_issuer_para.pfnFindCallback = ClientCertFindCallback;
2274
2275 PCCERT_CHAIN_CONTEXT chain_context = NULL;
2276 DWORD find_flags = CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_FLAG |
2277 CERT_CHAIN_FIND_BY_ISSUER_CACHE_ONLY_URL_FLAG;
2278
2279 for (;;) {
2280 // Find a certificate chain.
2281 chain_context = CertFindChainInStore(my_cert_store,
2282 X509_ASN_ENCODING,
2283 find_flags,
2284 CERT_CHAIN_FIND_BY_ISSUER,
2285 &find_by_issuer_para,
2286 chain_context);
2287 if (!chain_context) {
2288 DWORD err = GetLastError();
2289 if (err != CRYPT_E_NOT_FOUND)
2290 DLOG(ERROR) << "CertFindChainInStore failed: " << err;
2291 break;
2292 }
2293
2294 // Get the leaf certificate.
2295 PCCERT_CONTEXT cert_context =
2296 chain_context->rgpChain[0]->rgpElement[0]->pCertContext;
2297 // Create a copy the handle, so that we can close the "MY" certificate store
2298 // before returning from this function.
2299 PCCERT_CONTEXT cert_context2;
2300 BOOL ok = CertAddCertificateContextToStore(NULL, cert_context,
2301 CERT_STORE_ADD_USE_EXISTING,
2302 &cert_context2);
2303 if (!ok) {
2304 NOTREACHED();
2305 continue;
2306 }
2307
2308 // Copy the rest of the chain. Copying the chain stops gracefully if an
2309 // error is encountered, with the partial chain being used as the
2310 // intermediates, as opposed to failing to consider the client certificate
2311 // at all.
2312 net::X509Certificate::OSCertHandles intermediates;
2313 for (DWORD i = 1; i < chain_context->rgpChain[0]->cElement; i++) {
2314 PCCERT_CONTEXT intermediate_copy;
2315 ok = CertAddCertificateContextToStore(
2316 NULL, chain_context->rgpChain[0]->rgpElement[i]->pCertContext,
2317 CERT_STORE_ADD_USE_EXISTING, &intermediate_copy);
2318 if (!ok) {
2319 NOTREACHED();
2320 break;
2321 }
2322 intermediates.push_back(intermediate_copy);
2323 }
2324
2325 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle(
2326 cert_context2, intermediates);
2327 that->client_certs_.push_back(cert);
2328
2329 X509Certificate::FreeOSCertHandle(cert_context2);
2330 for (net::X509Certificate::OSCertHandles::iterator it =
2331 intermediates.begin(); it != intermediates.end(); ++it) {
2332 net::X509Certificate::FreeOSCertHandle(*it);
2333 }
2334 }
2335
2336 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG);
2337 DCHECK(ok);
2338
2339 // Tell NSS to suspend the client authentication. We will then abort the
2340 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
2341 return SECWouldBlock;
2342 #elif defined(OS_MACOSX)
2343 if (that->ssl_config_.send_client_cert) {
2344 if (that->ssl_config_.client_cert) {
2345 OSStatus os_error = noErr;
2346 SecIdentityRef identity = NULL;
2347 SecKeyRef private_key = NULL;
2348 CFArrayRef chain =
2349 that->ssl_config_.client_cert->CreateClientCertificateChain();
2350 if (chain) {
2351 identity = reinterpret_cast<SecIdentityRef>(
2352 const_cast<void*>(CFArrayGetValueAtIndex(chain, 0)));
2353 }
2354 if (identity)
2355 os_error = SecIdentityCopyPrivateKey(identity, &private_key);
2356
2357 if (chain && identity && os_error == noErr) {
2358 // TODO(rsleevi): Error checking for NSS allocation errors.
