Index: chrome/browser/extensions/api/socket/tls_socket.cc |
diff --git a/chrome/browser/extensions/api/socket/tls_socket.cc b/chrome/browser/extensions/api/socket/tls_socket.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..1e431f7095da5fc2f9902491989b722b26264f39 |
--- /dev/null |
+++ b/chrome/browser/extensions/api/socket/tls_socket.cc |
@@ -0,0 +1,281 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "chrome/browser/extensions/api/socket/tls_socket.h" |
+ |
+#include "base/logging.h" |
+#include "chrome/browser/extensions/api/api_resource.h" |
+#include "net/base/address_list.h" |
+#include "net/base/ip_endpoint.h" |
+#include "net/base/net_errors.h" |
+#include "net/base/rand_callback.h" |
+#include "net/socket/client_socket_factory.h" |
+#include "net/socket/client_socket_handle.h" |
+#include "net/socket/tcp_client_socket.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
+ |
+namespace { |
+// Returns the SSL protocol version (as a uint16) represented by a string. |
+// Returns 0 if the string is invalid. Pulled from |
+// chrome/browser/net/ssl_config_service_manager_pref.cc. |
+uint16 SSLProtocolVersionFromString(const std::string& version_str) { |
+ uint16 version = 0; // Invalid. |
+ if (version_str == "ssl3") { |
+ version = net::SSL_PROTOCOL_VERSION_SSL3; |
+ } else if (version_str == "tls1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1; |
+ } else if (version_str == "tls1.1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_1; |
+ } else if (version_str == "tls1.2") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_2; |
+ } |
+ return version; |
+} |
+} // namespace |
+ |
+namespace extensions { |
+ |
+const char kSecureSocketTypeError[] = |
+ "Only TCP sockets are supported for TLS."; |
+const char kSocketNotConnectedError[] = "Socket not connected"; |
+const char kSocketNotFoundError[] = "Socket not found"; |
+const char kTLSSocketTypeInvalidError[] = |
+ "Cannot listen on a socket that's already connected."; |
+ |
+TLSSocket::TLSSocket(net::StreamSocket* tls_socket, |
+ const std::string& owner_extension_id) |
+ : ResumableTCPSocket(owner_extension_id), |
+ tls_socket_(tls_socket) { |
+} |
+ |
+TLSSocket::~TLSSocket() { |
+ Disconnect(); |
+} |
+ |
+void TLSSocket::Connect(const std::string& address, |
+ int port, |
+ const CompletionCallback& callback) { |
+ callback.Run(net::ERR_CONNECTION_FAILED); |
+} |
+ |
+void TLSSocket::Disconnect() { |
+ if (tls_socket_) { |
+ tls_socket_->Disconnect(); |
+ tls_socket_.reset(); |
+ } |
+} |
+ |
+void TLSSocket::Read(int count, |
+ const ReadCompletionCallback& callback) { |
+ DCHECK(!callback.is_null()); |
+ |
+ if (!read_callback_.is_null()) { |
+ callback.Run(net::ERR_IO_PENDING, NULL); |
+ return; |
+ } |
+ |
+ if (count <= 0) { |
+ callback.Run(net::ERR_INVALID_ARGUMENT, NULL); |
+ return; |
+ } |
+ |
+ if (!tls_socket_.get() || !IsConnected()) { |
+ callback.Run(net::ERR_SOCKET_NOT_CONNECTED, NULL); |
+ return; |
+ } |
+ |
+ read_callback_ = callback; |
+ scoped_refptr<net::IOBuffer> io_buffer = new net::IOBuffer(count); |
+ int result = tls_socket_->Read( |
+ io_buffer.get(), count, base::Bind(&TLSSocket::OnReadComplete, |
+ base::Unretained(this), |
+ io_buffer)); |
+ |
+ if (result != net::ERR_IO_PENDING) |
+ OnReadComplete(io_buffer, result); |
