| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <winsock2.h> | 8 #include <winsock2.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 27 matching lines...) Expand all Loading... |
| 38 #include "net/ocsp/nss_ocsp.h" | 38 #include "net/ocsp/nss_ocsp.h" |
| 39 #include "net/socket/nss_ssl_util.h" | 39 #include "net/socket/nss_ssl_util.h" |
| 40 #include "net/socket/ssl_error_params.h" | 40 #include "net/socket/ssl_error_params.h" |
| 41 | 41 |
| 42 static const int kRecvBufferSize = 4096; | 42 static const int kRecvBufferSize = 4096; |
| 43 | 43 |
| 44 #define GotoState(s) next_handshake_state_ = s | 44 #define GotoState(s) next_handshake_state_ = s |
| 45 | 45 |
| 46 namespace net { | 46 namespace net { |
| 47 | 47 |
| 48 SSLServerSocket* CreateSSLServerSocket( | 48 StreamSocket* CreateSSLServerSocket( |
| 49 Socket* socket, X509Certificate* cert, crypto::RSAPrivateKey* key, | 49 StreamSocket* socket, |
| 50 X509Certificate* cert, |
| 51 crypto::RSAPrivateKey* key, |
| 50 const SSLConfig& ssl_config) { | 52 const SSLConfig& ssl_config) { |
| 51 return new SSLServerSocketNSS(socket, cert, key, ssl_config); | 53 return new SSLServerSocketNSS(socket, cert, key, ssl_config); |
| 52 } | 54 } |
| 53 | 55 |
| 54 SSLServerSocketNSS::SSLServerSocketNSS( | 56 SSLServerSocketNSS::SSLServerSocketNSS( |
| 55 Socket* transport_socket, | 57 StreamSocket* transport_socket, |
| 56 scoped_refptr<X509Certificate> cert, | 58 scoped_refptr<X509Certificate> cert, |
| 57 crypto::RSAPrivateKey* key, | 59 crypto::RSAPrivateKey* key, |
| 58 const SSLConfig& ssl_config) | 60 const SSLConfig& ssl_config) |
| 59 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 61 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
| 60 this, &SSLServerSocketNSS::BufferSendComplete)), | 62 this, &SSLServerSocketNSS::BufferSendComplete)), |
| 61 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 63 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
| 62 this, &SSLServerSocketNSS::BufferRecvComplete)), | 64 this, &SSLServerSocketNSS::BufferRecvComplete)), |
| 63 transport_send_busy_(false), | 65 transport_send_busy_(false), |
| 64 transport_recv_busy_(false), | 66 transport_recv_busy_(false), |
| 65 user_accept_callback_(NULL), | 67 user_connect_callback_(NULL), |
| 66 user_read_callback_(NULL), | 68 user_read_callback_(NULL), |
| 67 user_write_callback_(NULL), | 69 user_write_callback_(NULL), |
| 68 nss_fd_(NULL), | 70 nss_fd_(NULL), |
| 69 nss_bufs_(NULL), | 71 nss_bufs_(NULL), |
| 70 transport_socket_(transport_socket), | 72 transport_socket_(transport_socket), |
| 71 ssl_config_(ssl_config), | 73 ssl_config_(ssl_config), |
| 72 cert_(cert), | 74 cert_(cert), |
| 73 next_handshake_state_(STATE_NONE), | 75 next_handshake_state_(STATE_NONE), |
| 74 completed_handshake_(false) { | 76 completed_handshake_(false) { |
| 75 ssl_config_.false_start_enabled = false; | 77 ssl_config_.false_start_enabled = false; |
| 76 ssl_config_.ssl3_enabled = true; | 78 ssl_config_.ssl3_enabled = true; |
| 77 ssl_config_.tls1_enabled = true; | 79 ssl_config_.tls1_enabled = true; |
| 78 | 80 |
| 79 // TODO(hclam): Need a better way to clone a key. | 81 // TODO(hclam): Need a better way to clone a key. |
| 80 std::vector<uint8> key_bytes; | 82 std::vector<uint8> key_bytes; |
