Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(691)

Unified Diff: chrome/browser/extensions/api/socket/tls_socket.cc

Issue 76403004: An implementation of chrome.socket.secure(). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Another round of responses to Renaud. Created 7 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/extensions/api/socket/tls_socket.cc
diff --git a/chrome/browser/extensions/api/socket/tls_socket.cc b/chrome/browser/extensions/api/socket/tls_socket.cc
new file mode 100644
index 0000000000000000000000000000000000000000..e52ef6fb1e49e0282a5fee78a4822d5bc5c93c2d
--- /dev/null
+++ b/chrome/browser/extensions/api/socket/tls_socket.cc
@@ -0,0 +1,261 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/extensions/api/socket/tls_socket.h"
+
+#include "base/logging.h"
+#include "chrome/browser/extensions/api/api_resource.h"
+#include "net/base/address_list.h"
+#include "net/base/ip_endpoint.h"
+#include "net/base/net_errors.h"
+#include "net/base/rand_callback.h"
+#include "net/socket/client_socket_factory.h"
+#include "net/socket/client_socket_handle.h"
+#include "net/socket/tcp_client_socket.h"
+#include "net/url_request/url_request_context.h"
+#include "net/url_request/url_request_context_getter.h"
+
+namespace {
Ryan Sleevi 2013/12/17 00:37:40 style nit: line break
lally 2014/01/09 18:47:16 Done.
+// Returns the SSL protocol version (as a uint16) represented by a string.
+// Returns 0 if the string is invalid. Pulled from
+// chrome/browser/net/ssl_config_service_manager_pref.cc.
+uint16 SSLProtocolVersionFromString(const std::string& version_str) {
+ uint16 version = 0; // Invalid.
+ if (version_str == "ssl3") {
+ version = net::SSL_PROTOCOL_VERSION_SSL3;
+ } else if (version_str == "tls1") {
+ version = net::SSL_PROTOCOL_VERSION_TLS1;
+ } else if (version_str == "tls1.1") {
+ version = net::SSL_PROTOCOL_VERSION_TLS1_1;
+ } else if (version_str == "tls1.2") {
+ version = net::SSL_PROTOCOL_VERSION_TLS1_2;
+ }
+ return version;
+}
+
+void TlsConnectDone(net::SSLClientSocket* ssl_socket,
+ const std::string& extension_id,
+ extensions::SecureCallback callback, int result) {
+ DVLOG(1) << "chrome.socket.secure: TlsConnectDone(): got back result "
+ << result;
+
+ // No matter how the TLS connection attempt went, the underlying socket's
+ // no longer bound to the original TCPSocket. It belongs to ssl_socket_,
+ // which is promoted here to a new API-accessible socket (via a TLSSocket
+ // wrapper) or deleted.
+ if (result == net::OK) {
Ryan Sleevi 2013/12/17 00:37:40 Generally speaking, it's better to detect and hand
lally 2014/01/09 18:47:16 Done.
+ // Wrap the StreamSocket in a TLSSocket (which matches the extension
+ // socket API). Set the handle of the socket to the new value, so that
+ // it can be used for read/write/close/etc.
+ extensions::TLSSocket* wrapper =
+ new extensions::TLSSocket(ssl_socket, extension_id);
+
+ // Caller will end up deleting the prior TCPSocket, once it calls
+ // SetSocket(..,wrapper).
+ callback.Run(wrapper, result);
+ } else {
+ // Failed TLS connection. This'll delete the underlying TCPClientSocket.
Ryan Sleevi 2013/12/17 00:37:40 comment nit: This'll -> This will
lally 2014/01/09 18:47:16 Done.
+ delete ssl_socket;
+ callback.Run(NULL, result);
+ }
+}
+} // namespace
Ryan Sleevi 2013/12/17 00:37:40 style nit: Line break
lally 2014/01/09 18:47:16 Done.
+
+namespace extensions {
+
+const char kTLSSocketTypeInvalidError[] =
+ "Cannot listen on a socket that's already connected.";
+
+TLSSocket::TLSSocket(net::StreamSocket* tls_socket,
+ const std::string& owner_extension_id)
Ryan Sleevi 2013/12/17 00:37:40 style nit: unnecessary extra space
lally 2014/01/09 18:47:16 Done.