+} |
+ |
+void TLSSocket::OnReadComplete(scoped_refptr<net::IOBuffer> io_buffer, |
+ int result) { |
+ DCHECK(!read_callback_.is_null()); |
+ ReadCompletionCallback read_callback = read_callback_; |
+ read_callback_.Reset(); |
+ // Don't touch 'this' after the read callback. |
+ read_callback.Run(result, io_buffer); |
+} |
+ |
+int TLSSocket::WriteImpl(net::IOBuffer* io_buffer, |
+ int io_buffer_size, |
+ const net::CompletionCallback& callback) { |
+ if (!IsConnected()) |
+ return net::ERR_SOCKET_NOT_CONNECTED; |
+ else |
+ return tls_socket_->Write(io_buffer, io_buffer_size, callback); |
+} |
+ |
+bool TLSSocket::SetKeepAlive(bool enable, int delay) { |
+ return false; |
+} |
+ |
+bool TLSSocket::SetNoDelay(bool no_delay) { |
+ return false; |
+} |
+ |
+int TLSSocket::Listen(const std::string& address, int port, int backlog, |
+ std::string* error_msg) { |
+ *error_msg = kTLSSocketTypeInvalidError; |
+ return net::ERR_NOT_IMPLEMENTED; |
+} |
+ |
+void TLSSocket::Accept(const AcceptCompletionCallback &callback) { |
+ callback.Run(net::ERR_FAILED, NULL); |
+} |
+ |
+bool TLSSocket::IsConnected() { |
+ return tls_socket_.get() && tls_socket_->IsConnected(); |
+} |
+ |
+bool TLSSocket::GetPeerAddress(net::IPEndPoint* address) { |
+ return IsConnected() && tls_socket_->GetPeerAddress(address); |
+} |
+ |
+bool TLSSocket::GetLocalAddress(net::IPEndPoint* address) { |
+ return IsConnected() && tls_socket_->GetLocalAddress(address); |
+} |
+ |
+Socket::SocketType TLSSocket::GetSocketType() const { |
+ return Socket::TYPE_TLS; |
+} |
+ |
+namespace impl { |
rpaquay
2013/12/09 23:02:03
Convention: Remove the "impl" namespace and move t
lally
2013/12/12 02:31:39
Done.
|
+void TlsConnectDone(net::SSLClientSocket* ssl_socket, |
+ const std::string& extension_id, SecureCallback callback, |
+ int result ) { |
rpaquay
2013/12/09 23:02:03
No space before ")"
lally
2013/12/12 02:31:39
Done.
|
+ DVLOG(1) << "chrome.socket.secure: TlsConnectDone(): got back result " |
+ << result; |
+ |
+ // No matter how the TLS connection attempt went, the underlying socket's |
+ // no longer bound to the original TCPSocket. It belongs to ssl_socket_, |
+ // which is promoted here to a new API-accessible socket (via a TLSSocket |
+ // wrapper) or deleted. |
+ if (result == net::OK) { |
+ // Wrap the StreamSocket in a TLSSocket (which matches the extension |
+ // socket API). Set the handle of the socket to the new value, so that |
+ // it can be used for read/write/close/etc. |
+ TLSSocket* wrapper = new TLSSocket(ssl_socket, extension_id); |
+ |
+ // Caller will end up deleting the prior TCPSocket, once it calls |
+ // SetSocket(..,wrapper). |
+ callback.Run(wrapper, result); |
+ } else { |
+ // Failed TLS connection. This'll delete the underlying TCPClientSocket. |
+ delete ssl_socket; |
+ callback.Run(NULL, result); |
+ } |
+} |
+ |
+} // namespace impl |
+ |
+// static |
+const char* TLSSocket::SecureTCPSocket( |
+ Socket* socket, |
+ Profile* profile, |
+ net::URLRequestContextGetter* url_request_getter, |
+ const std::string& extension_id, |
+ api::socket::SecureOptions* options, |
+ SecureCallback callback, |
+ base::Value** result_ret) { |
+ int result = -1; |
rpaquay
2013/12/09 23:02:03
Use "net::ERROR_FAILED" instead of "-1".
