diff options
| -rw-r--r-- | net/base/net_log_event_type_list.h | 6 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket.h | 43 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_nss.cc | 88 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_nss.h | 42 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_openssl.cc | 51 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_unittest.cc | 8 | ||||
| -rw-r--r-- | remoting/protocol/jingle_session.cc | 2 |
7 files changed, 131 insertions, 109 deletions
diff --git a/net/base/net_log_event_type_list.h b/net/base/net_log_event_type_list.h index 65c66fe..bf5022a 100644 --- a/net/base/net_log_event_type_list.h +++ b/net/base/net_log_event_type_list.h @@ -360,11 +360,11 @@ EVENT_TYPE(SOCKS_UNEXPECTED_AUTH) // } EVENT_TYPE(SOCKS_UNKNOWN_ADDRESS_TYPE) -// The start/end of a SSL connect(). +// The start/end of an SSL "connect" (aka client handshake). EVENT_TYPE(SSL_CONNECT) -// The start/end of a SSL accept(). -EVENT_TYPE(SSL_ACCEPT) +// The start/end of an SSL server handshake (aka "accept"). +EVENT_TYPE(SSL_SERVER_HANDSHAKE) // An SSL error occurred while trying to do the indicated activity. // The following parameters are attached to the event: diff --git a/net/socket/ssl_server_socket.h b/net/socket/ssl_server_socket.h index 61877d2..b0b7977 100644 --- a/net/socket/ssl_server_socket.h +++ b/net/socket/ssl_server_socket.h @@ -8,7 +8,7 @@ #include "base/basictypes.h" #include "net/base/completion_callback.h" #include "net/base/net_api.h" -#include "net/socket/socket.h" +#include "net/socket/stream_socket.h" namespace crypto { class RSAPrivateKey; @@ -20,35 +20,34 @@ class IOBuffer; struct SSLConfig; class X509Certificate; -// SSLServerSocket takes an already connected socket and performs SSL on top of -// it. -// -// This class is designed to work in a peer-to-peer connection and is not -// intended to be used as a standalone SSL server. -class SSLServerSocket : public Socket { +class SSLServerSocket : public StreamSocket { public: virtual ~SSLServerSocket() {} - // Performs an SSL server handshake on the existing socket. The given socket - // must have already been connected. - // - // Accept either returns ERR_IO_PENDING, in which case the given callback - // will be called in the future with the real result, or it completes - // synchronously, returning the result immediately. - virtual int Accept(CompletionCallback* callback) = 0; + // Perform the SSL server handshake, and notify the supplied callback + // if the process completes asynchronously. If Disconnect is called before + // completion then the callback will be silently, as for other StreamSocket + // calls. + virtual int Handshake(CompletionCallback* callback) = 0; }; -// Creates an SSL server socket using an already connected socket. A certificate -// and private key needs to be provided. +// Creates an SSL server socket over an already-connected transport socket. +// The caller must provide the server certificate and private key to use. +// +// The returned SSLServerSocket takes ownership of |socket|. Stubbed versions +// of CreateSSLServerSocket will delete |socket| and return NULL. +// It takes a reference to |certificate|. +// The |key| and |ssl_config| parameters are copied. |key| cannot be const +// because the methods used to copy its contents are non-const. // -// This created server socket will take ownership of |socket|. However |key| -// is copied. -// TODO(hclam): Defines ServerSocketFactory to create SSLServerSocket. This will -// make mocking easier. +// The caller starts the SSL server handshake by calling Handshake on the +// returned socket. NET_API SSLServerSocket* CreateSSLServerSocket( - Socket* socket, X509Certificate* certificate, crypto::RSAPrivateKey* key, + StreamSocket* socket, + X509Certificate* certificate, + crypto::RSAPrivateKey* key, const SSLConfig& ssl_config); } // namespace net -#endif // NET_SOCKET_SSL_SERVER_SOCKET_NSS_H_ +#endif // NET_SOCKET_SSL_SERVER_SOCKET_H_ diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc index de212e2..0f35ce9c 100644 --- a/net/socket/ssl_server_socket_nss.cc +++ b/net/socket/ssl_server_socket_nss.cc @@ -46,13 +46,15 @@ static const int kRecvBufferSize = 4096; namespace net { SSLServerSocket* CreateSSLServerSocket( - Socket* socket, X509Certificate* cert, crypto::RSAPrivateKey* key, + StreamSocket* socket, + X509Certificate* cert, + crypto::RSAPrivateKey* key, const SSLConfig& ssl_config) { return new SSLServerSocketNSS(socket, cert, key, ssl_config); } SSLServerSocketNSS::SSLServerSocketNSS( - Socket* transport_socket, + StreamSocket* transport_socket, scoped_refptr<X509Certificate> cert, crypto::RSAPrivateKey* key, const SSLConfig& ssl_config) @@ -62,7 +64,7 @@ SSLServerSocketNSS::SSLServerSocketNSS( this, &SSLServerSocketNSS::BufferRecvComplete)), transport_send_busy_(false), transport_recv_busy_(false), - user_accept_callback_(NULL), + user_handshake_callback_(NULL), user_read_callback_(NULL), user_write_callback_(NULL), nss_fd_(NULL), @@ -90,20 +92,20 @@ SSLServerSocketNSS::~SSLServerSocketNSS() { } } -int SSLServerSocketNSS::Accept(CompletionCallback* callback) { - net_log_.BeginEvent(NetLog::TYPE_SSL_ACCEPT, NULL); +int SSLServerSocketNSS::Handshake(CompletionCallback* callback) { + net_log_.BeginEvent(NetLog::TYPE_SSL_SERVER_HANDSHAKE, NULL); int rv = Init(); if (rv != OK) { LOG(ERROR) << "Failed to initialize NSS"; - net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); + net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); return rv; } rv = InitializeSSLOptions(); if (rv != OK) { LOG(ERROR) << "Failed to initialize SSL options"; - net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); + net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); return rv; } @@ -116,18 +118,23 @@ int SSLServerSocketNSS::Accept(CompletionCallback* callback) { GotoState(STATE_HANDSHAKE); rv = DoHandshakeLoop(net::OK); if (rv == ERR_IO_PENDING) { - user_accept_callback_ = callback; + user_handshake_callback_ = callback; } else { - net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_ACCEPT, rv); + net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); } return rv > OK ? OK : rv; } +int SSLServerSocketNSS::Connect(CompletionCallback* callback) { + NOTIMPLEMENTED(); + return ERR_NOT_IMPLEMENTED; +} + int SSLServerSocketNSS::Read(IOBuffer* buf, int buf_len, CompletionCallback* callback) { DCHECK(!user_read_callback_); - DCHECK(!user_accept_callback_); + DCHECK(!user_handshake_callback_); DCHECK(!user_read_buf_); DCHECK(nss_bufs_); @@ -168,11 +175,55 @@ int SSLServerSocketNSS::Write(IOBuffer* buf, int buf_len, } bool SSLServerSocketNSS::SetReceiveBufferSize(int32 size) { - return false; + return transport_socket_->SetReceiveBufferSize(size); } bool SSLServerSocketNSS::SetSendBufferSize(int32 size) { - return false; + return transport_socket_->SetSendBufferSize(size); +} + +bool SSLServerSocketNSS::IsConnected() const { + return completed_handshake_; +} + +void SSLServerSocketNSS::Disconnect() { + transport_socket_->Disconnect(); +} + +bool SSLServerSocketNSS::IsConnectedAndIdle() const { + return completed_handshake_ && transport_socket_->IsConnectedAndIdle(); +} + +int SSLServerSocketNSS::GetPeerAddress(AddressList* address) const { + if (!IsConnected()) + return ERR_SOCKET_NOT_CONNECTED; + return transport_socket_->GetPeerAddress(address); +} + +int SSLServerSocketNSS::GetLocalAddress(IPEndPoint* address) const { + if (!IsConnected()) + return ERR_SOCKET_NOT_CONNECTED; + return transport_socket_->GetLocalAddress(address); +} + +const BoundNetLog& SSLServerSocketNSS::NetLog() const { + return net_log_; +} + +void SSLServerSocketNSS::SetSubresourceSpeculation() { + transport_socket_->SetSubresourceSpeculation(); +} + +void SSLServerSocketNSS::SetOmniboxSpeculation() { + transport_socket_->SetOmniboxSpeculation(); +} + +bool