Chromium Code Reviews Chromium Code Reviews
Issue 76403004:
An implementation of chrome.socket.secure(). (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/extensions/api/socket/tls_socket.h" | |
| 6 | |
| 7 #include "base/callback_helpers.h" | |
| 8 #include "base/logging.h" | |
| 9 #include "chrome/browser/extensions/api/api_resource.h" | |
| 10 #include "net/base/address_list.h" | |
| 11 #include "net/base/ip_endpoint.h" | |
| 12 #include "net/base/net_errors.h" | |
| 13 #include "net/base/rand_callback.h" | |
| 14 #include "net/socket/client_socket_factory.h" | |
| 15 #include "net/socket/client_socket_handle.h" | |
| 16 #include "net/socket/tcp_client_socket.h" | |
| 17 #include "net/url_request/url_request_context.h" | |
| 18 #include "net/url_request/url_request_context_getter.h" | |
| 19 | |
| 20 namespace { | |
| 21 | |
| 22 // Returns the SSL protocol version (as a uint16) represented by a string. | |
| 23 // Returns 0 if the string is invalid. Pulled from | |
| 24 // chrome/browser/net/ssl_config_service_manager_pref.cc. | |
| 25 uint16 SSLProtocolVersionFromString(const std::string& version_str) { | |
| 26 uint16 version = 0; // Invalid. | |
| 27 if (version_str == "ssl3") { | |
| 28 version = net::SSL_PROTOCOL_VERSION_SSL3; | |
| 29 } else if (version_str == "tls1") { | |
| 30 version = net::SSL_PROTOCOL_VERSION_TLS1; | |
| 31 } else if (version_str == "tls1.1") { | |
| 32 version = net::SSL_PROTOCOL_VERSION_TLS1_1; | |
| 33 } else if (version_str == "tls1.2") { | |
| 34 version = net::SSL_PROTOCOL_VERSION_TLS1_2; | |
| 35 } | |
| 36 return version; | |
| 37 } | |
| 38 | |
| 39 } // namespace | |
| 40 | |
| 41 namespace extensions { | |
| 42 | |
| 43 const char kTLSSocketTypeInvalidError[] = | |
| 44 "Cannot listen on a socket that's already connected."; | |
| 45 | |
| 46 TLSSocket::TLSSocket(net::StreamSocket* tls_socket, | |
| 47 const std::string& owner_extension_id) | |
| 48 : ResumableTCPSocket(owner_extension_id), | |
| 49 tls_socket_(tls_socket) { | |
| 50 } | |
| 51 | |
| 52 TLSSocket::~TLSSocket() { | |
| 53 Disconnect(); | |
| 54 } | |
| 55 | |
| 56 void TLSSocket::Connect(const std::string& address, | |
| 57 int port, | |
| 58 const CompletionCallback& callback) { | |
| 59 callback.Run(net::ERR_CONNECTION_FAILED); | |
| 60 } | |
| 61 | |
| 62 void TLSSocket::Disconnect() { | |
| 63 if (tls_socket_) { | |
| 64 tls_socket_->Disconnect(); | |
| 65 tls_socket_.reset(); | |
| 66 } | |
| 67 } | |
| 68 | |
| 69 void TLSSocket::Read(int count, | |
| 70 const ReadCompletionCallback& callback) { | |
| 71 DCHECK(!callback.is_null()); | |
| 72 | |
| 73 if (!read_callback_.is_null()) { | |
| 74 callback.Run(net::ERR_IO_PENDING, NULL); | |
| 75 return; | |
| 76 } | |
| 77 | |
| 78 if (count <= 0) { | |
| 79 callback.Run(net::ERR_INVALID_ARGUMENT, NULL); | |
| 80 return; | |
| 81 } | |
| 82 | |
| 83 if (!tls_socket_.get() || !IsConnected()) { | |
| 84 callback.Run(net::ERR_SOCKET_NOT_CONNECTED, NULL); | |
| 85 return; | |
| 86 } | |
| 87 | |
| 88 read_callback_ = callback; | |
| 89 scoped_refptr<net::IOBuffer> io_buffer = new net::IOBuffer(count); | |
| 90 int result = tls_socket_->Read( | |
| 91 io_buffer.get(), count, base::Bind(&TLSSocket::OnReadComplete, | |
| 92 base::Unretained(this), | |
| 93 io_buffer)); | |
| 94 | |
| 95 if (result != net::ERR_IO_PENDING) | |
| 96 OnReadComplete(io_buffer, result); | |
| 97 } | |
| 98 | |
| 99 void TLSSocket::OnReadComplete(const scoped_refptr<net::IOBuffer>& io_buffer, | |
| 100 int result) { | |
| 101 DCHECK(!read_callback_.is_null()); | |
| 102 base::ResetAndReturn(&read_callback_).Run(result, io_buffer); | |
| 103 } | |
| 104 | |
| 105 int TLSSocket::WriteImpl(net::IOBuffer* io_buffer, | |
| 106 int io_buffer_size, | |
| 107 const net::CompletionCallback& callback) { | |
| 108 if (!IsConnected()) | |
| 109 return net::ERR_SOCKET_NOT_CONNECTED; | |
| 110 else | |
|
Ryan Sleevi
2014/01/14 01:32:06
style: delete the else here.
