OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 676 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
687 | 687 |
688 // The underlying transport to use for network IO. | 688 // The underlying transport to use for network IO. |
689 ClientSocketHandle* transport_; | 689 ClientSocketHandle* transport_; |
690 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; | 690 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; |
691 | 691 |
692 // The current handshake state. Mirrors |nss_handshake_state_|. | 692 // The current handshake state. Mirrors |nss_handshake_state_|. |
693 HandshakeState network_handshake_state_; | 693 HandshakeState network_handshake_state_; |
694 | 694 |
695 // The service for retrieving Channel ID keys. May be NULL. | 695 // The service for retrieving Channel ID keys. May be NULL. |
696 ChannelIDService* channel_id_service_; | 696 ChannelIDService* channel_id_service_; |
697 ChannelIDService::RequestHandle domain_bound_cert_request_handle_; | 697 ChannelIDService::RequestHandle channel_id_request_handle_; |
698 | 698 |
699 // The information about NSS task runner. | 699 // The information about NSS task runner. |
700 int unhandled_buffer_size_; | 700 int unhandled_buffer_size_; |
701 bool nss_waiting_read_; | 701 bool nss_waiting_read_; |
702 bool nss_waiting_write_; | 702 bool nss_waiting_write_; |
703 bool nss_is_closed_; | 703 bool nss_is_closed_; |
704 | 704 |
705 // Set when Read() or Write() successfully reads or writes data to or from the | 705 // Set when Read() or Write() successfully reads or writes data to or from the |
706 // network. | 706 // network. |
707 bool was_ever_used_; | 707 bool was_ever_used_; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
772 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 772 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
773 | 773 |
774 // Dereferenced only on the network task runner, but bound to tasks destined | 774 // Dereferenced only on the network task runner, but bound to tasks destined |
775 // for the network task runner from the NSS task runner. | 775 // for the network task runner from the NSS task runner. |
776 base::WeakPtr<BoundNetLog> weak_net_log_; | 776 base::WeakPtr<BoundNetLog> weak_net_log_; |
777 | 777 |
778 // Written on the network task runner by the |channel_id_service_|, | 778 // Written on the network task runner by the |channel_id_service_|, |
779 // prior to invoking OnHandshakeIOComplete. | 779 // prior to invoking OnHandshakeIOComplete. |
780 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked | 780 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked |
781 // on the NSS task runner. | 781 // on the NSS task runner. |
782 std::string domain_bound_private_key_; | 782 scoped_ptr<crypto::ECPrivateKey> channel_id_key_; |
783 std::string domain_bound_cert_; | |
784 | 783 |
785 DISALLOW_COPY_AND_ASSIGN(Core); | 784 DISALLOW_COPY_AND_ASSIGN(Core); |
786 }; | 785 }; |
787 | 786 |
788 SSLClientSocketNSS::Core::Core( | 787 SSLClientSocketNSS::Core::Core( |
789 base::SequencedTaskRunner* network_task_runner, | 788 base::SequencedTaskRunner* network_task_runner, |
790 base::SequencedTaskRunner* nss_task_runner, | 789 base::SequencedTaskRunner* nss_task_runner, |
791 ClientSocketHandle* transport, | 790 ClientSocketHandle* transport, |
792 const HostPortPair& host_and_port, | 791 const HostPortPair& host_and_port, |
793 const SSLConfig& ssl_config, | 792 const SSLConfig& ssl_config, |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
942 | 941 |
943 void SSLClientSocketNSS::Core::Detach() { | 942 void SSLClientSocketNSS::Core::Detach() { |
944 DCHECK(OnNetworkTaskRunner()); | 943 DCHECK(OnNetworkTaskRunner()); |
945 | 944 |
946 detached_ = true; | 945 detached_ = true; |
947 transport_ = NULL; | 946 transport_ = NULL; |
948 weak_net_log_factory_.InvalidateWeakPtrs(); | 947 weak_net_log_factory_.InvalidateWeakPtrs(); |
949 | 948 |
950 network_handshake_state_.Reset(); | 949 network_handshake_state_.Reset(); |
951 | 950 |
952 domain_bound_cert_request_handle_.Cancel(); | 951 channel_id_request_handle_.Cancel(); |
953 } | 952 } |
954 | 953 |
955 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, | 954 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, |
956 const CompletionCallback& callback) { | 955 const CompletionCallback& callback) { |
957 if (!OnNSSTaskRunner()) { | 956 if (!OnNSSTaskRunner()) { |
958 DCHECK(OnNetworkTaskRunner()); | 957 DCHECK(OnNetworkTaskRunner()); |
959 DCHECK(!detached_); | 958 DCHECK(!detached_); |
960 DCHECK(transport_); | 959 DCHECK(transport_); |
961 DCHECK(!nss_waiting_read_); | 960 DCHECK(!nss_waiting_read_); |
