net/socket/ssl_client_socket_pool.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/time/time.h"
  13 #include "net/base/privacy_mode.h"
  14 #include "net/http/http_response_info.h"
  15 #include "net/socket/client_socket_pool.h"
  16 #include "net/socket/client_socket_pool_base.h"
  17 #include "net/socket/ssl_client_socket.h"
  18 #include "net/ssl/ssl_config_service.h"
  19
  20 namespace net {
  21
  22 class CertPolicyEnforcer;
  23 class CertVerifier;
  24 class ClientSocketFactory;
  25 class ConnectJobFactory;
  26 class CTVerifier;
  27 class HostPortPair;
  28 class HttpProxyClientSocketPool;
  29 class HttpProxySocketParams;
  30 class SOCKSClientSocketPool;
  31 class SOCKSSocketParams;
  32 class SSLClientSocket;
  33 class TransportClientSocketPool;
  34 class TransportSecurityState;
  35 class TransportSocketParams;
  36
  37 class NET_EXPORT_PRIVATE SSLSocketParams
  38     : public base::RefCounted<SSLSocketParams> {
  39  public:
  40   enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
  41
  42   // Exactly one of |direct_params|, |socks_proxy_params|, and
  43   // |http_proxy_params| must be non-NULL.
  44   SSLSocketParams(
  45       const scoped_refptr<TransportSocketParams>& direct_params,
  46       const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
  47       const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
  48       const HostPortPair& host_and_port,
  49       const SSLConfig& ssl_config,
  50       PrivacyMode privacy_mode,
  51       int load_flags,
  52       bool want_spdy_over_npn);
  53
  54   // Returns the type of the underlying connection.
  55   ConnectionType GetConnectionType() const;
  56
  57   // Must be called only when GetConnectionType() returns DIRECT.
  58   const scoped_refptr<TransportSocketParams>&
  59       GetDirectConnectionParams() const;
  60
  61   // Must be called only when GetConnectionType() returns SOCKS_PROXY.
  62   const scoped_refptr<SOCKSSocketParams>&
  63       GetSocksProxyConnectionParams() const;
  64
  65   // Must be called only when GetConnectionType() returns HTTP_PROXY.
  66   const scoped_refptr<HttpProxySocketParams>&
  67       GetHttpProxyConnectionParams() const;
  68
  69   const HostPortPair& host_and_port() const { return host_and_port_; }
  70   const SSLConfig& ssl_config() const { return ssl_config_; }
  71   PrivacyMode privacy_mode() const { return privacy_mode_; }
  72   int load_flags() const { return load_flags_; }
  73   bool want_spdy_over_npn() const { return want_spdy_over_npn_; }
  74   bool ignore_limits() const { return ignore_limits_; }
  75
  76  private:
  77   friend class base::RefCounted<SSLSocketParams>;
  78   ~SSLSocketParams();
  79
  80   const scoped_refptr<TransportSocketParams> direct_params_;
  81   const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
  82   const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
  83   const HostPortPair host_and_port_;
  84   const SSLConfig ssl_config_;
  85   const PrivacyMode privacy_mode_;
  86   const int load_flags_;
  87   const bool want_spdy_over_npn_;
  88   bool ignore_limits_;
  89
  90   DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
  91 };
  92
  93 // SSLConnectJob handles the SSL handshake after setting up the underlying
  94 // connection as specified in the params.
  95 class SSLConnectJob : public ConnectJob {
  96  public:
  97   // Note: the SSLConnectJob does not own |messenger| so it must outlive the
  98   // job.
  99   SSLConnectJob(const std::string& group_name,
 100                 RequestPriority priority,
 101                 const scoped_refptr<SSLSocketParams>& params,
 102                 const base::TimeDelta& timeout_duration,
 103                 TransportClientSocketPool* transport_pool,
 104                 SOCKSClientSocketPool* socks_pool,
 105                 HttpProxyClientSocketPool* http_proxy_pool,
 106                 ClientSocketFactory* client_socket_factory,
 107                 const SSLClientSocketContext& context,
 108                 Delegate* delegate,
 109                 NetLog* net_log);
 110   ~SSLConnectJob() override;
 111
 112   // ConnectJob methods.
 113   LoadState GetLoadState() const override;
 114
 115   void GetAdditionalErrorState(ClientSocketHandle* handle) override;
 116
 117  private:
 118   enum State {
 119     STATE_TRANSPORT_CONNECT,
 120     STATE_TRANSPORT_CONNECT_COMPLETE,
 121     STATE_SOCKS_CONNECT,
 122     STATE_SOCKS_CONNECT_COMPLETE,
 123     STATE_TUNNEL_CONNECT,
 124     STATE_TUNNEL_CONNECT_COMPLETE,
 125     STATE_SSL_CONNECT,
 126     STATE_SSL_CONNECT_COMPLETE,
 127     STATE_NONE,
 128   };
 129
 130   void OnIOComplete(int result);
 131
 132   // Runs the state transition loop.
 133   int DoLoop(int result);
 134
 135   int DoTransportConnect();
 136   int DoTransportConnectComplete(int result);
 137   int DoSOCKSConnect();
 138   int DoSOCKSConnectComplete(int result);
 139   int DoTunnelConnect();
 140   int DoTunnelConnectComplete(int result);
 141   int DoSSLConnect();
 142   int DoSSLConnectComplete(int result);
 143
 144   // Returns the initial state for the state machine based on the
 145   // |connection_type|.
