OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <winsock2.h> | 8 #include <winsock2.h> |
9 #endif | 9 #endif |
10 | 10 |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include <nss.h> | 22 #include <nss.h> |
23 #include <pk11pub.h> | 23 #include <pk11pub.h> |
24 #include <secerr.h> | 24 #include <secerr.h> |
25 #include <sechash.h> | 25 #include <sechash.h> |
26 #include <ssl.h> | 26 #include <ssl.h> |
27 #include <sslerr.h> | 27 #include <sslerr.h> |
28 #include <sslproto.h> | 28 #include <sslproto.h> |
29 | 29 |
30 #include <limits> | 30 #include <limits> |
31 | 31 |
32 #include "base/crypto/rsa_private_key.h" | |
33 #include "base/memory/ref_counted.h" | 32 #include "base/memory/ref_counted.h" |
34 #include "base/nss_util_internal.h" | 33 #include "crypto/rsa_private_key.h" |
| 34 #include "crypto/nss_util_internal.h" |
35 #include "net/base/io_buffer.h" | 35 #include "net/base/io_buffer.h" |
36 #include "net/base/net_errors.h" | 36 #include "net/base/net_errors.h" |
37 #include "net/base/net_log.h" | 37 #include "net/base/net_log.h" |
38 #include "net/ocsp/nss_ocsp.h" | 38 #include "net/ocsp/nss_ocsp.h" |
39 #include "net/socket/nss_ssl_util.h" | 39 #include "net/socket/nss_ssl_util.h" |
40 #include "net/socket/ssl_error_params.h" | 40 #include "net/socket/ssl_error_params.h" |
41 | 41 |
42 static const int kRecvBufferSize = 4096; | 42 static const int kRecvBufferSize = 4096; |
43 | 43 |
44 #define GotoState(s) next_handshake_state_ = s | 44 #define GotoState(s) next_handshake_state_ = s |
45 | 45 |
46 namespace net { | 46 namespace net { |
47 | 47 |
48 SSLServerSocket* CreateSSLServerSocket( | 48 SSLServerSocket* CreateSSLServerSocket( |
49 Socket* socket, X509Certificate* cert, base::RSAPrivateKey* key, | 49 Socket* socket, X509Certificate* cert, crypto::RSAPrivateKey* key, |
50 const SSLConfig& ssl_config) { | 50 const SSLConfig& ssl_config) { |
51 return new SSLServerSocketNSS(socket, cert, key, ssl_config); | 51 return new SSLServerSocketNSS(socket, cert, key, ssl_config); |
52 } | 52 } |
53 | 53 |
54 SSLServerSocketNSS::SSLServerSocketNSS( | 54 SSLServerSocketNSS::SSLServerSocketNSS( |
55 Socket* transport_socket, | 55 Socket* transport_socket, |
56 scoped_refptr<X509Certificate> cert, | 56 scoped_refptr<X509Certificate> cert, |
57 base::RSAPrivateKey* key, | 57 crypto::RSAPrivateKey* key, |
58 const SSLConfig& ssl_config) | 58 const SSLConfig& ssl_config) |
59 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 59 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
60 this, &SSLServerSocketNSS::BufferSendComplete)), | 60 this, &SSLServerSocketNSS::BufferSendComplete)), |
61 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 61 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
62 this, &SSLServerSocketNSS::BufferRecvComplete)), | 62 this, &SSLServerSocketNSS::BufferRecvComplete)), |
63 transport_send_busy_(false), | 63 transport_send_busy_(false), |
64 transport_recv_busy_(false), | 64 transport_recv_busy_(false), |
65 user_accept_callback_(NULL), | 65 user_accept_callback_(NULL), |
66 user_read_callback_(NULL), | 66 user_read_callback_(NULL), |
67 user_write_callback_(NULL), | 67 user_write_callback_(NULL), |
68 nss_fd_(NULL), | 68 nss_fd_(NULL), |
69 nss_bufs_(NULL), | 69 nss_bufs_(NULL), |
70 transport_socket_(transport_socket), | 70 transport_socket_(transport_socket), |
