blimp/net/ssl_client_transport.cc


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

// Copyright 2016 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "blimp/net/ssl_client_transport.h"

#include "base/callback.h"
#include "base/callback_helpers.h"
#include "blimp/net/exact_match_cert_verifier.h"
#include "blimp/net/stream_socket_connection.h"
#include "net/base/host_port_pair.h"
#include "net/cert/x509_certificate.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/client_socket_handle.h"
#include "net/socket/ssl_client_socket.h"
#include "net/socket/stream_socket.h"
#include "net/socket/tcp_client_socket.h"
#include "net/ssl/ssl_config.h"

namespace blimp {

SSLClientTransport::SSLClientTransport(const net::IPEndPoint& ip_endpoint,
                                       scoped_refptr<net::X509Certificate> cert,
                                       net::NetLog* net_log)
    : TCPClientTransport(ip_endpoint, net_log), ip_endpoint_(ip_endpoint) {
  // Test code may pass in a null value for |cert|. Only spin up a CertVerifier
  // if there is a cert present.
  if (cert) {
    cert_verifier_.reset(new ExactMatchCertVerifier(std::move(cert)));
  }
}

SSLClientTransport::~SSLClientTransport() {}

const char* SSLClientTransport::GetName() const {
  return "SSL";
}

void SSLClientTransport::OnTCPConnectComplete(int result) {
  DCHECK_NE(net::ERR_IO_PENDING, result);

  scoped_ptr<net::StreamSocket> tcp_socket = TCPClientTransport::TakeSocket();

  DVLOG(1) << "TCP connection result=" << result;
  if (result != net::OK) {
    OnConnectComplete(result);
    return;
  }

  // Construct arguments to use for the SSL socket factory.
  scoped_ptr<net::ClientSocketHandle> socket_handle(
      new net::ClientSocketHandle);
  socket_handle->SetSocket(std::move(tcp_socket));

  net::HostPortPair host_port_pair =
      net::HostPortPair::FromIPEndPoint(ip_endpoint_);

  net::SSLClientSocketContext create_context;
  create_context.cert_verifier = cert_verifier_.get();
  create_context.transport_security_state = &transport_security_state_;

  scoped_ptr<net::StreamSocket> ssl_socket(
      socket_factory()->CreateSSLClientSocket(std::move(socket_handle),
                                              host_port_pair, net::SSLConfig(),
                                              create_context));

  if (!ssl_socket) {
    OnConnectComplete(net::ERR_SSL_PROTOCOL_ERROR);
    return;
  }

  result = ssl_socket->Connect(base::Bind(
      &SSLClientTransport::OnSSLConnectComplete, base::Unretained(this)));
  SetSocket(std::move(ssl_socket));

  if (result == net::ERR_IO_PENDING) {
    // SSL connection will complete asynchronously.
    return;
  }

  OnSSLConnectComplete(result);
}

void SSLClientTransport::OnSSLConnectComplete(int result) {
  DCHECK_NE(net::ERR_IO_PENDING, result);
  DVLOG(1) << "SSL connection result=" << result;

  OnConnectComplete(result);
}

}  // namespace blimp