+ : ResumableTCPSocket(owner_extension_id),
+ tls_socket_(tls_socket) {
+}
+
+TLSSocket::~TLSSocket() {
+ Disconnect();
+}
+
+void TLSSocket::Connect(const std::string& address,
+ int port,
+ const CompletionCallback& callback) {
+ callback.Run(net::ERR_CONNECTION_FAILED);
+}
+
+void TLSSocket::Disconnect() {
+ if (tls_socket_) {
+ tls_socket_->Disconnect();
+ tls_socket_.reset();
+ }
+}
+
+void TLSSocket::Read(int count,
+ const ReadCompletionCallback& callback) {
+ DCHECK(!callback.is_null());
+
+ if (!read_callback_.is_null()) {
+ callback.Run(net::ERR_IO_PENDING, NULL);
+ return;
+ }
+
+ if (count <= 0) {
+ callback.Run(net::ERR_INVALID_ARGUMENT, NULL);
+ return;
+ }
+
+ if (!tls_socket_.get() || !IsConnected()) {
+ callback.Run(net::ERR_SOCKET_NOT_CONNECTED, NULL);
+ return;
+ }
+
+ read_callback_ = callback;
+ scoped_refptr<net::IOBuffer> io_buffer = new net::IOBuffer(count);
+ int result = tls_socket_->Read(
+ io_buffer.get(), count, base::Bind(&TLSSocket::OnReadComplete,
+ base::Unretained(this),
+ io_buffer));
+
+ if (result != net::ERR_IO_PENDING)
+ OnReadComplete(io_buffer, result);
+}
+
+void TLSSocket::OnReadComplete(scoped_refptr<net::IOBuffer> io_buffer,
+ int result) {
+ DCHECK(!read_callback_.is_null());
+ ReadCompletionCallback read_callback = read_callback_;
+ read_callback_.Reset();
Ryan Sleevi 2013/12/17 00:37:40 STYLE: simplify this as base::ResetAndReturn(&rea
lally 2014/01/09 18:47:16 Done.
+ // Don't touch 'this' after the read callback.
+ read_callback.Run(result, io_buffer);
+}
+
+int TLSSocket::WriteImpl(net::IOBuffer* io_buffer,
+ int io_buffer_size,
+ const net::CompletionCallback& callback) {
+ if (!IsConnected())
+ return net::ERR_SOCKET_NOT_CONNECTED;
+ else
+ return tls_socket_->Write(io_buffer, io_buffer_size, callback);
Ryan Sleevi 2013/12/17 00:37:40 style: indent
lally 2014/01/09 18:47:16 Done.
+}
+
+bool TLSSocket::SetKeepAlive(bool enable, int delay) {
+ return false;
+}
+
+bool TLSSocket::SetNoDelay(bool no_delay) {
+ return false;
+}
+
+int TLSSocket::Listen(const std::string& address, int port, int backlog,
+ std::string* error_msg) {
+ *error_msg = kTLSSocketTypeInvalidError;
+ return net::ERR_NOT_IMPLEMENTED;
+}
+
+void TLSSocket::Accept(const AcceptCompletionCallback &callback) {
+ callback.Run(net::ERR_FAILED, NULL);
+}
+
+bool TLSSocket::IsConnected() {
+ return tls_socket_.get() && tls_socket_->IsConnected();
+}
+
+bool TLSSocket::GetPeerAddress(net::IPEndPoint* address) {
+ return IsConnected() && tls_socket_->GetPeerAddress(address);
+}
+
+bool TLSSocket::GetLocalAddress(net::IPEndPoint* address) {
+ return IsConnected() && tls_socket_->GetLocalAddress(address);
+}
+
+Socket::SocketType TLSSocket::GetSocketType() const {
+ return Socket::TYPE_TLS;
+}
+
+// static
+void TLSSocket::SecureTCPSocket(
+ Socket* socket,
+ Profile* profile,
+ net::URLRequestContextGetter* url_request_getter,
+ const std::string& extension_id,
+ api::socket::SecureOptions* options,
+ SecureCallback callback) {
+ DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO));
+ DCHECK(profile);
+
+ TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket);
+
+ if (!socket || socket->GetSocketType() != Socket::TYPE_TCP
+ || tcp_socket->ClientStream() == NULL || !socket->IsConnected()) {
Ryan Sleevi 2013/12/17 00:37:40 style: inproper binary operator wrapping - http://
lally 2014/01/09 18:47:16 Done.
