Chromium Code Reviews Chromium Code Reviews
Issue 22452002:
Adding TLS support to the TCP Client sockets. (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" | 5 #include "content/browser/renderer_host/p2p/socket_host_tcp.h" |
| 6 | 6 |
| 7 #include "base/sys_byteorder.h" | 7 #include "base/sys_byteorder.h" |
| 8 #include "content/common/p2p_messages.h" | 8 #include "content/common/p2p_messages.h" |
| 9 #include "ipc/ipc_sender.h" | 9 #include "ipc/ipc_sender.h" |
| 10 #include "jingle/glue/fake_ssl_client_socket.h" | 10 #include "jingle/glue/fake_ssl_client_socket.h" |
| 11 #include "jingle/glue/proxy_resolving_client_socket.h" | 11 #include "jingle/glue/proxy_resolving_client_socket.h" |
| 12 #include "net/base/io_buffer.h" | 12 #include "net/base/io_buffer.h" |
| 13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 14 #include "net/base/net_util.h" | 14 #include "net/base/net_util.h" |
| 15 #include "net/socket/client_socket_factory.h" | |
| 16 #include "net/socket/client_socket_handle.h" | |
| 17 #include "net/socket/ssl_client_socket.h" | |
| 15 #include "net/socket/tcp_client_socket.h" | 18 #include "net/socket/tcp_client_socket.h" |
| 19 #include "net/url_request/url_request_context.h" | |
| 16 #include "net/url_request/url_request_context_getter.h" | 20 #include "net/url_request/url_request_context_getter.h" |
| 17 | 21 |
| 18 namespace { | 22 namespace { |
| 19 | 23 |
| 20 typedef uint16 PacketLength; | 24 typedef uint16 PacketLength; |
| 21 const int kPacketHeaderSize = sizeof(PacketLength); | 25 const int kPacketHeaderSize = sizeof(PacketLength); |
| 22 const int kReadBufferSize = 4096; | 26 const int kReadBufferSize = 4096; |
| 23 const int kPacketLengthOffset = 2; | 27 const int kPacketLengthOffset = 2; |
| 24 const int kTurnChannelDataHeaderSize = 4; | 28 const int kTurnChannelDataHeaderSize = 4; |
| 25 | 29 |
| 26 bool IsSslClientSocket(content::P2PSocketType type) { | 30 bool IsTlsClientSocket(content::P2PSocketType type) { |
| 31 return (type == content::P2P_SOCKET_STUN_TLS_CLIENT || | |
| 32 type == content::P2P_SOCKET_TLS_CLIENT); | |
| 33 } | |
| 34 | |
| 35 bool IsPseudoTlsClientSocket(content::P2PSocketType type) { | |
| 27 return (type == content::P2P_SOCKET_SSLTCP_CLIENT || | 36 return (type == content::P2P_SOCKET_SSLTCP_CLIENT || |
| 28 type == content::P2P_SOCKET_STUN_SSLTCP_CLIENT); | 37 type == content::P2P_SOCKET_STUN_SSLTCP_CLIENT); |
| 29 } | 38 } |
| 30 | 39 |
| 31 } // namespace | 40 } // namespace |
| 32 | 41 |
| 33 namespace content { | 42 namespace content { |
| 34 | 43 |
| 35 P2PSocketHostTcpBase::P2PSocketHostTcpBase( | 44 P2PSocketHostTcpBase::P2PSocketHostTcpBase( |
| 36 IPC::Sender* message_sender, int id, | 45 IPC::Sender* message_sender, int id, |
| 37 P2PSocketType type, net::URLRequestContextGetter* url_context) | 46 P2PSocketType type, net::URLRequestContextGetter* url_context) |