SSLServerSocketNSS::WasEverUsed() const { + return transport_socket_->WasEverUsed(); +} + +bool SSLServerSocketNSS::UsingTCPFastOpen() const { + return transport_socket_->UsingTCPFastOpen(); } int SSLServerSocketNSS::InitializeSSLOptions() { @@ -385,9 +436,10 @@ void SSLServerSocketNSS::OnRecvComplete(int result) { void SSLServerSocketNSS::OnHandshakeIOComplete(int result) { int rv = DoHandshakeLoop(result); if (rv != ERR_IO_PENDING) { - net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_ACCEPT, rv); - if (user_accept_callback_) - DoAcceptCallback(rv); + net_log_.EndEventWithNetErrorCode(net::NetLog::TYPE_SSL_SERVER_HANDSHAKE, + rv); + if (user_handshake_callback_) + DoHandshakeCallback(rv); } } @@ -609,11 +661,11 @@ int SSLServerSocketNSS::DoHandshake() { return net_error; } -void SSLServerSocketNSS::DoAcceptCallback(int rv) { +void SSLServerSocketNSS::DoHandshakeCallback(int rv) { DCHECK_NE(rv, ERR_IO_PENDING); - CompletionCallback* c = user_accept_callback_; - user_accept_callback_ = NULL; + CompletionCallback* c = user_handshake_callback_; + user_handshake_callback_ = NULL; c->Run(rv > OK ? OK : rv); } diff --git a/net/socket/ssl_server_socket_nss.h b/net/socket/ssl_server_socket_nss.h index 7953c38..366a915 100644 --- a/net/socket/ssl_server_socket_nss.h +++ b/net/socket/ssl_server_socket_nss.h @@ -23,21 +23,18 @@ namespace net { class SSLServerSocketNSS : public SSLServerSocket { public: - // This object takes ownership of the following parameters: - // |socket| - A socket that is already connected. - // |cert| - The certificate to be used by the server. - // - // The following parameters are copied in the constructor. - // |ssl_config| - Options for SSL socket. - // |key| - The private key used by the server. - SSLServerSocketNSS(Socket* transport_socket, - scoped_refptr<X509Certificate> cert, + // See comments on CreateSSLServerSocket for details of how these + // parameters are used. + SSLServerSocketNSS(StreamSocket* socket, + scoped_refptr<X509Certificate> certificate, crypto::RSAPrivateKey* key, const SSLConfig& ssl_config); virtual ~SSLServerSocketNSS(); - // SSLServerSocket implementation. - virtual int Accept(CompletionCallback* callback); + // SSLServerSocket interface. + virtual int Handshake(CompletionCallback* callback); + + // Socket interface (via StreamSocket). virtual int Read(IOBuffer* buf, int buf_len, CompletionCallback* callback); virtual int Write(IOBuffer* buf, int buf_len, @@ -45,6 +42,19 @@ class SSLServerSocketNSS : public SSLServerSocket { virtual bool SetReceiveBufferSize(int32 size); virtual bool SetSendBufferSize(int32 size); + // StreamSocket interface. + virtual int Connect(CompletionCallback* callback); + virtual void Disconnect(); + virtual bool IsConnected() const; + virtual bool IsConnectedAndIdle() const; + virtual int GetPeerAddress(AddressList* address) const; + virtual int GetLocalAddress(IPEndPoint* address) const; + virtual const BoundNetLog& NetLog() const; + virtual void SetSubresourceSpeculation(); + virtual void SetOmniboxSpeculation(); + virtual bool WasEverUsed() const; + virtual bool UsingTCPFastOpen() const; + private: enum State { STATE_NONE, @@ -69,7 +79,7 @@ class SSLServerSocketNSS : public SSLServerSocket { int DoReadLoop(int result); int DoWriteLoop(int result); int DoHandshake(); - void DoAcceptCallback(int result); + void DoHandshakeCallback(int result); void DoReadCallback(int result); void DoWriteCallback(int result); @@ -91,7 +101,7 @@ class SSLServerSocketNSS : public SSLServerSocket { BoundNetLog net_log_; - CompletionCallback* user_accept_callback_; + CompletionCallback* user_handshake_callback_; CompletionCallback* user_read_callback_; CompletionCallback* user_write_callback_; @@ -109,12 +119,10 @@ class SSLServerSocketNSS : public SSLServerSocket { // Buffers for the network end of the SSL state machine memio_Private* nss_bufs_; - // Socket for sending and receiving