2359 *result_certs = CERT_NewCertList();
2360 *result_private_key = private_key;
2361
2362 for (CFIndex i = 0; i < CFArrayGetCount(chain); ++i) {
2363 CSSM_DATA cert_data;
2364 SecCertificateRef cert_ref;
2365 if (i == 0) {
2366 cert_ref = that->ssl_config_.client_cert->os_cert_handle();
2367 } else {
2368 cert_ref = reinterpret_cast<SecCertificateRef>(
2369 const_cast<void*>(CFArrayGetValueAtIndex(chain, i)));
2370 }
2371 os_error = SecCertificateGetData(cert_ref, &cert_data);
2372 if (os_error != noErr)
2373 break;
2374
2375 SECItem der_cert;
2376 der_cert.type = siDERCertBuffer;
2377 der_cert.data = cert_data.Data;
2378 der_cert.len = cert_data.Length;
2379 CERTCertificate* nss_cert = CERT_NewTempCertificate(
2380 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE);
2381 if (!nss_cert) {
2382 // In the event of an NSS error we make up an OS error and reuse
2383 // the error handling, below.
2384 os_error = errSecCreateChainFailed;
2385 break;
2386 }
2387 CERT_AddCertToListTail(*result_certs, nss_cert);
2388 }
2389 }
2390 if (os_error == noErr) {
2391 int cert_count = 0;
2392 if (chain) {
2393 cert_count = CFArrayGetCount(chain);
2394 CFRelease(chain);
2395 }
2396 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2397 make_scoped_refptr(new NetLogIntegerParameter("cert_count",
2398 cert_count)));
2399 return SECSuccess;
2400 }
2401 OSSTATUS_LOG(WARNING, os_error)
2402 << "Client cert found, but could not be used";
2403 if (*result_certs) {
2404 CERT_DestroyCertList(*result_certs);
2405 *result_certs = NULL;
2406 }
2407 if (*result_private_key)
2408 *result_private_key = NULL;
2409 if (private_key)
2410 CFRelease(private_key);
2411 if (chain)
2412 CFRelease(chain);
2413 }
2414 // Send no client certificate.
2415 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2416 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)));
2417 return SECFailure;
2418 }
2419
2420 that->client_certs_.clear();
2421
2422 // First, get the cert issuer names allowed by the server.
2423 std::vector<CertPrincipal> valid_issuers;
2424 int n = ca_names->nnames;
2425 for (int i = 0; i < n; i++) {
2426 // Parse each name into a CertPrincipal object.
2427 CertPrincipal p;
2428 if (p.ParseDistinguishedName(ca_names->names[i].data,
2429 ca_names->names[i].len)) {
2430 valid_issuers.push_back(p);
2431 }
2432 }
2433
2434 // Now get the available client certs whose issuers are allowed by the server.
2435 X509Certificate::GetSSLClientCertificates(that->host_and_port_.host(),
2436 valid_issuers,
2437 &that->client_certs_);
2438
2439 // Tell NSS to suspend the client authentication. We will then abort the
2440 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
2441 return SECWouldBlock;
2442 #else
2443 return SECFailure;
2444 #endif
2445 }
2446
2447 #else // NSS_PLATFORM_CLIENT_AUTH
2448
2449 // static
2450 // NSS calls this if a client certificate is needed.
2451 // Based on Mozilla's NSS_GetClientAuthData.
2452 SECStatus SSLClientSocketNSS::ClientAuthHandler(
2453 void* arg,
2454 PRFileDesc* socket,
2455 CERTDistNames* ca_names,
2456 CERTCertificate** result_certificate,
2457 SECKEYPrivateKey** result_private_key) {
2458 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
2459
2460 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, NULL);
2461
2462 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
2463
2464 // Check if a domain-bound certificate is requested.
2465 if (DomainBoundCertNegotiated(socket)) {
2466 return that->DomainBoundClientAuthHandler(
2467 cert_types, result_certificate, result_private_key);
2468 }
2469
2470 // Regular client certificate requested.
2471 that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert;
2472 void* wincx = SSL_RevealPinArg(socket);
2473
2474 // Second pass: a client certificate should have been selected.
