Chromium Code Reviews Chromium Code Reviews
Issue 234023003:
Build remoting for PNaCl (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "crypto/secure_util.h" | 9 #include "crypto/secure_util.h" |
| 10 #include "net/base/host_port_pair.h" | 10 #include "net/base/host_port_pair.h" |
| 11 #include "net/base/io_buffer.h" | 11 #include "net/base/io_buffer.h" |
| 12 #include "net/base/net_errors.h" | 12 #include "net/base/net_errors.h" |
| 13 #include "net/cert/cert_verifier.h" | |
| 14 #include "net/cert/x509_certificate.h" | 13 #include "net/cert/x509_certificate.h" |
| 15 #include "net/http/transport_security_state.h" | 14 #include "net/http/transport_security_state.h" |
| 16 #include "net/socket/client_socket_factory.h" | 15 #include "net/socket/client_socket_factory.h" |
| 17 #include "net/socket/client_socket_handle.h" | 16 #include "net/socket/client_socket_handle.h" |
| 18 #include "net/socket/ssl_client_socket.h" | 17 #include "net/socket/ssl_client_socket.h" |
| 18 #include "net/socket/ssl_client_socket_openssl.h" | |
| 19 #include "net/socket/ssl_server_socket.h" | 19 #include "net/socket/ssl_server_socket.h" |
| 20 #include "net/ssl/ssl_config_service.h" | 20 #include "net/ssl/ssl_config_service.h" |
| 21 #include "remoting/base/rsa_key_pair.h" | 21 #include "remoting/base/rsa_key_pair.h" |
| 22 #include "remoting/protocol/auth_util.h" | 22 #include "remoting/protocol/auth_util.h" |
| 23 | 23 |
| 24 namespace remoting { | 24 namespace remoting { |
| 25 namespace protocol { | 25 namespace protocol { |
| 26 | 26 |
| 27 // static | 27 // static |
| 28 scoped_ptr<SslHmacChannelAuthenticator> | 28 scoped_ptr<SslHmacChannelAuthenticator> |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 57 | 57 |
| 58 void SslHmacChannelAuthenticator::SecureAndAuthenticate( | 58 void SslHmacChannelAuthenticator::SecureAndAuthenticate( |
| 59 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) { | 59 scoped_ptr<net::StreamSocket> socket, const DoneCallback& done_callback) { |
| 60 DCHECK(CalledOnValidThread()); | 60 DCHECK(CalledOnValidThread()); |
| 61 DCHECK(socket->IsConnected()); | 61 DCHECK(socket->IsConnected()); |
| 62 | 62 |
| 63 done_callback_ = done_callback; | 63 done_callback_ = done_callback; |
| 64 | 64 |
| 65 int result; | 65 int result; |
| 66 if (is_ssl_server()) { | 66 if (is_ssl_server()) { |
| 67 #if defined(OS_NACL) | |
| 68 // Client plugin uses only client SSL sockets. | |
|
Jamie
2014/04/14 22:23:42
s/Client plugin/NaCl client/?
Sergey Ulanov
2014/04/14 23:16:51
The comment is correct. Updated it to make it clea
| |
| 69 NOTREACHED(); | |
| 70 result = net::ERR_FAILED; | |
| 71 #else | |
| 67 scoped_refptr<net::X509Certificate> cert = | 72 scoped_refptr<net::X509Certificate> cert = |
| 68 net::X509Certificate::CreateFromBytes( | 73 net::X509Certificate::CreateFromBytes( |
| 69 local_cert_.data(), local_cert_.length()); | 74 local_cert_.data(), local_cert_.length()); |
| 70 if (!cert.get()) { | 75 if (!cert.get()) { |
| 71 LOG(ERROR) << "Failed to parse X509Certificate"; | 76 LOG(ERROR) << "Failed to parse X509Certificate"; |
| 72 NotifyError(net::ERR_FAILED); | 77 NotifyError(net::ERR_FAILED); |
| 73 return; | 78 return; |
| 74 } | 79 } |
| 75 | 80 |
| 76 net::SSLConfig ssl_config; | 81 net::SSLConfig ssl_config; |
| 77 ssl_config.require_forward_secrecy = true; | 82 ssl_config.require_forward_secrecy = true; |
| 78 | 83 |
| 79 scoped_ptr<net::SSLServerSocket> server_socket = | 84 scoped_ptr<net::SSLServerSocket> server_socket = |
| 80 net::CreateSSLServerSocket(socket.Pass(), | 85 net::CreateSSLServerSocket(socket.Pass(), |
| 81 cert.get(), | 86 cert.get(), |
| 82 local_key_pair_->private_key(), | 87 local_key_pair_->private_key(), |
| 83 ssl_config); | 88 ssl_config); |
| 84 net::SSLServerSocket* raw_server_socket = server_socket.get(); | 89 net::SSLServerSocket* raw_server_socket = server_socket.get(); |
| 85 socket_ = server_socket.Pass(); | 90 socket_ = server_socket.Pass(); |
| 86 result = raw_server_socket->Handshake( | 91 result = raw_server_socket->Handshake( |