data. - scoped_ptr<Socket> transport_socket_; + // StreamSocket for sending and receiving data. + scoped_ptr<StreamSocket> transport_socket_; // Options for the SSL socket. - // TODO(hclam): This memeber is currently not used. Should make use of this - // member to configure the socket. SSLConfig ssl_config_; // Certificate for the server. diff --git a/net/socket/ssl_server_socket_openssl.cc b/net/socket/ssl_server_socket_openssl.cc index 68c26fe..8dc1b9c0 100644 --- a/net/socket/ssl_server_socket_openssl.cc +++ b/net/socket/ssl_server_socket_openssl.cc @@ -7,53 +7,16 @@ namespace net { -namespace { - -class SSLServerSocketOpenSSL : public SSLServerSocket { - public: - virtual ~SSLServerSocketOpenSSL() {} - - // SSLServerSocket - virtual int Accept(CompletionCallback* callback) { - // TODO(bulach): implement. - NOTIMPLEMENTED(); - return 0; - } - - // Socket - virtual int Read(IOBuffer* buf, int buf_len, - CompletionCallback* callback) { - // TODO(bulach): implement. - NOTIMPLEMENTED(); - return 0; - } - virtual int Write(IOBuffer* buf, int buf_len, - CompletionCallback* callback) { - // TODO(bulach): implement. - NOTIMPLEMENTED(); - return 0; - } - - virtual bool SetReceiveBufferSize(int32 size) { - // TODO(bulach): implement. - NOTIMPLEMENTED(); - return false; - } - - virtual bool SetSendBufferSize(int32 size) { - // TODO(bulach): implement. - NOTIMPLEMENTED(); - return false; - } -}; - -} // namespace - -SSLServerSocket* CreateSSLServerSocket(Socket* socket, +// TODO(bulach): Rather than disable components which call +// CreateSSLServerSocket when building for OpenSSL rather than NSS, just +// provide a stub for it for now. +SSLServerSocket* CreateSSLServerSocket(StreamSocket* socket, X509Certificate* certificate, crypto::RSAPrivateKey* key, const SSLConfig& ssl_config) { - return new SSLServerSocketOpenSSL(); + NOTIMPLEMENTED(); + delete socket; + return NULL; } } // namespace net diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc index 5e08ffe..aff78dc 100644 --- a/net/socket/ssl_server_socket_unittest.cc +++ b/net/socket/ssl_server_socket_unittest.cc @@ -284,8 +284,8 @@ TEST_F(SSLServerSocketTest, Initialize) { Initialize(); } -// This test executes Connect() of SSLClientSocket and Accept() of -// SSLServerSocket to make sure handshaking between the two sockets are +// This test executes Connect() on SSLClientSocket and Handshake() on +// SSLServerSocket to make sure handshaking between the two sockets is // completed successfully. TEST_F(SSLServerSocketTest, Handshake) { Initialize(); @@ -293,7 +293,7 @@ TEST_F(SSLServerSocketTest, Handshake) { TestCompletionCallback connect_callback; TestCompletionCallback accept_callback; - int server_ret = server_socket_->Accept(&accept_callback); + int server_ret = server_socket_->Handshake(&accept_callback); EXPECT_TRUE(server_ret == net::OK || server_ret == net::ERR_IO_PENDING); int client_ret = client_socket_->Connect(&connect_callback); @@ -322,7 +322,7 @@ TEST_F(SSLServerSocketTest, DataTransfer) { int client_ret = client_socket_->Connect(&connect_callback); ASSERT_TRUE(client_ret == net::OK || client_ret == net::ERR_IO_PENDING); - int server_ret = server_socket_->Accept(&accept_callback); + int server_ret = server_socket_->Handshake(&accept_callback); ASSERT_TRUE(server_ret == net::OK || server_ret == net::ERR_IO_PENDING); if (client_ret == net::ERR_IO_PENDING) { diff --git a/remoting/protocol/jingle_session.cc b/remoting/protocol/jingle_session.cc index abffdc9..20747a4 100644 --- a/remoting/protocol/jingle_session.cc +++ b/remoting/protocol/jingle_session.cc @@ -471,7 +471,7 @@ bool JingleSession::EstablishSSLConnection( pseudotcp, local_cert_, local_private_key_.get(), ssl_config); ssl_socket->reset(new SocketWrapper(socket)); - int ret = socket->Accept(&ssl_connect_callback_); + int ret = socket->Handshake(&ssl_connect_callback_); if (ret == net::ERR_IO_PENDING) { return true; } else if (ret != net::OK) { |