OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 621 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
632 // Read() and Write() mirror the net::Socket functions of the same name. | 632 // Read() and Write() mirror the net::Socket functions of the same name. |
633 // If ERR_IO_PENDING is returned, |callback| will be invoked on the network | 633 // If ERR_IO_PENDING is returned, |callback| will be invoked on the network |
634 // task runner at a later point, unless the caller calls Detach(). | 634 // task runner at a later point, unless the caller calls Detach(). |
635 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); | 635 int Read(IOBuffer* buf, int buf_len, const CompletionCallback& callback); |
636 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); | 636 int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback); |
637 | 637 |
638 // Called on the network task runner. | 638 // Called on the network task runner. |
639 bool IsConnected(); | 639 bool IsConnected(); |
640 bool HasPendingAsyncOperation(); | 640 bool HasPendingAsyncOperation(); |
641 bool HasUnhandledReceivedData(); | 641 bool HasUnhandledReceivedData(); |
642 bool WasEverUsed(); | |
642 | 643 |
643 // Called on the network task runner. | 644 // Called on the network task runner. |
644 // Causes the associated SSL/TLS session ID to be added to NSS's session | 645 // Causes the associated SSL/TLS session ID to be added to NSS's session |
645 // cache, but only if the connection has not been False Started. | 646 // cache, but only if the connection has not been False Started. |
646 // | 647 // |
647 // This should only be called after the server's certificate has been | 648 // This should only be called after the server's certificate has been |
648 // verified, and may not be called within an NSS callback. | 649 // verified, and may not be called within an NSS callback. |
649 void CacheSessionIfNecessary(); | 650 void CacheSessionIfNecessary(); |
650 | 651 |
651 private: | 652 private: |
(...skipping 181 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
833 | 834 |
834 // The service for retrieving Channel ID keys. May be NULL. | 835 // The service for retrieving Channel ID keys. May be NULL. |
835 ServerBoundCertService* server_bound_cert_service_; | 836 ServerBoundCertService* server_bound_cert_service_; |
836 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_; | 837 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_; |
837 | 838 |
838 // The information about NSS task runner. | 839 // The information about NSS task runner. |
839 int unhandled_buffer_size_; | 840 int unhandled_buffer_size_; |
840 bool nss_waiting_read_; | 841 bool nss_waiting_read_; |
841 bool nss_waiting_write_; | 842 bool nss_waiting_write_; |
842 bool nss_is_closed_; | 843 bool nss_is_closed_; |
844 bool was_used_to_convey_data_; | |
wtc
2014/03/19 00:17:46
Nit: document this member. I copied your comment f
davidben
2014/03/25 19:50:18
Done.
| |
843 | 845 |
844 //////////////////////////////////////////////////////////////////////////// | 846 //////////////////////////////////////////////////////////////////////////// |
845 // Members that are ONLY accessed on the NSS task runner: | 847 // Members that are ONLY accessed on the NSS task runner: |
846 //////////////////////////////////////////////////////////////////////////// | 848 //////////////////////////////////////////////////////////////////////////// |
847 HostPortPair host_and_port_; | 849 HostPortPair host_and_port_; |
848 SSLConfig ssl_config_; | 850 SSLConfig ssl_config_; |
849 | 851 |
850 // NSS SSL socket. | 852 // NSS SSL socket. |
851 PRFileDesc* nss_fd_; | 853 PRFileDesc* nss_fd_; |
852 | 854 |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
929 BoundNetLog* net_log, | 931 BoundNetLog* net_log, |
