OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ |
7 | 7 |
8 #include <openssl/base.h> | 8 #include <openssl/base.h> |
9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
10 #include <stddef.h> | 10 #include <stddef.h> |
(...skipping 26 matching lines...) Expand all Loading... |
37 class SequencedTaskRunner; | 37 class SequencedTaskRunner; |
38 } | 38 } |
39 | 39 |
40 namespace net { | 40 namespace net { |
41 | 41 |
42 class CertVerifier; | 42 class CertVerifier; |
43 class CTVerifier; | 43 class CTVerifier; |
44 class SSLCertRequestInfo; | 44 class SSLCertRequestInfo; |
45 class SSLInfo; | 45 class SSLInfo; |
46 | 46 |
47 using SignedEkmMap = base::MRUCache<std::string, std::vector<uint8_t>>; | 47 using TokenBindingSignatureMap = |
| 48 base::MRUCache<std::pair<TokenBindingType, std::string>, |
| 49 std::vector<uint8_t>>; |
48 | 50 |
49 class SSLClientSocketImpl : public SSLClientSocket { | 51 class SSLClientSocketImpl : public SSLClientSocket { |
50 public: | 52 public: |
51 // Takes ownership of the transport_socket, which may already be connected. | 53 // Takes ownership of the transport_socket, which may already be connected. |
52 // The given hostname will be compared with the name(s) in the server's | 54 // The given hostname will be compared with the name(s) in the server's |
53 // certificate during the SSL handshake. ssl_config specifies the SSL | 55 // certificate during the SSL handshake. ssl_config specifies the SSL |
54 // settings. | 56 // settings. |
55 SSLClientSocketImpl(std::unique_ptr<ClientSocketHandle> transport_socket, | 57 SSLClientSocketImpl(std::unique_ptr<ClientSocketHandle> transport_socket, |
56 const HostPortPair& host_and_port, | 58 const HostPortPair& host_and_port, |
57 const SSLConfig& ssl_config, | 59 const SSLConfig& ssl_config, |
58 const SSLClientSocketContext& context); | 60 const SSLClientSocketContext& context); |
59 ~SSLClientSocketImpl() override; | 61 ~SSLClientSocketImpl() override; |
60 | 62 |
61 const HostPortPair& host_and_port() const { return host_and_port_; } | 63 const HostPortPair& host_and_port() const { return host_and_port_; } |
62 const std::string& ssl_session_cache_shard() const { | 64 const std::string& ssl_session_cache_shard() const { |
63 return ssl_session_cache_shard_; | 65 return ssl_session_cache_shard_; |
64 } | 66 } |
65 | 67 |
66 #if !defined(OS_NACL) | 68 #if !defined(OS_NACL) |
67 // Log SSL key material to |path| on |task_runner|. Must be called before any | 69 // Log SSL key material to |path| on |task_runner|. Must be called before any |
68 // SSLClientSockets are created. | 70 // SSLClientSockets are created. |
69 static void SetSSLKeyLogFile( | 71 static void SetSSLKeyLogFile( |
70 const base::FilePath& path, | 72 const base::FilePath& path, |
71 const scoped_refptr<base::SequencedTaskRunner>& task_runner); | 73 const scoped_refptr<base::SequencedTaskRunner>& task_runner); |
72 #endif | 74 #endif |
73 | 75 |
74 // SSLClientSocket implementation. | 76 // SSLClientSocket implementation. |
75 void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override; | 77 void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info) override; |
76 ChannelIDService* GetChannelIDService() const override; | 78 ChannelIDService* GetChannelIDService() const override; |
77 Error GetSignedEKMForTokenBinding(crypto::ECPrivateKey* key, | 79 Error GetTokenBindingSignature(crypto::ECPrivateKey* key, |
78 std::vector<uint8_t>* out) override; | 80 TokenBindingType tb_type, |
| 81 std::vector<uint8_t>* out) override; |
79 crypto::ECPrivateKey* GetChannelIDKey() const override; | 82 crypto::ECPrivateKey* GetChannelIDKey() const override; |
80 | 83 |
81 // SSLSocket implementation. | 84 // SSLSocket implementation. |
82 int ExportKeyingMaterial(const base::StringPiece& label, | 85 int ExportKeyingMaterial(const base::StringPiece& label, |
83 bool has_context, | 86 bool has_context, |
84 const base::StringPiece& context, | 87 const base::StringPiece& context, |
85 unsigned char* out, | 88 unsigned char* out, |
86 unsigned int outlen) override; | 89 unsigned int outlen) override; |
87 | 90 |
88 // StreamSocket implementation. | 91 // StreamSocket implementation. |
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
312 base::TimeTicks start_cert_verification_time_; | 315 base::TimeTicks start_cert_verification_time_; |
313 | 316 |
314 // Certificate Transparency: Verifier and result holder. | 317 // Certificate Transparency: Verifier and result holder. |
315 ct::CTVerifyResult ct_verify_result_; | 318 ct::CTVerifyResult ct_verify_result_; |
316 CTVerifier* cert_transparency_verifier_; | 319 CTVerifier* cert_transparency_verifier_; |
317 | 320 |
318 // The service for retrieving Channel ID keys. May be NULL. | 321 // The service for retrieving Channel ID keys. May be NULL. |
319 ChannelIDService* channel_id_service_; | 322 ChannelIDService* channel_id_service_; |
320 bool tb_was_negotiated_; | 323 bool tb_was_negotiated_; |
321 TokenBindingParam tb_negotiated_param_; | 324 TokenBindingParam tb_negotiated_param_; |
322 SignedEkmMap tb_signed_ekm_map_; | 325 TokenBindingSignatureMap tb_signature_map_; |
323 | 326 |
324 // OpenSSL stuff | 327 // OpenSSL stuff |
325 SSL* ssl_; | 328 SSL* ssl_; |
326 BIO* transport_bio_; | 329 BIO* transport_bio_; |
327 | 330 |
328 std::unique_ptr<ClientSocketHandle> transport_; | 331 std::unique_ptr<ClientSocketHandle> transport_; |
329 const HostPortPair host_and_port_; | 332 const HostPortPair host_and_port_; |
330 SSLConfig ssl_config_; | 333 SSLConfig ssl_config_; |
331 // ssl_session_cache_shard_ is an opaque string that partitions the SSL | 334 // ssl_session_cache_shard_ is an opaque string that partitions the SSL |
332 // session cache. i.e. sessions created with one value will not attempt to | 335 // session cache. i.e. sessions created with one value will not attempt to |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
375 // True if PKP is bypassed due to a local trust anchor. | 378 // True if PKP is bypassed due to a local trust anchor. |
376 bool pkp_bypassed_; | 379 bool pkp_bypassed_; |
377 | 380 |
378 BoundNetLog net_log_; | 381 BoundNetLog net_log_; |
379 base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_; | 382 base::WeakPtrFactory<SSLClientSocketImpl> weak_factory_; |
380 }; | 383 }; |
381 | 384 |
382 } // namespace net | 385 } // namespace net |
383 | 386 |
384 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ | 387 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_IMPL_H_ |
OLD | NEW |