net/socket/ssl_client_socket_pool.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/time/time.h"
  13 #include "net/base/privacy_mode.h"
  14 #include "net/dns/host_resolver.h"
  15 #include "net/http/http_response_info.h"
  16 #include "net/socket/client_socket_pool.h"
  17 #include "net/socket/client_socket_pool_base.h"
  18 #include "net/socket/client_socket_pool_histograms.h"
  19 #include "net/socket/ssl_client_socket.h"
  20 #include "net/ssl/ssl_config_service.h"
  21
  22 namespace net {
  23
  24 class CertVerifier;
  25 class ClientSocketFactory;
  26 class ConnectJobFactory;
  27 class CTVerifier;
  28 class HostPortPair;
  29 class HttpProxyClientSocketPool;
  30 class HttpProxySocketParams;
  31 class SOCKSClientSocketPool;
  32 class SOCKSSocketParams;
  33 class SSLClientSocket;
  34 class TransportClientSocketPool;
  35 class TransportSecurityState;
  36 class TransportSocketParams;
  37
  38 class NET_EXPORT_PRIVATE SSLSocketParams
  39     : public base::RefCounted<SSLSocketParams> {
  40  public:
  41   enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
  42
  43   // Exactly one of |direct_params|, |socks_proxy_params|, and
  44   // |http_proxy_params| must be non-NULL.
  45   SSLSocketParams(
  46       const scoped_refptr<TransportSocketParams>& direct_params,
  47       const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
  48       const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
  49       const HostPortPair& host_and_port,
  50       const SSLConfig& ssl_config,
  51       PrivacyMode privacy_mode,
  52       int load_flags,
  53       bool force_spdy_over_ssl,
  54       bool want_spdy_over_npn);
  55
  56   // Returns the type of the underlying connection.
  57   ConnectionType GetConnectionType() const;
  58
  59   // Must be called only when GetConnectionType() returns DIRECT.
  60   const scoped_refptr<TransportSocketParams>&
  61       GetDirectConnectionParams() const;
  62
  63   // Must be called only when GetConnectionType() returns SOCKS_PROXY.
  64   const scoped_refptr<SOCKSSocketParams>&
  65       GetSocksProxyConnectionParams() const;
  66
  67   // Must be called only when GetConnectionType() returns HTTP_PROXY.
  68   const scoped_refptr<HttpProxySocketParams>&
  69       GetHttpProxyConnectionParams() const;
  70
  71   const HostPortPair& host_and_port() const { return host_and_port_; }
  72   const SSLConfig& ssl_config() const { return ssl_config_; }
  73   PrivacyMode privacy_mode() const { return privacy_mode_; }
  74   int load_flags() const { return load_flags_; }
  75   bool force_spdy_over_ssl() const { return force_spdy_over_ssl_; }
  76   bool want_spdy_over_npn() const { return want_spdy_over_npn_; }
  77   bool ignore_limits() const { return ignore_limits_; }
  78
  79  private:
  80   friend class base::RefCounted<SSLSocketParams>;
  81   ~SSLSocketParams();
  82
  83   const scoped_refptr<TransportSocketParams> direct_params_;
  84   const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
  85   const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
  86   const HostPortPair host_and_port_;
  87   const SSLConfig ssl_config_;
  88   const PrivacyMode privacy_mode_;
  89   const int load_flags_;
  90   const bool force_spdy_over_ssl_;
  91   const bool want_spdy_over_npn_;
  92   bool ignore_limits_;
  93
  94   DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
  95 };
  96
  97 // SSLConnectJob handles the SSL handshake after setting up the underlying
  98 // connection as specified in the params.
