OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
103 #include "net/cert_net/nss_ocsp.h" | 103 #include "net/cert_net/nss_ocsp.h" |
104 #include "net/http/transport_security_state.h" | 104 #include "net/http/transport_security_state.h" |
105 #include "net/log/net_log.h" | 105 #include "net/log/net_log.h" |
106 #include "net/socket/client_socket_handle.h" | 106 #include "net/socket/client_socket_handle.h" |
107 #include "net/socket/nss_ssl_util.h" | 107 #include "net/socket/nss_ssl_util.h" |
108 #include "net/ssl/ssl_cert_request_info.h" | 108 #include "net/ssl/ssl_cert_request_info.h" |
109 #include "net/ssl/ssl_cipher_suite_names.h" | 109 #include "net/ssl/ssl_cipher_suite_names.h" |
110 #include "net/ssl/ssl_connection_status_flags.h" | 110 #include "net/ssl/ssl_connection_status_flags.h" |
111 #include "net/ssl/ssl_info.h" | 111 #include "net/ssl/ssl_info.h" |
112 | 112 |
113 #if defined(USE_NSS_CERTS) | 113 #if defined(USE_NSS_CERTS) |
mattm
2015/04/27 20:55:53
When updating, it's generally appreciated to uploa
nharper
2015/04/29 22:07:15
I'll keep that in mind for future updates.
| |
114 #include <dlfcn.h> | 114 #include <dlfcn.h> |
115 #endif | 115 #endif |
116 | 116 |
117 namespace net { | 117 namespace net { |
118 | 118 |
119 // State machines are easier to debug if you log state transitions. | 119 // State machines are easier to debug if you log state transitions. |
120 // Enable these if you want to see what's going on. | 120 // Enable these if you want to see what's going on. |
121 #if 1 | 121 #if 1 |
122 #define EnterFunction(x) | 122 #define EnterFunction(x) |
123 #define LeaveFunction(x) | 123 #define LeaveFunction(x) |
(...skipping 615 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
739 | 739 |
740 // The underlying transport to use for network IO. | 740 // The underlying transport to use for network IO. |
741 ClientSocketHandle* transport_; | 741 ClientSocketHandle* transport_; |
742 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; | 742 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; |
743 | 743 |
744 // The current handshake state. Mirrors |nss_handshake_state_|. | 744 // The current handshake state. Mirrors |nss_handshake_state_|. |
745 HandshakeState network_handshake_state_; | 745 HandshakeState network_handshake_state_; |
746 | 746 |
747 // The service for retrieving Channel ID keys. May be NULL. | 747 // The service for retrieving Channel ID keys. May be NULL. |
748 ChannelIDService* channel_id_service_; | 748 ChannelIDService* channel_id_service_; |
749 ChannelIDService::RequestHandle domain_bound_cert_request_handle_; | 749 ChannelIDService::RequestHandle channel_id_request_handle_; |
750 | 750 |
751 // The information about NSS task runner. | 751 // The information about NSS task runner. |
752 int unhandled_buffer_size_; | 752 int unhandled_buffer_size_; |
753 bool nss_waiting_read_; | 753 bool nss_waiting_read_; |
754 bool nss_waiting_write_; | 754 bool nss_waiting_write_; |
755 bool nss_is_closed_; | 755 bool nss_is_closed_; |
756 | 756 |
757 // Set when Read() or Write() successfully reads or writes data to or from the | 757 // Set when Read() or Write() successfully reads or writes data to or from the |
758 // network. | 758 // network. |
759 bool was_ever_used_; | 759 bool was_ever_used_; |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
824 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 824 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
825 | 825 |
826 // Dereferenced only on the network task runner, but bound to tasks destined | 826 // Dereferenced only on the network task runner, but bound to tasks destined |
827 // for the network task runner from the NSS task runner. | 827 // for the network task runner from the NSS task runner. |
828 base::WeakPtr<BoundNetLog> weak_net_log_; | 828 base::WeakPtr<BoundNetLog> weak_net_log_; |
829 | 829 |
830 // Written on the network task runner by the |channel_id_service_|, | 830 // Written on the network task runner by the |channel_id_service_|, |
831 // prior to invoking OnHandshakeIOComplete. | 831 // prior to invoking OnHandshakeIOComplete. |
832 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked | 832 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked |
833 // on the NSS task runner. | 833 // on the NSS task runner. |
834 std::string domain_bound_private_key_; | 834 scoped_ptr<crypto::ECPrivateKey> channel_id_key_; |
835 std::string domain_bound_cert_; | |
836 | 835 |
837 DISALLOW_COPY_AND_ASSIGN(Core); | 836 DISALLOW_COPY_AND_ASSIGN(Core); |
838 }; | 837 }; |
839 | 838 |
840 SSLClientSocketNSS::Core::Core( | 839 SSLClientSocketNSS::Core::Core( |
841 base::SequencedTaskRunner* network_task_runner, | 840 base::SequencedTaskRunner* network_task_runner, |
842 base::SequencedTaskRunner* nss_task_runner, | 841 base::SequencedTaskRunner* nss_task_runner, |
843 ClientSocketHandle* transport, | 842 ClientSocketHandle* transport, |
844 const HostPortPair& host_and_port, | 843 const HostPortPair& host_and_port, |
845 const SSLConfig& ssl_config, | 844 const SSLConfig& ssl_config, |
(...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
994 | 993 |
995 void SSLClientSocketNSS::Core::Detach() { | 994 void SSLClientSocketNSS::Core::Detach() { |
996 DCHECK(OnNetworkTaskRunner()); | 995 DCHECK(OnNetworkTaskRunner()); |
997 | 996 |
998 detached_ = true; | 997 detached_ = true; |
999 transport_ = NULL; | 998 transport_ = NULL; |
