OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
7 | 7 |
8 #include <certt.h> | 8 #include <certt.h> |
9 #include <keyt.h> | 9 #include <keyt.h> |
10 #include <nspr.h> | 10 #include <nspr.h> |
11 #include <nss.h> | 11 #include <nss.h> |
12 | 12 |
13 #include <string> | 13 #include <string> |
14 #include <vector> | 14 #include <vector> |
15 | 15 |
16 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
17 #include "base/synchronization/lock.h" | 17 #include "base/synchronization/lock.h" |
18 #include "base/threading/platform_thread.h" | 18 #include "base/threading/platform_thread.h" |
19 #include "base/time/time.h" | 19 #include "base/time/time.h" |
20 #include "base/timer/timer.h" | 20 #include "base/timer/timer.h" |
21 #include "net/base/completion_callback.h" | 21 #include "net/base/completion_callback.h" |
22 #include "net/base/host_port_pair.h" | 22 #include "net/base/host_port_pair.h" |
23 #include "net/base/net_export.h" | 23 #include "net/base/net_export.h" |
24 #include "net/base/net_log.h" | 24 #include "net/base/net_log.h" |
25 #include "net/base/nss_memio.h" | 25 #include "net/base/nss_memio.h" |
26 #include "net/cert/cert_verify_result.h" | 26 #include "net/cert/cert_verify_result.h" |
27 #include "net/cert/ct_verify_result.h" | |
27 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
28 #include "net/socket/ssl_client_socket.h" | 29 #include "net/socket/ssl_client_socket.h" |
29 #include "net/ssl/server_bound_cert_service.h" | 30 #include "net/ssl/server_bound_cert_service.h" |
30 #include "net/ssl/ssl_config_service.h" | 31 #include "net/ssl/ssl_config_service.h" |
31 | 32 |
32 namespace base { | 33 namespace base { |
33 class SequencedTaskRunner; | 34 class SequencedTaskRunner; |
34 } | 35 } |
35 | 36 |
36 namespace net { | 37 namespace net { |
37 | 38 |
38 class BoundNetLog; | 39 class BoundNetLog; |
39 class CertVerifier; | 40 class CertVerifier; |
41 class CTVerifier; | |
40 class ClientSocketHandle; | 42 class ClientSocketHandle; |
41 class ServerBoundCertService; | 43 class ServerBoundCertService; |
42 class SingleRequestCertVerifier; | 44 class SingleRequestCertVerifier; |
43 class TransportSecurityState; | 45 class TransportSecurityState; |
44 class X509Certificate; | 46 class X509Certificate; |
45 | 47 |
46 // An SSL client socket implemented with Mozilla NSS. | 48 // An SSL client socket implemented with Mozilla NSS. |
47 class SSLClientSocketNSS : public SSLClientSocket { | 49 class SSLClientSocketNSS : public SSLClientSocket { |
48 public: | 50 public: |
49 // Takes ownership of the |transport_socket|, which must already be connected. | 51 // Takes ownership of the |transport_socket|, which must already be connected. |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
108 // Helper class to handle marshalling any NSS interaction to and from the | 110 // Helper class to handle marshalling any NSS interaction to and from the |
109 // NSS and network task runners. Not every call needs to happen on the Core | 111 // NSS and network task runners. Not every call needs to happen on the Core |
110 class Core; | 112 class Core; |
111 | 113 |
112 enum State { | 114 enum State { |
113 STATE_NONE, | 115 STATE_NONE, |
114 STATE_HANDSHAKE, | 116 STATE_HANDSHAKE, |
115 STATE_HANDSHAKE_COMPLETE, | 117 STATE_HANDSHAKE_COMPLETE, |
116 STATE_VERIFY_CERT, | 118 STATE_VERIFY_CERT, |
117 STATE_VERIFY_CERT_COMPLETE, | 119 STATE_VERIFY_CERT_COMPLETE, |
120 STATE_VERIFY_CT, | |
121 STATE_VERIFY_CT_COMPLETE, | |
118 }; | 122 }; |
119 | 123 |
120 int Init(); | 124 int Init(); |
121 void InitCore(); | 125 void InitCore(); |
122 | 126 |
123 // Initializes NSS SSL options. Returns a net error code. | 127 // Initializes NSS SSL options. Returns a net error code. |