  99 class SSLConnectJob : public ConnectJob {
 100  public:
 101   SSLConnectJob(
 102       const std::string& group_name,
 103       RequestPriority priority,
 104       const scoped_refptr<SSLSocketParams>& params,
 105       const base::TimeDelta& timeout_duration,
 106       TransportClientSocketPool* transport_pool,
 107       SOCKSClientSocketPool* socks_pool,
 108       HttpProxyClientSocketPool* http_proxy_pool,
 109       ClientSocketFactory* client_socket_factory,
 110       HostResolver* host_resolver,
 111       const SSLClientSocketContext& context,
 112       Delegate* delegate,
 113       NetLog* net_log);
 114   virtual ~SSLConnectJob();
 115
 116   // ConnectJob methods.
 117   virtual LoadState GetLoadState() const OVERRIDE;
 118
 119   virtual void GetAdditionalErrorState(ClientSocketHandle * handle) OVERRIDE;
 120
 121  private:
 122   enum State {
 123     STATE_TRANSPORT_CONNECT,
 124     STATE_TRANSPORT_CONNECT_COMPLETE,
 125     STATE_SOCKS_CONNECT,
 126     STATE_SOCKS_CONNECT_COMPLETE,
 127     STATE_TUNNEL_CONNECT,
 128     STATE_TUNNEL_CONNECT_COMPLETE,
 129     STATE_SSL_CONNECT,
 130     STATE_SSL_CONNECT_COMPLETE,
 131     STATE_NONE,
 132   };
 133
 134   void OnIOComplete(int result);
 135
 136   // Runs the state transition loop.
 137   int DoLoop(int result);
 138
 139   int DoTransportConnect();
 140   int DoTransportConnectComplete(int result);
 141   int DoSOCKSConnect();
 142   int DoSOCKSConnectComplete(int result);
 143   int DoTunnelConnect();
 144   int DoTunnelConnectComplete(int result);
 145   int DoSSLConnect();
 146   int DoSSLConnectComplete(int result);
 147
 148   // Returns the initial state for the state machine based on the
 149   // |connection_type|.
 150   static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
 151
 152   // Starts the SSL connection process.  Returns OK on success and
 153   // ERR_IO_PENDING if it cannot immediately service the request.
 154   // Otherwise, it returns a net error code.
 155   virtual int ConnectInternal() OVERRIDE;
 156
 157   scoped_refptr<SSLSocketParams> params_;
 158   TransportClientSocketPool* const transport_pool_;
 159   SOCKSClientSocketPool* const socks_pool_;
 160   HttpProxyClientSocketPool* const http_proxy_pool_;
 161   ClientSocketFactory* const client_socket_factory_;
 162   HostResolver* const host_resolver_;
 163
 164   const SSLClientSocketContext context_;
 165
 166   State next_state_;
 167   CompletionCallback callback_;
 168   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
 169   scoped_ptr<SSLClientSocket> ssl_socket_;
 170
 171   HttpResponseInfo error_response_info_;
 172
 173   DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
 174 };
 175
 176 class NET_EXPORT_PRIVATE SSLClientSocketPool
 177     : public ClientSocketPool,
 178       public HigherLayeredPool,
 179       public SSLConfigService::Observer {
 180  public:
 181   typedef SSLSocketParams SocketParams;
 182
 183   // Only the pools that will be used are required. i.e. if you never
 184   // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
 185   SSLClientSocketPool(
 186       int max_sockets,
 187       int max_sockets_per_group,
 188       ClientSocketPoolHistograms* histograms,
 189       HostResolver* host_resolver,
 190       CertVerifier* cert_verifier,
 191       ChannelIDService* channel_id_service,
 192       TransportSecurityState* transport_security_state,
 193       CTVerifier* cert_transparency_verifier,
 194       const std::string& ssl_session_cache_shard,
 195       ClientSocketFactory* client_socket_factory,
 196       TransportClientSocketPool* transport_pool,
 197       SOCKSClientSocketPool* socks_pool,
 198       HttpProxyClientSocketPool* http_proxy_pool,
 199       SSLConfigService* ssl_config_service,
 200       NetLog* net_log);
 201
 202   virtual ~SSLClientSocketPool();
 203
 204   // ClientSocketPool implementation.
