remoting/protocol/ssl_hmac_channel_authenticator.cc - Issue 1197853003: Add P2PDatagramSocket and P2PStreamSocket interfaces.

Side by Side Diff: remoting/protocol/ssl_hmac_channel_authenticator.cc

Issue 1197853003: Add P2PDatagramSocket and P2PStreamSocket interfaces. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« remoting/protocol/p2p_datagram_socket.h ('K') | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"	5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/bind_helpers.h"	8 #include "base/bind_helpers.h"

9 #include "base/callback_helpers.h"	9 #include "base/callback_helpers.h"

10 #include "base/logging.h"	10 #include "base/logging.h"

11 #include "crypto/secure_util.h"	11 #include "crypto/secure_util.h"

12 #include "net/base/host_port_pair.h"	12 #include "net/base/host_port_pair.h"

13 #include "net/base/io_buffer.h"	13 #include "net/base/io_buffer.h"

14 #include "net/base/net_errors.h"	14 #include "net/base/net_errors.h"

15 #include "net/cert/cert_status_flags.h"	15 #include "net/cert/cert_status_flags.h"

16 #include "net/cert/cert_verifier.h"	16 #include "net/cert/cert_verifier.h"

17 #include "net/cert/cert_verify_result.h"	17 #include "net/cert/cert_verify_result.h"

18 #include "net/cert/x509_certificate.h"	18 #include "net/cert/x509_certificate.h"

19 #include "net/http/transport_security_state.h"	19 #include "net/http/transport_security_state.h"

20 #include "net/socket/client_socket_handle.h"	20 #include "net/socket/client_socket_handle.h"

21 #include "net/socket/ssl_client_socket.h"	21 #include "net/socket/ssl_client_socket.h"

22 #include "net/socket/ssl_server_socket.h"	22 #include "net/socket/ssl_server_socket.h"

23 #include "net/ssl/ssl_config_service.h"	23 #include "net/ssl/ssl_config_service.h"

24 #include "remoting/base/rsa_key_pair.h"	24 #include "remoting/base/rsa_key_pair.h"

25 #include "remoting/protocol/auth_util.h"	25 #include "remoting/protocol/auth_util.h"

	26 #include "remoting/protocol/p2p_stream_socket.h"

26	27

27 #if defined(OS_NACL)	28 #if defined(OS_NACL)

28 #include "net/socket/ssl_client_socket_openssl.h"	29 #include "net/socket/ssl_client_socket_openssl.h"

29 #else	30 #else

30 #include "net/socket/client_socket_factory.h"	31 #include "net/socket/client_socket_factory.h"

31 #endif	32 #endif

32	33

33 namespace remoting {	34 namespace remoting {

34 namespace protocol {	35 namespace protocol {

35	36

(...skipping 13 matching lines...) Expand all Loading...
49 net::CertVerifyResult* verify_result,	50 net::CertVerifyResult* verify_result,

50 const net::CompletionCallback& callback,	51 const net::CompletionCallback& callback,

51 scoped_ptr<Request>* out_req,	52 scoped_ptr<Request>* out_req,

52 const net::BoundNetLog& net_log) override {	53 const net::BoundNetLog& net_log) override {

53 verify_result->verified_cert = cert;	54 verify_result->verified_cert = cert;

54 verify_result->cert_status = net::CERT_STATUS_INVALID;	55 verify_result->cert_status = net::CERT_STATUS_INVALID;

55 return net::ERR_CERT_INVALID;	56 return net::ERR_CERT_INVALID;

56 }	57 }

57 };	58 };

58	59

	60 // Implements net::StreamSocket interface on top of P2PStreamSocket to be passed

	61 // to net::SSLClientSocket and net::SSLServerSocket.

	62 class NetStreamSocketAdapter : public net::StreamSocket {

	63 public:

	64 NetStreamSocketAdapter(scoped_ptr<P2PStreamSocket> socket)

	65 : socket_(socket.Pass()) {}

	66 ~NetStreamSocketAdapter() override {}

	67

	68 int Read(net::IOBuffer* buf, int buf_len,

	69 const net::CompletionCallback& callback) override {

	70 return socket_->Read(buf, buf_len, callback);

	71 }

	72 int Write(net::IOBuffer* buf, int buf_len,

	73 const net::CompletionCallback& callback) override {

	74 return socket_->Write(buf, buf_len, callback);

	75 }

	76

	77 int SetReceiveBufferSize(int32_t size) override {

	78 NOTREACHED();

	79 return net::ERR_FAILED;

	80 }

	81

	82 int SetSendBufferSize(int32_t size) override {

	83 NOTREACHED();

	84 return net::ERR_FAILED;

	85 }

	86

	87 int Connect(const net::CompletionCallback& callback) override {

	88 NOTREACHED();

	89 return net::ERR_FAILED;

	90 }

	91 void Disconnect() override { socket_.reset(); }

	92 bool IsConnected() const override { return true; }

	93 bool IsConnectedAndIdle() const override { return true; }

	94 int GetPeerAddress(net::IPEndPoint* address) const override {

	95 // SSL sockets call this function so it must return some result.

