OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 812 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
823 | 823 |
824 // The underlying transport to use for network IO. | 824 // The underlying transport to use for network IO. |
825 ClientSocketHandle* transport_; | 825 ClientSocketHandle* transport_; |
826 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; | 826 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; |
827 | 827 |
828 // The current handshake state. Mirrors |nss_handshake_state_|. | 828 // The current handshake state. Mirrors |nss_handshake_state_|. |
829 HandshakeState network_handshake_state_; | 829 HandshakeState network_handshake_state_; |
830 | 830 |
831 // The service for retrieving Channel ID keys. May be NULL. | 831 // The service for retrieving Channel ID keys. May be NULL. |
832 ChannelIDService* channel_id_service_; | 832 ChannelIDService* channel_id_service_; |
833 ChannelIDService::RequestHandle domain_bound_cert_request_handle_; | 833 ChannelIDService::RequestHandle channel_id_request_handle_; |
834 | 834 |
835 // The information about NSS task runner. | 835 // The information about NSS task runner. |
836 int unhandled_buffer_size_; | 836 int unhandled_buffer_size_; |
837 bool nss_waiting_read_; | 837 bool nss_waiting_read_; |
838 bool nss_waiting_write_; | 838 bool nss_waiting_write_; |
839 bool nss_is_closed_; | 839 bool nss_is_closed_; |
840 | 840 |
841 // Set when Read() or Write() successfully reads or writes data to or from the | 841 // Set when Read() or Write() successfully reads or writes data to or from the |
842 // network. | 842 // network. |
843 bool was_ever_used_; | 843 bool was_ever_used_; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
908 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 908 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
909 | 909 |
910 // Dereferenced only on the network task runner, but bound to tasks destined | 910 // Dereferenced only on the network task runner, but bound to tasks destined |
911 // for the network task runner from the NSS task runner. | 911 // for the network task runner from the NSS task runner. |
912 base::WeakPtr<BoundNetLog> weak_net_log_; | 912 base::WeakPtr<BoundNetLog> weak_net_log_; |
913 | 913 |
914 // Written on the network task runner by the |channel_id_service_|, | 914 // Written on the network task runner by the |channel_id_service_|, |
915 // prior to invoking OnHandshakeIOComplete. | 915 // prior to invoking OnHandshakeIOComplete. |
916 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked | 916 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked |
917 // on the NSS task runner. | 917 // on the NSS task runner. |
918 std::string domain_bound_private_key_; | 918 scoped_ptr<crypto::ECPrivateKey> channel_id_key_; |
919 std::string domain_bound_cert_; | |
920 | 919 |
921 DISALLOW_COPY_AND_ASSIGN(Core); | 920 DISALLOW_COPY_AND_ASSIGN(Core); |
922 }; | 921 }; |
923 | 922 |
924 SSLClientSocketNSS::Core::Core( | 923 SSLClientSocketNSS::Core::Core( |
925 base::SequencedTaskRunner* network_task_runner, | 924 base::SequencedTaskRunner* network_task_runner, |
926 base::SequencedTaskRunner* nss_task_runner, | 925 base::SequencedTaskRunner* nss_task_runner, |
927 ClientSocketHandle* transport, | 926 ClientSocketHandle* transport, |
928 const HostPortPair& host_and_port, | 927 const HostPortPair& host_and_port, |
929 const SSLConfig& ssl_config, | 928 const SSLConfig& ssl_config, |
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1084 | 1083 |
1085 void SSLClientSocketNSS::Core::Detach() { | 1084 void SSLClientSocketNSS::Core::Detach() { |
1086 DCHECK(OnNetworkTaskRunner()); | 1085 DCHECK(OnNetworkTaskRunner()); |
1087 | 1086 |
1088 detached_ = true; | 1087 detached_ = true; |
1089 transport_ = NULL; | 1088 transport_ = NULL; |
1090 weak_net_log_factory_.InvalidateWeakPtrs(); | 1089 weak_net_log_factory_.InvalidateWeakPtrs(); |
1091 | 1090 |
1092 network_handshake_state_.Reset(); | 1091 network_handshake_state_.Reset(); |
1093 | 1092 |
1094 domain_bound_cert_request_handle_.Cancel(); | 1093 channel_id_request_handle_.Cancel(); |
1095 } | 1094 } |
1096 | 1095 |
1097 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, | 1096 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, |
1098 const CompletionCallback& callback) { | 1097 const CompletionCallback& callback) { |
1099 if (!OnNSSTaskRunner()) { | 1098 if (!OnNSSTaskRunner()) { |
1100 DCHECK(OnNetworkTaskRunner()); | 1099 DCHECK(OnNetworkTaskRunner()); |
1101 DCHECK(!detached_); | 1100 DCHECK(!detached_); |
1102 DCHECK(transport_); | 1101 DCHECK(transport_); |
1103 DCHECK(!nss_waiting_read_); | 1102 DCHECK(!nss_waiting_read_); |
1104 | 1103 |
(...skipping 1210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2315 rv = SECFailure; | 2314 rv = SECFailure; |
2316 } else { | 2315 } else { |
2317 rv = SECFailure; | 2316 rv = SECFailure; |
2318 } | 2317 } |
2319 | 2318 |
2320 return rv; | 2319 return rv; |
2321 } | 2320 } |
2322 | 2321 |
2323 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, | 2322 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, |
2324 SECKEYPrivateKey** key) { | 2323 SECKEYPrivateKey** key) { |
2325 // Set the certificate. | 2324 if (channel_id_key_.get() == nullptr) |
Ryan Sleevi
2015/04/09 22:40:09
if (!channel_id_key_)
nharper
2015/04/10 00:32:08
Done.
