Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/pepper_tcp_socket.h" | 5 #include "content/browser/renderer_host/pepper_tcp_socket.h" |
| 6 | 6 |
| 7 #include <string.h> | 7 #include <string.h> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 97 !NetAddressPrivateImpl::NetAddressToAddressList(net_addr, | 97 !NetAddressPrivateImpl::NetAddressToAddressList(net_addr, |
| 98 &address_list_)) { | 98 &address_list_)) { |
| 99 SendConnectACKError(); | 99 SendConnectACKError(); |
| 100 return; | 100 return; |
| 101 } | 101 } |
| 102 | 102 |
| 103 connection_state_ = CONNECT_IN_PROGRESS; | 103 connection_state_ = CONNECT_IN_PROGRESS; |
| 104 StartConnect(address_list_); | 104 StartConnect(address_list_); |
| 105 } | 105 } |
| 106 | 106 |
| 107 void PepperTCPSocket::SSLHandshake(const std::string& server_name, | 107 void PepperTCPSocket::SSLHandshake( |
| 108 uint16_t server_port) { | 108 const std::string& server_name, |
| 109 uint16_t server_port, | |
| 110 const std::vector<std::vector<char> >& trusted_certs, | |
| 111 const std::vector<std::vector<char> >& untrusted_certs) { | |
| 109 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); | 112 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| 110 | 113 |
| 111 // Allow to do SSL handshake only if currently the socket has been connected | 114 // Allow to do SSL handshake only if currently the socket has been connected |
| 112 // and there isn't pending read or write. | 115 // and there isn't pending read or write. |
| 113 // IsConnected() includes the state that SSL handshake has been finished and | 116 // IsConnected() includes the state that SSL handshake has been finished and |
| 114 // therefore isn't suitable here. | 117 // therefore isn't suitable here. |
| 115 if (connection_state_ != CONNECTED || read_buffer_.get() || | 118 if (connection_state_ != CONNECTED || read_buffer_.get() || |
| 116 write_buffer_.get()) { | 119 write_buffer_.get()) { |
| 117 SendSSLHandshakeACK(false); | 120 SendSSLHandshakeACK(false); |
| 118 return; | 121 return; |
| 119 } | 122 } |
| 120 | 123 |
| 121 connection_state_ = SSL_HANDSHAKE_IN_PROGRESS; | 124 connection_state_ = SSL_HANDSHAKE_IN_PROGRESS; |
| 125 // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting. | |
| 126 | |
| 122 net::ClientSocketHandle* handle = new net::ClientSocketHandle(); | 127 net::ClientSocketHandle* handle = new net::ClientSocketHandle(); |
| 123 handle->set_socket(socket_.release()); | 128 handle->set_socket(socket_.release()); |
| 124 net::ClientSocketFactory* factory = | 129 net::ClientSocketFactory* factory = |
| 125 net::ClientSocketFactory::GetDefaultFactory(); | 130 net::ClientSocketFactory::GetDefaultFactory(); |
| 126 net::HostPortPair host_port_pair(server_name, server_port); | 131 net::HostPortPair host_port_pair(server_name, server_port); |
| 127 net::SSLClientSocketContext ssl_context; | 132 net::SSLClientSocketContext ssl_context; |
| 128 ssl_context.cert_verifier = manager_->GetCertVerifier(); | 133 ssl_context.cert_verifier = manager_->GetCertVerifier(); |
| 129 socket_.reset(factory->CreateSSLClientSocket( | 134 socket_.reset(factory->CreateSSLClientSocket( |
| 130 handle, host_port_pair, manager_->ssl_config(), NULL, ssl_context)); | 135 handle, host_port_pair, manager_->ssl_config(), NULL, ssl_context)); |
| 131 if (!socket_.get()) { | 136 if (!socket_.get()) { |
| (...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 268 manager_->Send(new PpapiMsg_PPBTCPSocket_ReadACK( | 273 manager_->Send(new PpapiMsg_PPBTCPSocket_ReadACK( |
| 269 routing_id_, plugin_dispatcher_id_, socket_id_, false, std::string())); | 274 routing_id_, plugin_dispatcher_id_, socket_id_, false, std::string())); |
| 270 } | 275 } |
| 271 | 276 |
| 272 void PepperTCPSocket::SendWriteACKError() { | 277 void PepperTCPSocket::SendWriteACKError() { |
| 273 manager_->Send(new PpapiMsg_PPBTCPSocket_WriteACK( | 278 manager_->Send(new PpapiMsg_PPBTCPSocket_WriteACK( |
| 274 routing_id_, plugin_dispatcher_id_, socket_id_, false, 0)); | 279 routing_id_, plugin_dispatcher_id_, socket_id_, false, 0)); |
| 275 } | 280 } |
| 276 | 281 |
| 277 void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) { | 282 void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) { |
| 283 ppapi::PPB_X509Certificate_Fields certificate_fields; | |
| 284 if (succeeded) { | |
| 285 CHECK(socket_.get()); | |
|
yzshen1
2012/04/06 19:24:33
You don't need this CHECK, it will die below if it
raymes
2012/04/06 23:22:47
Done.
