OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
56 verify_result->cert_status = net::CERT_STATUS_INVALID; | 56 verify_result->cert_status = net::CERT_STATUS_INVALID; |
57 return net::ERR_CERT_INVALID; | 57 return net::ERR_CERT_INVALID; |
58 } | 58 } |
59 }; | 59 }; |
60 | 60 |
61 // Implements net::StreamSocket interface on top of P2PStreamSocket to be passed | 61 // Implements net::StreamSocket interface on top of P2PStreamSocket to be passed |
62 // to net::SSLClientSocket and net::SSLServerSocket. | 62 // to net::SSLClientSocket and net::SSLServerSocket. |
63 class NetStreamSocketAdapter : public net::StreamSocket { | 63 class NetStreamSocketAdapter : public net::StreamSocket { |
64 public: | 64 public: |
65 NetStreamSocketAdapter(scoped_ptr<P2PStreamSocket> socket) | 65 NetStreamSocketAdapter(scoped_ptr<P2PStreamSocket> socket) |
66 : socket_(socket.Pass()) {} | 66 : socket_(std::move(socket)) {} |
67 ~NetStreamSocketAdapter() override {} | 67 ~NetStreamSocketAdapter() override {} |
68 | 68 |
69 int Read(net::IOBuffer* buf, int buf_len, | 69 int Read(net::IOBuffer* buf, int buf_len, |
70 const net::CompletionCallback& callback) override { | 70 const net::CompletionCallback& callback) override { |
71 return socket_->Read(buf, buf_len, callback); | 71 return socket_->Read(buf, buf_len, callback); |
72 } | 72 } |
73 int Write(net::IOBuffer* buf, int buf_len, | 73 int Write(net::IOBuffer* buf, int buf_len, |
74 const net::CompletionCallback& callback) override { | 74 const net::CompletionCallback& callback) override { |
75 return socket_->Write(buf, buf_len, callback); | 75 return socket_->Write(buf, buf_len, callback); |
76 } | 76 } |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
140 | 140 |
141 private: | 141 private: |
142 scoped_ptr<P2PStreamSocket> socket_; | 142 scoped_ptr<P2PStreamSocket> socket_; |
143 net::BoundNetLog net_log_; | 143 net::BoundNetLog net_log_; |
144 }; | 144 }; |
145 | 145 |
146 // Implements P2PStreamSocket interface on top of net::StreamSocket. | 146 // Implements P2PStreamSocket interface on top of net::StreamSocket. |
147 class P2PStreamSocketAdapter : public P2PStreamSocket { | 147 class P2PStreamSocketAdapter : public P2PStreamSocket { |
148 public: | 148 public: |
149 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket) | 149 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket) |
150 : socket_(socket.Pass()) {} | 150 : socket_(std::move(socket)) {} |
151 ~P2PStreamSocketAdapter() override {} | 151 ~P2PStreamSocketAdapter() override {} |
152 | 152 |
153 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, | 153 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, |
154 const net::CompletionCallback& callback) override { | 154 const net::CompletionCallback& callback) override { |
155 return socket_->Read(buf.get(), buf_len, callback); | 155 return socket_->Read(buf.get(), buf_len, callback); |
156 } | 156 } |
157 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, | 157 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, |
158 const net::CompletionCallback& callback) override { | 158 const net::CompletionCallback& callback) override { |
159 return socket_->Write(buf.get(), buf_len, callback); | 159 return socket_->Write(buf.get(), buf_len, callback); |
160 } | 160 } |
161 | 161 |
162 private: | 162 private: |
163 scoped_ptr<net::StreamSocket> socket_; | 163 scoped_ptr<net::StreamSocket> socket_; |
164 }; | 164 }; |
165 | 165 |
166 } // namespace | 166 } // namespace |
167 | 167 |
168 // static | 168 // static |
169 scoped_ptr<SslHmacChannelAuthenticator> | 169 scoped_ptr<SslHmacChannelAuthenticator> |
170 SslHmacChannelAuthenticator::CreateForClient( | 170 SslHmacChannelAuthenticator::CreateForClient( |
171 const std::string& remote_cert, | 171 const std::string& remote_cert, |
172 const std::string& auth_key) { | 172 const std::string& auth_key) { |
173 scoped_ptr<SslHmacChannelAuthenticator> result( | 173 scoped_ptr<SslHmacChannelAuthenticator> result( |