| 38 : P2PSocketHost(message_sender, id), | 47 : P2PSocketHost(message_sender, id), |
| 39 write_pending_(false), | 48 write_pending_(false), |
| 40 connected_(false), | 49 connected_(false), |
| 41 type_(type), | 50 type_(type), |
| 42 url_context_(url_context) { | 51 url_context_(url_context) { |
| 43 } | 52 } |
| 44 | 53 |
| 45 P2PSocketHostTcpBase::~P2PSocketHostTcpBase() { | 54 P2PSocketHostTcpBase::~P2PSocketHostTcpBase() { |
| 46 if (state_ == STATE_OPEN) { | 55 if (state_ == STATE_OPEN) { |
| 47 DCHECK(socket_.get()); | 56 DCHECK(socket_.get()); |
| 48 socket_.reset(); | 57 socket_.reset(); |
| 49 } | 58 } |
| 50 } | 59 } |
| 51 | 60 |
| 61 bool P2PSocketHostTcpBase::IsOpen() const { | |
| 62 return (state_ == STATE_OPEN) || (state_ == STATE_TLS_OPEN); | |
| 63 } | |
| 64 | |
| 52 bool P2PSocketHostTcpBase::InitAccepted(const net::IPEndPoint& remote_address, | 65 bool P2PSocketHostTcpBase::InitAccepted(const net::IPEndPoint& remote_address, |
| 53 net::StreamSocket* socket) { | 66 net::StreamSocket* socket) { |
| 54 DCHECK(socket); | 67 DCHECK(socket); |
| 55 DCHECK_EQ(state_, STATE_UNINITIALIZED); | 68 DCHECK_EQ(state_, STATE_UNINITIALIZED); |
| 56 | 69 |
| 57 remote_address_ = remote_address; | 70 remote_address_ = remote_address; |
| 58 // TODO(ronghuawu): Add FakeSSLServerSocket. | 71 // TODO(ronghuawu): Add FakeSSLServerSocket. |
| 59 socket_.reset(socket); | 72 socket_.reset(socket); |
| 60 state_ = STATE_OPEN; | 73 state_ = STATE_OPEN; |
| 61 DoRead(); | 74 DoRead(); |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 75 // find a way to inject this into ProxyResolvingClientSocket. This could be | 88 // find a way to inject this into ProxyResolvingClientSocket. This could be |
| 76 // a problem on multi-homed host. | 89 // a problem on multi-homed host. |
| 77 | 90 |
| 78 // The default SSLConfig is good enough for us for now. | 91 // The default SSLConfig is good enough for us for now. |
| 79 const net::SSLConfig ssl_config; | 92 const net::SSLConfig ssl_config; |
| 80 socket_.reset(new jingle_glue::ProxyResolvingClientSocket( | 93 socket_.reset(new jingle_glue::ProxyResolvingClientSocket( |
| 81 NULL, // Default socket pool provided by the net::Proxy. | 94 NULL, // Default socket pool provided by the net::Proxy. |
| 82 url_context_, | 95 url_context_, |
| 83 ssl_config, | 96 ssl_config, |
| 84 dest_host_port_pair)); | 97 dest_host_port_pair)); |
| 85 if (IsSslClientSocket(type_)) { | |
| 86 socket_.reset(new jingle_glue::FakeSSLClientSocket(socket_.release())); | |
| 87 } | |
| 88 | 98 |
| 89 int status = socket_->Connect( | 99 int status = socket_->Connect( |
| 90 base::Bind(&P2PSocketHostTcpBase::OnConnected, | 100 base::Bind(&P2PSocketHostTcpBase::OnConnected, |
| 91 base::Unretained(this))); | 101 base::Unretained(this))); |
