Index: chrome/browser/extensions/api/socket/tls_socket.cc |
diff --git a/chrome/browser/extensions/api/socket/tls_socket.cc b/chrome/browser/extensions/api/socket/tls_socket.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..e52ef6fb1e49e0282a5fee78a4822d5bc5c93c2d |
--- /dev/null |
+++ b/chrome/browser/extensions/api/socket/tls_socket.cc |
@@ -0,0 +1,261 @@ |
+// Copyright (c) 2013 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "chrome/browser/extensions/api/socket/tls_socket.h" |
+ |
+#include "base/logging.h" |
+#include "chrome/browser/extensions/api/api_resource.h" |
+#include "net/base/address_list.h" |
+#include "net/base/ip_endpoint.h" |
+#include "net/base/net_errors.h" |
+#include "net/base/rand_callback.h" |
+#include "net/socket/client_socket_factory.h" |
+#include "net/socket/client_socket_handle.h" |
+#include "net/socket/tcp_client_socket.h" |
+#include "net/url_request/url_request_context.h" |
+#include "net/url_request/url_request_context_getter.h" |
+ |
+namespace { |
Ryan Sleevi
2013/12/17 00:37:40
style nit: line break
lally
2014/01/09 18:47:16
Done.
|
+// Returns the SSL protocol version (as a uint16) represented by a string. |
+// Returns 0 if the string is invalid. Pulled from |
+// chrome/browser/net/ssl_config_service_manager_pref.cc. |
+uint16 SSLProtocolVersionFromString(const std::string& version_str) { |
+ uint16 version = 0; // Invalid. |
+ if (version_str == "ssl3") { |
+ version = net::SSL_PROTOCOL_VERSION_SSL3; |
+ } else if (version_str == "tls1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1; |
+ } else if (version_str == "tls1.1") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_1; |
+ } else if (version_str == "tls1.2") { |
+ version = net::SSL_PROTOCOL_VERSION_TLS1_2; |
+ } |
+ return version; |
+} |
+ |
+void TlsConnectDone(net::SSLClientSocket* ssl_socket, |
+ const std::string& extension_id, |
+ extensions::SecureCallback callback, int result) { |
+ DVLOG(1) << "chrome.socket.secure: TlsConnectDone(): got back result " |
+ << result; |
+ |
+ // No matter how the TLS connection attempt went, the underlying socket's |
+ // no longer bound to the original TCPSocket. It belongs to ssl_socket_, |
+ // which is promoted here to a new API-accessible socket (via a TLSSocket |
+ // wrapper) or deleted. |
+ if (result == net::OK) { |
Ryan Sleevi
2013/12/17 00:37:40
Generally speaking, it's better to detect and hand
lally
2014/01/09 18:47:16
Done.
|
+ // Wrap the StreamSocket in a TLSSocket (which matches the extension |
+ // socket API). Set the handle of the socket to the new value, so that |
+ // it can be used for read/write/close/etc. |
+ extensions::TLSSocket* wrapper = |
+ new extensions::TLSSocket(ssl_socket, extension_id); |
+ |
+ // Caller will end up deleting the prior TCPSocket, once it calls |
+ // SetSocket(..,wrapper). |
+ callback.Run(wrapper, result); |
+ } else { |
+ // Failed TLS connection. This'll delete the underlying TCPClientSocket. |
Ryan Sleevi
2013/12/17 00:37:40
comment nit: This'll -> This will
lally
2014/01/09 18:47:16
Done.
|
+ delete ssl_socket; |
+ callback.Run(NULL, result); |
+ } |
+} |
+} // namespace |
Ryan Sleevi
2013/12/17 00:37:40
style nit: Line break
lally
2014/01/09 18:47:16
Done.
|
+ |
+namespace extensions { |
+ |
+const char kTLSSocketTypeInvalidError[] = |
+ "Cannot listen on a socket that's already connected."; |
+ |
+TLSSocket::TLSSocket(net::StreamSocket* tls_socket, |
+ const std::string& owner_extension_id) |
Ryan Sleevi
2013/12/17 00:37:40
style nit: unnecessary extra space
lally
2014/01/09 18:47:16
Done.
