net/socket/ssl_client_socket.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
   6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_
   7
   8 #include <string>
   9
  10 #include "net/base/completion_callback.h"
  11 #include "net/base/load_flags.h"
  12 #include "net/base/net_errors.h"
  13 #include "net/socket/ssl_socket.h"
  14 #include "net/socket/stream_socket.h"
  15
  16 namespace net {
  17
  18 class CertVerifier;
  19 class ServerBoundCertService;
  20 class SSLCertRequestInfo;
  21 class SSLInfo;
  22 class TransportSecurityState;
  23
  24 // This struct groups together several fields which are used by various
  25 // classes related to SSLClientSocket.
  26 struct SSLClientSocketContext {
  27   SSLClientSocketContext()
  28       : cert_verifier(NULL),
  29         server_bound_cert_service(NULL),
  30         transport_security_state(NULL) {}
  31
  32   SSLClientSocketContext(CertVerifier* cert_verifier_arg,
  33                          ServerBoundCertService* server_bound_cert_service_arg,
  34                          TransportSecurityState* transport_security_state_arg,
  35                          const std::string& ssl_session_cache_shard_arg)
  36       : cert_verifier(cert_verifier_arg),
  37         server_bound_cert_service(server_bound_cert_service_arg),
  38         transport_security_state(transport_security_state_arg),
  39         ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
  40
  41   CertVerifier* cert_verifier;
  42   ServerBoundCertService* server_bound_cert_service;
  43   TransportSecurityState* transport_security_state;
  44   // ssl_session_cache_shard is an opaque string that identifies a shard of the
  45   // SSL session cache. SSL sockets with the same ssl_session_cache_shard may
  46   // resume each other's SSL sessions but we'll never sessions between shards.
  47   const std::string ssl_session_cache_shard;
  48 };
  49
  50 // A client socket that uses SSL as the transport layer.
  51 //
  52 // NOTE: The SSL handshake occurs within the Connect method after a TCP
  53 // connection is established.  If a SSL error occurs during the handshake,
  54 // Connect will fail.
  55 //
  56 class NET_EXPORT SSLClientSocket : public SSLSocket {
  57  public:
  58   SSLClientSocket();
  59
  60   // Next Protocol Negotiation (NPN) allows a TLS client and server to come to
  61   // an agreement about the application level protocol to speak over a
  62   // connection.
  63   enum NextProtoStatus {
  64     // WARNING: These values are serialized to disk. Don't change them.
  65
  66     kNextProtoUnsupported = 0,  // The server doesn't support NPN.
  67     kNextProtoNegotiated = 1,   // We agreed on a protocol.
  68     kNextProtoNoOverlap = 2,    // No protocols in common. We requested
  69                                 // the first protocol in our list.
  70   };
  71
  72   // StreamSocket:
  73   virtual bool WasNpnNegotiated() const OVERRIDE;
  74   virtual NextProto GetNegotiatedProtocol() const OVERRIDE;
  75
  76   // Gets the SSL CertificateRequest info of the socket after Connect failed
  77   // with ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
  78   virtual void GetSSLCertRequestInfo(
  79       SSLCertRequestInfo* cert_request_info) = 0;
  80
  81   // Get the application level protocol that we negotiated with the server.
  82   // *proto is set to the resulting protocol (n.b. that the string may have
  83   // embedded NULs).
  84   //   kNextProtoUnsupported: *proto is cleared.
  85   //   kNextProtoNegotiated:  *proto is set to the negotiated protocol.
  86   //   kNextProtoNoOverlap:   *proto is set to the first protocol in the
  87   //                          supported list.
  88   // *server_protos is set to the server advertised protocols.
  89   virtual NextProtoStatus GetNextProto(std::string* proto,
  90                                        std::string* server_protos) = 0;
  91
  92   static NextProto NextProtoFromString(const std::string& proto_string);
  93
  94   static const char* NextProtoToString(NextProto next_proto);
  95
  96   static const char* NextProtoStatusToString(const NextProtoStatus status);
  97
  98   // Can be used with the second argument(|server_protos|) of |GetNextProto| to
  99   // construct a comma separated string of server advertised protocols.
 100   static std::string ServerProtosToString(const std::string& server_protos);
 101
 102   static bool IgnoreCertError(int error, int load_flags);
 103
 104   // ClearSessionCache clears the SSL session cache, used to resume SSL
 105   // sessions.
 106   static void ClearSessionCache();
 107
 108   virtual bool set_was_npn_negotiated(bool negotiated);
 109
 110   virtual bool was_spdy_negotiated() const;
 111
 112   virtual bool set_was_spdy_negotiated(bool negotiated);
 113
 114   virtual void set_protocol_negotiated(NextProto protocol_negotiated);
 115
 116   // Returns the ServerBoundCertService used by this socket, or NULL if
 117   // server bound certificates are not supported.
 118   virtual ServerBoundCertService* GetServerBoundCertService() const = 0;
 119
 120   // Returns true if a channel ID was sent on this connection.
 121   // This may be useful for protocols, like SPDY, which allow the same
 122   // connection to be shared between multiple domains, each of which need
 123   // a channel ID.
 124   virtual bool WasChannelIDSent() const;
 125
 126   virtual void set_channel_id_sent(bool channel_id_sent);
 127
 128  private:
 129   // True if NPN was responded to, independent of selecting SPDY or HTTP.
 130   bool was_npn_negotiated_;
 131   // True if NPN successfully negotiated SPDY.
 132   bool was_spdy_negotiated_;
 133   // Protocol that we negotiated with the server.
 134   NextProto protocol_negotiated_;
 135   // True if a channel ID was sent.
 136   bool channel_id_sent_;
 137 };
 138
 139 }  // namespace net
 140
 141 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_H_