1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_SOCKET_SSL_HOST_INFO_H
#define NET_SOCKET_SSL_HOST_INFO_H
#include <string>
#include <vector>
#include "base/ref_counted.h"
#include "base/scoped_ptr.h"
#include "net/base/cert_verify_result.h"
#include "net/base/completion_callback.h"
#include "net/socket/ssl_client_socket.h"
namespace net {
class CertVerifier;
class X509Certificate;
struct SSLConfig;
// SSLHostInfo is an interface for fetching information about an SSL server.
// This information may be stored on disk so does not include keys or session
// information etc. Primarily it's intended for caching the server's
// certificates.
class SSLHostInfo {
public:
SSLHostInfo(const std::string& hostname, const SSLConfig& ssl_config);
virtual ~SSLHostInfo();
// Start will commence the lookup. This must be called before any other
// methods. By opportunistically calling this early, it may be possible to
// overlap this object's lookup and reduce latency.
virtual void Start() = 0;
// WaitForDataReady returns OK if the fetch of the requested data has
// completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on
// the current thread when ready.
//
// Only a single callback can be outstanding at a given time and, in the
// event that WaitForDataReady returns OK, it's the caller's responsibility
// to delete |callback|.
//
// |callback| may be NULL, in which case ERR_IO_PENDING may still be returned
// but, obviously, a callback will never be made.
virtual int WaitForDataReady(CompletionCallback* callback) = 0;
// Persist allows for the host information to be updated for future users.
// This is a fire and forget operation: the caller may drop its reference
// from this object and the store operation will still complete. This can
// only be called once WaitForDataReady has returned OK or called its
// callback.
virtual void Persist() = 0;
struct State {
State();
~State();
// certs is a vector of DER encoded X.509 certificates, as the server
// returned them and in the same order.
std::vector<std::string> certs;
// server_hello contains the bytes of the ServerHello message (or may be
// empty if the server doesn't support Snap Start.)
std::string server_hello;
// npn_valid is true iff |npn_status| and |npn_protocol| is successful.
bool npn_valid;
// these members contain the NPN result of a connection to the server.
SSLClientSocket::NextProtoStatus npn_status;
std::string npn_protocol;
private:
DISALLOW_COPY_AND_ASSIGN(State);
};
// Once the data is ready, it can be read using the following members. These
// members can then be updated before calling |Persist|.
const State& state() const;
State* mutable_state();
// This is true if state().certs.size() > 0 and state().certs[0] has been
// verified for |hostname_|.
bool cert_valid() const;
// If |cert_valid()| returns true, then this contains the result of verifying
// the certificate.
const CertVerifyResult& cert_verify_result() const;
protected:
// Parse parses an opaque blob of data and fills out the public member fields
// of this object. It returns true iff the parse was successful. The public
// member fields will be set to something sane in any case.
bool Parse(const std::string& data);
std::string Serialize() const;
State state_;
private:
// This is the callback function which the CertVerifier calls via |callback_|.
void VerifyCallback(int rv);
// This is the hostname that we'll validate the certificates against.
const std::string hostname_;
bool cert_valid_; // see the comments for |cert_valid|.
// These two members are taken from the SSLConfig.
bool rev_checking_enabled_;
bool verify_ev_cert_;
CertVerifyResult cert_verify_result_;
scoped_ptr<CertVerifier> verifier_;
scoped_refptr<X509Certificate> cert_;
scoped_refptr<CancelableCompletionCallback<SSLHostInfo> > callback_;
};
class SSLHostInfoFactory {
public:
virtual ~SSLHostInfoFactory();
// GetForHost returns a fresh, allocated SSLHostInfo for the given hostname
// or NULL on failure.
virtual SSLHostInfo* GetForHost(const std::string& hostname,
const SSLConfig& ssl_config) = 0;
};
} // namespace net
#endif // NET_SOCKET_SSL_HOST_INFO_H
|
