OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
7 | 7 |
8 #include <certt.h> | 8 #include <certt.h> |
9 #include <keyt.h> | 9 #include <keyt.h> |
10 #include <nspr.h> | 10 #include <nspr.h> |
11 #include <nss.h> | 11 #include <nss.h> |
12 | 12 |
13 #include <string> | 13 #include <string> |
14 #include <vector> | 14 #include <vector> |
15 | 15 |
16 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
17 #include "base/synchronization/lock.h" | 17 #include "base/synchronization/lock.h" |
18 #include "base/threading/platform_thread.h" | 18 #include "base/threading/platform_thread.h" |
19 #include "base/time/time.h" | 19 #include "base/time/time.h" |
20 #include "base/timer/timer.h" | 20 #include "base/timer/timer.h" |
21 #include "net/base/completion_callback.h" | 21 #include "net/base/completion_callback.h" |
22 #include "net/base/host_port_pair.h" | 22 #include "net/base/host_port_pair.h" |
23 #include "net/base/net_export.h" | 23 #include "net/base/net_export.h" |
24 #include "net/base/net_log.h" | 24 #include "net/base/net_log.h" |
25 #include "net/base/nss_memio.h" | 25 #include "net/base/nss_memio.h" |
26 #include "net/cert/cert_verify_result.h" | 26 #include "net/cert/cert_verify_result.h" |
| 27 #include "net/cert/ct_verify_result.h" |
27 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
28 #include "net/socket/ssl_client_socket.h" | 29 #include "net/socket/ssl_client_socket.h" |
29 #include "net/ssl/server_bound_cert_service.h" | 30 #include "net/ssl/server_bound_cert_service.h" |
30 #include "net/ssl/ssl_config_service.h" | 31 #include "net/ssl/ssl_config_service.h" |
31 | 32 |
32 namespace base { | 33 namespace base { |
33 class SequencedTaskRunner; | 34 class SequencedTaskRunner; |
34 } | 35 } |
35 | 36 |
36 namespace net { | 37 namespace net { |
37 | 38 |
38 class BoundNetLog; | 39 class BoundNetLog; |
39 class CertVerifier; | 40 class CertVerifier; |
| 41 class CTVerifier; |
40 class ClientSocketHandle; | 42 class ClientSocketHandle; |
41 class ServerBoundCertService; | 43 class ServerBoundCertService; |
42 class SingleRequestCertVerifier; | 44 class SingleRequestCertVerifier; |
43 class TransportSecurityState; | 45 class TransportSecurityState; |
44 class X509Certificate; | 46 class X509Certificate; |
45 | 47 |
46 // An SSL client socket implemented with Mozilla NSS. | 48 // An SSL client socket implemented with Mozilla NSS. |
47 class SSLClientSocketNSS : public SSLClientSocket { | 49 class SSLClientSocketNSS : public SSLClientSocket { |
48 public: | 50 public: |
49 // Takes ownership of the |transport_socket|, which must already be connected. | 51 // Takes ownership of the |transport_socket|, which must already be connected. |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
128 | 130 |
129 void DoConnectCallback(int result); | 131 void DoConnectCallback(int result); |
130 void OnHandshakeIOComplete(int result); | 132 void OnHandshakeIOComplete(int result); |
131 | 133 |
132 int DoHandshakeLoop(int last_io_result); | 134 int DoHandshakeLoop(int last_io_result); |
133 int DoHandshake(); | 135 int DoHandshake(); |
134 int DoHandshakeComplete(int result); | 136 int DoHandshakeComplete(int result); |
135 int DoVerifyCert(int result); | 137 int DoVerifyCert(int result); |
136 int DoVerifyCertComplete(int result); | 138 int DoVerifyCertComplete(int result); |
137 | 139 |
| 140 void VerifyCT(); |
| 141 |
138 void LogConnectionTypeMetrics() const; | 142 void LogConnectionTypeMetrics() const; |
139 | 143 |
140 // The following methods are for debugging bug 65948. Will remove this code | 144 // The following methods are for debugging bug 65948. Will remove this code |
141 // after fixing bug 65948. | 145 // after fixing bug 65948. |
142 void EnsureThreadIdAssigned() const; | 146 void EnsureThreadIdAssigned() const; |
143 bool CalledOnValidThread() const; | 147 bool CalledOnValidThread() const; |
144 | 148 |
145 // The task runner used to perform NSS operations. | 149 // The task runner used to perform NSS operations. |
146 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 150 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
147 scoped_ptr<ClientSocketHandle> transport_; | 151 scoped_ptr<ClientSocketHandle> transport_; |
148 HostPortPair host_and_port_; | 152 HostPortPair host_and_port_; |
149 SSLConfig ssl_config_; | 153 SSLConfig ssl_config_; |
150 | 154 |
151 scoped_refptr<Core> core_; | 155 scoped_refptr<Core> core_; |
152 | 156 |
153 CompletionCallback user_connect_callback_; | 157 CompletionCallback user_connect_callback_; |
154 | 158 |
155 CertVerifyResult server_cert_verify_result_; | 159 CertVerifyResult server_cert_verify_result_; |
156 HashValueVector side_pinned_public_keys_; | 160 HashValueVector side_pinned_public_keys_; |
157 | 161 |
158 CertVerifier* const cert_verifier_; | 162 CertVerifier* const cert_verifier_; |
159 scoped_ptr<SingleRequestCertVerifier> verifier_; | 163 scoped_ptr<SingleRequestCertVerifier> verifier_; |
160 | 164 |
| 165 // Certificate Transparency: Verifier and result holder. |
| 166 ct::CTVerifyResult ct_verify_result_; |
| 167 CTVerifier* cert_transparency_verifier_; |
| 168 |
161 // The service for retrieving Channel ID keys. May be NULL. | 169 // The service for retrieving Channel ID keys. May be NULL. |
162 ServerBoundCertService* server_bound_cert_service_; | 170 ServerBoundCertService* server_bound_cert_service_; |
163 | 171 |
164 // ssl_session_cache_shard_ is an opaque string that partitions the SSL | 172 // ssl_session_cache_shard_ is an opaque string that partitions the SSL |
165 // session cache. i.e. sessions created with one value will not attempt to | 173 // session cache. i.e. sessions created with one value will not attempt to |
166 // resume on the socket with a different value. | 174 // resume on the socket with a different value. |
167 const std::string ssl_session_cache_shard_; | 175 const std::string ssl_session_cache_shard_; |
168 | 176 |
169 // True if the SSL handshake has been completed. | 177 // True if the SSL handshake has been completed. |
170 bool completed_handshake_; | 178 bool completed_handshake_; |
(...skipping 16 matching lines...) Expand all Loading... |
187 // Added the following code Debugging in release mode. | 195 // Added the following code Debugging in release mode. |
188 mutable base::Lock lock_; | 196 mutable base::Lock lock_; |
189 // This is mutable so that CalledOnValidThread can set it. | 197 // This is mutable so that CalledOnValidThread can set it. |
190 // It's guarded by |lock_|. | 198 // It's guarded by |lock_|. |
191 mutable base::PlatformThreadId valid_thread_id_; | 199 mutable base::PlatformThreadId valid_thread_id_; |
192 }; | 200 }; |
193 | 201 |
194 } // namespace net | 202 } // namespace net |
195 | 203 |
196 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 204 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
OLD | NEW |