| |
2326 SECItem cert_item; | 2325 return SECFailure; |
2327 cert_item.data = (unsigned char*) domain_bound_cert_.data(); | |
2328 cert_item.len = domain_bound_cert_.size(); | |
2329 ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), | |
2330 &cert_item, | |
2331 NULL, | |
2332 PR_FALSE, | |
2333 PR_TRUE)); | |
2334 if (cert == NULL) | |
2335 return MapNSSError(PORT_GetError()); | |
2336 | 2326 |
2337 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); | 2327 *public_key = channel_id_key_->public_key(); |
2338 // Set the private key. | 2328 *key = channel_id_key_->key(); |
mattm
2015/04/10 01:00:27
Need to SECKEY_CopyPrivateKey and SECKEY_CopyPubli
nharper
2015/04/25 02:59:18
Done.
| |
2339 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | |
2340 slot.get(), | |
2341 ChannelIDService::kEPKIPassword, | |
2342 reinterpret_cast<const unsigned char*>( | |
2343 domain_bound_private_key_.data()), | |
2344 domain_bound_private_key_.size(), | |
2345 &cert->subjectPublicKeyInfo, | |
2346 false, | |
2347 false, | |
2348 key, | |
2349 public_key)) { | |
2350 int error = MapNSSError(PORT_GetError()); | |
2351 return error; | |
2352 } | |
2353 | 2329 |
2354 return OK; | 2330 return OK; |
2355 } | 2331 } |
2356 | 2332 |
2357 void SSLClientSocketNSS::Core::UpdateServerCert() { | 2333 void SSLClientSocketNSS::Core::UpdateServerCert() { |
2358 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); | 2334 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); |
2359 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( | 2335 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( |
2360 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); | 2336 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); |
2361 if (nss_handshake_state_.server_cert.get()) { | 2337 if (nss_handshake_state_.server_cert.get()) { |
2362 // Since this will be called asynchronously on another thread, it needs to | 2338 // Since this will be called asynchronously on another thread, it needs to |
(...skipping 241 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2604 | 2580 |
2605 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { | 2581 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { |
2606 DCHECK(OnNetworkTaskRunner()); | 2582 DCHECK(OnNetworkTaskRunner()); |
2607 | 2583 |
2608 if (detached_) | 2584 if (detached_) |
2609 return ERR_ABORTED; | 2585 return ERR_ABORTED; |
2610 | 2586 |
2611 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); | 2587 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); |
2612 | 2588 |
2613 int rv = channel_id_service_->GetOrCreateChannelID( | 2589 int rv = channel_id_service_->GetOrCreateChannelID( |
2614 host, | 2590 host, &channel_id_key_, |
2615 &domain_bound_private_key_, | |
2616 &domain_bound_cert_, | |
2617 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), | 2591 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), |
2618 &domain_bound_cert_request_handle_); | 2592 &channel_id_request_handle_); |
2619 | 2593 |
2620 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { | 2594 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { |
2621 nss_task_runner_->PostTask( | 2595 nss_task_runner_->PostTask( |
2622 FROM_HERE, | 2596 FROM_HERE, |
2623 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); | 2597 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); |
2624 return ERR_IO_PENDING; | 2598 return ERR_IO_PENDING; |
2625 } | 2599 } |
2626 | 2600 |
2627 return rv; | 2601 return rv; |
2628 } | 2602 } |
(...skipping 953 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3582 scoped_refptr<X509Certificate> | 3556 scoped_refptr<X509Certificate> |
3583 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3557 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
3584 return core_->state().server_cert.get(); | 3558 return core_->state().server_cert.get(); |
3585 } | 3559 } |
3586 | 3560 |
3587 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3561 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
3588 return channel_id_service_; | 3562 return channel_id_service_; |
3589 } | 3563 } |
3590 | 3564 |
3591 } // namespace net | 3565 } // namespace net |
OLD | NEW |