diff options
| author | raymes@chromium.org <raymes@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-12 03:38:22 +0000 |
|---|---|---|
| committer | raymes@chromium.org <raymes@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-12 03:38:22 +0000 |
| commit | 92a794994111f442e9c7ba1792a5418a77c2ca74 (patch) | |
| tree | 6ccf61412e2d7c33adab5611354db381c8367fc1 /content | |
| parent | 8d813a832c341a54a8a8aff5702bd392e990cda7 (diff) | |
| download | chromium_src-92a794994111f442e9c7ba1792a5418a77c2ca74.zip chromium_src-92a794994111f442e9c7ba1792a5418a77c2ca74.tar.gz chromium_src-92a794994111f442e9c7ba1792a5418a77c2ca74.tar.bz2 | |
This adds the following to functions to the ppapi TCPSocket interface:
1) GetServer certificate, which returns the server X509Certificate if an SSL connection has been established.
2) AddChainBuilding certificate. This is currently unimplemented in Chrome but the interface and plumbing has been added so it can easily be hooked up. This should add a trusted/untrusted chain building certificate to be used by the client for a particular connection when performing the SSL handshake.
BUG=114626
TEST=out/Release/browser_tests --gtest_filter=*PPAPITest.*TCP*Trusted*
Review URL: http://codereview.chromium.org/9699100
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@131918 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content')
6 files changed, 60 insertions, 21 deletions
diff --git a/content/browser/renderer_host/pepper_message_filter.cc b/content/browser/renderer_host/pepper_message_filter.cc index c3c5e0f..28e0452 100644 --- a/content/browser/renderer_host/pepper_message_filter.cc +++ b/content/browser/renderer_host/pepper_message_filter.cc @@ -288,16 +288,20 @@ void PepperMessageFilter::DoTCPConnectWithNetAddress( iter->second->SendConnectACKError(); } -void PepperMessageFilter::OnTCPSSLHandshake(uint32 socket_id, - const std::string& server_name, - uint16_t server_port) { +void PepperMessageFilter::OnTCPSSLHandshake( + uint32 socket_id, + const std::string& server_name, + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs) { TCPSocketMap::iterator iter = tcp_sockets_.find(socket_id); if (iter == tcp_sockets_.end()) { NOTREACHED(); return; } - iter->second->SSLHandshake(server_name, server_port); + iter->second->SSLHandshake(server_name, server_port, trusted_certs, + untrusted_certs); } void PepperMessageFilter::OnTCPRead(uint32 socket_id, int32_t bytes_to_read) { diff --git a/content/browser/renderer_host/pepper_message_filter.h b/content/browser/renderer_host/pepper_message_filter.h index d63a730..d10f6d0e 100644 --- a/content/browser/renderer_host/pepper_message_filter.h +++ b/content/browser/renderer_host/pepper_message_filter.h @@ -8,6 +8,7 @@ #include <map> #include <string> +#include <vector> #include "base/basictypes.h" #include "base/memory/linked_ptr.h" @@ -133,9 +134,12 @@ class PepperMessageFilter void OnTCPConnectWithNetAddress(int32 routing_id, uint32 socket_id, const PP_NetAddress_Private& net_addr); - void OnTCPSSLHandshake(uint32 socket_id, - const std::string& server_name, - uint16_t server_port); + void OnTCPSSLHandshake( + uint32 socket_id, + const std::string& server_name, + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs); void OnTCPRead(uint32 socket_id, int32_t bytes_to_read); void OnTCPWrite(uint32 socket_id, const std::string& data); void OnTCPDisconnect(uint32 socket_id); diff --git a/content/browser/renderer_host/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper_tcp_socket.cc index e80e8e6..d6007f5 100644 --- a/content/browser/renderer_host/pepper_tcp_socket.cc +++ b/content/browser/renderer_host/pepper_tcp_socket.cc @@ -104,8 +104,11 @@ void PepperTCPSocket::ConnectWithNetAddress( StartConnect(address_list_); } -void PepperTCPSocket::SSLHandshake(const std::string& server_name, - uint16_t server_port) { +void PepperTCPSocket::SSLHandshake( + const std::string& server_name, + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); // Allow to do SSL handshake only if currently the socket has been connected @@ -119,6 +122,8 @@ void PepperTCPSocket::SSLHandshake(const std::string& server_name, } connection_state_ = SSL_HANDSHAKE_IN_PROGRESS; + // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting. + net::ClientSocketHandle* handle = new