1000 weak_net_log_factory_.InvalidateWeakPtrs(); | 999 weak_net_log_factory_.InvalidateWeakPtrs(); |
1001 | 1000 |
1002 network_handshake_state_.Reset(); | 1001 network_handshake_state_.Reset(); |
1003 | 1002 |
1004 domain_bound_cert_request_handle_.Cancel(); | 1003 channel_id_request_handle_.Cancel(); |
1005 } | 1004 } |
1006 | 1005 |
1007 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, | 1006 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, |
1008 const CompletionCallback& callback) { | 1007 const CompletionCallback& callback) { |
1009 if (!OnNSSTaskRunner()) { | 1008 if (!OnNSSTaskRunner()) { |
1010 DCHECK(OnNetworkTaskRunner()); | 1009 DCHECK(OnNetworkTaskRunner()); |
1011 DCHECK(!detached_); | 1010 DCHECK(!detached_); |
1012 DCHECK(transport_); | 1011 DCHECK(transport_); |
1013 DCHECK(!nss_waiting_read_); | 1012 DCHECK(!nss_waiting_read_); |
1014 | 1013 |
(...skipping 971 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1986 rv = SECFailure; | 1985 rv = SECFailure; |
1987 } else { | 1986 } else { |
1988 rv = SECFailure; | 1987 rv = SECFailure; |
1989 } | 1988 } |
1990 | 1989 |
1991 return rv; | 1990 return rv; |
1992 } | 1991 } |
1993 | 1992 |
1994 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, | 1993 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, |
1995 SECKEYPrivateKey** key) { | 1994 SECKEYPrivateKey** key) { |
1996 // Set the certificate. | 1995 if (!channel_id_key_) |
1997 SECItem cert_item; | 1996 return SECFailure; |
1998 cert_item.data = (unsigned char*) domain_bound_cert_.data(); | |
1999 cert_item.len = domain_bound_cert_.size(); | |
2000 ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), | |
2001 &cert_item, | |
2002 NULL, | |
2003 PR_FALSE, | |
2004 PR_TRUE)); | |
2005 if (cert == NULL) | |
2006 return MapNSSError(PORT_GetError()); | |
2007 | 1997 |
2008 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); | 1998 *public_key = SECKEY_CopyPublicKey(channel_id_key_->public_key()); |
2009 // Set the private key. | 1999 *key = SECKEY_CopyPrivateKey(channel_id_key_->key()); |
2010 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | |
2011 slot.get(), | |
2012 ChannelIDService::kEPKIPassword, | |
2013 reinterpret_cast<const unsigned char*>( | |
2014 domain_bound_private_key_.data()), | |
2015 domain_bound_private_key_.size(), | |
2016 &cert->subjectPublicKeyInfo, | |
2017 false, | |
2018 false, | |
2019 key, | |
2020 public_key)) { | |
2021 int error = MapNSSError(PORT_GetError()); | |
2022 return error; | |
2023 } | |
2024 | 2000 |
2025 return OK; | 2001 return OK; |
2026 } | 2002 } |
2027 | 2003 |
2028 void SSLClientSocketNSS::Core::UpdateServerCert() { | 2004 void SSLClientSocketNSS::Core::UpdateServerCert() { |
2029 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); | 2005 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); |
2030 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( | 2006 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( |
2031 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); | 2007 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); |
2032 if (nss_handshake_state_.server_cert.get()) { | 2008 if (nss_handshake_state_.server_cert.get()) { |
2033 // Since this will be called asynchronously on another thread, it needs to | 2009 // Since this will be called asynchronously on another thread, it needs to |
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2260 | 2236 |
2261 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { | 2237 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { |
2262 DCHECK(OnNetworkTaskRunner()); | 2238 DCHECK(OnNetworkTaskRunner()); |
2263 | 2239 |
2264 if (detached_) | 2240 if (detached_) |
2265 return ERR_ABORTED; | 2241 return ERR_ABORTED; |
2266 | 2242 |
2267 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); | 2243 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); |
2268 | 2244 |
2269 int rv = channel_id_service_->GetOrCreateChannelID( | 2245 int rv = channel_id_service_->GetOrCreateChannelID( |
2270 host, | 2246 host, &channel_id_key_, |
2271 &domain_bound_private_key_, | |
2272 &domain_bound_cert_, | |
2273 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), | 2247 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), |
2274 &domain_bound_cert_request_handle_); | 2248 &channel_id_request_handle_); |
2275 | 2249 |
2276 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { | 2250 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { |
2277 nss_task_runner_->PostTask( | 2251 nss_task_runner_->PostTask( |
2278 FROM_HERE, | 2252 FROM_HERE, |
2279 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); | 2253 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); |
2280 return ERR_IO_PENDING; | 2254 return ERR_IO_PENDING; |
2281 } | 2255 } |
2282 | 2256 |
2283 return rv; | 2257 return rv; |
2284 } | 2258 } |
(...skipping 953 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3238 scoped_refptr<X509Certificate> | 3212 scoped_refptr<X509Certificate> |
3239 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3213 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
3240 return core_->state().server_cert.get(); | 3214 return core_->state().server_cert.get(); |
3241 } | 3215 } |
3242 | 3216 |
3243 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3217 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
3244 return channel_id_service_; | 3218 return channel_id_service_; |
3245 } | 3219 } |
3246 | 3220 |
3247 } // namespace net | 3221 } // namespace net |
OLD | NEW |