 146   static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
 147
 148   // Starts the SSL connection process.  Returns OK on success and
 149   // ERR_IO_PENDING if it cannot immediately service the request.
 150   // Otherwise, it returns a net error code.
 151   int ConnectInternal() override;
 152
 153   scoped_refptr<SSLSocketParams> params_;
 154   TransportClientSocketPool* const transport_pool_;
 155   SOCKSClientSocketPool* const socks_pool_;
 156   HttpProxyClientSocketPool* const http_proxy_pool_;
 157   ClientSocketFactory* const client_socket_factory_;
 158
 159   const SSLClientSocketContext context_;
 160
 161   State next_state_;
 162   CompletionCallback callback_;
 163   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
 164   scoped_ptr<SSLClientSocket> ssl_socket_;
 165
 166   HttpResponseInfo error_response_info_;
 167
 168   DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
 169 };
 170
 171 class NET_EXPORT_PRIVATE SSLClientSocketPool
 172     : public ClientSocketPool,
 173       public HigherLayeredPool,
 174       public SSLConfigService::Observer {
 175  public:
 176   typedef SSLSocketParams SocketParams;
 177
 178   // Only the pools that will be used are required. i.e. if you never
 179   // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
 180   SSLClientSocketPool(int max_sockets,
 181                       int max_sockets_per_group,
 182                       CertVerifier* cert_verifier,
 183                       ChannelIDService* channel_id_service,
 184                       TransportSecurityState* transport_security_state,
 185                       CTVerifier* cert_transparency_verifier,
 186                       CertPolicyEnforcer* cert_policy_enforcer,
 187                       const std::string& ssl_session_cache_shard,
 188                       ClientSocketFactory* client_socket_factory,
 189                       TransportClientSocketPool* transport_pool,
 190                       SOCKSClientSocketPool* socks_pool,
 191                       HttpProxyClientSocketPool* http_proxy_pool,
 192                       SSLConfigService* ssl_config_service,
 193                       NetLog* net_log);
 194
 195   ~SSLClientSocketPool() override;
 196
 197   // ClientSocketPool implementation.
 198   int RequestSocket(const std::string& group_name,
 199                     const void* connect_params,
 200                     RequestPriority priority,
 201                     ClientSocketHandle* handle,
 202                     const CompletionCallback& callback,
 203                     const BoundNetLog& net_log) override;
 204
 205   void RequestSockets(const std::string& group_name,
 206                       const void* params,
 207                       int num_sockets,
 208                       const BoundNetLog& net_log) override;
 209
 210   void CancelRequest(const std::string& group_name,
 211                      ClientSocketHandle* handle) override;
 212
 213   void ReleaseSocket(const std::string& group_name,
 214                      scoped_ptr<StreamSocket> socket,
 215                      int id) override;
 216
 217   void FlushWithError(int error) override;
 218
 219   void CloseIdleSockets() override;
 220
 221   int IdleSocketCount() const override;
 222
 223   int IdleSocketCountInGroup(const std::string& group_name) const override;
 224
 225   LoadState GetLoadState(const std::string& group_name,
 226                          const ClientSocketHandle* handle) const override;
 227
 228   base::DictionaryValue* GetInfoAsValue(
 229       const std::string& name,
 230       const std::string& type,
 231       bool include_nested_pools) const override;
 232
 233   base::TimeDelta ConnectionTimeout() const override;
 234
 235   // LowerLayeredPool implementation.
 236   bool IsStalled() const override;
 237
 238   void AddHigherLayeredPool(HigherLayeredPool* higher_pool) override;
 239
 240   void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) override;
 241
 242   // HigherLayeredPool implementation.
 243   bool CloseOneIdleConnection() override;
 244
 245  private:
 246   typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
 247
 248   // SSLConfigService::Observer implementation.
 249
 250   // When the user changes the SSL config, we flush all idle sockets so they
 251   // won't get re-used.
 252   void OnSSLConfigChanged() override;
 253
 254   class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
 255    public:
 256     SSLConnectJobFactory(
 257         TransportClientSocketPool* transport_pool,
 258         SOCKSClientSocketPool* socks_pool,
 259         HttpProxyClientSocketPool* http_proxy_pool,
 260         ClientSocketFactory* client_socket_factory,
 261         const SSLClientSocketContext& context,
 262         NetLog* net_log);
 263
 264     ~SSLConnectJobFactory() override;
 265
 266     // ClientSocketPoolBase::ConnectJobFactory methods.
 267     scoped_ptr<ConnectJob> NewConnectJob(
 268         const std::string& group_name,
 269         const PoolBase::Request& request,
 270         ConnectJob::Delegate* delegate) const override;
 271
 272     base::TimeDelta ConnectionTimeout() const override;
 273
 274    private:
 275     TransportClientSocketPool* const transport_pool_;
 276     SOCKSClientSocketPool* const socks_pool_;
 277     HttpProxyClientSocketPool* const http_proxy_pool_;
 278     ClientSocketFactory* const client_socket_factory_;
 279     const SSLClientSocketContext context_;
 280     base::TimeDelta timeout_;
 281     NetLog* net_log_;
 282
 283     DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
 284   };
 285
 286   TransportClientSocketPool* const transport_pool_;
 287   SOCKSClientSocketPool* const socks_pool_;
 288   HttpProxyClientSocketPool* const http_proxy_pool_;
 289   PoolBase base_;
 290   const scoped_refptr<SSLConfigService> ssl_config_service_;
 291
 292   DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
 293 };
 294
 295 }  // namespace net
 296
 297 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_