962 | 961 |
(...skipping 971 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1934 rv = SECFailure; | 1933 rv = SECFailure; |
1935 } else { | 1934 } else { |
1936 rv = SECFailure; | 1935 rv = SECFailure; |
1937 } | 1936 } |
1938 | 1937 |
1939 return rv; | 1938 return rv; |
1940 } | 1939 } |
1941 | 1940 |
1942 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, | 1941 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, |
1943 SECKEYPrivateKey** key) { | 1942 SECKEYPrivateKey** key) { |
1944 // Set the certificate. | 1943 if (!channel_id_key_) |
1945 SECItem cert_item; | 1944 return SECFailure; |
1946 cert_item.data = (unsigned char*) domain_bound_cert_.data(); | |
1947 cert_item.len = domain_bound_cert_.size(); | |
1948 ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), | |
1949 &cert_item, | |
1950 NULL, | |
1951 PR_FALSE, | |
1952 PR_TRUE)); | |
1953 if (cert == NULL) | |
1954 return MapNSSError(PORT_GetError()); | |
1955 | 1945 |
1956 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); | 1946 *public_key = SECKEY_CopyPublicKey(channel_id_key_->public_key()); |
1957 // Set the private key. | 1947 *key = SECKEY_CopyPrivateKey(channel_id_key_->key()); |
1958 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | |
1959 slot.get(), | |
1960 ChannelIDService::kEPKIPassword, | |
1961 reinterpret_cast<const unsigned char*>( | |
1962 domain_bound_private_key_.data()), | |
1963 domain_bound_private_key_.size(), | |
1964 &cert->subjectPublicKeyInfo, | |
1965 false, | |
1966 false, | |
1967 key, | |
1968 public_key)) { | |
1969 int error = MapNSSError(PORT_GetError()); | |
1970 return error; | |
1971 } | |
1972 | 1948 |
1973 return OK; | 1949 return OK; |
1974 } | 1950 } |
1975 | 1951 |
1976 void SSLClientSocketNSS::Core::UpdateServerCert() { | 1952 void SSLClientSocketNSS::Core::UpdateServerCert() { |
1977 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); | 1953 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); |
1978 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( | 1954 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( |
1979 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); | 1955 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); |
1980 if (nss_handshake_state_.server_cert.get()) { | 1956 if (nss_handshake_state_.server_cert.get()) { |
1981 // Since this will be called asynchronously on another thread, it needs to | 1957 // Since this will be called asynchronously on another thread, it needs to |
(...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2196 | 2172 |
2197 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { | 2173 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { |
2198 DCHECK(OnNetworkTaskRunner()); | 2174 DCHECK(OnNetworkTaskRunner()); |
2199 | 2175 |
2200 if (detached_) | 2176 if (detached_) |
2201 return ERR_ABORTED; | 2177 return ERR_ABORTED; |
2202 | 2178 |
2203 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); | 2179 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); |
2204 | 2180 |
2205 int rv = channel_id_service_->GetOrCreateChannelID( | 2181 int rv = channel_id_service_->GetOrCreateChannelID( |
2206 host, | 2182 host, &channel_id_key_, |
2207 &domain_bound_private_key_, | |
2208 &domain_bound_cert_, | |
2209 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), | 2183 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), |
2210 &domain_bound_cert_request_handle_); | 2184 &channel_id_request_handle_); |
2211 | 2185 |
2212 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { | 2186 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { |
2213 nss_task_runner_->PostTask( | 2187 nss_task_runner_->PostTask( |
2214 FROM_HERE, | 2188 FROM_HERE, |
2215 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); | 2189 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); |
2216 return ERR_IO_PENDING; | 2190 return ERR_IO_PENDING; |
2217 } | 2191 } |
2218 | 2192 |
2219 return rv; | 2193 return rv; |
2220 } | 2194 } |
(...skipping 954 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3175 scoped_refptr<X509Certificate> | 3149 scoped_refptr<X509Certificate> |
3176 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3150 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
3177 return core_->state().server_cert.get(); | 3151 return core_->state().server_cert.get(); |
3178 } | 3152 } |
3179 | 3153 |
3180 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3154 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
3181 return channel_id_service_; | 3155 return channel_id_service_; |
3182 } | 3156 } |
3183 | 3157 |
3184 } // namespace net | 3158 } // namespace net |
OLD | NEW |