2475 if (that->ssl_config_.send_client_cert) {
2476 if (that->ssl_config_.client_cert) {
2477 CERTCertificate* cert = CERT_DupCertificate(
2478 that->ssl_config_.client_cert->os_cert_handle());
2479 SECKEYPrivateKey* privkey = PK11_FindKeyByAnyCert(cert, wincx);
2480 if (privkey) {
2481 // TODO(jsorianopastor): We should wait for server certificate
2482 // verification before sending our credentials. See
2483 // http://crbug.com/13934.
2484 *result_certificate = cert;
2485 *result_private_key = privkey;
2486 // A cert_count of -1 means the number of certificates is unknown.
2487 // NSS will construct the certificate chain.
2488 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2489 make_scoped_refptr(new NetLogIntegerParameter("cert_count", -1)));
2490 return SECSuccess;
2491 }
2492 LOG(WARNING) << "Client cert found without private key";
2493 }
2494 // Send no client certificate.
2495 that->net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
2496 make_scoped_refptr(new NetLogIntegerParameter("cert_count", 0)));
2497 return SECFailure;
2498 }
2499
2500 // Iterate over all client certificates.
2501 CERTCertList* client_certs = CERT_FindUserCertsByUsage(
2502 CERT_GetDefaultCertDB(), certUsageSSLClient,
2503 PR_FALSE, PR_FALSE, wincx);
2504 if (client_certs) {
2505 for (CERTCertListNode* node = CERT_LIST_HEAD(client_certs);
2506 !CERT_LIST_END(node, client_certs);
2507 node = CERT_LIST_NEXT(node)) {
2508 // Only offer unexpired certificates.
2509 if (CERT_CheckCertValidTimes(node->cert, PR_Now(), PR_TRUE) !=
2510 secCertTimeValid)
2511 continue;
2512 // Filter by issuer.
2513 //
2514 // TODO(davidben): This does a binary comparison of the DER-encoded
2515 // issuers. We should match according to RFC 5280 sec. 7.1. We should find
2516 // an appropriate NSS function or add one if needbe.
2517 if (ca_names->nnames &&
2518 NSS_CmpCertChainWCANames(node->cert, ca_names) != SECSuccess)
2519 continue;
2520 X509Certificate* x509_cert = X509Certificate::CreateFromHandle(
2521 node->cert, net::X509Certificate::OSCertHandles());
2522 that->client_certs_.push_back(x509_cert);
2523 }
2524 CERT_DestroyCertList(client_certs);
2525 }
2526
2527 // Tell NSS to suspend the client authentication. We will then abort the
2528 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
2529 return SECWouldBlock;
2530 }
2531 #endif // NSS_PLATFORM_CLIENT_AUTH
2532
2533 void SSLClientSocketNSS::RecordDomainBoundCertSupport() const {
2534 PRBool last_handshake_resumed;
2535 SECStatus ok = SSL_HandshakeResumedSession(nss_fd_, &last_handshake_resumed);
2536 if (ok != SECSuccess || last_handshake_resumed)
2537 return;
2538
2539 // Since this enum is used for a histogram, do not change or re-use values.
2540 enum {
2541 DISABLED = 0,
2542 CLIENT_ONLY = 1,
2543 CLIENT_AND_SERVER = 2,
2544 DOMAIN_BOUND_CERT_USAGE_MAX
2545 } supported = DISABLED;
2546 #ifdef SSL_ENABLE_OB_CERTS
2547 if (domain_bound_cert_xtn_negotiated_)
2548 supported = CLIENT_AND_SERVER;
2549 else if (ssl_config_.domain_bound_certs_enabled)
2550 supported = CLIENT_ONLY;
2551 #endif
2552 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
2553 DOMAIN_BOUND_CERT_USAGE_MAX);
2554 }
2555
2556 // static
2557 // NSS calls this when handshake is completed.
2558 // After the SSL handshake is finished, use CertVerifier to verify
2559 // the saved server certificate.
