| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
| 7 | 7 |
| 8 #include <certt.h> | 8 #include <certt.h> |
| 9 #include <keyt.h> | 9 #include <keyt.h> |
| 10 #include <nspr.h> | 10 #include <nspr.h> |
| 11 #include <nss.h> | 11 #include <nss.h> |
| 12 | 12 |
| 13 #include <string> | 13 #include <string> |
| 14 #include <vector> | 14 #include <vector> |
| 15 | 15 |
| 16 #include "base/memory/scoped_ptr.h" | 16 #include "base/memory/scoped_ptr.h" |
| 17 #include "base/synchronization/lock.h" | 17 #include "base/synchronization/lock.h" |
| 18 #include "base/threading/platform_thread.h" | 18 #include "base/threading/platform_thread.h" |
| 19 #include "base/time/time.h" | 19 #include "base/time/time.h" |
| 20 #include "base/timer/timer.h" | 20 #include "base/timer/timer.h" |
| 21 #include "net/base/completion_callback.h" | 21 #include "net/base/completion_callback.h" |
| 22 #include "net/base/host_port_pair.h" | 22 #include "net/base/host_port_pair.h" |
| 23 #include "net/base/net_export.h" | 23 #include "net/base/net_export.h" |
| 24 #include "net/base/net_log.h" | 24 #include "net/base/net_log.h" |
| 25 #include "net/base/nss_memio.h" | 25 #include "net/base/nss_memio.h" |
| 26 #include "net/cert/cert_verify_result.h" | 26 #include "net/cert/cert_verify_result.h" |
| 27 #include "net/cert/ct_verify_result.h" |
| 27 #include "net/cert/x509_certificate.h" | 28 #include "net/cert/x509_certificate.h" |
| 28 #include "net/socket/ssl_client_socket.h" | 29 #include "net/socket/ssl_client_socket.h" |
| 29 #include "net/ssl/server_bound_cert_service.h" | 30 #include "net/ssl/server_bound_cert_service.h" |
| 30 #include "net/ssl/ssl_config_service.h" | 31 #include "net/ssl/ssl_config_service.h" |
| 31 | 32 |
| 32 namespace base { | 33 namespace base { |
| 33 class SequencedTaskRunner; | 34 class SequencedTaskRunner; |
| 34 } | 35 } |
| 35 | 36 |
| 36 namespace net { | 37 namespace net { |
| 37 | 38 |
| 38 class BoundNetLog; | 39 class BoundNetLog; |
| 39 class CertVerifier; | 40 class CertVerifier; |
| 41 class CTVerifier; |
| 40 class ClientSocketHandle; | 42 class ClientSocketHandle; |
| 41 class ServerBoundCertService; | 43 class ServerBoundCertService; |
| 42 class SingleRequestCertVerifier; | 44 class SingleRequestCertVerifier; |
| 43 class TransportSecurityState; | 45 class TransportSecurityState; |
| 44 class X509Certificate; | 46 class X509Certificate; |
| 45 | 47 |
| 46 // An SSL client socket implemented with Mozilla NSS. | 48 // An SSL client socket implemented with Mozilla NSS. |
| 47 class SSLClientSocketNSS : public SSLClientSocket { | 49 class SSLClientSocketNSS : public SSLClientSocket { |
| 48 public: | 50 public: |
| 49 // Takes ownership of the |transport_socket|, which must already be connected. | 51 // Takes ownership of the |transport_socket|, which must already be connected. |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 | 130 |
| 129 void DoConnectCallback(int result); | 131 void DoConnectCallback(int result); |
| 130 void OnHandshakeIOComplete(int result); | 132 void OnHandshakeIOComplete(int result); |
| 131 | 133 |
| 132 int DoHandshakeLoop(int last_io_result); | 134 int DoHandshakeLoop(int last_io_result); |
| 133 int DoHandshake(); | 135 int DoHandshake(); |
| 134 int DoHandshakeComplete(int result); | 136 int DoHandshakeComplete(int result); |
| 135 int DoVerifyCert(int result); | 137 int DoVerifyCert(int result); |
| 136 int DoVerifyCertComplete(int result); | 138 int DoVerifyCertComplete(int result); |
| 137 | 139 |
| 140 void VerifyCT(); |
| 141 |
| 138 void LogConnectionTypeMetrics() const; | 142 void LogConnectionTypeMetrics() const; |
