Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(94)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/protocol/ssl_hmac_channel_authenticator.cc

Issue 1864213002: Convert //remoting to use std::unique_ptr (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Mac IWYU Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <utility> 9 #include <utility>
10 10
11 #include "base/bind.h" 11 #include "base/bind.h"
12 #include "base/bind_helpers.h" 12 #include "base/bind_helpers.h"
13 #include "base/callback_helpers.h" 13 #include "base/callback_helpers.h"
14 #include "base/logging.h" 14 #include "base/logging.h"
15 #include "base/memory/ptr_util.h"
15 #include "build/build_config.h" 16 #include "build/build_config.h"
16 #include "crypto/secure_util.h" 17 #include "crypto/secure_util.h"
17 #include "net/base/host_port_pair.h" 18 #include "net/base/host_port_pair.h"
18 #include "net/base/io_buffer.h" 19 #include "net/base/io_buffer.h"
19 #include "net/base/net_errors.h" 20 #include "net/base/net_errors.h"
20 #include "net/cert/cert_status_flags.h" 21 #include "net/cert/cert_status_flags.h"
21 #include "net/cert/cert_verifier.h" 22 #include "net/cert/cert_verifier.h"
22 #include "net/cert/cert_verify_result.h" 23 #include "net/cert/cert_verify_result.h"
23 #include "net/cert/x509_certificate.h" 24 #include "net/cert/x509_certificate.h"
24 #include "net/http/transport_security_state.h" 25 #include "net/http/transport_security_state.h"
(...skipping 23 matching lines...) Expand all
48 FailingCertVerifier() {} 49 FailingCertVerifier() {}
49 ~FailingCertVerifier() override {} 50 ~FailingCertVerifier() override {}
50 51
51 int Verify(net::X509Certificate* cert, 52 int Verify(net::X509Certificate* cert,
52 const std::string& hostname, 53 const std::string& hostname,
53 const std::string& ocsp_response, 54 const std::string& ocsp_response,
54 int flags, 55 int flags,
55 net::CRLSet* crl_set, 56 net::CRLSet* crl_set,
56 net::CertVerifyResult* verify_result, 57 net::CertVerifyResult* verify_result,
57 const net::CompletionCallback& callback, 58 const net::CompletionCallback& callback,
58 scoped_ptr<Request>* out_req, 59 std::unique_ptr<Request>* out_req,
59 const net::BoundNetLog& net_log) override { 60 const net::BoundNetLog& net_log) override {
60 verify_result->verified_cert = cert; 61 verify_result->verified_cert = cert;
61 verify_result->cert_status = net::CERT_STATUS_INVALID; 62 verify_result->cert_status = net::CERT_STATUS_INVALID;
62 return net::ERR_CERT_INVALID; 63 return net::ERR_CERT_INVALID;
63 } 64 }
64 }; 65 };
65 66
66 // Implements net::StreamSocket interface on top of P2PStreamSocket to be passed 67 // Implements net::StreamSocket interface on top of P2PStreamSocket to be passed
67 // to net::SSLClientSocket and net::SSLServerSocket. 68 // to net::SSLClientSocket and net::SSLServerSocket.
68 class NetStreamSocketAdapter : public net::StreamSocket { 69 class NetStreamSocketAdapter : public net::StreamSocket {
69 public: 70 public:
70 NetStreamSocketAdapter(scoped_ptr<P2PStreamSocket> socket) 71 NetStreamSocketAdapter(std::unique_ptr<P2PStreamSocket> socket)
71 : socket_(std::move(socket)) {} 72 : socket_(std::move(socket)) {}
72 ~NetStreamSocketAdapter() override {} 73 ~NetStreamSocketAdapter() override {}
73 74
74 int Read(net::IOBuffer* buf, int buf_len, 75 int Read(net::IOBuffer* buf, int buf_len,
75 const net::CompletionCallback& callback) override { 76 const net::CompletionCallback& callback) override {
76 return socket_->Read(buf, buf_len, callback); 77 return socket_->Read(buf, buf_len, callback);
77 } 78 }
78 int Write(net::IOBuffer* buf, int buf_len, 79 int Write(net::IOBuffer* buf, int buf_len,
79 const net::CompletionCallback& callback) override { 80 const net::CompletionCallback& callback) override {
80 return socket_->Write(buf, buf_len, callback); 81 return socket_->Write(buf, buf_len, callback);
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
133 void ClearConnectionAttempts() override { NOTREACHED(); } 134 void ClearConnectionAttempts() override { NOTREACHED(); }
134 void AddConnectionAttempts(const net::ConnectionAttempts& attempts) override { 135 void AddConnectionAttempts(const net::ConnectionAttempts& attempts) override {
135 NOTREACHED(); 136 NOTREACHED();
136 } 137 }
137 int64_t GetTotalReceivedBytes() const override { 138 int64_t GetTotalReceivedBytes() const override {
138 NOTIMPLEMENTED(); 139 NOTIMPLEMENTED();
139 return 0; 140 return 0;
140 } 141 }
141 142
142 private: 143 private:
143 scoped_ptr<P2PStreamSocket> socket_; 144 std::unique_ptr<P2PStreamSocket> socket_;
144 net::BoundNetLog net_log_; 145 net::BoundNetLog net_log_;
145 }; 146 };
146 147
147 // Implements P2PStreamSocket interface on top of net::StreamSocket. 148 // Implements P2PStreamSocket interface on top of net::StreamSocket.