2560 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket,
2561 void* arg) {
2562 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
2563
2564 that->handshake_callback_called_ = true;
2565
2566 that->RecordDomainBoundCertSupport();
2567 that->UpdateServerCert();
2568 that->UpdateConnectionStatus();
2569 }
2570
2571 // NextProtoCallback is called by NSS during the handshake, if the server
2572 // supports NPN, to select a protocol from the list that the server offered.
2573 // See the comment in net/third_party/nss/ssl/ssl.h for the meanings of the
2574 // arguments.
2575 // static
2576 SECStatus
2577 SSLClientSocketNSS::NextProtoCallback(void* arg,
2578 PRFileDesc* nss_fd,
2579 const unsigned char* protos,
2580 unsigned int protos_len,
2581 unsigned char* proto_out,
2582 unsigned int* proto_out_len,
2583 unsigned int proto_max_len) {
2584 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
2585
2586 // For each protocol in server preference, see if we support it.
2587 for (unsigned int i = 0; i < protos_len; ) {
2588 const size_t len = protos[i];
2589 for (std::vector<std::string>::const_iterator
2590 j = that->ssl_config_.next_protos.begin();
2591 j != that->ssl_config_.next_protos.end(); j++) {
2592 // Having very long elements in the |next_protos| vector isn't a disaster
2593 // because they'll never be selected, but it does indicate an error
2594 // somewhere.
2595 DCHECK_LT(j->size(), 256u);
2596
2597 if (j->size() == len &&
2598 memcmp(&protos[i + 1], j->data(), len) == 0) {
2599 that->next_proto_status_ = kNextProtoNegotiated;
2600 that->next_proto_ = *j;
2601 break;
2602 }
2603 }
2604
2605 if (that->next_proto_status_ == kNextProtoNegotiated)
2606 break;
2607
2608 // NSS checks that the data in |protos| is well formed, so we know that
2609 // this doesn't cause us to jump off the end of the buffer.
2610 i += len + 1;
2611 }
2612
2613 that->server_protos_.assign(
2614 reinterpret_cast<const char*>(protos), protos_len);
2615
2616 // If we didn't find a protocol, we select the first one from our list.
2617 if (that->next_proto_status_ != kNextProtoNegotiated) {
2618 that->next_proto_status_ = kNextProtoNoOverlap;
2619 that->next_proto_ = that->ssl_config_.next_protos[0];
2620 }
2621
2622 if (that->next_proto_.size() > proto_max_len) {
2623 PORT_SetError(SEC_ERROR_OUTPUT_LEN);
2624 return SECFailure;
2625 }
2626 memcpy(proto_out, that->next_proto_.data(), that->next_proto_.size());
2627 *proto_out_len = that->next_proto_.size();
2628 return SECSuccess;
2629 }
2630
2631 void SSLClientSocketNSS::EnsureThreadIdAssigned() const { 3625 void SSLClientSocketNSS::EnsureThreadIdAssigned() const {
2632 base::AutoLock auto_lock(lock_); 3626 base::AutoLock auto_lock(lock_);
2633 if (valid_thread_id_ != base::kInvalidThreadId) 3627 if (valid_thread_id_ != base::kInvalidThreadId)
2634 return; 3628 return;
2635 valid_thread_id_ = base::PlatformThread::CurrentId(); 3629 valid_thread_id_ = base::PlatformThread::CurrentId();
2636 } 3630 }
2637 3631
2638 bool SSLClientSocketNSS::CalledOnValidThread() const { 3632 bool SSLClientSocketNSS::CalledOnValidThread() const {
2639 EnsureThreadIdAssigned(); 3633 EnsureThreadIdAssigned();
2640 base::AutoLock auto_lock(lock_); 3634 base::AutoLock auto_lock(lock_);
2641 return valid_thread_id_ == base::PlatformThread::CurrentId(); 3635 return valid_thread_id_ == base::PlatformThread::CurrentId();
2642 } 3636 }
2643 3637
2644 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 3638 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
2645 return server_bound_cert_service_; 3639 return server_bound_cert_service_;
2646 } 3640 }
2647 3641
2648 } // namespace net 3642 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_nss.h ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698