| 92 if (status != net::ERR_IO_PENDING) { | 102 if (status != net::ERR_IO_PENDING) { |
| 93 // We defer execution of ProcessConnectDone instead of calling it | 103 // We defer execution of ProcessConnectDone instead of calling it |
| 94 // directly here as the caller may not expect an error/close to | 104 // directly here as the caller may not expect an error/close to |
| 95 // happen here. This is okay, as from the caller's point of view, | 105 // happen here. This is okay, as from the caller's point of view, |
| 96 // the connect always happens asynchronously. | 106 // the connect always happens asynchronously. |
| 97 base::MessageLoop* message_loop = base::MessageLoop::current(); | 107 base::MessageLoop* message_loop = base::MessageLoop::current(); |
| 98 CHECK(message_loop); | 108 CHECK(message_loop); |
| 99 message_loop->PostTask( | 109 message_loop->PostTask( |
| 100 FROM_HERE, | 110 FROM_HERE, |
| 101 base::Bind(&P2PSocketHostTcpBase::OnConnected, | 111 base::Bind(&P2PSocketHostTcpBase::OnConnected, |
| 102 base::Unretained(this), status)); | 112 base::Unretained(this), status)); |
| 103 } | 113 } |
| 104 | 114 |
| 105 return state_ != STATE_ERROR; | 115 return state_ != STATE_ERROR; |
| 106 } | 116 } |
| 107 | 117 |
| 108 void P2PSocketHostTcpBase::OnError() { | 118 void P2PSocketHostTcpBase::OnError() { |
| 109 socket_.reset(); | 119 socket_.reset(); |
| 110 | 120 |
| 111 if (state_ == STATE_UNINITIALIZED || state_ == STATE_CONNECTING || | 121 if (state_ == STATE_UNINITIALIZED || state_ == STATE_CONNECTING || |
| 112 state_ == STATE_OPEN) { | 122 state_ == STATE_OPEN || state_ == STATE_TLS_CONNECTING || |
| 123 state_ == STATE_TLS_OPEN) { | |
| 113 message_sender_->Send(new P2PMsg_OnError(id_)); | 124 message_sender_->Send(new P2PMsg_OnError(id_)); |
| 114 } | 125 } |
| 115 | 126 |
| 116 state_ = STATE_ERROR; | 127 state_ = STATE_ERROR; |
| 117 } | 128 } |
| 118 | 129 |
| 119 void P2PSocketHostTcpBase::OnConnected(int result) { | 130 void P2PSocketHostTcpBase::OnConnected(int result) { |
| 120 DCHECK_EQ(state_, STATE_CONNECTING); | 131 DCHECK_EQ(state_, STATE_CONNECTING); |
| 121 DCHECK_NE(result, net::ERR_IO_PENDING); | 132 DCHECK_NE(result, net::ERR_IO_PENDING); |
| 122 | 133 |
| 123 if (result != net::OK) { | 134 if (result != net::OK) { |
| 124 OnError(); | 135 OnError(); |
| 125 return; | 136 return; |
| 126 } | 137 } |
| 127 | 138 |
| 139 state_ = STATE_OPEN; | |
| 140 | |
| 141 if (IsTlsClientSocket(type_)) { | |
| 142 return StartTls(); | |
| 143 } else if (IsPseudoTlsClientSocket(type_)) { | |
| 144 socket_.reset(new jingle_glue::FakeSSLClientSocket(socket_.release())); | |
| 145 } | |
| 146 | |
| 128 net::IPEndPoint address; | 147 net::IPEndPoint address; |
| 129 result = socket_->GetLocalAddress(&address); | 148 result = socket_->GetLocalAddress(&address); |
| 130 if (result < 0) { | 149 if (result < 0) { |