930 ServerBoundCertService* server_bound_cert_service) | 932 ServerBoundCertService* server_bound_cert_service) |
931 : detached_(false), | 933 : detached_(false), |
932 transport_(transport), | 934 transport_(transport), |
933 weak_net_log_factory_(net_log), | 935 weak_net_log_factory_(net_log), |
934 server_bound_cert_service_(server_bound_cert_service), | 936 server_bound_cert_service_(server_bound_cert_service), |
935 unhandled_buffer_size_(0), | 937 unhandled_buffer_size_(0), |
936 nss_waiting_read_(false), | 938 nss_waiting_read_(false), |
937 nss_waiting_write_(false), | 939 nss_waiting_write_(false), |
938 nss_is_closed_(false), | 940 nss_is_closed_(false), |
941 was_used_to_convey_data_(false), | |
939 host_and_port_(host_and_port), | 942 host_and_port_(host_and_port), |
940 ssl_config_(ssl_config), | 943 ssl_config_(ssl_config), |
941 nss_fd_(NULL), | 944 nss_fd_(NULL), |
942 nss_bufs_(NULL), | 945 nss_bufs_(NULL), |
943 pending_read_result_(kNoPendingReadResult), | 946 pending_read_result_(kNoPendingReadResult), |
944 pending_read_nss_error_(0), | 947 pending_read_nss_error_(0), |
945 next_handshake_state_(STATE_NONE), | 948 next_handshake_state_(STATE_NONE), |
946 channel_id_xtn_negotiated_(false), | 949 channel_id_xtn_negotiated_(false), |
947 channel_id_needed_(false), | 950 channel_id_needed_(false), |
948 client_auth_cert_needed_(false), | 951 client_auth_cert_needed_(false), |
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1141 } else { | 1144 } else { |
1142 user_read_buf_ = NULL; | 1145 user_read_buf_ = NULL; |
1143 user_read_buf_len_ = 0; | 1146 user_read_buf_len_ = 0; |
1144 | 1147 |
1145 if (!OnNetworkTaskRunner()) { | 1148 if (!OnNetworkTaskRunner()) { |
1146 PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSRead, this, rv)); | 1149 PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSRead, this, rv)); |
1147 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); | 1150 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); |
1148 return ERR_IO_PENDING; | 1151 return ERR_IO_PENDING; |
1149 } else { | 1152 } else { |
1150 DCHECK(!nss_waiting_read_); | 1153 DCHECK(!nss_waiting_read_); |
1151 if (rv <= 0) | 1154 if (rv <= 0) { |
1152 nss_is_closed_ = true; | 1155 nss_is_closed_ = true; |
1156 } else { | |
1157 was_used_to_convey_data_ = true; | |
1158 } | |
1153 } | 1159 } |
1154 } | 1160 } |
1155 | 1161 |
1156 return rv; | 1162 return rv; |
1157 } | 1163 } |
1158 | 1164 |
1159 int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len, | 1165 int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len, |
1160 const CompletionCallback& callback) { | 1166 const CompletionCallback& callback) { |
1161 if (!OnNSSTaskRunner()) { | 1167 if (!OnNSSTaskRunner()) { |
1162 DCHECK(OnNetworkTaskRunner()); | 1168 DCHECK(OnNetworkTaskRunner()); |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1195 } else { | 1201 } else { |
1196 user_write_buf_ = NULL; | 1202 user_write_buf_ = NULL; |
1197 user_write_buf_len_ = 0; | 1203 user_write_buf_len_ = 0; |
1198 | 1204 |
1199 if (!OnNetworkTaskRunner()) { | 1205 if (!OnNetworkTaskRunner()) { |
1200 PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSWrite, this, rv)); | 1206 PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSWrite, this, rv)); |
1201 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); | 1207 PostOrRunCallback(FROM_HERE, base::Bind(callback, rv)); |
1202 return ERR_IO_PENDING; | 1208 return ERR_IO_PENDING; |
1203 } else { | 1209 } else { |
1204 DCHECK(!nss_waiting_write_); | 1210 DCHECK(!nss_waiting_write_); |
1205 if (rv < 0) | 1211 if (rv < 0) { |
1206 nss_is_closed_ = true; | 1212 nss_is_closed_ = true; |
1213 } else { | |
wtc
2014/03/19 00:17:46
We may want to test rv > 0 here because the condit
davidben
2014/03/25 19:50:18
Done.