174 new SslHmacChannelAuthenticator(auth_key)); | 174 new SslHmacChannelAuthenticator(auth_key)); |
175 result->remote_cert_ = remote_cert; | 175 result->remote_cert_ = remote_cert; |
176 return result.Pass(); | 176 return result; |
177 } | 177 } |
178 | 178 |
179 scoped_ptr<SslHmacChannelAuthenticator> | 179 scoped_ptr<SslHmacChannelAuthenticator> |
180 SslHmacChannelAuthenticator::CreateForHost( | 180 SslHmacChannelAuthenticator::CreateForHost( |
181 const std::string& local_cert, | 181 const std::string& local_cert, |
182 scoped_refptr<RsaKeyPair> key_pair, | 182 scoped_refptr<RsaKeyPair> key_pair, |
183 const std::string& auth_key) { | 183 const std::string& auth_key) { |
184 scoped_ptr<SslHmacChannelAuthenticator> result( | 184 scoped_ptr<SslHmacChannelAuthenticator> result( |
185 new SslHmacChannelAuthenticator(auth_key)); | 185 new SslHmacChannelAuthenticator(auth_key)); |
186 result->local_cert_ = local_cert; | 186 result->local_cert_ = local_cert; |
187 result->local_key_pair_ = key_pair; | 187 result->local_key_pair_ = key_pair; |
188 return result.Pass(); | 188 return result; |
189 } | 189 } |
190 | 190 |
191 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( | 191 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( |
192 const std::string& auth_key) | 192 const std::string& auth_key) |
193 : auth_key_(auth_key) { | 193 : auth_key_(auth_key) { |
194 } | 194 } |
195 | 195 |
196 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { | 196 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { |
197 } | 197 } |
198 | 198 |
(...skipping 18 matching lines...) Expand all Loading... |
217 if (!cert.get()) { | 217 if (!cert.get()) { |
218 LOG(ERROR) << "Failed to parse X509Certificate"; | 218 LOG(ERROR) << "Failed to parse X509Certificate"; |
219 NotifyError(net::ERR_FAILED); | 219 NotifyError(net::ERR_FAILED); |
220 return; | 220 return; |
221 } | 221 } |
222 | 222 |
223 net::SSLServerConfig ssl_config; | 223 net::SSLServerConfig ssl_config; |
224 ssl_config.require_ecdhe = true; | 224 ssl_config.require_ecdhe = true; |
225 | 225 |
226 scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket( | 226 scoped_ptr<net::SSLServerSocket> server_socket = net::CreateSSLServerSocket( |
227 make_scoped_ptr(new NetStreamSocketAdapter(socket.Pass())), cert.get(), | 227 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket))), |
228 local_key_pair_->private_key(), ssl_config); | 228 cert.get(), local_key_pair_->private_key(), ssl_config); |
229 net::SSLServerSocket* raw_server_socket = server_socket.get(); | 229 net::SSLServerSocket* raw_server_socket = server_socket.get(); |
230 socket_ = server_socket.Pass(); | 230 socket_ = std::move(server_socket); |
231 result = raw_server_socket->Handshake( | 231 result = raw_server_socket->Handshake( |
232 base::Bind(&SslHmacChannelAuthenticator::OnConnected, | 232 base::Bind(&SslHmacChannelAuthenticator::OnConnected, |
233 base::Unretained(this))); | 233 base::Unretained(this))); |
234 #endif | 234 #endif |
235 } else { | 235 } else { |
236 transport_security_state_.reset(new net::TransportSecurityState); | 236 transport_security_state_.reset(new net::TransportSecurityState); |
237 cert_verifier_.reset(new FailingCertVerifier); | 237 cert_verifier_.reset(new FailingCertVerifier); |
238 | 238 |
239 net::SSLConfig::CertAndStatus cert_and_status; | 239 net::SSLConfig::CertAndStatus cert_and_status; |
240 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; | 240 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
241 cert_and_status.der_cert = remote_cert_; | 241 cert_and_status.der_cert = remote_cert_; |
242 | 242 |
243 net::SSLConfig ssl_config; | 243 net::SSLConfig ssl_config; |
244 // Certificate verification and revocation checking are not needed | 244 // Certificate verification and revocation checking are not needed |