| 131 LOG(ERROR) << "P2PSocket::Init(): unable to get local address: " | 150 LOG(ERROR) << "P2PSocketHostTcpBase::OnConnected: unable to get local" |
| 132 << result; | 151 << " address: " << result; |
| 133 OnError(); | 152 OnError(); |
| 134 return; | 153 return; |
| 135 } | 154 } |
| 136 | 155 |
| 137 VLOG(1) << "Local address: " << address.ToString(); | 156 VLOG(1) << "Local address: " << address.ToString(); |
| 138 state_ = STATE_OPEN; | 157 |
| 158 // If we are not going TLS, we are ready to send data now. | |
| 159 // In case of TLS SignalConnect will be sent only after TLS handshake is | |
| 160 // successfull. So no buffering will be done at socket handlers if any | |
| 161 // packets sent before that by the application. | |
| 162 message_sender_->Send(new P2PMsg_OnSocketCreated(id_, address)); | |
| 163 DoRead(); | |
| 164 } | |
| 165 | |
| 166 void P2PSocketHostTcpBase::StartTls() { | |
| 167 if (state_ != STATE_OPEN) { | |
| 168 LOG(DFATAL) << "StartTls() called in wrong state"; | |
| 169 return; | |
| 170 } | |
| 171 | |
| 172 state_ = STATE_TLS_CONNECTING; | |
| 173 DCHECK(socket_.get()); | |
| 174 | |
| 175 scoped_ptr<net::ClientSocketHandle> socket_handle( | |
| 176 new net::ClientSocketHandle()); | |
| 177 socket_handle->set_socket(socket_.release()); | |
| 178 | |
| 179 net::SSLClientSocketContext context; | |
| 180 context.cert_verifier = url_context_->GetURLRequestContext()->cert_verifier(); | |
| 181 context.transport_security_state = | |
| 182 url_context_->GetURLRequestContext()->transport_security_state(); | |
| 183 DCHECK(context.transport_security_state); | |
| 184 | |
| 185 // Default ssl config. | |
| 186 const net::SSLConfig ssl_config; | |
| 187 net::HostPortPair dest_host_port_pair = | |
| 188 net::HostPortPair::FromIPEndPoint(remote_address_); | |
| 189 net::ClientSocketFactory* socket_factory = | |
| 190 net::ClientSocketFactory::GetDefaultFactory(); | |
| 191 DCHECK(socket_factory); | |
| 192 | |
| 193 socket_.reset(socket_factory->CreateSSLClientSocket( | |
| 194 socket_handle.release(), dest_host_port_pair, ssl_config, context)); | |
| 195 int status = socket_->Connect( | |
| 196 base::Bind(&P2PSocketHostTcpBase::ProcessSSLConnectDone, | |
| 197 base::Unretained(this))); | |
| 198 if (status != net::ERR_IO_PENDING) { | |
| 199 base::MessageLoop* message_loop = base::MessageLoop::current(); | |
| 200 CHECK(message_loop); | |
| 201 message_loop->PostTask( | |
| 202 FROM_HERE, | |
| 203 base::Bind(&P2PSocketHostTcpBase::ProcessSSLConnectDone, | |
| 204 base::Unretained(this), status)); | |
| 205 } | |
| 206 return; | |
| 207 } | |
| 208 | |
| 209 void P2PSocketHostTcpBase::ProcessSSLConnectDone(int status) { | |
|
juberti2
2013/08/07 06:04:21
This code looks very similar to the code that is u
Mallinath (Gone from Chromium)
2013/08/07 23:48:19
Done.
