Support for server session cache.

net/socket/ssl_server_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_server_socket_nss.h"
 
 #include <utility>
 
 #if defined(OS_WIN)
 #include <winsock2.h>
@@ skipping 57 matching lines @@
 
   ~NSSSSLServerInitSingleton() {
     SSL_ShutdownServerSessionIDCache();
     g_nss_server_sockets_init = false;
   }
 };
 
 static base::LazyInstance<NSSSSLServerInitSingleton>::Leaky
     g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER;
 
-}  // namespace
+class SSLServerSocketNSS : public SSLServerSocket {
+ public:
+  // See comments on CreateSSLServerSocket for details of how these
+  // parameters are used.
+  SSLServerSocketNSS(scoped_ptr<StreamSocket> socket,
+                     X509Certificate* certificate,
+                     const crypto::RSAPrivateKey& key,
+                     const SSLServerConfig& ssl_server_config);
+  ~SSLServerSocketNSS() override;
 
-void EnableSSLServerSockets() {
-  g_nss_ssl_server_init_singleton.Get();
-}
+  // SSLServerSocket interface.
+  int Handshake(const CompletionCallback& callback) override;
 
-scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
-    scoped_ptr<StreamSocket> socket,
-    X509Certificate* certificate,
-    const crypto::RSAPrivateKey& key,
-    const SSLServerConfig& ssl_server_config) {
-  DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
-                                    << " called yet!";
+  // SSLSocket interface.
+  int ExportKeyingMaterial(const base::StringPiece& label,
+                           bool has_context,
+                           const base::StringPiece& context,
+                           unsigned char* out,
+                           unsigned int outlen) override;
+  int GetTLSUniqueChannelBinding(std::string* out) override;
 
-  return scoped_ptr<SSLServerSocket>(new SSLServerSocketNSS(
-      std::move(socket), certificate, key, ssl_server_config));
-}
+  // Socket interface (via StreamSocket).
+  int Read(IOBuffer* buf,
+           int buf_len,
+           const CompletionCallback& callback) override;
+  int Write(IOBuffer* buf,
+            int buf_len,
+            const CompletionCallback& callback) override;
+  int SetReceiveBufferSize(int32_t size) override;
+  int SetSendBufferSize(int32_t size) override;
+
+  // StreamSocket implementation.
+  int Connect(const CompletionCallback& callback) override;
+  void Disconnect() override;
+  bool IsConnected() const override;
+  bool IsConnectedAndIdle() const override;
+  int GetPeerAddress(IPEndPoint* address) const override;
+  int GetLocalAddress(IPEndPoint* address) const override;
+  const BoundNetLog& NetLog() const override;
+  void SetSubresourceSpeculation() override;
+  void SetOmniboxSpeculation() override;
+  bool WasEverUsed() const override;
+  bool UsingTCPFastOpen() const override;
+  bool WasNpnNegotiated() const override;
+  NextProto GetNegotiatedProtocol() const override;
+  bool GetSSLInfo(SSLInfo* ssl_info) override;
+  void GetConnectionAttempts(ConnectionAttempts* out) const override;
+  void ClearConnectionAttempts() override {}
+  void AddConnectionAttempts(const ConnectionAttempts& attempts) override {}
+  int64_t GetTotalReceivedBytes() const override;
+
+ private:
+  enum State {
+    STATE_NONE,
+    STATE_HANDSHAKE,
+  };
+
+  int InitializeSSLOptions();
+
+  void OnSendComplete(int result);
+  void OnRecvComplete(int result);
+  void OnHandshakeIOComplete(int result);
+
+  int BufferSend();
+  void BufferSendComplete(int result);
+  int BufferRecv();
+  void BufferRecvComplete(int result);
+  bool DoTransportIO();
+  int DoPayloadRead();
+  int DoPayloadWrite();
+
+  int DoHandshakeLoop(int last_io_result);
+  int DoReadLoop(int result);
+  int DoWriteLoop(int result);
+  int DoHandshake();
+  void DoHandshakeCallback(int result);
+  void DoReadCallback(int result);
+  void DoWriteCallback(int result);
+
+  static SECStatus OwnAuthCertHandler(void* arg,
+                                      PRFileDesc* socket,
+                                      PRBool checksig,
+                                      PRBool is_server);
+  static void HandshakeCallback(PRFileDesc* socket, void* arg);
+
+  int Init();
+
+  // Members used to send and receive buffer.
+  bool transport_send_busy_;
+  bool transport_recv_busy_;
+
+  scoped_refptr<IOBuffer> recv_buffer_;
+
+  BoundNetLog net_log_;
+
+  CompletionCallback user_handshake_callback_;
+  CompletionCallback user_read_callback_;
+  CompletionCallback user_write_callback_;
+
+  // Used by Read function.
+  scoped_refptr<IOBuffer> user_read_buf_;
+  int user_read_buf_len_;
+
+  // Used by Write function.
+  scoped_refptr<IOBuffer> user_write_buf_;
+  int user_write_buf_len_;
+
+  // The NSS SSL state machine
+  PRFileDesc* nss_fd_;
+
+  // Buffers for the network end of the SSL state machine
+  memio_Private* nss_bufs_;
+
+  // StreamSocket for sending and receiving data.
+  scoped_ptr<StreamSocket> transport_socket_;
+
+  // Options for the SSL socket.
+  SSLServerConfig ssl_server_config_;
+
+  // Certificate for the server.
+  scoped_refptr<X509Certificate> cert_;
+
+  // Private key used by the server.
+  scoped_ptr<crypto::RSAPrivateKey> key_;
+
+  State next_handshake_state_;
+  bool completed_handshake_;
+
+  DISALLOW_COPY_AND_ASSIGN(SSLServerSocketNSS);
+};
 