| |
1214 was_used_to_convey_data_ = true; | |
1215 } | |
1207 } | 1216 } |
1208 } | 1217 } |
1209 | 1218 |
1210 return rv; | 1219 return rv; |
1211 } | 1220 } |
1212 | 1221 |
1213 bool SSLClientSocketNSS::Core::IsConnected() { | 1222 bool SSLClientSocketNSS::Core::IsConnected() { |
1214 DCHECK(OnNetworkTaskRunner()); | 1223 DCHECK(OnNetworkTaskRunner()); |
1215 return !nss_is_closed_; | 1224 return !nss_is_closed_; |
1216 } | 1225 } |
1217 | 1226 |
1218 bool SSLClientSocketNSS::Core::HasPendingAsyncOperation() { | 1227 bool SSLClientSocketNSS::Core::HasPendingAsyncOperation() { |
1219 DCHECK(OnNetworkTaskRunner()); | 1228 DCHECK(OnNetworkTaskRunner()); |
1220 return nss_waiting_read_ || nss_waiting_write_; | 1229 return nss_waiting_read_ || nss_waiting_write_; |
1221 } | 1230 } |
1222 | 1231 |
1223 bool SSLClientSocketNSS::Core::HasUnhandledReceivedData() { | 1232 bool SSLClientSocketNSS::Core::HasUnhandledReceivedData() { |
1224 DCHECK(OnNetworkTaskRunner()); | 1233 DCHECK(OnNetworkTaskRunner()); |
1225 return unhandled_buffer_size_ != 0; | 1234 return unhandled_buffer_size_ != 0; |
1226 } | 1235 } |
1227 | 1236 |
1237 bool SSLClientSocketNSS::Core::WasEverUsed() { | |
1238 DCHECK(OnNetworkTaskRunner()); | |
1239 return was_used_to_convey_data_; | |
1240 } | |
1241 | |
1228 void SSLClientSocketNSS::Core::CacheSessionIfNecessary() { | 1242 void SSLClientSocketNSS::Core::CacheSessionIfNecessary() { |
1229 // TODO(rsleevi): This should occur on the NSS task runner, due to the use of | 1243 // TODO(rsleevi): This should occur on the NSS task runner, due to the use of |
1230 // nss_fd_. However, it happens on the network task runner in order to match | 1244 // nss_fd_. However, it happens on the network task runner in order to match |
1231 // the buggy behavior of ExportKeyingMaterial. | 1245 // the buggy behavior of ExportKeyingMaterial. |
1232 // | 1246 // |
1233 // Once http://crbug.com/330360 is fixed, this should be moved to an | 1247 // Once http://crbug.com/330360 is fixed, this should be moved to an |
1234 // implementation that exclusively does this work on the NSS TaskRunner. This | 1248 // implementation that exclusively does this work on the NSS TaskRunner. This |
1235 // is "safe" because it is only called during the certificate verification | 1249 // is "safe" because it is only called during the certificate verification |
1236 // state machine of the main socket, which is safe because no underlying | 1250 // state machine of the main socket, which is safe because no underlying |
1237 // transport IO will be occuring in that state, and NSS will not be blocking | 1251 // transport IO will be occuring in that state, and NSS will not be blocking |
(...skipping 1411 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2649 | 2663 |
2650 void SSLClientSocketNSS::Core::OnNSSBufferUpdated(int amount_in_read_buffer) { | 2664 void SSLClientSocketNSS::Core::OnNSSBufferUpdated(int amount_in_read_buffer) { |
2651 DCHECK(OnNetworkTaskRunner()); | 2665 DCHECK(OnNetworkTaskRunner()); |
2652 unhandled_buffer_size_ = amount_in_read_buffer; | 2666 unhandled_buffer_size_ = amount_in_read_buffer; |
2653 } | 2667 } |
2654 | 2668 |
2655 void SSLClientSocketNSS::Core::DidNSSRead(int result) { | 2669 void SSLClientSocketNSS::Core::DidNSSRead(int result) { |
2656 DCHECK(OnNetworkTaskRunner()); | 2670 DCHECK(OnNetworkTaskRunner()); |
2657 DCHECK(nss_waiting_read_); | 2671 DCHECK(nss_waiting_read_); |
2658 nss_waiting_read_ = false; | 2672 nss_waiting_read_ = false; |
2659 if (result <= 0) | 2673 if (result <= 0) { |
2660 nss_is_closed_ = true; | 2674 nss_is_closed_ = true; |
2675 } else { | |
2676 was_used_to_convey_data_ = true; | |
2677 } | |
2661 } | 2678 } |
2662 | 2679 |
2663 void SSLClientSocketNSS::Core::DidNSSWrite(int result) { | 2680 void SSLClientSocketNSS::Core::DidNSSWrite(int result) { |
2664 DCHECK(OnNetworkTaskRunner()); | 2681 DCHECK(OnNetworkTaskRunner()); |
2665 DCHECK(nss_waiting_write_); | 2682 DCHECK(nss_waiting_write_); |
2666 nss_waiting_write_ = false; | 2683 nss_waiting_write_ = false; |
2667 if (result < 0) | 2684 if (result < 0) { |
2668 nss_is_closed_ = true; | 2685 nss_is_closed_ = true; |
2686 } else { | |
wtc
2014/03/19 00:17:46
We may want to test rv > 0 here because the condit
davidben
2014/03/25 19:50:18
Done.