124 int InitializeSSLOptions(); | 128 int InitializeSSLOptions(); |
125 | 129 |
126 // Initializes the socket peer name in SSL. Returns a net error code. | 130 // Initializes the socket peer name in SSL. Returns a net error code. |
127 int InitializeSSLPeerName(); | 131 int InitializeSSLPeerName(); |
128 | 132 |
129 void DoConnectCallback(int result); | 133 void DoConnectCallback(int result); |
130 void OnHandshakeIOComplete(int result); | 134 void OnHandshakeIOComplete(int result); |
131 | 135 |
132 int DoHandshakeLoop(int last_io_result); | 136 int DoHandshakeLoop(int last_io_result); |
133 int DoHandshake(); | 137 int DoHandshake(); |
134 int DoHandshakeComplete(int result); | 138 int DoHandshakeComplete(int result); |
135 int DoVerifyCert(int result); | 139 int DoVerifyCert(int result); |
136 int DoVerifyCertComplete(int result); | 140 int DoVerifyCertComplete(int result); |
141 int DoVerifyCT(int result); | |
142 int DoVerifyCTComplete(int result); | |
137 | 143 |
138 void LogConnectionTypeMetrics() const; | 144 void LogConnectionTypeMetrics() const; |
139 | 145 |
140 // The following methods are for debugging bug 65948. Will remove this code | 146 // The following methods are for debugging bug 65948. Will remove this code |
141 // after fixing bug 65948. | 147 // after fixing bug 65948. |
142 void EnsureThreadIdAssigned() const; | 148 void EnsureThreadIdAssigned() const; |
143 bool CalledOnValidThread() const; | 149 bool CalledOnValidThread() const; |
144 | 150 |
145 // The task runner used to perform NSS operations. | 151 // The task runner used to perform NSS operations. |
146 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 152 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
(...skipping 28 matching lines...) Expand all Loading... | |
175 // TODO(rsleevi): http://crbug.com/130616 - Remove this member once | 181 // TODO(rsleevi): http://crbug.com/130616 - Remove this member once |
176 // ExportKeyingMaterial is updated to be asynchronous. | 182 // ExportKeyingMaterial is updated to be asynchronous. |
177 PRFileDesc* nss_fd_; | 183 PRFileDesc* nss_fd_; |
178 | 184 |
179 BoundNetLog net_log_; | 185 BoundNetLog net_log_; |
180 | 186 |
181 base::TimeTicks start_cert_verification_time_; | 187 base::TimeTicks start_cert_verification_time_; |
182 | 188 |
183 TransportSecurityState* transport_security_state_; | 189 TransportSecurityState* transport_security_state_; |
184 | 190 |
191 ct::CTVerifyResult ct_verify_result_; | |
192 CTVerifier* cert_transparency_verifier_; | |
wtc
2013/11/26 01:47:23
Nit: inside this class, I suggest we list these CT
Eran M. (Google)
2013/11/26 14:45:53
Done.
| |
193 | |
185 // The following two variables are added for debugging bug 65948. Will | 194 // The following two variables are added for debugging bug 65948. Will |
186 // remove this code after fixing bug 65948. | 195 // remove this code after fixing bug 65948. |
187 // Added the following code Debugging in release mode. | 196 // Added the following code Debugging in release mode. |
188 mutable base::Lock lock_; | 197 mutable base::Lock lock_; |
189 // This is mutable so that CalledOnValidThread can set it. | 198 // This is mutable so that CalledOnValidThread can set it. |
190 // It's guarded by |lock_|. | 199 // It's guarded by |lock_|. |
191 mutable base::PlatformThreadId valid_thread_id_; | 200 mutable base::PlatformThreadId valid_thread_id_; |
192 }; | 201 }; |
193 | 202 |
194 } // namespace net | 203 } // namespace net |
195 | 204 |
196 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 205 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
OLD | NEW |