	96 net::IPAddressNumber ip_address(net::kIPv4AddressSize);

	97 *address = net::IPEndPoint(ip_address, 0);

	98 return net::OK;

	99 }

	100 int GetLocalAddress(net::IPEndPoint* address) const override {

	101 NOTREACHED();

	102 return net::ERR_FAILED;

	103 }

	104 const net::BoundNetLog& NetLog() const override { return net_log_; }

	105 void SetSubresourceSpeculation() override { NOTREACHED(); }

	106 void SetOmniboxSpeculation() override { NOTREACHED(); }

	107 bool WasEverUsed() const override {

	108 NOTREACHED();

	109 return true;

	110 }

	111 bool UsingTCPFastOpen() const override {

	112 NOTREACHED();

	113 return false;

	114 }

	115 void EnableTCPFastOpenIfSupported() override { NOTREACHED(); }

	116 bool WasNpnNegotiated() const override {

	117 NOTREACHED();

	118 return false;

	119 }

	120 net::NextProto GetNegotiatedProtocol() const override {

	121 NOTREACHED();

	122 return net::kProtoUnknown;

	123 }

	124 bool GetSSLInfo(net::SSLInfo* ssl_info) override {

	125 NOTREACHED();

	126 return false;

	127 }

	128 void GetConnectionAttempts(net::ConnectionAttempts* out) const override {

	129 NOTREACHED();

	130 }

	131 void ClearConnectionAttempts() override { NOTREACHED(); }

	132 void AddConnectionAttempts(const net::ConnectionAttempts& attempts) override {

	133 NOTREACHED();

	134 }

	135

	136 private:

	137 scoped_ptr<P2PStreamSocket> socket_;

	138 net::BoundNetLog net_log_;

	139 };

	140

	141 // Implements P2PStreamSocket interface on top of net::StreamSocket.

	142 class P2PStreamSocketAdapter : public P2PStreamSocket {

	143 public:

	144 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket)

	145 : socket_(socket.Pass()) {}

	146 ~P2PStreamSocketAdapter() override {}

	147

	148 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len,

	149 const net::CompletionCallback& callback) override {

	150 return socket_->Read(buf.get(), buf_len, callback);

	151 }

	152 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len,

	153 const net::CompletionCallback& callback) override {

	154 return socket_->Write(buf.get(), buf_len, callback);

	155 }

	156

	157 private:

	158 scoped_ptr<net::StreamSocket> socket_;

	159 };

	160

59 } // namespace	161 } // namespace

60	162

61 // static	163 // static

62 scoped_ptr<SslHmacChannelAuthenticator>	164 scoped_ptr<SslHmacChannelAuthenticator>

63 SslHmacChannelAuthenticator::CreateForClient(	165 SslHmacChannelAuthenticator::CreateForClient(

64 const std::string& remote_cert,	166 const std::string& remote_cert,

65 const std::string& auth_key) {	167 const std::string& auth_key) {

66 scoped_ptr<SslHmacChannelAuthenticator> result(	168 scoped_ptr<SslHmacChannelAuthenticator> result(

67 new SslHmacChannelAuthenticator(auth_key));	169 new SslHmacChannelAuthenticator(auth_key));

68 result->remote_cert_ = remote_cert;	170 result->remote_cert_ = remote_cert;

(...skipping 14 matching lines...) Expand all Loading...
83	185

84 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(	186 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(

85 const std::string& auth_key)	187 const std::string& auth_key)

86 : auth_key_(auth_key) {	188 : auth_key_(auth_key) {

87 }	189 }

88	190

89 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {	191 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {

90 }	192 }

91	193

92 void SslHmacChannelAuthenticator::SecureAndAuthenticate(	194 void SslHmacChannelAuthenticator::SecureAndAuthenticate(

93 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) {	195 scoped_ptr<P2PStreamSocket> socket,

	196 const DoneCallback& done_callback) {

94 DCHECK(CalledOnValidThread());	197 DCHECK(CalledOnValidThread());

95 DCHECK(socket->IsConnected());

96	198

97 done_callback_ = done_callback;	199 done_callback_ = done_callback;

98	200

99 int result;	201 int result;

100 if (is_ssl_server()) {	202 if (is_ssl_server()) {

101 #if defined(OS_NACL)	203 #if defined(OS_NACL)

102 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket	204 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket

103 // implementation is not compiled for NaCl as part of net_nacl.	205 // implementation is not compiled for NaCl as part of net_nacl.