| |
2687 was_used_to_convey_data_ = true; | |
2688 } | |
2669 } | 2689 } |
2670 | 2690 |
2671 void SSLClientSocketNSS::Core::BufferSendComplete(int result) { | 2691 void SSLClientSocketNSS::Core::BufferSendComplete(int result) { |
2672 if (!OnNSSTaskRunner()) { | 2692 if (!OnNSSTaskRunner()) { |
2673 if (detached_) | 2693 if (detached_) |
2674 return; | 2694 return; |
2675 | 2695 |
2676 nss_task_runner_->PostTask( | 2696 nss_task_runner_->PostTask( |
2677 FROM_HERE, base::Bind(&Core::BufferSendComplete, this, result)); | 2697 FROM_HERE, base::Bind(&Core::BufferSendComplete, this, result)); |
2678 return; | 2698 return; |
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3018 | 3038 |
3019 void SSLClientSocketNSS::SetOmniboxSpeculation() { | 3039 void SSLClientSocketNSS::SetOmniboxSpeculation() { |
3020 if (transport_.get() && transport_->socket()) { | 3040 if (transport_.get() && transport_->socket()) { |
3021 transport_->socket()->SetOmniboxSpeculation(); | 3041 transport_->socket()->SetOmniboxSpeculation(); |
3022 } else { | 3042 } else { |
3023 NOTREACHED(); | 3043 NOTREACHED(); |
3024 } | 3044 } |
3025 } | 3045 } |
3026 | 3046 |
3027 bool SSLClientSocketNSS::WasEverUsed() const { | 3047 bool SSLClientSocketNSS::WasEverUsed() const { |
3028 if (transport_.get() && transport_->socket()) { | 3048 DCHECK(core_.get()); |
3029 return transport_->socket()->WasEverUsed(); | 3049 |
3030 } | 3050 return core_->WasEverUsed(); |
3031 NOTREACHED(); | |
3032 return false; | |
3033 } | 3051 } |
3034 | 3052 |
3035 bool SSLClientSocketNSS::UsingTCPFastOpen() const { | 3053 bool SSLClientSocketNSS::UsingTCPFastOpen() const { |
3036 if (transport_.get() && transport_->socket()) { | 3054 if (transport_.get() && transport_->socket()) { |
3037 return transport_->socket()->UsingTCPFastOpen(); | 3055 return transport_->socket()->UsingTCPFastOpen(); |
3038 } | 3056 } |
3039 NOTREACHED(); | 3057 NOTREACHED(); |
3040 return false; | 3058 return false; |
3041 } | 3059 } |
3042 | 3060 |
(...skipping 544 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3587 SignedCertificateTimestampAndStatus(*iter, | 3605 SignedCertificateTimestampAndStatus(*iter, |
3588 ct::SCT_STATUS_LOG_UNKNOWN)); | 3606 ct::SCT_STATUS_LOG_UNKNOWN)); |
3589 } | 3607 } |
3590 } | 3608 } |
3591 | 3609 |
3592 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3610 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3593 return server_bound_cert_service_; | 3611 return server_bound_cert_service_; |
3594 } | 3612 } |
3595 | 3613 |
3596 } // namespace net | 3614 } // namespace net |
OLD | NEW |