| 81 CHECK(key->ExportPrivateKey(&key_bytes)); | 83 CHECK(key->ExportPrivateKey(&key_bytes)); |
| 82 key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); | 84 key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); |
| 83 CHECK(key_.get()); | 85 CHECK(key_.get()); |
| 84 } | 86 } |
| 85 | 87 |
| 86 SSLServerSocketNSS::~SSLServerSocketNSS() { | 88 SSLServerSocketNSS::~SSLServerSocketNSS() { |
| 87 if (nss_fd_ != NULL) { | 89 if (nss_fd_ != NULL) { |
| 88 PR_Close(nss_fd_); | 90 PR_Close(nss_fd_); |
| 89 nss_fd_ = NULL; | 91 nss_fd_ = NULL; |
| 90 } | 92 } |
| 91 } | 93 } |
| 92 | 94 |
| 93 int SSLServerSocketNSS::Accept(CompletionCallback* callback) { | 95 int SSLServerSocketNSS::Connect(CompletionCallback* callback) { |
| 94 net_log_.BeginEvent(NetLog::TYPE_SSL_ACCEPT, NULL); | 96 net_log_.BeginEvent(NetLog::TYPE_SSL_ACCEPT, NULL); |
| 95 | 97 |
| 96 int rv = Init(); | 98 int rv = Init(); |
| 97 if (rv != OK) { | 99 if (rv != OK) { |
| 98 LOG(ERROR) << "Failed to initialize NSS"; | 100 LOG(ERROR) << "Failed to initialize NSS"; |
| 99 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); | 101 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); |
| 100 return rv; | 102 return rv; |
| 101 } | 103 } |
| 102 | 104 |
| 103 rv = InitializeSSLOptions(); | 105 rv = InitializeSSLOptions(); |
| 104 if (rv != OK) { | 106 if (rv != OK) { |
| 105 LOG(ERROR) << "Failed to initialize SSL options"; | 107 LOG(ERROR) << "Failed to initialize SSL options"; |
| 106 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); | 108 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); |
| 107 return rv; | 109 return rv; |
| 108 } | 110 } |
| 109 | 111 |
| 110 // Set peer address. TODO(hclam): This should be in a separate method. | 112 // Set peer address. TODO(hclam): This should be in a separate method. |
| 111 PRNetAddr peername; | 113 PRNetAddr peername; |
| 112 memset(&peername, 0, sizeof(peername)); | 114 memset(&peername, 0, sizeof(peername)); |
| 113 peername.raw.family = AF_INET; | 115 peername.raw.family = AF_INET; |
| 114 memio_SetPeerName(nss_fd_, &peername); | 116 memio_SetPeerName(nss_fd_, &peername); |
| 115 | 117 |
| 116 GotoState(STATE_HANDSHAKE); | 118 GotoState(STATE_HANDSHAKE); |
| 117 rv = DoHandshakeLoop(net::OK); | 119 rv = DoHandshakeLoop(net::OK); |
| 118 if (rv == ERR_IO_PENDING) { | 120 if (rv == ERR_IO_PENDING) { |
| 119 user_accept_callback_ = callback; | 121 user_connect_callback_ = callback; |
| 120 } else { | 122 } else { |
| 121 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); | 123 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); |
| 122 } | 124 } |
| 123 | 125 |
| 124 return rv > OK ? OK : rv; | 126 return rv > OK ? OK : rv; |
| 125 } | 127 } |
| 126 | 128 |
| 127 int SSLServerSocketNSS::Read(IOBuffer* buf, int buf_len, | 129 int SSLServerSocketNSS::Read(IOBuffer* buf, int buf_len, |
| 128 CompletionCallback* callback) { | 130 CompletionCallback* callback) { |
| 129 DCHECK(!user_read_callback_); | 131 DCHECK(!user_read_callback_); |
| 130 DCHECK(!user_accept_callback_); | 132 DCHECK(!user_connect_callback_); |
| 131 DCHECK(!user_read_buf_); | 133 DCHECK(!user_read_buf_); |
| 132 DCHECK(nss_bufs_); | 134 DCHECK(nss_bufs_); |
| 133 | 135 |
| 134 user_read_buf_ = buf; | 136 user_read_buf_ = buf; |
| 135 user_read_buf_len_ = buf_len; | 137 user_read_buf_len_ = buf_len; |
| 136 | 138 |