("Don't use else aft
lally
2014/01/29 23:57:45
Done.
| |
| 111 return tls_socket_->Write(io_buffer, io_buffer_size, callback); | |
| 112 } | |
| 113 | |
| 114 bool TLSSocket::SetKeepAlive(bool enable, int delay) { | |
| 115 return false; | |
| 116 } | |
| 117 | |
| 118 bool TLSSocket::SetNoDelay(bool no_delay) { | |
| 119 return false; | |
| 120 } | |
| 121 | |
| 122 int TLSSocket::Listen(const std::string& address, | |
| 123 int port, | |
| 124 int backlog, | |
| 125 std::string* error_msg) { | |
| 126 *error_msg = kTLSSocketTypeInvalidError; | |
| 127 return net::ERR_NOT_IMPLEMENTED; | |
| 128 } | |
| 129 | |
| 130 void TLSSocket::Accept(const AcceptCompletionCallback &callback) { | |
| 131 callback.Run(net::ERR_FAILED, NULL); | |
| 132 } | |
| 133 | |
| 134 bool TLSSocket::IsConnected() { | |
| 135 return tls_socket_.get() && tls_socket_->IsConnected(); | |
| 136 } | |
| 137 | |
| 138 bool TLSSocket::GetPeerAddress(net::IPEndPoint* address) { | |
| 139 return IsConnected() && tls_socket_->GetPeerAddress(address); | |
| 140 } | |
| 141 | |
| 142 bool TLSSocket::GetLocalAddress(net::IPEndPoint* address) { | |
| 143 return IsConnected() && tls_socket_->GetLocalAddress(address); | |
| 144 } | |
| 145 | |
| 146 Socket::SocketType TLSSocket::GetSocketType() const { | |
| 147 return Socket::TYPE_TLS; | |
| 148 } | |
| 149 | |
| 150 // static | |
| 151 void TLSSocket::UpgradeSocketToTLS( | |
| 152 Socket* socket, | |
| 153 Profile* profile, | |
| 154 net::URLRequestContextGetter* url_request_getter, | |
| 155 const std::string& extension_id, | |
| 156 api::socket::SecureOptions* options, | |
| 157 const SecureCallback& callback) { | |
| 158 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); | |
| 159 DCHECK(profile); | |
| 160 | |
| 161 TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket); | |
| 162 | |
| 163 if (!tcp_socket || tcp_socket->GetSocketType() != Socket::TYPE_TCP || | |
| 164 tcp_socket->ClientStream() == NULL || !tcp_socket->IsConnected()) { | |
|
Ryan Sleevi
2014/01/14 01:32:06
style: A bit odd to see !tcp_socket but then "tcp_
lally
2014/01/29 23:57:45
Done.
| |
| 165 DVLOG(1) << "UpgradeSocketToTLS(): failing before trying. socket is " | |
| 166 << tcp_socket << ", type is " << tcp_socket->GetSocketType() | |
| 167 << ", client_stream is " << tcp_socket->ClientStream() | |
| 168 << ", and socket IsConnected: " << tcp_socket->IsConnected(); | |
| 169 TlsConnectDone(NULL, extension_id, callback, net::ERR_INVALID_ARGUMENT); | |
| 170 return; | |
| 171 } | |
| 172 | |
| 173 net::IPEndPoint dest_host_port_pair; | |
| 174 if (!tcp_socket->GetPeerAddress(&dest_host_port_pair)) { | |
| 175 DVLOG(1) << "UpgradeSocketToTLS(): could not get peer address."; | |
| 176 TlsConnectDone(NULL, extension_id, callback, net::ERR_INVALID_ARGUMENT); | |
| 177 return; | |
| 178 } | |
| 179 | |
| 180 net::HostPortPair host_and_port(tcp_socket->hostname(), | |
| 181 dest_host_port_pair.port()); | |
| 182 | |
| 183 // Modeled after P2PSocketHostTcpBase::StartTls() | |
| 184 scoped_ptr<net::ClientSocketHandle> socket_handle( | |
| 185 new net::ClientSocketHandle()); | |
| 186 | |
| 187 // Set the socket handle to the socket's client stream (that should be the | |
| 188 // only one active here). Then have the old socket release ownership on of | |
|
Ryan Sleevi
2014/01/14 01:32:06
nit: extra space here ;)
lally
2014/01/29 23:57:45
Done.