+ TlsConnectDone(NULL, extension_id, callback, net::ERR_INVALID_ARGUMENT);
+ return;
+ }
+
+ net::IPEndPoint dest_host_port_pair;
+ socket->GetPeerAddress(&dest_host_port_pair);
Ryan Sleevi 2013/12/17 00:37:40 BUG: GetPeerAddress returns a result. Check it.
lally 2014/01/09 18:47:16 Done.
+ net::HostPortPair host_port(socket->hostname(), dest_host_port_pair.port());
+
+ // Modeled after P2PSocketHostTcpBase::StartTls()
+ scoped_ptr<net::ClientSocketHandle> socket_handle(
+ new net::ClientSocketHandle());
+
+ // Set the socket handle.
+ socket_handle->SetSocket(scoped_ptr<net::StreamSocket>(
+ tcp_socket->ClientStream()));
+
+ // Have the old socket release its hold on the client stream.
+ tcp_socket->Release();
+
+ net::SSLClientSocketContext context;
+ net::URLRequestContext* url_context =
+ url_request_getter->GetURLRequestContext();
+
+ url_request_getter->Release();
Ryan Sleevi 2013/12/17 00:37:40 BUG: ?!? Seems incredibly dangerous here. You shou
lally 2014/01/09 18:47:16 I moved lifetime responsibility to the caller. No
+
+ DCHECK(url_context);
+ context.cert_verifier = url_context->cert_verifier();
+ context.transport_security_state = url_context->transport_security_state();
+ DCHECK(context.transport_security_state);
+
+ // Fill in the SSL socket params.
+ net::SSLConfig ssl_config;
+ profile->GetSSLConfigService()->GetSSLConfig(&ssl_config);
+ if (options && options->tls_version.get()) {
+ uint16 version_min = 0, version_max = 0;
+ api::socket::TLSVersionConstraints* versions = options->tls_version.get();
+ if (versions->min.get()) {
+ version_min = SSLProtocolVersionFromString(*versions->min.get());
+ }
+ if (versions->max.get()) {
+ version_max = SSLProtocolVersionFromString(*versions->max.get());
+ }
+ if (version_min) {
+ ssl_config.version_min = version_min;
+ }
+ if (version_max) {
+ ssl_config.version_max = version_max;
+ }
+ }
+ net::ClientSocketFactory* socket_factory =
+ net::ClientSocketFactory::GetDefaultFactory();
+
+ // Create the socket.
+ net::SSLClientSocket* ssl_socket = socket_factory->CreateSSLClientSocket(
+ socket_handle.Pass(), host_port, ssl_config, context).release();
Ryan Sleevi 2013/12/17 00:37:40 DESIGN: Make your ownership explicit here. For ex
lally 2014/01/09 18:47:16 Done.
+
+ // And try to connect.
+ int status = ssl_socket->Connect(
+ base::Bind(&TlsConnectDone, ssl_socket, extension_id, callback));
+
+ if (status != net::ERR_IO_PENDING) {
+ // Note: this can't recurse -- if 'socket' is already a connected
+ // TLSSocket, it will return TYPE_TLS instead of TYPE_TCP, failing before
+ // we get here. If the connection failed, the socket is closed below
+ // before the callback. If the caller tries to recurse into another
+ // secure() call, they must have either created a prior socket to try, or
+ // will have to go through an asynchronous Connect() call first.
+ TlsConnectDone(ssl_socket, extension_id, callback, status);
+ }
+}
+
+} // namespace extensions

Powered by Google App Engine
This is Rietveld 408576698