 SSLServerSocketNSS::SSLServerSocketNSS(
     scoped_ptr<StreamSocket> transport_socket,
-    scoped_refptr<X509Certificate> cert,
+    X509Certificate* cert,
     const crypto::RSAPrivateKey& key,
     const SSLServerConfig& ssl_server_config)
     : transport_send_busy_(false),
       transport_recv_busy_(false),
       user_read_buf_len_(0),
       user_write_buf_len_(0),
       nss_fd_(NULL),
       nss_bufs_(NULL),
       transport_socket_(std::move(transport_socket)),
       ssl_server_config_(ssl_server_config),
@@ skipping 77 matching lines @@
   }
   out->assign(reinterpret_cast<char*>(buf), len);
   return OK;
 }
 
 int SSLServerSocketNSS::Connect(const CompletionCallback& callback) {
   NOTIMPLEMENTED();
   return ERR_NOT_IMPLEMENTED;
 }
 
-int SSLServerSocketNSS::Read(IOBuffer* buf, int buf_len,
+int SSLServerSocketNSS::Read(IOBuffer* buf,
+                             int buf_len,
                              const CompletionCallback& callback) {
   DCHECK(user_read_callback_.is_null());
   DCHECK(user_handshake_callback_.is_null());
   DCHECK(!user_read_buf_);
   DCHECK(nss_bufs_);
   DCHECK(!callback.is_null());
 
   user_read_buf_ = buf;
   user_read_buf_len_ = buf_len;
 
   DCHECK(completed_handshake_);
 
   int rv = DoReadLoop(OK);
 
   if (rv == ERR_IO_PENDING) {
     user_read_callback_ = callback;
   } else {
     user_read_buf_ = NULL;
     user_read_buf_len_ = 0;
   }
   return rv;
 }
 
