| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_ |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/gtest_prod_util.h" | 10 #include "base/gtest_prod_util.h" |
| 11 #include "net/base/completion_callback.h" | 11 #include "net/base/completion_callback.h" |
| 12 #include "net/base/load_flags.h" | 12 #include "net/base/load_flags.h" |
| 13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 14 #include "net/socket/ssl_socket.h" | 14 #include "net/socket/ssl_socket.h" |
| 15 #include "net/socket/stream_socket.h" | 15 #include "net/socket/stream_socket.h" |
| 16 #include "net/ssl/ssl_failure_state.h" | 16 #include "net/ssl/ssl_failure_state.h" |
| 17 | 17 |
| 18 namespace crypto { |
| 19 class RSAPrivateKey; |
| 20 } |
| 21 |
| 18 namespace net { | 22 namespace net { |
| 19 | 23 |
| 20 class CertPolicyEnforcer; | 24 class CertPolicyEnforcer; |
| 21 class CertVerifier; | 25 class CertVerifier; |
| 22 class ChannelIDService; | 26 class ChannelIDService; |
| 23 class CTVerifier; | 27 class CTVerifier; |
| 24 class SSLCertRequestInfo; | 28 class SSLCertRequestInfo; |
| 25 struct SSLConfig; | 29 struct SSLConfig; |
| 26 class SSLInfo; | 30 class SSLInfo; |
| 31 class SSLPrivateKey; |
| 27 class TransportSecurityState; | 32 class TransportSecurityState; |
| 28 class X509Certificate; | 33 class X509Certificate; |
| 29 | 34 |
| 30 // This struct groups together several fields which are used by various | 35 // This struct groups together several fields which are used by various |
| 31 // classes related to SSLClientSocket. | 36 // classes related to SSLClientSocket. |
| 32 struct SSLClientSocketContext { | 37 struct SSLClientSocketContext { |
| 33 SSLClientSocketContext() | 38 SSLClientSocketContext() |
| 34 : cert_verifier(NULL), | 39 : cert_verifier(NULL), |
| 35 channel_id_service(NULL), | 40 channel_id_service(NULL), |
| 36 transport_security_state(NULL), | 41 transport_security_state(NULL), |
| (...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 174 // Determine if the TLS version required by Section 9.2 of the HTTP/2 | 179 // Determine if the TLS version required by Section 9.2 of the HTTP/2 |
| 175 // specification is enabled. Note that the server might still pick an | 180 // specification is enabled. Note that the server might still pick an |
| 176 // inadequate TLS version. | 181 // inadequate TLS version. |
| 177 static bool IsTLSVersionAdequateForHTTP2(const SSLConfig& ssl_config); | 182 static bool IsTLSVersionAdequateForHTTP2(const SSLConfig& ssl_config); |
| 178 | 183 |
| 179 // Serialize |next_protos| in the wire format for ALPN and NPN: protocols are | 184 // Serialize |next_protos| in the wire format for ALPN and NPN: protocols are |
| 180 // listed in order, each prefixed by a one-byte length. | 185 // listed in order, each prefixed by a one-byte length. |
| 181 static std::vector<uint8_t> SerializeNextProtos( | 186 static std::vector<uint8_t> SerializeNextProtos( |
| 182 const NextProtoVector& next_protos); | 187 const NextProtoVector& next_protos); |
| 183 | 188 |
| 189 // For unit testing only. |
| 190 // Specify a client certificate and the RSA private key to be used with it. |
| 191 virtual void ForceClientCertificateAndKeyForTest( |
| 192 scoped_refptr<X509Certificate> client_cert, |
| 193 scoped_ptr<SSLPrivateKey> client_private_key) {} |
| 194 |
| 184 private: | 195 private: |
| 185 FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos); | 196 FRIEND_TEST_ALL_PREFIXES(SSLClientSocket, SerializeNextProtos); |
| 186 // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_. | 197 // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_. |
| 187 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, | 198 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, |
| 188 ConnectSignedCertTimestampsEnabledTLSExtension); | 199 ConnectSignedCertTimestampsEnabledTLSExtension); |
| 189 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, | 200 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, |
| 190 ConnectSignedCertTimestampsEnabledOCSP); | 201 ConnectSignedCertTimestampsEnabledOCSP); |
| 191 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, | 202 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, |
| 192 ConnectSignedCertTimestampsDisabled); | 203 ConnectSignedCertTimestampsDisabled); |
| 193 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, | 204 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest, |
| 194 VerifyServerChainProperlyOrdered); | 205 VerifyServerChainProperlyOrdered); |
| 206 friend class SSLServerSocketTest; |
| 195 | 207 |
| 196 // True if SCTs were received via a TLS extension. | 208 // True if SCTs were received via a TLS extension. |
| 197 bool signed_cert_timestamps_received_; | 209 bool signed_cert_timestamps_received_; |
| 198 // True if a stapled OCSP response was received. | 210 // True if a stapled OCSP response was received. |
| 199 bool stapled_ocsp_response_received_; | 211 bool stapled_ocsp_response_received_; |
| 200 // Protocol negotiation extension used. | 212 // Protocol negotiation extension used. |
| 201 SSLNegotiationExtension negotiation_extension_; | 213 SSLNegotiationExtension negotiation_extension_; |
| 202 }; | 214 }; |
| 203 | 215 |
| 204 } // namespace net | 216 } // namespace net |
| 205 | 217 |
| 206 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_ | 218 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 994743003:
Support for client certs in ssl_server_socket.
Base URL: https://chromium.googlesource.com/chromium/src.git@master