Chromium Code Reviews Chromium Code Reviews
Issue 1518613002:
Support for server session cache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@client_certs| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 144 } | 144 } |
| 145 | 145 |
| 146 private: | 146 private: |
| 147 scoped_ptr<P2PStreamSocket> socket_; | 147 scoped_ptr<P2PStreamSocket> socket_; |
| 148 net::BoundNetLog net_log_; | 148 net::BoundNetLog net_log_; |
| 149 }; | 149 }; |
| 150 | 150 |
| 151 // Implements P2PStreamSocket interface on top of net::StreamSocket. | 151 // Implements P2PStreamSocket interface on top of net::StreamSocket. |
| 152 class P2PStreamSocketAdapter : public P2PStreamSocket { | 152 class P2PStreamSocketAdapter : public P2PStreamSocket { |
| 153 public: | 153 public: |
| 154 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket) | 154 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket, |
| 155 : socket_(std::move(socket)) {} | 155 scoped_ptr<net::SSLServerContext> server_context) |
| 156 : socket_(std::move(socket)), | |
| 157 server_context_(std::move(server_context)) {} | |
| 156 ~P2PStreamSocketAdapter() override {} | 158 ~P2PStreamSocketAdapter() override {} |
| 157 | 159 |
| 158 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, | 160 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, |
| 159 const net::CompletionCallback& callback) override { | 161 const net::CompletionCallback& callback) override { |
| 160 return socket_->Read(buf.get(), buf_len, callback); | 162 return socket_->Read(buf.get(), buf_len, callback); |
| 161 } | 163 } |
| 162 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, | 164 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, |
| 163 const net::CompletionCallback& callback) override { | 165 const net::CompletionCallback& callback) override { |
| 164 return socket_->Write(buf.get(), buf_len, callback); | 166 return socket_->Write(buf.get(), buf_len, callback); |
| 165 } | 167 } |
| 166 | 168 |
| 167 private: | 169 private: |
| 168 scoped_ptr<net::StreamSocket> socket_; | 170 scoped_ptr<net::StreamSocket> socket_; |
| 171 // The server_context_ will be a nullptr for client sockets. | |
| 172 scoped_ptr<net::SSLServerContext> server_context_; | |
|
Sergey Ulanov
2016/03/07 22:30:24
move this above socket_. Otherwise it will be dest
ryanchung
2016/03/07 22:44:06
Done. Thanks!
| |
| 169 }; | 173 }; |
| 170 | 174 |
| 171 } // namespace | 175 } // namespace |
| 172 | 176 |
| 173 // static | 177 // static |
| 174 scoped_ptr<SslHmacChannelAuthenticator> | 178 scoped_ptr<SslHmacChannelAuthenticator> |
| 175 SslHmacChannelAuthenticator::CreateForClient( | 179 SslHmacChannelAuthenticator::CreateForClient( |
| 176 const std::string& remote_cert, | 180 const std::string& remote_cert, |
| 177 const std::string& auth_key) { | 181 const std::string& auth_key) { |
| 178 scoped_ptr<SslHmacChannelAuthenticator> result( | 182 scoped_ptr<SslHmacChannelAuthenticator> result( |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 210 | 214 |
| 211 int result; | 215 int result; |
| 212 if (is_ssl_server()) { | 216 if (is_ssl_server()) { |
| 213 #if defined(OS_NACL) | 217 #if defined(OS_NACL) |
| 214 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket | 218 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket |
| 215 // implementation is not compiled for NaCl as part of net_nacl. | 219 // implementation is not compiled for NaCl as part of net_nacl. |
| 216 NOTREACHED(); | 220 NOTREACHED(); |
| 217 result = net::ERR_FAILED; | 221 result = net::ERR_FAILED; |
| 218 #else | 222 #else |
| 219 scoped_refptr<net::X509Certificate> cert = | 223 scoped_refptr<net::X509Certificate> cert = |
| 220 net::X509Certificate::CreateFromBytes( | 224 net::X509Certificate::CreateFromBytes(local_cert_.data(), |
| 221 local_cert_.data(), local_cert_.length()); | 225 local_cert_.length()); |
| 222 if (!cert.get()) { | 226 if (!cert.get()) { |
| 223 LOG(ERROR) << "Failed to parse X509Certificate"; | 227 LOG(ERROR) << "Failed to parse X509Certificate"; |
| 224 NotifyError(net::ERR_FAILED); | 228 NotifyError(net::ERR_FAILED); |
| 225 return; | 229 return; |
| 226 } | 230 } |
| 227 | 231 |
| 228 net::SSLServerConfig ssl_config; | 232 net::SSLServerConfig ssl_config; |
| 229 ssl_config.require_ecdhe = true; | 233 ssl_config.require_ecdhe = true; |
| 230 | 234 |
| 231 scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket( | 235 server_context_ = net::CreateSSLServerContext( |
| 232 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))), | |
| 233 cert.get(), *local_key_pair_->private_key(), ssl_config); | 236 cert.get(), *local_key_pair_->private_key(), ssl_config); |
| 237 | |
| 238 scoped_ptr<net::SSLServerSocket> server_socket = | |
| 239 server_context_->CreateSSLServerSocket( | |
| 240 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket)))); | |
| 234 net::SSLServerSocket* raw_server_socket = server_socket.get(); | 241 net::SSLServerSocket* raw_server_socket = server_socket.get(); |
| 235 socket_ = std::move(server_socket); | 242 socket_ = std::move(server_socket); |
| 236 result = raw_server_socket->Handshake( | 243 result = raw_server_socket->Handshake( |
| 237 base::Bind(&SslHmacChannelAuthenticator::OnConnected, | 244 base::Bind(&SslHmacChannelAuthenticator::OnConnected, |
| 238 base::Unretained(this))); | 245 base::Unretained(this))); |
| 239 #endif | 246 #endif |
| 240 } else { | 247 } else { |
| 241 transport_security_state_.reset(new net::TransportSecurityState); | 248 transport_security_state_.reset(new net::TransportSecurityState); |
| 242 cert_verifier_.reset(new FailingCertVerifier); | 249 cert_verifier_.reset(new FailingCertVerifier); |
| 243 | 250 |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 423 &(auth_bytes[0]), kAuthDigestLength); | 430 &(auth_bytes[0]), kAuthDigestLength); |
| 424 } | 431 } |
| 425 | 432 |
| 426 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { | 433 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { |
| 427 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { | 434 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { |
| 428 DCHECK(socket_.get() != nullptr); | 435 DCHECK(socket_.get() != nullptr); |
| 429 if (callback_called) | 436 if (callback_called) |
| 430 *callback_called = true; | 437 *callback_called = true; |
| 431 | 438 |
| 432 base::ResetAndReturn(&done_callback_) | 439 base::ResetAndReturn(&done_callback_) |
| 433 .Run(net::OK, | 440 .Run(net::OK, make_scoped_ptr(new P2PStreamSocketAdapter( |
| 434 make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_)))); | 441 std::move(socket_), std::move(server_context_)))); |
| 435 } | 442 } |
| 436 } | 443 } |
| 437 | 444 |
| 438 void SslHmacChannelAuthenticator::NotifyError(int error) { | 445 void SslHmacChannelAuthenticator::NotifyError(int error) { |
| 439 base::ResetAndReturn(&done_callback_).Run(error, nullptr); | 446 base::ResetAndReturn(&done_callback_).Run(error, nullptr); |
| 440 } | 447 } |
| 441 | 448 |
| 442 } // namespace protocol | 449 } // namespace protocol |
| 443 } // namespace remoting | 450 } // namespace remoting |
| OLD | NEW |
