| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 144 } | 144 } |
| 145 | 145 |
| 146 private: | 146 private: |
| 147 scoped_ptr<P2PStreamSocket> socket_; | 147 scoped_ptr<P2PStreamSocket> socket_; |
| 148 net::BoundNetLog net_log_; | 148 net::BoundNetLog net_log_; |
| 149 }; | 149 }; |
| 150 | 150 |
| 151 // Implements P2PStreamSocket interface on top of net::StreamSocket. | 151 // Implements P2PStreamSocket interface on top of net::StreamSocket. |
| 152 class P2PStreamSocketAdapter : public P2PStreamSocket { | 152 class P2PStreamSocketAdapter : public P2PStreamSocket { |
| 153 public: | 153 public: |
| 154 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket) | 154 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket, |
| 155 : socket_(std::move(socket)) {} | 155 scoped_ptr<net::SSLServerContext> server_context) |
| 156 : server_context_(std::move(server_context)), |
| 157 socket_(std::move(socket)) {} |
| 156 ~P2PStreamSocketAdapter() override {} | 158 ~P2PStreamSocketAdapter() override {} |
| 157 | 159 |
| 158 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, | 160 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, |
| 159 const net::CompletionCallback& callback) override { | 161 const net::CompletionCallback& callback) override { |
| 160 return socket_->Read(buf.get(), buf_len, callback); | 162 return socket_->Read(buf.get(), buf_len, callback); |
| 161 } | 163 } |
| 162 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, | 164 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, |
| 163 const net::CompletionCallback& callback) override { | 165 const net::CompletionCallback& callback) override { |
| 164 return socket_->Write(buf.get(), buf_len, callback); | 166 return socket_->Write(buf.get(), buf_len, callback); |
| 165 } | 167 } |
| 166 | 168 |
| 167 private: | 169 private: |
| 170 // The server_context_ will be a nullptr for client sockets. |
| 171 // The server_context_ must outlive any sockets it spawns. |
| 172 scoped_ptr<net::SSLServerContext> server_context_; |
| 168 scoped_ptr<net::StreamSocket> socket_; | 173 scoped_ptr<net::StreamSocket> socket_; |
| 169 }; | 174 }; |
| 170 | 175 |
| 171 } // namespace | 176 } // namespace |
| 172 | 177 |
| 173 // static | 178 // static |
| 174 scoped_ptr<SslHmacChannelAuthenticator> | 179 scoped_ptr<SslHmacChannelAuthenticator> |
| 175 SslHmacChannelAuthenticator::CreateForClient( | 180 SslHmacChannelAuthenticator::CreateForClient( |
| 176 const std::string& remote_cert, | 181 const std::string& remote_cert, |
| 177 const std::string& auth_key) { | 182 const std::string& auth_key) { |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 | 215 |
| 211 int result; | 216 int result; |
| 212 if (is_ssl_server()) { | 217 if (is_ssl_server()) { |
| 213 #if defined(OS_NACL) | 218 #if defined(OS_NACL) |
| 214 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket | 219 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket |
| 215 // implementation is not compiled for NaCl as part of net_nacl. | 220 // implementation is not compiled for NaCl as part of net_nacl. |
| 216 NOTREACHED(); | 221 NOTREACHED(); |
| 217 result = net::ERR_FAILED; | 222 result = net::ERR_FAILED; |
| 218 #else | 223 #else |
| 219 scoped_refptr<net::X509Certificate> cert = | 224 scoped_refptr<net::X509Certificate> cert = |
| 220 net::X509Certificate::CreateFromBytes( | 225 net::X509Certificate::CreateFromBytes(local_cert_.data(), |
| 221 local_cert_.data(), local_cert_.length()); | 226 local_cert_.length()); |
| 222 if (!cert.get()) { | 227 if (!cert.get()) { |
| 223 LOG(ERROR) << "Failed to parse X509Certificate"; | 228 LOG(ERROR) << "Failed to parse X509Certificate"; |
| 224 NotifyError(net::ERR_FAILED); | 229 NotifyError(net::ERR_FAILED); |
| 225 return; | 230 return; |
| 226 } | 231 } |
| 227 | 232 |
| 228 net::SSLServerConfig ssl_config; | 233 net::SSLServerConfig ssl_config; |
| 229 ssl_config.require_ecdhe = true; | 234 ssl_config.require_ecdhe = true; |
| 230 | 235 |
| 231 scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket( | 236 server_context_ = net::CreateSSLServerContext( |
| 232 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))), | |
| 233 cert.get(), *local_key_pair_->private_key(), ssl_config); | 237 cert.get(), *local_key_pair_->private_key(), ssl_config); |
| 238 |
| 239 scoped_ptr<net::SSLServerSocket> server_socket = |
| 240 server_context_->CreateSSLServerSocket( |
| 241 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket)))); |
| 234 net::SSLServerSocket* raw_server_socket = server_socket.get(); | 242 net::SSLServerSocket* raw_server_socket = server_socket.get(); |
| 235 socket_ = std::move(server_socket); | 243 socket_ = std::move(server_socket); |
| 236 result = raw_server_socket->Handshake( | 244 result = raw_server_socket->Handshake( |
| 237 base::Bind(&SslHmacChannelAuthenticator::OnConnected, | 245 base::Bind(&SslHmacChannelAuthenticator::OnConnected, |
| 238 base::Unretained(this))); | 246 base::Unretained(this))); |
| 239 #endif | 247 #endif |
| 240 } else { | 248 } else { |
| 241 transport_security_state_.reset(new net::TransportSecurityState); | 249 transport_security_state_.reset(new net::TransportSecurityState); |
| 242 cert_verifier_.reset(new FailingCertVerifier); | 250 cert_verifier_.reset(new FailingCertVerifier); |
| 243 | 251 |
| (...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 423 &(auth_bytes[0]), kAuthDigestLength); | 431 &(auth_bytes[0]), kAuthDigestLength); |
| 424 } | 432 } |
| 425 | 433 |
| 426 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { | 434 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { |
| 427 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { | 435 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { |
| 428 DCHECK(socket_.get() != nullptr); | 436 DCHECK(socket_.get() != nullptr); |
| 429 if (callback_called) | 437 if (callback_called) |
| 430 *callback_called = true; | 438 *callback_called = true; |
| 431 | 439 |
| 432 base::ResetAndReturn(&done_callback_) | 440 base::ResetAndReturn(&done_callback_) |
| 433 .Run(net::OK, | 441 .Run(net::OK, make_scoped_ptr(new P2PStreamSocketAdapter( |
| 434 make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_)))); | 442 std::move(socket_), std::move(server_context_)))); |
| 435 } | 443 } |
| 436 } | 444 } |
| 437 | 445 |
| 438 void SslHmacChannelAuthenticator::NotifyError(int error) { | 446 void SslHmacChannelAuthenticator::NotifyError(int error) { |
| 439 base::ResetAndReturn(&done_callback_).Run(error, nullptr); | 447 base::ResetAndReturn(&done_callback_).Run(error, nullptr); |
| 440 } | 448 } |
| 441 | 449 |
| 442 } // namespace protocol | 450 } // namespace protocol |
| 443 } // namespace remoting | 451 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1518613002:
Support for server session cache. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@client_certs