|
+ : ResumableTCPSocket(owner_extension_id), |
+ tls_socket_(tls_socket) { |
+} |
+ |
+TLSSocket::~TLSSocket() { |
+ Disconnect(); |
+} |
+ |
+void TLSSocket::Connect(const std::string& address, |
+ int port, |
+ const CompletionCallback& callback) { |
+ callback.Run(net::ERR_CONNECTION_FAILED); |
+} |
+ |
+void TLSSocket::Disconnect() { |
+ if (tls_socket_) { |
+ tls_socket_->Disconnect(); |
+ tls_socket_.reset(); |
+ } |
+} |
+ |
+void TLSSocket::Read(int count, |
+ const ReadCompletionCallback& callback) { |
+ DCHECK(!callback.is_null()); |
+ |
+ if (!read_callback_.is_null()) { |
+ callback.Run(net::ERR_IO_PENDING, NULL); |
+ return; |
+ } |
+ |
+ if (count <= 0) { |
+ callback.Run(net::ERR_INVALID_ARGUMENT, NULL); |
+ return; |
+ } |
+ |
+ if (!tls_socket_.get() || !IsConnected()) { |
+ callback.Run(net::ERR_SOCKET_NOT_CONNECTED, NULL); |
+ return; |
+ } |
+ |
+ read_callback_ = callback; |
+ scoped_refptr<net::IOBuffer> io_buffer = new net::IOBuffer(count); |
+ int result = tls_socket_->Read( |
+ io_buffer.get(), count, base::Bind(&TLSSocket::OnReadComplete, |
+ base::Unretained(this), |
+ io_buffer)); |
+ |
+ if (result != net::ERR_IO_PENDING) |
+ OnReadComplete(io_buffer, result); |
+} |
+ |
+void TLSSocket::OnReadComplete(scoped_refptr<net::IOBuffer> io_buffer, |
+ int result) { |
+ DCHECK(!read_callback_.is_null()); |
+ ReadCompletionCallback read_callback = read_callback_; |
+ read_callback_.Reset(); |
Ryan Sleevi
2013/12/17 00:37:40
STYLE: simplify this as
base::ResetAndReturn(&rea
lally
2014/01/09 18:47:16
Done.
|
+ // Don't touch 'this' after the read callback. |
+ read_callback.Run(result, io_buffer); |
+} |
+ |
+int TLSSocket::WriteImpl(net::IOBuffer* io_buffer, |
+ int io_buffer_size, |
+ const net::CompletionCallback& callback) { |
+ if (!IsConnected()) |
+ return net::ERR_SOCKET_NOT_CONNECTED; |
+ else |
+ return tls_socket_->Write(io_buffer, io_buffer_size, callback); |
Ryan Sleevi
2013/12/17 00:37:40
style: indent
lally
2014/01/09 18:47:16
Done.
|
+} |
+ |
+bool TLSSocket::SetKeepAlive(bool enable, int delay) { |
+ return false; |
+} |
+ |
+bool TLSSocket::SetNoDelay(bool no_delay) { |
+ return false; |
+} |
+ |
+int TLSSocket::Listen(const std::string& address, int port, int backlog, |
+ std::string* error_msg) { |
+ *error_msg = kTLSSocketTypeInvalidError; |
+ return net::ERR_NOT_IMPLEMENTED; |
+} |
+ |
+void TLSSocket::Accept(const AcceptCompletionCallback &callback) { |
+ callback.Run(net::ERR_FAILED, NULL); |
+} |
+ |
+bool TLSSocket::IsConnected() { |
+ return tls_socket_.get() && tls_socket_->IsConnected(); |
+} |
+ |
+bool TLSSocket::GetPeerAddress(net::IPEndPoint* address) { |
+ return IsConnected() && tls_socket_->GetPeerAddress(address); |
+} |
+ |
+bool TLSSocket::GetLocalAddress(net::IPEndPoint* address) { |
+ return IsConnected() && tls_socket_->GetLocalAddress(address); |
+} |
+ |
+Socket::SocketType TLSSocket::GetSocketType() const { |
+ return Socket::TYPE_TLS; |
+} |
+ |
+// static |
+void TLSSocket::SecureTCPSocket( |
+ Socket* socket, |
+ Profile* profile, |
+ net::URLRequestContextGetter* url_request_getter, |
+ const std::string& extension_id, |
+ api::socket::SecureOptions* options, |
+ SecureCallback callback) { |
+ DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
+ DCHECK(profile); |
+ |
+ TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket); |
+ |
+ if (!socket || socket->GetSocketType() != Socket::TYPE_TCP |
+ || tcp_socket->ClientStream() == NULL || !socket->IsConnected()) { |
Ryan Sleevi
2013/12/17 00:37:40
style: inproper binary operator wrapping - http://
lally
2014/01/09 18:47:16
Done.