| |
| 286 // Our socket is guaranteed to be an SSL socket if we get here. | |
| 287 net::SSLClientSocket* ssl_socket = | |
| 288 static_cast<net::SSLClientSocket*>(socket_.get()); | |
| 289 net::SSLInfo ssl_info; | |
| 290 ssl_socket->GetSSLInfo(&ssl_info); | |
| 291 CHECK(ssl_info.cert.get()); | |
|
Ryan Sleevi
2012/04/06 00:37:49
Note that this can fail for a variety of reasons.
raymes
2012/04/06 23:22:47
Done.
| |
| 292 bool success = GetCertificateFields(*ssl_info.cert, | |
| 293 &certificate_fields); | |
| 294 CHECK(success); | |
|
yzshen1
2012/04/06 19:24:33
If it failed, do we have to crash the whole browse
raymes
2012/04/06 23:22:47
Probably not. If we can't correctly parse the cert
| |
| 295 } | |
| 278 manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK( | 296 manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK( |
| 279 routing_id_, plugin_dispatcher_id_, socket_id_, succeeded)); | 297 routing_id_, |
| 298 plugin_dispatcher_id_, | |
| 299 socket_id_, | |
| 300 succeeded, | |
| 301 certificate_fields)); | |
| 280 } | 302 } |
| 281 | 303 |
| 282 void PepperTCPSocket::OnResolveCompleted(int result) { | 304 void PepperTCPSocket::OnResolveCompleted(int result) { |
| 283 DCHECK(connection_state_ == CONNECT_IN_PROGRESS); | 305 DCHECK(connection_state_ == CONNECT_IN_PROGRESS); |
| 284 | 306 |
| 285 if (result != net::OK) { | 307 if (result != net::OK) { |
| 286 SendConnectACKError(); | 308 SendConnectACKError(); |
| 287 connection_state_ = BEFORE_CONNECT; | 309 connection_state_ = BEFORE_CONNECT; |
| 288 return; | 310 return; |
| 289 } | 311 } |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 355 routing_id_, plugin_dispatcher_id_, socket_id_, true, result)); | 377 routing_id_, plugin_dispatcher_id_, socket_id_, true, result)); |
| 356 } else { | 378 } else { |
| 357 SendWriteACKError(); | 379 SendWriteACKError(); |
| 358 } | 380 } |
| 359 write_buffer_ = NULL; | 381 write_buffer_ = NULL; |
| 360 } | 382 } |
| 361 | 383 |
| 362 bool PepperTCPSocket::IsConnected() const { | 384 bool PepperTCPSocket::IsConnected() const { |
| 363 return connection_state_ == CONNECTED || connection_state_ == SSL_CONNECTED; | 385 return connection_state_ == CONNECTED || connection_state_ == SSL_CONNECTED; |
| 364 } | 386 } |
| OLD | NEW |