| 87 base::Bind(&SslHmacChannelAuthenticator::OnConnected, | 92 base::Bind(&SslHmacChannelAuthenticator::OnConnected, |
| 88 base::Unretained(this))); | 93 base::Unretained(this))); |
| 94 #endif | |
| 89 } else { | 95 } else { |
| 90 cert_verifier_.reset(net::CertVerifier::CreateDefault()); | |
| 91 transport_security_state_.reset(new net::TransportSecurityState); | 96 transport_security_state_.reset(new net::TransportSecurityState); |
| 92 | 97 |
| 93 net::SSLConfig::CertAndStatus cert_and_status; | 98 net::SSLConfig::CertAndStatus cert_and_status; |
| 94 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; | 99 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; |
| 95 cert_and_status.der_cert = remote_cert_; | 100 cert_and_status.der_cert = remote_cert_; |
| 96 | 101 |
| 97 net::SSLConfig ssl_config; | 102 net::SSLConfig ssl_config; |
| 98 // Certificate verification and revocation checking are not needed | 103 // Certificate verification and revocation checking are not needed |
| 99 // because we use self-signed certs. Disable it so that the SSL | 104 // because we use self-signed certs. Disable it so that the SSL |
| 100 // layer doesn't try to initialize OCSP (OCSP works only on the IO | 105 // layer doesn't try to initialize OCSP (OCSP works only on the IO |
| 101 // thread). | 106 // thread). |
| 102 ssl_config.cert_io_enabled = false; | 107 ssl_config.cert_io_enabled = false; |
| 103 ssl_config.rev_checking_enabled = false; | 108 ssl_config.rev_checking_enabled = false; |
| 104 ssl_config.allowed_bad_certs.push_back(cert_and_status); | 109 ssl_config.allowed_bad_certs.push_back(cert_and_status); |
| 105 | 110 |
| 106 net::HostPortPair host_and_port(kSslFakeHostName, 0); | 111 net::HostPortPair host_and_port(kSslFakeHostName, 0); |
| 107 net::SSLClientSocketContext context; | 112 net::SSLClientSocketContext context; |
| 108 context.cert_verifier = cert_verifier_.get(); | 113 // Don't need cert verifier. |
| 114 context.cert_verifier = NULL; | |
| 109 context.transport_security_state = transport_security_state_.get(); | 115 context.transport_security_state = transport_security_state_.get(); |
| 110 scoped_ptr<net::ClientSocketHandle> connection(new net::ClientSocketHandle); | 116 scoped_ptr<net::ClientSocketHandle> socket_handle( |
| 111 connection->SetSocket(socket.Pass()); | 117 new net::ClientSocketHandle); |
| 118 socket_handle->SetSocket(socket.Pass()); | |
| 119 | |
| 120 #if defined(OS_NACL) | |
| 121 // net_nacl doesn't include ClientSocketFactory. | |
| 122 socket_.reset(new net::SSLClientSocketOpenSSL( | |
| 123 socket_handle.Pass(), host_and_port, ssl_config, context)); | |
| 124 #else | |
| 112 socket_ = | 125 socket_ = |
| 113 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( | 126 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( |
| 114 connection.Pass(), host_and_port, ssl_config, context); | 127 socket_handle.Pass(), host_and_port, ssl_config, context); |
| 128 #endif | |
| 115 | 129 |
| 116 result = socket_->Connect( | 130 result = socket_->Connect( |
| 117 base::Bind(&SslHmacChannelAuthenticator::OnConnected, | 131 base::Bind(&SslHmacChannelAuthenticator::OnConnected, |
| 118 base::Unretained(this))); | 132 base::Unretained(this))); |
| 119 } | 133 } |
| 120 | 134 |
| 121 if (result == net::ERR_IO_PENDING) | 135 if (result == net::ERR_IO_PENDING) |
| 122 return; | 136 return; |
| 123 | 137 |
| 124 OnConnected(result); | 138 OnConnected(result); |
| (...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 270 } | 284 } |
| 271 } | 285 } |
| 272 | 286 |
| 273 void SslHmacChannelAuthenticator::NotifyError(int error) { | 287 void SslHmacChannelAuthenticator::NotifyError(int error) { |
| 274 done_callback_.Run(static_cast<net::Error>(error), | 288 done_callback_.Run(static_cast<net::Error>(error), |
| 275 scoped_ptr<net::StreamSocket>()); | 289 scoped_ptr<net::StreamSocket>()); |
| 276 } | 290 } |
| 277 | 291 |
| 278 } // namespace protocol | 292 } // namespace protocol |
| 279 } // namespace remoting | 293 } // namespace remoting |
| OLD | NEW |