|
+ TlsConnectDone(NULL, extension_id, callback, net::ERR_INVALID_ARGUMENT); |
+ return; |
+ } |
+ |
+ net::IPEndPoint dest_host_port_pair; |
+ socket->GetPeerAddress(&dest_host_port_pair); |
Ryan Sleevi
2013/12/17 00:37:40
BUG: GetPeerAddress returns a result. Check it.
lally
2014/01/09 18:47:16
Done.
|
+ net::HostPortPair host_port(socket->hostname(), dest_host_port_pair.port()); |
+ |
+ // Modeled after P2PSocketHostTcpBase::StartTls() |
+ scoped_ptr<net::ClientSocketHandle> socket_handle( |
+ new net::ClientSocketHandle()); |
+ |
+ // Set the socket handle. |
+ socket_handle->SetSocket(scoped_ptr<net::StreamSocket>( |
+ tcp_socket->ClientStream())); |
+ |
+ // Have the old socket release its hold on the client stream. |
+ tcp_socket->Release(); |
+ |
+ net::SSLClientSocketContext context; |
+ net::URLRequestContext* url_context = |
+ url_request_getter->GetURLRequestContext(); |
+ |
+ url_request_getter->Release(); |
Ryan Sleevi
2013/12/17 00:37:40
BUG: ?!? Seems incredibly dangerous here. You shou
lally
2014/01/09 18:47:16
I moved lifetime responsibility to the caller. No
|
+ |
+ DCHECK(url_context); |
+ context.cert_verifier = url_context->cert_verifier(); |
+ context.transport_security_state = url_context->transport_security_state(); |
+ DCHECK(context.transport_security_state); |
+ |
+ // Fill in the SSL socket params. |
+ net::SSLConfig ssl_config; |
+ profile->GetSSLConfigService()->GetSSLConfig(&ssl_config); |
+ if (options && options->tls_version.get()) { |
+ uint16 version_min = 0, version_max = 0; |
+ api::socket::TLSVersionConstraints* versions = options->tls_version.get(); |
+ if (versions->min.get()) { |
+ version_min = SSLProtocolVersionFromString(*versions->min.get()); |
+ } |
+ if (versions->max.get()) { |
+ version_max = SSLProtocolVersionFromString(*versions->max.get()); |
+ } |
+ if (version_min) { |
+ ssl_config.version_min = version_min; |
+ } |
+ if (version_max) { |
+ ssl_config.version_max = version_max; |
+ } |
+ } |
+ net::ClientSocketFactory* socket_factory = |
+ net::ClientSocketFactory::GetDefaultFactory(); |
+ |
+ // Create the socket. |
+ net::SSLClientSocket* ssl_socket = socket_factory->CreateSSLClientSocket( |
+ socket_handle.Pass(), host_port, ssl_config, context).release(); |
Ryan Sleevi
2013/12/17 00:37:40
DESIGN: Make your ownership explicit here.
For ex
lally
2014/01/09 18:47:16
Done.
|
+ |
+ // And try to connect. |
+ int status = ssl_socket->Connect( |
+ base::Bind(&TlsConnectDone, ssl_socket, extension_id, callback)); |
+ |
+ if (status != net::ERR_IO_PENDING) { |
+ // Note: this can't recurse -- if 'socket' is already a connected |
+ // TLSSocket, it will return TYPE_TLS instead of TYPE_TCP, failing before |
+ // we get here. If the connection failed, the socket is closed below |
+ // before the callback. If the caller tries to recurse into another |
+ // secure() call, they must have either created a prior socket to try, or |
+ // will have to go through an asynchronous Connect() call first. |
+ TlsConnectDone(ssl_socket, extension_id, callback, status); |
+ } |
+} |
+ |
+} // namespace extensions |