net::ClientSocketHandle(); handle->set_socket(socket_.release()); net::ClientSocketFactory* factory = @@ -275,8 +280,22 @@ void PepperTCPSocket::SendWriteACKError() { } void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) { + ppapi::PPB_X509Certificate_Fields certificate_fields; + if (succeeded) { + // Our socket is guaranteed to be an SSL socket if we get here. + net::SSLClientSocket* ssl_socket = + static_cast<net::SSLClientSocket*>(socket_.get()); + net::SSLInfo ssl_info; + ssl_socket->GetSSLInfo(&ssl_info); + if (ssl_info.cert.get()) + GetCertificateFields(*ssl_info.cert, &certificate_fields); + } manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK( - routing_id_, plugin_dispatcher_id_, socket_id_, succeeded)); + routing_id_, + plugin_dispatcher_id_, + socket_id_, + succeeded, + certificate_fields)); } void PepperTCPSocket::OnResolveCompleted(int result) { diff --git a/content/browser/renderer_host/pepper_tcp_socket.h b/content/browser/renderer_host/pepper_tcp_socket.h index 3539748..e3afcc0 100644 --- a/content/browser/renderer_host/pepper_tcp_socket.h +++ b/content/browser/renderer_host/pepper_tcp_socket.h @@ -51,7 +51,11 @@ class PepperTCPSocket { void Connect(const std::string& host, uint16_t port); void ConnectWithNetAddress(const PP_NetAddress_Private& net_addr); - void SSLHandshake(const std::string& server_name, uint16_t server_port); + void SSLHandshake( + const std::string& server_name, + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs); void Read(int32 bytes_to_read); void Write(const std::string& data); diff --git a/content/renderer/pepper/pepper_plugin_delegate_impl.cc b/content/renderer/pepper/pepper_plugin_delegate_impl.cc index 301add4..bb023e8 100644 --- a/content/renderer/pepper/pepper_plugin_delegate_impl.cc +++ b/content/renderer/pepper/pepper_plugin_delegate_impl.cc @@ -955,10 +955,12 @@ void PepperPluginDelegateImpl::TCPSocketConnectWithNetAddress( void PepperPluginDelegateImpl::TCPSocketSSLHandshake( uint32 socket_id, const std::string& server_name, - uint16_t server_port) { + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs) { DCHECK(tcp_sockets_.Lookup(socket_id)); render_view_->Send(new PpapiHostMsg_PPBTCPSocket_SSLHandshake( - socket_id, server_name, server_port)); + socket_id, server_name, server_port, trusted_certs, untrusted_certs)); } void PepperPluginDelegateImpl::TCPSocketRead(uint32 socket_id, @@ -1410,11 +1412,12 @@ void PepperPluginDelegateImpl::OnTCPSocketConnectACK( void PepperPluginDelegateImpl::OnTCPSocketSSLHandshakeACK( uint32 plugin_dispatcher_id, uint32 socket_id, - bool succeeded) { + bool succeeded, + const ppapi::PPB_X509Certificate_Fields& certificate_fields) { webkit::ppapi::PPB_TCPSocket_Private_Impl* socket = tcp_sockets_.Lookup(socket_id); if (socket) - socket->OnSSLHandshakeCompleted(succeeded); + socket->OnSSLHandshakeCompleted(succeeded, certificate_fields); } void PepperPluginDelegateImpl::OnTCPSocketReadACK(uint32 plugin_dispatcher_id, diff --git a/content/renderer/pepper/pepper_plugin_delegate_impl.h b/content/renderer/pepper/pepper_plugin_delegate_impl.h index 4597cb4..36c82d2 100644 --- a/content/renderer/pepper/pepper_plugin_delegate_impl.h +++ b/content/renderer/pepper/pepper_plugin_delegate_impl.h @@ -270,9 +270,12 @@ class PepperPluginDelegateImpl webkit::ppapi::PPB_TCPSocket_Private_Impl* socket, uint32 socket_id, const PP_NetAddress_Private& addr) OVERRIDE; - virtual void TCPSocketSSLHandshake(uint32 socket_id, - const std::string& server_name, - uint16_t server_port) OVERRIDE; + virtual void TCPSocketSSLHandshake( + uint32 socket_id, + const std::string& server_name, + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs) OVERRIDE; virtual void TCPSocketRead(uint32 socket_id, int32_t bytes_to_read) OVERRIDE; virtual void TCPSocketWrite(uint32 socket_id, const std::string& buffer) OVERRIDE; @@ -373,9 +376,11 @@ class PepperPluginDelegateImpl bool succeeded, const PP_NetAddress_Private& local_addr, const PP_NetAddress_Private& remote_addr); - void OnTCPSocketSSLHandshakeACK(uint32 plugin_dispatcher_id, - uint32 socket_id, - bool succeeded); + void OnTCPSocketSSLHandshakeACK( + uint32 plugin_dispatcher_id, + uint32 socket_id, + bool succeeded, + const ppapi::PPB_X509Certificate_Fields& certificate_fields); void OnTCPSocketReadACK(uint32 plugin_dispatcher_id, uint32 socket_id, bool succeeded, |