71 ssl_config_(ssl_config), | 71 ssl_config_(ssl_config), |
72 cert_(cert), | 72 cert_(cert), |
73 next_handshake_state_(STATE_NONE), | 73 next_handshake_state_(STATE_NONE), |
74 completed_handshake_(false) { | 74 completed_handshake_(false) { |
75 ssl_config_.false_start_enabled = false; | 75 ssl_config_.false_start_enabled = false; |
76 ssl_config_.ssl3_enabled = true; | 76 ssl_config_.ssl3_enabled = true; |
77 ssl_config_.tls1_enabled = true; | 77 ssl_config_.tls1_enabled = true; |
78 | 78 |
79 // TODO(hclam): Need a better way to clone a key. | 79 // TODO(hclam): Need a better way to clone a key. |
80 std::vector<uint8> key_bytes; | 80 std::vector<uint8> key_bytes; |
81 CHECK(key->ExportPrivateKey(&key_bytes)); | 81 CHECK(key->ExportPrivateKey(&key_bytes)); |
82 key_.reset(base::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); | 82 key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); |
83 CHECK(key_.get()); | 83 CHECK(key_.get()); |
84 } | 84 } |
85 | 85 |
86 SSLServerSocketNSS::~SSLServerSocketNSS() { | 86 SSLServerSocketNSS::~SSLServerSocketNSS() { |
87 if (nss_fd_ != NULL) { | 87 if (nss_fd_ != NULL) { |
88 PR_Close(nss_fd_); | 88 PR_Close(nss_fd_); |
89 nss_fd_ = NULL; | 89 nss_fd_ = NULL; |
90 } | 90 } |
91 } | 91 } |
92 | 92 |
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
295 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | 295 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); |
296 | 296 |
297 // Get a key of SECKEYPrivateKey* structure. | 297 // Get a key of SECKEYPrivateKey* structure. |
298 std::vector<uint8> key_vector; | 298 std::vector<uint8> key_vector; |
299 if (!key_->ExportPrivateKey(&key_vector)) { | 299 if (!key_->ExportPrivateKey(&key_vector)) { |
300 CERT_DestroyCertificate(cert); | 300 CERT_DestroyCertificate(cert); |
301 return ERR_UNEXPECTED; | 301 return ERR_UNEXPECTED; |
302 } | 302 } |
303 | 303 |
304 SECKEYPrivateKeyStr* private_key = NULL; | 304 SECKEYPrivateKeyStr* private_key = NULL; |
305 PK11SlotInfo *slot = base::GetDefaultNSSKeySlot(); | 305 PK11SlotInfo *slot = crypto::GetDefaultNSSKeySlot(); |
306 if (!slot) { | 306 if (!slot) { |
307 CERT_DestroyCertificate(cert); | 307 CERT_DestroyCertificate(cert); |
308 return ERR_UNEXPECTED; | 308 return ERR_UNEXPECTED; |
309 } | 309 } |
310 | 310 |
311 SECItem der_private_key_info; | 311 SECItem der_private_key_info; |
312 der_private_key_info.data = | 312 der_private_key_info.data = |
313 const_cast<unsigned char*>(&key_vector.front()); | 313 const_cast<unsigned char*>(&key_vector.front()); |
314 der_private_key_info.len = key_vector.size(); | 314 der_private_key_info.len = key_vector.size(); |
315 // The server's RSA private key must be imported into NSS with the | 315 // The server's RSA private key must be imported into NSS with the |
(...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
676 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop | 676 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop |
677 // by MessageLoopForIO::current(). | 677 // by MessageLoopForIO::current(). |
678 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 678 // X509Certificate::Verify() runs on a worker thread of CertVerifier. |
679 EnsureOCSPInit(); | 679 EnsureOCSPInit(); |
680 #endif | 680 #endif |
681 | 681 |
682 return OK; | 682 return OK; |
683 } | 683 } |
684 | 684 |
685 } // namespace net | 685 } // namespace net |
OLD | NEW |