 205   virtual int RequestSocket(const std::string& group_name,
 206                             const void* connect_params,
 207                             RequestPriority priority,
 208                             ClientSocketHandle* handle,
 209                             const CompletionCallback& callback,
 210                             const BoundNetLog& net_log) OVERRIDE;
 211
 212   virtual void RequestSockets(const std::string& group_name,
 213                               const void* params,
 214                               int num_sockets,
 215                               const BoundNetLog& net_log) OVERRIDE;
 216
 217   virtual void CancelRequest(const std::string& group_name,
 218                              ClientSocketHandle* handle) OVERRIDE;
 219
 220   virtual void ReleaseSocket(const std::string& group_name,
 221                              scoped_ptr<StreamSocket> socket,
 222                              int id) OVERRIDE;
 223
 224   virtual void FlushWithError(int error) OVERRIDE;
 225
 226   virtual void CloseIdleSockets() OVERRIDE;
 227
 228   virtual int IdleSocketCount() const OVERRIDE;
 229
 230   virtual int IdleSocketCountInGroup(
 231       const std::string& group_name) const OVERRIDE;
 232
 233   virtual LoadState GetLoadState(
 234       const std::string& group_name,
 235       const ClientSocketHandle* handle) const OVERRIDE;
 236
 237   virtual base::DictionaryValue* GetInfoAsValue(
 238       const std::string& name,
 239       const std::string& type,
 240       bool include_nested_pools) const OVERRIDE;
 241
 242   virtual base::TimeDelta ConnectionTimeout() const OVERRIDE;
 243
 244   virtual ClientSocketPoolHistograms* histograms() const OVERRIDE;
 245
 246   // LowerLayeredPool implementation.
 247   virtual bool IsStalled() const OVERRIDE;
 248
 249   virtual void AddHigherLayeredPool(HigherLayeredPool* higher_pool) OVERRIDE;
 250
 251   virtual void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) OVERRIDE;
 252
 253   // HigherLayeredPool implementation.
 254   virtual bool CloseOneIdleConnection() OVERRIDE;
 255
 256  private:
 257   typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
 258
 259   // SSLConfigService::Observer implementation.
 260
 261   // When the user changes the SSL config, we flush all idle sockets so they
 262   // won't get re-used.
 263   virtual void OnSSLConfigChanged() OVERRIDE;
 264
 265   class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
 266    public:
 267     SSLConnectJobFactory(
 268         TransportClientSocketPool* transport_pool,
 269         SOCKSClientSocketPool* socks_pool,
 270         HttpProxyClientSocketPool* http_proxy_pool,
 271         ClientSocketFactory* client_socket_factory,
 272         HostResolver* host_resolver,
 273         const SSLClientSocketContext& context,
 274         NetLog* net_log);
 275
 276     virtual ~SSLConnectJobFactory() {}
 277
 278     // ClientSocketPoolBase::ConnectJobFactory methods.
 279     virtual scoped_ptr<ConnectJob> NewConnectJob(
 280         const std::string& group_name,
 281         const PoolBase::Request& request,
 282         ConnectJob::Delegate* delegate) const OVERRIDE;
 283
 284     virtual base::TimeDelta ConnectionTimeout() const OVERRIDE;
 285
 286    private:
 287     TransportClientSocketPool* const transport_pool_;
 288     SOCKSClientSocketPool* const socks_pool_;
 289     HttpProxyClientSocketPool* const http_proxy_pool_;
 290     ClientSocketFactory* const client_socket_factory_;
 291     HostResolver* const host_resolver_;
 292     const SSLClientSocketContext context_;
 293     base::TimeDelta timeout_;
 294     NetLog* net_log_;
 295
 296     DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
 297   };
 298
 299   TransportClientSocketPool* const transport_pool_;
 300   SOCKSClientSocketPool* const socks_pool_;
 301   HttpProxyClientSocketPool* const http_proxy_pool_;
 302   PoolBase base_;
 303   const scoped_refptr<SSLConfigService> ssl_config_service_;
 304
 305   DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
 306 };
 307
 308 }  // namespace net
 309
 310 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_