104 NOTREACHED();	206 NOTREACHED();

105 result = net::ERR_FAILED;	207 result = net::ERR_FAILED;

106 #else	208 #else

107 scoped_refptr<net::X509Certificate> cert =	209 scoped_refptr<net::X509Certificate> cert =

108 net::X509Certificate::CreateFromBytes(	210 net::X509Certificate::CreateFromBytes(

109 local_cert_.data(), local_cert_.length());	211 local_cert_.data(), local_cert_.length());

110 if (!cert.get()) {	212 if (!cert.get()) {

111 LOG(ERROR) << "Failed to parse X509Certificate";	213 LOG(ERROR) << "Failed to parse X509Certificate";

112 NotifyError(net::ERR_FAILED);	214 NotifyError(net::ERR_FAILED);

113 return;	215 return;

114 }	216 }

115	217

116 net::SSLConfig ssl_config;	218 net::SSLConfig ssl_config;

117 ssl_config.require_ecdhe = true;	219 ssl_config.require_ecdhe = true;

118	220

119 scoped_ptr<net::SSLServerSocket> server_socket =	221 scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket(

120 net::CreateSSLServerSocket(socket.Pass(),	222 make_scoped_ptr(new NetStreamSocketAdapter(socket.Pass())), cert.get(),

121 cert.get(),	223 local_key_pair_->private_key(), ssl_config);

122 local_key_pair_->private_key(),

123 ssl_config);

124 net::SSLServerSocket* raw_server_socket = server_socket.get();	224 net::SSLServerSocket* raw_server_socket = server_socket.get();

125 socket_ = server_socket.Pass();	225 socket_ = server_socket.Pass();

126 result = raw_server_socket->Handshake(	226 result = raw_server_socket->Handshake(

127 base::Bind(&SslHmacChannelAuthenticator::OnConnected,	227 base::Bind(&SslHmacChannelAuthenticator::OnConnected,

128 base::Unretained(this)));	228 base::Unretained(this)));

129 #endif	229 #endif

130 } else {	230 } else {

131 transport_security_state_.reset(new net::TransportSecurityState);	231 transport_security_state_.reset(new net::TransportSecurityState);

132 cert_verifier_.reset(new FailingCertVerifier);	232 cert_verifier_.reset(new FailingCertVerifier);

133	233

(...skipping 10 matching lines...) Expand all Loading...
144 ssl_config.rev_checking_enabled = false;	244 ssl_config.rev_checking_enabled = false;

145 ssl_config.allowed_bad_certs.push_back(cert_and_status);	245 ssl_config.allowed_bad_certs.push_back(cert_and_status);

146 ssl_config.require_ecdhe = false;	246 ssl_config.require_ecdhe = false;

147	247

148 net::HostPortPair host_and_port(kSslFakeHostName, 0);	248 net::HostPortPair host_and_port(kSslFakeHostName, 0);

149 net::SSLClientSocketContext context;	249 net::SSLClientSocketContext context;

150 context.transport_security_state = transport_security_state_.get();	250 context.transport_security_state = transport_security_state_.get();

151 context.cert_verifier = cert_verifier_.get();	251 context.cert_verifier = cert_verifier_.get();

152 scoped_ptr<net::ClientSocketHandle> socket_handle(	252 scoped_ptr<net::ClientSocketHandle> socket_handle(

153 new net::ClientSocketHandle);	253 new net::ClientSocketHandle);

154 socket_handle->SetSocket(socket.Pass());	254 socket_handle->SetSocket(

	255 make_scoped_ptr(new NetStreamSocketAdapter(socket.Pass())));

155	256

156 #if defined(OS_NACL)	257 #if defined(OS_NACL)

157 // net_nacl doesn't include ClientSocketFactory.	258 // net_nacl doesn't include ClientSocketFactory.

158 socket_.reset(new net::SSLClientSocketOpenSSL(	259 socket_.reset(new net::SSLClientSocketOpenSSL(

159 socket_handle.Pass(), host_and_port, ssl_config, context));	260 socket_handle.Pass(), host_and_port, ssl_config, context));

160 #else	261 #else

161 socket_ =	262 socket_ =

162 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(	263 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(

163 socket_handle.Pass(), host_and_port, ssl_config, context);	264 socket_handle.Pass(), host_and_port, ssl_config, context);

164 #endif	265 #endif

(...skipping 146 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
311 return crypto::SecureMemEqual(received_auth_bytes.data(),	412 return crypto::SecureMemEqual(received_auth_bytes.data(),

312 &(auth_bytes[0]), kAuthDigestLength);	413 &(auth_bytes[0]), kAuthDigestLength);

313 }	414 }

314	415

315 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {	416 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {

316 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) {	417 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) {

317 DCHECK(socket_.get() != nullptr);	418 DCHECK(socket_.get() != nullptr);

318 if (callback_called)	419 if (callback_called)

319 *callback_called = true;	420 *callback_called = true;

320	421

321 base::ResetAndReturn(&done_callback_).Run(net::OK, socket_.Pass());	422 base::ResetAndReturn(&done_callback_)

	423 .Run(net::OK,

	424 make_scoped_ptr(new P2PStreamSocketAdapter(socket_.Pass())));

322 }	425 }

323 }	426 }

324	427

325 void SslHmacChannelAuthenticator::NotifyError(int error) {	428 void SslHmacChannelAuthenticator::NotifyError(int error) {

326 base::ResetAndReturn(&done_callback_).Run(error, nullptr);	429 base::ResetAndReturn(&done_callback_).Run(error, nullptr);

327 }	430 }

328	431

329 } // namespace protocol	432 } // namespace protocol

330 } // namespace remoting	433 } // namespace remoting

OLD	NEW