148 class P2PStreamSocketAdapter : public P2PStreamSocket { 149 class P2PStreamSocketAdapter : public P2PStreamSocket {
149 public: 150 public:
150 P2PStreamSocketAdapter(scoped_ptr<net::StreamSocket> socket, 151 P2PStreamSocketAdapter(std::unique_ptr<net::StreamSocket> socket,
151 scoped_ptr<net::SSLServerContext> server_context) 152 std::unique_ptr<net::SSLServerContext> server_context)
152 : server_context_(std::move(server_context)), 153 : server_context_(std::move(server_context)),
153 socket_(std::move(socket)) {} 154 socket_(std::move(socket)) {}
154 ~P2PStreamSocketAdapter() override {} 155 ~P2PStreamSocketAdapter() override {}
155 156
156 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len, 157 int Read(const scoped_refptr<net::IOBuffer>& buf, int buf_len,
157 const net::CompletionCallback& callback) override { 158 const net::CompletionCallback& callback) override {
158 return socket_->Read(buf.get(), buf_len, callback); 159 return socket_->Read(buf.get(), buf_len, callback);
159 } 160 }
160 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len, 161 int Write(const scoped_refptr<net::IOBuffer>& buf, int buf_len,
161 const net::CompletionCallback& callback) override { 162 const net::CompletionCallback& callback) override {
162 return socket_->Write(buf.get(), buf_len, callback); 163 return socket_->Write(buf.get(), buf_len, callback);
163 } 164 }
164 165
165 private: 166 private:
166 // The server_context_ will be a nullptr for client sockets. 167 // The server_context_ will be a nullptr for client sockets.
167 // The server_context_ must outlive any sockets it spawns. 168 // The server_context_ must outlive any sockets it spawns.
168 scoped_ptr<net::SSLServerContext> server_context_; 169 std::unique_ptr<net::SSLServerContext> server_context_;
169 scoped_ptr<net::StreamSocket> socket_; 170 std::unique_ptr<net::StreamSocket> socket_;
170 }; 171 };
171 172
172 } // namespace 173 } // namespace
173 174
174 // static 175 // static
175 scoped_ptr<SslHmacChannelAuthenticator> 176 std::unique_ptr<SslHmacChannelAuthenticator>
176 SslHmacChannelAuthenticator::CreateForClient( 177 SslHmacChannelAuthenticator::CreateForClient(const std::string& remote_cert,
177 const std::string& remote_cert, 178 const std::string& auth_key) {
178 const std::string& auth_key) { 179 std::unique_ptr<SslHmacChannelAuthenticator> result(
179 scoped_ptr<SslHmacChannelAuthenticator> result(
180 new SslHmacChannelAuthenticator(auth_key)); 180 new SslHmacChannelAuthenticator(auth_key));
181 result->remote_cert_ = remote_cert; 181 result->remote_cert_ = remote_cert;
182 return result; 182 return result;
183 } 183 }
184 184
185 scoped_ptr<SslHmacChannelAuthenticator> 185 std::unique_ptr<SslHmacChannelAuthenticator>
186 SslHmacChannelAuthenticator::CreateForHost( 186 SslHmacChannelAuthenticator::CreateForHost(const std::string& local_cert,
187 const std::string& local_cert, 187 scoped_refptr<RsaKeyPair> key_pair,
188 scoped_refptr<RsaKeyPair> key_pair, 188 const std::string& auth_key) {
189 const std::string& auth_key) { 189 std::unique_ptr<SslHmacChannelAuthenticator> result(
190 scoped_ptr<SslHmacChannelAuthenticator> result(
191 new SslHmacChannelAuthenticator(auth_key)); 190 new SslHmacChannelAuthenticator(auth_key));
192 result->local_cert_ = local_cert; 191 result->local_cert_ = local_cert;
193 result->local_key_pair_ = key_pair; 192 result->local_key_pair_ = key_pair;
194 return result; 193 return result;
195 } 194 }
196 195
197 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator( 196 SslHmacChannelAuthenticator::SslHmacChannelAuthenticator(
198 const std::string& auth_key) 197 const std::string& auth_key)
199 : auth_key_(auth_key) { 198 : auth_key_(auth_key) {
200 } 199 }
201 200
202 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() { 201 SslHmacChannelAuthenticator::~SslHmacChannelAuthenticator() {