| |
| 189 // that client stream. | |
| 190 socket_handle->SetSocket(scoped_ptr<net::StreamSocket>( | |
| 191 tcp_socket->ClientStream())); | |
| 192 tcp_socket->Release(); | |
| 193 | |
| 194 net::URLRequestContext* url_context = | |
| 195 url_request_getter->GetURLRequestContext(); | |
| 196 DCHECK(url_context); | |
| 197 | |
| 198 net::SSLClientSocketContext context; | |
| 199 context.cert_verifier = url_context->cert_verifier(); | |
| 200 context.transport_security_state = url_context->transport_security_state(); | |
| 201 DCHECK(context.transport_security_state); | |
| 202 | |
| 203 // Fill in the SSL socket params. | |
| 204 net::SSLConfig ssl_config; | |
| 205 profile->GetSSLConfigService()->GetSSLConfig(&ssl_config); | |
| 206 if (options && options->tls_version.get()) { | |
| 207 uint16 version_min = 0, version_max = 0; | |
| 208 api::socket::TLSVersionConstraints* versions = options->tls_version.get(); | |
| 209 if (versions->min.get()) { | |
| 210 version_min = SSLProtocolVersionFromString(*versions->min.get()); | |
| 211 } | |
| 212 if (versions->max.get()) { | |
| 213 version_max = SSLProtocolVersionFromString(*versions->max.get()); | |
| 214 } | |
| 215 if (version_min) { | |
| 216 ssl_config.version_min = version_min; | |
| 217 } | |
| 218 if (version_max) { | |
| 219 ssl_config.version_max = version_max; | |
| 220 } | |
| 221 } | |
| 222 net::ClientSocketFactory* socket_factory = | |
| 223 net::ClientSocketFactory::GetDefaultFactory(); | |
| 224 | |
| 225 // Create the socket. | |
| 226 net::SSLClientSocket* ssl_socket = socket_factory->CreateSSLClientSocket( | |
| 227 socket_handle.Pass(), host_and_port, ssl_config, context).release(); | |
| 228 | |
| 229 DVLOG(1) << "UpgradeSocketToTLS: Attempting to connect to " | |
| 230 << tcp_socket->hostname() << ":" | |
| 231 << dest_host_port_pair.port(); | |
| 232 // Try establish a TLS connection. Pass ownership of ssl_socket to | |
| 233 // TlsConnectDone, which will pass it on to the callback. | |
| 234 int status = ssl_socket->Connect( | |
| 235 base::Bind(&TLSSocket::TlsConnectDone, ssl_socket, extension_id, | |
| 236 callback)); | |
| 237 | |
| 238 // Connect failed, and won't call the callback. Call it now. | |
| 239 if (status != net::ERR_IO_PENDING) { | |
| 240 // Note: this can't recurse -- if 'socket' is already a connected | |
| 241 // TLSSocket, it will return TYPE_TLS instead of TYPE_TCP, failing before | |
| 242 // we get here. If the connection failed, the socket is closed below | |
| 243 // before the callback. If the caller tries to recurse into another | |
| 244 // secure() call, they must have either created a prior socket to try, or | |
| 245 // will have to go through an asynchronous Connect() call first. | |
| 246 DVLOG(1) << "UpgradeSocketToTLS: Status is not IO-pending: " | |
| 247 << net::ErrorToString(status); | |
| 248 TlsConnectDone(ssl_socket, extension_id, callback, status); | |
| 249 } | |
| 250 } | |
| 251 | |
| 252 // static | |
| 253 void TLSSocket::TlsConnectDone(net::SSLClientSocket* ssl_socket, | |
|
Ryan Sleevi
2014/01/14 01:32:06
use scoped_ptr<net::SSLClientSocket> to indicate t
lally
2014/01/29 23:57:45
I tried that, and ended up punting. The issue is
| |
| 254 const std::string& extension_id, | |
| 255 const SecureCallback& callback, | |
| 256 int result) { | |
| 257 DVLOG(1) << "TLSSocket::TlsConnectDone(): got back result " | |
| 258 << result << " (" << net::ErrorToString(result) << ")"; | |
| 259 | |
| 260 // No matter how the TLS connection attempt went, the underlying socket's | |
| 261 // no longer bound to the original TCPSocket. It belongs to ssl_socket_, | |
| 262 // which is promoted here to a new API-accessible socket (via a TLSSocket | |
| 263 // wrapper) or deleted. | |
| 264 if (result != net::OK) { | |
| 265 // Failed TLS connection. This will delete the underlying TCPClientSocket. | |
| 266 delete ssl_socket; | |
| 267 callback.Run(NULL, result); | |
| 268 return; | |
| 269 }; | |
| 270 | |
| 271 // Wrap the StreamSocket in a TLSSocket (which matches the extension socket | |
| 272 // API). Set the handle of the socket to the new value, so that it can be | |
| 273 // used for read/write/close/etc. | |
| 274 TLSSocket* wrapper = new TLSSocket(ssl_socket, extension_id); | |
| 275 | |
| 276 // Caller will end up deleting the prior TCPSocket, once it calls | |
| 277 // SetSocket(..,wrapper). | |
| 278 callback.Run(wrapper, result); | |
| 279 } | |
| 280 | |
| 281 } // namespace extensions | |
| OLD | NEW |