| 139 | 143 |
| 140 // The following methods are for debugging bug 65948. Will remove this code | 144 // The following methods are for debugging bug 65948. Will remove this code |
| 141 // after fixing bug 65948. | 145 // after fixing bug 65948. |
| 142 void EnsureThreadIdAssigned() const; | 146 void EnsureThreadIdAssigned() const; |
| 143 bool CalledOnValidThread() const; | 147 bool CalledOnValidThread() const; |
| 144 | 148 |
| 145 // The task runner used to perform NSS operations. | 149 // The task runner used to perform NSS operations. |
| 146 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 150 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
| 147 scoped_ptr<ClientSocketHandle> transport_; | 151 scoped_ptr<ClientSocketHandle> transport_; |
| 148 HostPortPair host_and_port_; | 152 HostPortPair host_and_port_; |
| 149 SSLConfig ssl_config_; | 153 SSLConfig ssl_config_; |
| 150 | 154 |
| 151 scoped_refptr<Core> core_; | 155 scoped_refptr<Core> core_; |
| 152 | 156 |
| 153 CompletionCallback user_connect_callback_; | 157 CompletionCallback user_connect_callback_; |
| 154 | 158 |
| 155 CertVerifyResult server_cert_verify_result_; | 159 CertVerifyResult server_cert_verify_result_; |
| 156 HashValueVector side_pinned_public_keys_; | 160 HashValueVector side_pinned_public_keys_; |
| 157 | 161 |
| 158 CertVerifier* const cert_verifier_; | 162 CertVerifier* const cert_verifier_; |
| 159 scoped_ptr<SingleRequestCertVerifier> verifier_; | 163 scoped_ptr<SingleRequestCertVerifier> verifier_; |
| 160 | 164 |
| 165 // Certificate Transparency: Verifier and result holder. |
| 166 ct::CTVerifyResult ct_verify_result_; |
| 167 CTVerifier* cert_transparency_verifier_; |
| 168 |
| 161 // The service for retrieving Channel ID keys. May be NULL. | 169 // The service for retrieving Channel ID keys. May be NULL. |
| 162 ServerBoundCertService* server_bound_cert_service_; | 170 ServerBoundCertService* server_bound_cert_service_; |
| 163 | 171 |
| 164 // ssl_session_cache_shard_ is an opaque string that partitions the SSL | 172 // ssl_session_cache_shard_ is an opaque string that partitions the SSL |
| 165 // session cache. i.e. sessions created with one value will not attempt to | 173 // session cache. i.e. sessions created with one value will not attempt to |
| 166 // resume on the socket with a different value. | 174 // resume on the socket with a different value. |
| 167 const std::string ssl_session_cache_shard_; | 175 const std::string ssl_session_cache_shard_; |
| 168 | 176 |
| 169 // True if the SSL handshake has been completed. | 177 // True if the SSL handshake has been completed. |
| 170 bool completed_handshake_; | 178 bool completed_handshake_; |
| (...skipping 16 matching lines...) Expand all Loading... |
| 187 // Added the following code Debugging in release mode. | 195 // Added the following code Debugging in release mode. |
| 188 mutable base::Lock lock_; | 196 mutable base::Lock lock_; |
| 189 // This is mutable so that CalledOnValidThread can set it. | 197 // This is mutable so that CalledOnValidThread can set it. |
| 190 // It's guarded by |lock_|. | 198 // It's guarded by |lock_|. |
| 191 mutable base::PlatformThreadId valid_thread_id_; | 199 mutable base::PlatformThreadId valid_thread_id_; |
| 192 }; | 200 }; |
| 193 | 201 |
| 194 } // namespace net | 202 } // namespace net |
| 195 | 203 |
| 196 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 204 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 76443006:
Certificate Transparency: Threading the CT verifier into the SSL client socket. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src