245 // because we use self-signed certs. Disable it so that the SSL | 245 // because we use self-signed certs. Disable it so that the SSL |
246 // layer doesn't try to initialize OCSP (OCSP works only on the IO | 246 // layer doesn't try to initialize OCSP (OCSP works only on the IO |
247 // thread). | 247 // thread). |
248 ssl_config.cert_io_enabled = false; | 248 ssl_config.cert_io_enabled = false; |
249 ssl_config.rev_checking_enabled = false; | 249 ssl_config.rev_checking_enabled = false; |
250 ssl_config.allowed_bad_certs.push_back(cert_and_status); | 250 ssl_config.allowed_bad_certs.push_back(cert_and_status); |
251 ssl_config.require_ecdhe = true; | 251 ssl_config.require_ecdhe = true; |
252 | 252 |
253 net::HostPortPair host_and_port(kSslFakeHostName, 0); | 253 net::HostPortPair host_and_port(kSslFakeHostName, 0); |
254 net::SSLClientSocketContext context; | 254 net::SSLClientSocketContext context; |
255 context.transport_security_state = transport_security_state_.get(); | 255 context.transport_security_state = transport_security_state_.get(); |
256 context.cert_verifier = cert_verifier_.get(); | 256 context.cert_verifier = cert_verifier_.get(); |
257 scoped_ptr<net::ClientSocketHandle> socket_handle( | 257 scoped_ptr<net::ClientSocketHandle> socket_handle( |
258 new net::ClientSocketHandle); | 258 new net::ClientSocketHandle); |
259 socket_handle->SetSocket( | 259 socket_handle->SetSocket( |
260 make_scoped_ptr(new NetStreamSocketAdapter(socket.Pass()))); | 260 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket)))); |
261 | 261 |
262 #if defined(OS_NACL) | 262 #if defined(OS_NACL) |
263 // net_nacl doesn't include ClientSocketFactory. | 263 // net_nacl doesn't include ClientSocketFactory. |
264 socket_.reset(new net::SSLClientSocketOpenSSL( | 264 socket_.reset(new net::SSLClientSocketOpenSSL( |
265 socket_handle.Pass(), host_and_port, ssl_config, context)); | 265 std::move(socket_handle), host_and_port, ssl_config, context)); |
266 #else | 266 #else |
267 socket_ = | 267 socket_ = |
268 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( | 268 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( |
269 socket_handle.Pass(), host_and_port, ssl_config, context); | 269 std::move(socket_handle), host_and_port, ssl_config, context); |
270 #endif | 270 #endif |
271 | 271 |
272 result = socket_->Connect( | 272 result = socket_->Connect( |
273 base::Bind(&SslHmacChannelAuthenticator::OnConnected, | 273 base::Bind(&SslHmacChannelAuthenticator::OnConnected, |
274 base::Unretained(this))); | 274 base::Unretained(this))); |
275 } | 275 } |
276 | 276 |
277 if (result == net::ERR_IO_PENDING) | 277 if (result == net::ERR_IO_PENDING) |
278 return; | 278 return; |
279 | 279 |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
419 } | 419 } |
420 | 420 |
421 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { | 421 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { |
422 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { | 422 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { |
423 DCHECK(socket_.get() != nullptr); | 423 DCHECK(socket_.get() != nullptr); |
424 if (callback_called) | 424 if (callback_called) |
425 *callback_called = true; | 425 *callback_called = true; |
426 | 426 |
427 base::ResetAndReturn(&done_callback_) | 427 base::ResetAndReturn(&done_callback_) |
428 .Run(net::OK, | 428 .Run(net::OK, |
429 make_scoped_ptr(new P2PStreamSocketAdapter(socket_.Pass()))); | 429 make_scoped_ptr(new P2PStreamSocketAdapter(std::move(socket_)))); |
430 } | 430 } |
431 } | 431 } |
432 | 432 |
433 void SslHmacChannelAuthenticator::NotifyError(int error) { | 433 void SslHmacChannelAuthenticator::NotifyError(int error) { |
434 base::ResetAndReturn(&done_callback_).Run(error, nullptr); | 434 base::ResetAndReturn(&done_callback_).Run(error, nullptr); |
435 } | 435 } |
436 | 436 |
437 } // namespace protocol | 437 } // namespace protocol |
438 } // namespace remoting | 438 } // namespace remoting |
OLD | NEW |