| 137 DCHECK(completed_handshake_); | 139 DCHECK(completed_handshake_); |
| 138 | 140 |
| 139 int rv = DoReadLoop(OK); | 141 int rv = DoReadLoop(OK); |
| 140 | 142 |
| (...skipping 19 matching lines...) Expand all Loading... |
| 160 | 162 |
| 161 if (rv == ERR_IO_PENDING) { | 163 if (rv == ERR_IO_PENDING) { |
| 162 user_write_callback_ = callback; | 164 user_write_callback_ = callback; |
| 163 } else { | 165 } else { |
| 164 user_write_buf_ = NULL; | 166 user_write_buf_ = NULL; |
| 165 user_write_buf_len_ = 0; | 167 user_write_buf_len_ = 0; |
| 166 } | 168 } |
| 167 return rv; | 169 return rv; |
| 168 } | 170 } |
| 169 | 171 |
| 172 bool SSLServerSocketNSS::IsConnected() const { |
| 173 return completed_handshake_; |
| 174 } |
| 175 |
| 176 void SSLServerSocketNSS::Disconnect() { |
| 177 transport_socket_->Disconnect(); |
| 178 } |
| 179 |
| 180 bool SSLServerSocketNSS::IsConnectedAndIdle() const { |
| 181 return completed_handshake_ && transport_socket_->IsConnectedAndIdle(); |
| 182 } |
| 183 |
| 184 int SSLServerSocketNSS::GetPeerAddress(AddressList* address) const { |
| 185 if (!IsConnected()) |
| 186 return ERR_SOCKET_NOT_CONNECTED; |
| 187 return transport_socket_->GetPeerAddress(address); |
| 188 } |
| 189 |
| 190 int SSLServerSocketNSS::GetLocalAddress(IPEndPoint* address) const { |
| 191 if (!IsConnected()) |
| 192 return ERR_SOCKET_NOT_CONNECTED; |
| 193 return transport_socket_->GetLocalAddress(address); |
| 194 } |
| 195 |
| 196 const BoundNetLog& SSLServerSocketNSS::NetLog() const { |
| 197 return net_log_; |
| 198 } |
| 199 |
| 200 void SSLServerSocketNSS::SetSubresourceSpeculation() { |
| 201 transport_socket_->SetSubresourceSpeculation(); |
| 202 } |
| 203 |
| 204 void SSLServerSocketNSS::SetOmniboxSpeculation() { |
| 205 transport_socket_->SetOmniboxSpeculation(); |
| 206 } |
| 207 |
| 208 bool SSLServerSocketNSS::WasEverUsed() const { |
| 209 return transport_socket_->WasEverUsed(); |
| 210 } |
| 211 |
| 212 bool SSLServerSocketNSS::UsingTCPFastOpen() const { |
| 213 return transport_socket_->UsingTCPFastOpen(); |
| 214 } |
| 215 |
| 170 bool SSLServerSocketNSS::SetReceiveBufferSize(int32 size) { | 216 bool SSLServerSocketNSS::SetReceiveBufferSize(int32 size) { |
| 171 return false; | 217 return false; |
| 172 } | 218 } |
| 173 | 219 |
| 174 bool SSLServerSocketNSS::SetSendBufferSize(int32 size) { | 220 bool SSLServerSocketNSS::SetSendBufferSize(int32 size) { |
| 175 return false; | 221 return false; |
| 176 } | 222 } |
| 177 | 223 |
| 178 int SSLServerSocketNSS::InitializeSSLOptions() { | 224 int SSLServerSocketNSS::InitializeSSLOptions() { |
| 179 // Transport connected, now hook it up to nss | 225 // Transport connected, now hook it up to nss |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 379 | 425 |
| 380 int rv = DoReadLoop(result); | 426 int rv = DoReadLoop(result); |
| 381 if (rv != ERR_IO_PENDING) | 427 if (rv != ERR_IO_PENDING) |
| 382 DoReadCallback(rv); | 428 DoReadCallback(rv); |
| 383 } | 429 } |
| 384 | 430 |
| 385 void SSLServerSocketNSS::OnHandshakeIOComplete(int result) { | 431 void SSLServerSocketNSS::OnHandshakeIOComplete(int result) { |
| 386 int rv = DoHandshakeLoop(result); | 432 int rv = DoHandshakeLoop(result); |
| 387 if (rv != ERR_IO_PENDING) { | 433 if (rv != ERR_IO_PENDING) { |