203 } 202 }
204 203
205 void SslHmacChannelAuthenticator::SecureAndAuthenticate( 204 void SslHmacChannelAuthenticator::SecureAndAuthenticate(
206 scoped_ptr<P2PStreamSocket> socket, 205 std::unique_ptr<P2PStreamSocket> socket,
207 const DoneCallback& done_callback) { 206 const DoneCallback& done_callback) {
208 DCHECK(CalledOnValidThread()); 207 DCHECK(CalledOnValidThread());
209 208
210 done_callback_ = done_callback; 209 done_callback_ = done_callback;
211 210
212 int result; 211 int result;
213 if (is_ssl_server()) { 212 if (is_ssl_server()) {
214 #if defined(OS_NACL) 213 #if defined(OS_NACL)
215 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket 214 // Client plugin doesn't use server SSL sockets, and so SSLServerSocket
216 // implementation is not compiled for NaCl as part of net_nacl. 215 // implementation is not compiled for NaCl as part of net_nacl.
217 NOTREACHED(); 216 NOTREACHED();
218 result = net::ERR_FAILED; 217 result = net::ERR_FAILED;
219 #else 218 #else
220 scoped_refptr<net::X509Certificate> cert = 219 scoped_refptr<net::X509Certificate> cert =
221 net::X509Certificate::CreateFromBytes(local_cert_.data(), 220 net::X509Certificate::CreateFromBytes(local_cert_.data(),
222 local_cert_.length()); 221 local_cert_.length());
223 if (!cert.get()) { 222 if (!cert.get()) {
224 LOG(ERROR) << "Failed to parse X509Certificate"; 223 LOG(ERROR) << "Failed to parse X509Certificate";
225 NotifyError(net::ERR_FAILED); 224 NotifyError(net::ERR_FAILED);
226 return; 225 return;
227 } 226 }
228 227
229 net::SSLServerConfig ssl_config; 228 net::SSLServerConfig ssl_config;
230 ssl_config.require_ecdhe = true; 229 ssl_config.require_ecdhe = true;
231 230
232 server_context_ = net::CreateSSLServerContext( 231 server_context_ = net::CreateSSLServerContext(
233 cert.get(), *local_key_pair_->private_key(), ssl_config); 232 cert.get(), *local_key_pair_->private_key(), ssl_config);
234 233
235 scoped_ptr<net::SSLServerSocket> server_socket = 234 std::unique_ptr<net::SSLServerSocket> server_socket =
236 server_context_->CreateSSLServerSocket( 235 server_context_->CreateSSLServerSocket(
237 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket)))); 236 base::WrapUnique(new NetStreamSocketAdapter(std::move(socket))));
238 net::SSLServerSocket* raw_server_socket = server_socket.get(); 237 net::SSLServerSocket* raw_server_socket = server_socket.get();
239 socket_ = std::move(server_socket); 238 socket_ = std::move(server_socket);
240 result = raw_server_socket->Handshake( 239 result = raw_server_socket->Handshake(
241 base::Bind(&SslHmacChannelAuthenticator::OnConnected, 240 base::Bind(&SslHmacChannelAuthenticator::OnConnected,
242 base::Unretained(this))); 241 base::Unretained(this)));
243 #endif 242 #endif
244 } else { 243 } else {
245 transport_security_state_.reset(new net::TransportSecurityState); 244 transport_security_state_.reset(new net::TransportSecurityState);
246 cert_verifier_.reset(new FailingCertVerifier); 245 cert_verifier_.reset(new FailingCertVerifier);
247 246
248 net::SSLConfig::CertAndStatus cert_and_status; 247 net::SSLConfig::CertAndStatus cert_and_status;
249 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; 248 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
250 cert_and_status.der_cert = remote_cert_; 249 cert_and_status.der_cert = remote_cert_;
251 250
252 net::SSLConfig ssl_config; 251 net::SSLConfig ssl_config;
253 // Certificate verification and revocation checking are not needed 252 // Certificate verification and revocation checking are not needed
254 // because we use self-signed certs. Disable it so that the SSL 253 // because we use self-signed certs. Disable it so that the SSL
255 // layer doesn't try to initialize OCSP (OCSP works only on the IO 254 // layer doesn't try to initialize OCSP (OCSP works only on the IO
256 // thread). 255 // thread).