-int SSLServerSocketNSS::Write(IOBuffer* buf, int buf_len,
+int SSLServerSocketNSS::Write(IOBuffer* buf,
+                              int buf_len,
                               const CompletionCallback& callback) {
   DCHECK(user_write_callback_.is_null());
   DCHECK(!user_write_buf_);
   DCHECK(nss_bufs_);
   DCHECK(!callback.is_null());
 
   user_write_buf_ = buf;
   user_write_buf_len_ = buf_len;
 
   int rv = DoWriteLoop(OK);
@@ skipping 344 matching lines @@
     return ERR_ABORTED;
   }
   const size_t len = len1 + len2;
 
   int rv = 0;
   if (len) {
     scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len));
     memcpy(send_buffer->data(), buf1, len1);
     memcpy(send_buffer->data() + len1, buf2, len2);
     rv = transport_socket_->Write(
-        send_buffer.get(),
-        len,
+        send_buffer.get(), len,
         base::Bind(&SSLServerSocketNSS::BufferSendComplete,
                    base::Unretained(this)));
     if (rv == ERR_IO_PENDING) {
       transport_send_busy_ = true;
     } else {
       memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv));
     }
   }
 
   return rv;
@@ skipping 10 matching lines @@
 
   char* buf;
   int nb = memio_GetReadParams(nss_bufs_, &buf);
   int rv;
   if (!nb) {
     // buffer too full to read into, so no I/O possible at moment
     rv = ERR_IO_PENDING;
   } else {
     recv_buffer_ = new IOBuffer(nb);
     rv = transport_socket_->Read(
-        recv_buffer_.get(),
-        nb,
+        recv_buffer_.get(), nb,
         base::Bind(&SSLServerSocketNSS::BufferRecvComplete,
                    base::Unretained(this)));
     if (rv == ERR_IO_PENDING) {
       transport_recv_busy_ = true;
     } else {
       if (rv > 0)
         memcpy(buf, recv_buffer_->data(), rv);
       memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv));
       recv_buffer_ = NULL;
     }
@@ skipping 202 matching lines @@
                                                  PRBool checksig,
                                                  PRBool is_server) {
   // TODO(hclam): Implement.
   // Tell NSS to not verify the certificate.
   return SECSuccess;
 }
 
 // static
 // NSS calls this when handshake is completed.
 // After the SSL handshake is finished we need to verify the certificate.
-void SSLServerSocketNSS::HandshakeCallback(PRFileDesc* socket,
-                                           void* arg) {
+void SSLServerSocketNSS::HandshakeCallback(PRFileDesc* socket, void* arg) {
   // TODO(hclam): Implement.
 }
 
 int SSLServerSocketNSS::Init() {
   // Initialize the NSS SSL library in a threadsafe way.  This also
   // initializes the NSS base library.
   EnsureNSSSSLInit();
   if (!NSS_IsInitialized())
     return ERR_UNEXPECTED;
 
   EnableSSLServerSockets();
   return OK;
 }
 
+}  // namespace
+
+scoped_ptr<SSLServerContext> CreateSSLServerContext(
+    X509Certificate* certificate,
+    const crypto::RSAPrivateKey& key,
+    const SSLServerConfig& ssl_server_config) {
+  return scoped_ptr<SSLServerContext>(
+      new SSLServerContextNSS(certificate, key, ssl_server_config));
+}
+
+SSLServerContextNSS::SSLServerContextNSS(
+    X509Certificate* certificate,
+    const crypto::RSAPrivateKey& key,
+    const SSLServerConfig& ssl_server_config)
+    : ssl_server_config_(ssl_server_config),
+      cert_(certificate),
+      key_(key.Copy()) {
+  CHECK(key_);
+}
+
+SSLServerContextNSS::~SSLServerContextNSS() {}
+
+scoped_ptr<SSLServerSocket> SSLServerContextNSS::CreateSSLServerSocket(
+    scoped_ptr<StreamSocket> socket) {
+  DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
+                                    << " called yet!";
+
+  return scoped_ptr<SSLServerSocket>(new SSLServerSocketNSS(
+      std::move(socket), cert_.get(), *key_, ssl_server_config_));
+}
+
+void EnableSSLServerSockets() {
+  g_nss_ssl_server_init_singleton.Get();
+}
+
 }  // namespace net