lally
2013/12/12 02:31:39
Done.
|
+ |
+ DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
+ DCHECK(profile); |
+ |
+ if (!socket) { |
+ *result_ret = new base::FundamentalValue(result); |
+ return kSocketNotFoundError; |
+ } |
+ |
+ TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket); |
+ if (socket->GetSocketType() != Socket::TYPE_TCP |
+ || tcp_socket->ClientStream() == NULL) { |
+ *result_ret = new base::FundamentalValue(result); |
+ return kSecureSocketTypeError; |
+ } |
+ |
+ if (!socket->IsConnected()) { |
+ *result_ret = new base::FundamentalValue(result); |
+ return kSocketNotConnectedError; |
+ } |
+ |
rpaquay
2013/12/09 23:02:03
As mentioned in another comment, the 3 checks abov
lally
2013/12/12 02:31:39
I moved them, but kept simpler versions here that
|
+ net::IPEndPoint dest_host_port_pair; |
+ socket->GetPeerAddress(&dest_host_port_pair); |
+ net::HostPortPair host_port(socket->Hostname(), dest_host_port_pair.port()); |
+ |
+ // Modeled after P2PSocketHostTcpBase::StartTls() |
+ scoped_ptr<net::ClientSocketHandle> socket_handle( |
+ new net::ClientSocketHandle()); |
+ |
+ // Set the socket handle. |
+ socket_handle->SetSocket(scoped_ptr<net::StreamSocket>( |
+ tcp_socket->ClientStream())); |
+ |
+ // Have the old socket release its hold on the client stream. |
+ tcp_socket->Release(); |
+ |
+ net::SSLClientSocketContext context; |
+ net::URLRequestContext* url_context = |
+ url_request_getter->GetURLRequestContext(); |
+ |
+ DCHECK(url_context); |
+ context.cert_verifier = url_context->cert_verifier(); |
+ context.transport_security_state = url_context->transport_security_state(); |
+ DCHECK(context.transport_security_state); |
+ |
+ // Fill in the SSL socket params. |
+ net::SSLConfig ssl_config; |
+ profile->GetSSLConfigService()->GetSSLConfig(&ssl_config); |
+ if (options && options->tls_version.get()) { |
+ uint16 version_min = 0, version_max = 0; |
+ api::socket::TLSVersionConstraints* versions = options->tls_version.get(); |
+ if (versions->min.get()) { |
+ version_min = SSLProtocolVersionFromString(*versions->min.get()); |
+ } |
+ if (versions->max.get()) { |
+ version_max = SSLProtocolVersionFromString(*versions->max.get()); |
+ } |
+ if (version_min) { |
+ ssl_config.version_min = version_min; |
+ } |
+ if (version_max) { |
+ ssl_config.version_max = version_max; |
+ } |
+ } |
+ net::ClientSocketFactory* socket_factory = |
+ net::ClientSocketFactory::GetDefaultFactory(); |
+ |
+ // Create the socket. |
+ net::SSLClientSocket* ssl_socket = socket_factory->CreateSSLClientSocket( |
+ socket_handle.Pass(), host_port, ssl_config, context).release(); |
+ |
+ // And try to connect. |
+ int status = ssl_socket->Connect( |
+ base::Bind(&impl::TlsConnectDone, ssl_socket, extension_id, callback)); |
+ |
+ *result_ret = new base::FundamentalValue(status); |
+ if (status != net::ERR_IO_PENDING) { |
+ // Note: this can't recurse -- if 'socket' is already a connected |
+ // TLSSocket, it will return TYPE_TLS instead of TYPE_TCP, failing before |
+ // we get here. If the connection failed, the socket is closed below |
+ // before the callback. If the caller tries to recurse into another |
+ // secure() call, they must have either created a prior socket to try, or |
+ // will have to go through an asynchronous Connect() call first. |
+ impl::TlsConnectDone(ssl_socket, extension_id, callback, status); |
+ return NULL; |
+ } |
+ |
+ return NULL; |
+} |
+ |
+} // namespace extensions |