257 ssl_config.cert_io_enabled = false; 256 ssl_config.cert_io_enabled = false;
258 ssl_config.rev_checking_enabled = false; 257 ssl_config.rev_checking_enabled = false;
259 ssl_config.allowed_bad_certs.push_back(cert_and_status); 258 ssl_config.allowed_bad_certs.push_back(cert_and_status);
260 ssl_config.require_ecdhe = true; 259 ssl_config.require_ecdhe = true;
261 260
262 net::HostPortPair host_and_port(kSslFakeHostName, 0); 261 net::HostPortPair host_and_port(kSslFakeHostName, 0);
263 net::SSLClientSocketContext context; 262 net::SSLClientSocketContext context;
264 context.transport_security_state = transport_security_state_.get(); 263 context.transport_security_state = transport_security_state_.get();
265 context.cert_verifier = cert_verifier_.get(); 264 context.cert_verifier = cert_verifier_.get();
266 scoped_ptr<net::ClientSocketHandle> socket_handle( 265 std::unique_ptr<net::ClientSocketHandle> socket_handle(
267 new net::ClientSocketHandle); 266 new net::ClientSocketHandle);
268 socket_handle->SetSocket( 267 socket_handle->SetSocket(
269 make_scoped_ptr(new NetStreamSocketAdapter(std::move(socket)))); 268 base::WrapUnique(new NetStreamSocketAdapter(std::move(socket))));
270 269
271 #if defined(OS_NACL) 270 #if defined(OS_NACL)
272 // net_nacl doesn't include ClientSocketFactory. 271 // net_nacl doesn't include ClientSocketFactory.
273 socket_.reset(new net::SSLClientSocketOpenSSL( 272 socket_.reset(new net::SSLClientSocketOpenSSL(
274 std::move(socket_handle), host_and_port, ssl_config, context)); 273 std::move(socket_handle), host_and_port, ssl_config, context));
275 #else 274 #else
276 socket_ = 275 socket_ =
277 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( 276 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
278 std::move(socket_handle), host_and_port, ssl_config, context); 277 std::move(socket_handle), host_and_port, ssl_config, context);
279 #endif 278 #endif
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after
427 &(auth_bytes[0]), kAuthDigestLength); 426 &(auth_bytes[0]), kAuthDigestLength);
428 } 427 }
429 428
430 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) { 429 void SslHmacChannelAuthenticator::CheckDone(bool* callback_called) {
431 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) { 430 if (auth_write_buf_.get() == nullptr && auth_read_buf_.get() == nullptr) {
432 DCHECK(socket_.get() != nullptr); 431 DCHECK(socket_.get() != nullptr);
433 if (callback_called) 432 if (callback_called)
434 *callback_called = true; 433 *callback_called = true;
435 434
436 base::ResetAndReturn(&done_callback_) 435 base::ResetAndReturn(&done_callback_)
437 .Run(net::OK, make_scoped_ptr(new P2PStreamSocketAdapter( 436 .Run(net::OK, base::WrapUnique(new P2PStreamSocketAdapter(
438 std::move(socket_), std::move(server_context_)))); 437 std::move(socket_), std::move(server_context_))));
439 } 438 }
440 } 439 }
441 440
442 void SslHmacChannelAuthenticator::NotifyError(int error) { 441 void SslHmacChannelAuthenticator::NotifyError(int error) {
443 base::ResetAndReturn(&done_callback_).Run(error, nullptr); 442 base::ResetAndReturn(&done_callback_).Run(error, nullptr);
444 } 443 }
445 444
446 } // namespace protocol 445 } // namespace protocol
447 } // namespace remoting 446 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | remoting/protocol/ssl_hmac_channel_authenticator_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698