| |
| 210 DCHECK_NE(status, net::ERR_IO_PENDING); | |
| 211 DCHECK_EQ(state_, STATE_TLS_CONNECTING); | |
| 212 if (status != net::OK) { | |
| 213 OnError(); | |
| 214 return; | |
| 215 } | |
| 216 | |
| 217 net::IPEndPoint address; | |
| 218 status = socket_->GetLocalAddress(&address); | |
| 219 if (status < 0) { | |
| 220 LOG(ERROR) << "P2PSocketHostTcpBase::ProcessSSLConnectDone: unable to get" | |
| 221 << " local address: " << status; | |
| 222 OnError(); | |
| 223 return; | |
| 224 } | |
| 225 | |
| 226 state_ = STATE_TLS_OPEN; | |
| 227 | |
| 139 message_sender_->Send(new P2PMsg_OnSocketCreated(id_, address)); | 228 message_sender_->Send(new P2PMsg_OnSocketCreated(id_, address)); |
| 140 DoRead(); | 229 DoRead(); |
| 141 } | 230 } |
| 142 | 231 |
| 143 void P2PSocketHostTcpBase::DoRead() { | 232 void P2PSocketHostTcpBase::DoRead() { |
| 144 int result; | 233 int result; |
| 145 do { | 234 do { |
| 146 if (!read_buffer_.get()) { | 235 if (!read_buffer_.get()) { |
| 147 read_buffer_ = new net::GrowableIOBuffer(); | 236 read_buffer_ = new net::GrowableIOBuffer(); |
| 148 read_buffer_->SetCapacity(kReadBufferSize); | 237 read_buffer_->SetCapacity(kReadBufferSize); |
| 149 } else if (read_buffer_->RemainingCapacity() < kReadBufferSize) { | 238 } else if (read_buffer_->RemainingCapacity() < kReadBufferSize) { |
| 150 // Make sure that we always have at least kReadBufferSize of | 239 // Make sure that we always have at least kReadBufferSize of |
| 151 // remaining capacity in the read buffer. Normally all packets | 240 // remaining capacity in the read buffer. Normally all packets |
| 152 // are smaller than kReadBufferSize, so this is not really | 241 // are smaller than kReadBufferSize, so this is not really |
| 153 // required. | 242 // required. |
| 154 read_buffer_->SetCapacity(read_buffer_->capacity() + kReadBufferSize - | 243 read_buffer_->SetCapacity(read_buffer_->capacity() + kReadBufferSize - |
| 155 read_buffer_->RemainingCapacity()); | 244 read_buffer_->RemainingCapacity()); |
| 156 } | 245 } |
| 157 result = socket_->Read( | 246 result = socket_->Read( |
| 158 read_buffer_.get(), | 247 read_buffer_.get(), |
| 159 read_buffer_->RemainingCapacity(), | 248 read_buffer_->RemainingCapacity(), |
| 160 base::Bind(&P2PSocketHostTcp::OnRead, base::Unretained(this))); | 249 base::Bind(&P2PSocketHostTcp::OnRead, base::Unretained(this))); |
| 161 DidCompleteRead(result); | 250 DidCompleteRead(result); |
| 162 } while (result > 0); | 251 } while (result > 0); |
| 163 } | 252 } |
| 164 | 253 |
| 165 void P2PSocketHostTcpBase::OnRead(int result) { | 254 void P2PSocketHostTcpBase::OnRead(int result) { |
| 166 DidCompleteRead(result); | 255 DidCompleteRead(result); |
| 167 if (state_ == STATE_OPEN) { | 256 if (IsOpen()) { |
| 168 DoRead(); | 257 DoRead(); |
| 169 } | 258 } |
| 170 } | 259 } |
| 171 | 260 |
| 172 void P2PSocketHostTcpBase::OnPacket(const std::vector<char>& data) { | 261 void P2PSocketHostTcpBase::OnPacket(const std::vector<char>& data) { |
| 173 if (!connected_) { | 262 if (!connected_) { |
| 174 P2PSocketHost::StunMessageType type; | 263 P2PSocketHost::StunMessageType type; |
| 175 bool stun = GetStunPacketType(&*data.begin(), data.size(), &type); | 264 bool stun = GetStunPacketType(&*data.begin(), data.size(), &type); |
| 176 if (stun && IsRequestOrResponse(type)) { | 265 if (stun && IsRequestOrResponse(type)) { |
| 177 connected_ = true; | 266 connected_ = true; |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 425 } else { | 514 } else { |
| 426 packet_size += kTurnChannelDataHeaderSize; | 515 packet_size += kTurnChannelDataHeaderSize; |
| 427 // Calculate any padding if present. | 516 // Calculate any padding if present. |
| 428 if (packet_size % 4) | 517 if (packet_size % 4) |
| 429 *pad_bytes = 4 - packet_size % 4; | 518 *pad_bytes = 4 - packet_size % 4; |
| 430 } | 519 } |
| 431 return packet_size; | 520 return packet_size; |
| 432 } | 521 } |
| 433 | 522 |
| 434 } // namespace content | 523 } // namespace content |
| OLD | NEW |