| 388 net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_ACCEPT, rv); | 434 net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_ACCEPT, rv); |
| 389 if (user_accept_callback_) | 435 if (user_connect_callback_) |
| 390 DoAcceptCallback(rv); | 436 DoConnectCallback(rv); |
| 391 } | 437 } |
| 392 } | 438 } |
| 393 | 439 |
| 394 // Return 0 for EOF, | 440 // Return 0 for EOF, |
| 395 // > 0 for bytes transferred immediately, | 441 // > 0 for bytes transferred immediately, |
| 396 // < 0 for error (or the non-error ERR_IO_PENDING). | 442 // < 0 for error (or the non-error ERR_IO_PENDING). |
| 397 int SSLServerSocketNSS::BufferSend(void) { | 443 int SSLServerSocketNSS::BufferSend(void) { |
| 398 if (transport_send_busy_) | 444 if (transport_send_busy_) |
| 399 return ERR_IO_PENDING; | 445 return ERR_IO_PENDING; |
| 400 | 446 |
| (...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 602 LOG(ERROR) << "handshake failed; NSS error code " << prerr | 648 LOG(ERROR) << "handshake failed; NSS error code " << prerr |
| 603 << ", net_error " << net_error; | 649 << ", net_error " << net_error; |
| 604 net_log_.AddEvent( | 650 net_log_.AddEvent( |
| 605 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 651 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 606 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); | 652 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); |
| 607 } | 653 } |
| 608 } | 654 } |
| 609 return net_error; | 655 return net_error; |
| 610 } | 656 } |
| 611 | 657 |
| 612 void SSLServerSocketNSS::DoAcceptCallback(int rv) { | 658 void SSLServerSocketNSS::DoConnectCallback(int rv) { |
| 613 DCHECK_NE(rv, ERR_IO_PENDING); | 659 DCHECK_NE(rv, ERR_IO_PENDING); |
| 614 | 660 |
| 615 CompletionCallback* c = user_accept_callback_; | 661 CompletionCallback* c = user_connect_callback_; |
| 616 user_accept_callback_ = NULL; | 662 user_connect_callback_ = NULL; |
| 617 c->Run(rv > OK ? OK : rv); | 663 c->Run(rv > OK ? OK : rv); |
| 618 } | 664 } |
| 619 | 665 |
| 620 void SSLServerSocketNSS::DoReadCallback(int rv) { | 666 void SSLServerSocketNSS::DoReadCallback(int rv) { |
| 621 DCHECK(rv != ERR_IO_PENDING); | 667 DCHECK(rv != ERR_IO_PENDING); |
| 622 DCHECK(user_read_callback_); | 668 DCHECK(user_read_callback_); |
| 623 | 669 |
| 624 // Since Run may result in Read being called, clear |user_read_callback_| | 670 // Since Run may result in Read being called, clear |user_read_callback_| |
| 625 // up front. | 671 // up front. |
| 626 CompletionCallback* c = user_read_callback_; | 672 CompletionCallback* c = user_read_callback_; |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 676 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop | 722 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop |
| 677 // by MessageLoopForIO::current(). | 723 // by MessageLoopForIO::current(). |
| 678 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 724 // X509Certificate::Verify() runs on a worker thread of CertVerifier. |
| 679 EnsureOCSPInit(); | 725 EnsureOCSPInit(); |
| 680 #endif | 726 #endif |
| 681 | 727 |
| 682 return OK; | 728 return OK; |
| 683 } | 729 } |
| 684 | 730 |
| 685 } // namespace net | 731 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 7054010:
Update SSLServerSocket to provide the net::StreamSocket interface. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src