net/socket/ssl_client_socket_pool.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/time/time.h"
  13 #include "net/base/privacy_mode.h"
  14 #include "net/dns/host_resolver.h"
  15 #include "net/http/http_response_info.h"
  16 #include "net/socket/client_socket_pool.h"
  17 #include "net/socket/client_socket_pool_base.h"
  18 #include "net/socket/client_socket_pool_histograms.h"
  19 #include "net/socket/ssl_client_socket.h"
  20 #include "net/ssl/ssl_config_service.h"
  21
  22 namespace net {
  23
  24 class CertVerifier;
  25 class ClientSocketFactory;
  26 class ConnectJobFactory;
  27 class HostPortPair;
  28 class HttpProxyClientSocketPool;
  29 class HttpProxySocketParams;
  30 class SOCKSClientSocketPool;
  31 class SOCKSSocketParams;
  32 class SSLClientSocket;
  33 class TransportClientSocketPool;
  34 class TransportSecurityState;
  35 class TransportSocketParams;
  36
  37 class NET_EXPORT_PRIVATE SSLSocketParams
  38     : public base::RefCounted<SSLSocketParams> {
  39  public:
  40   enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
  41
  42   // Exactly one of |direct_params|, |socks_proxy_params|, and
  43   // |http_proxy_params| must be non-NULL.
  44   SSLSocketParams(
  45       const scoped_refptr<TransportSocketParams>& direct_params,
  46       const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
  47       const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
  48       const HostPortPair& host_and_port,
  49       const SSLConfig& ssl_config,
  50       PrivacyMode privacy_mode,
  51       int load_flags,
  52       bool force_spdy_over_ssl,
  53       bool want_spdy_over_npn);
  54
  55   // Returns the type of the underlying connection.
  56   ConnectionType GetConnectionType() const;
  57
  58   // Must be called only when GetConnectionType() returns DIRECT.
  59   const scoped_refptr<TransportSocketParams>&
  60       GetDirectConnectionParams() const;
  61
  62   // Must be called only when GetConnectionType() returns SOCKS_PROXY.
  63   const scoped_refptr<SOCKSSocketParams>&
  64       GetSocksProxyConnectionParams() const;
  65
  66   // Must be called only when GetConnectionType() returns HTTP_PROXY.
  67   const scoped_refptr<HttpProxySocketParams>&
  68       GetHttpProxyConnectionParams() const;
  69
  70   const HostPortPair& host_and_port() const { return host_and_port_; }
  71   const SSLConfig& ssl_config() const { return ssl_config_; }
  72   PrivacyMode privacy_mode() const { return privacy_mode_; }
  73   int load_flags() const { return load_flags_; }
  74   bool force_spdy_over_ssl() const { return force_spdy_over_ssl_; }
  75   bool want_spdy_over_npn() const { return want_spdy_over_npn_; }
  76   bool ignore_limits() const { return ignore_limits_; }
  77
  78  private:
  79   friend class base::RefCounted<SSLSocketParams>;
  80   ~SSLSocketParams();
  81
  82   const scoped_refptr<TransportSocketParams> direct_params_;
  83   const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
  84   const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
  85   const HostPortPair host_and_port_;
  86   const SSLConfig ssl_config_;
  87   const PrivacyMode privacy_mode_;
  88   const int load_flags_;
  89   const bool force_spdy_over_ssl_;
  90   const bool want_spdy_over_npn_;
  91   bool ignore_limits_;
  92
  93   DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
  94 };
  95
  96 // SSLConnectJob handles the SSL handshake after setting up the underlying
  97 // connection as specified in the params.
  98 class SSLConnectJob : public ConnectJob {
  99  public:
 100   SSLConnectJob(
 101       const std::string& group_name,
 102       RequestPriority priority,
 103       const scoped_refptr<SSLSocketParams>& params,
 104       const base::TimeDelta& timeout_duration,
 105       TransportClientSocketPool* transport_pool,
 106       SOCKSClientSocketPool* socks_pool,
 107       HttpProxyClientSocketPool* http_proxy_pool,
 108       ClientSocketFactory* client_socket_factory,
 109       HostResolver* host_resolver,
 110       const SSLClientSocketContext& context,
 111       Delegate* delegate,
 112       NetLog* net_log);
 113   virtual ~SSLConnectJob();
 114
 115   // ConnectJob methods.
 116   virtual LoadState GetLoadState() const OVERRIDE;
 117
 118   virtual void GetAdditionalErrorState(ClientSocketHandle * handle) OVERRIDE;
 119
 120  private:
 121   enum State {
 122     STATE_TRANSPORT_CONNECT,
 123     STATE_TRANSPORT_CONNECT_COMPLETE,
 124     STATE_SOCKS_CONNECT,
 125     STATE_SOCKS_CONNECT_COMPLETE,
 126     STATE_TUNNEL_CONNECT,
 127     STATE_TUNNEL_CONNECT_COMPLETE,
 128     STATE_SSL_CONNECT,
 129     STATE_SSL_CONNECT_COMPLETE,
 130     STATE_NONE,
 131   };
 132
 133   void OnIOComplete(int result);
 134
 135   // Runs the state transition loop.
 136   int DoLoop(int result);
 137
 138   int DoTransportConnect();
 139   int DoTransportConnectComplete(int result);
 140   int DoSOCKSConnect();
 141   int DoSOCKSConnectComplete(int result);
 142   int DoTunnelConnect();
 143   int DoTunnelConnectComplete(int result);
 144   int DoSSLConnect();
 145   int DoSSLConnectComplete(int result);
 146
 147   // Returns the initial state for the state machine based on the
 148   // |connection_type|.
 149   static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
 150
 151   // Starts the SSL connection process.  Returns OK on success and
 152   // ERR_IO_PENDING if it cannot immediately service the request.
 153   // Otherwise, it returns a net error code.
 154   virtual int ConnectInternal() OVERRIDE;
 155
 156   scoped_refptr<SSLSocketParams> params_;
 157   TransportClientSocketPool* const transport_pool_;
 158   SOCKSClientSocketPool* const socks_pool_;
 159   HttpProxyClientSocketPool* const http_proxy_pool_;
 160   ClientSocketFactory* const client_socket_factory_;
 161   HostResolver* const host_resolver_;
 162
 163   const SSLClientSocketContext context_;
 164
 165   State next_state_;
 166   CompletionCallback callback_;
 167   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
 168   scoped_ptr<SSLClientSocket> ssl_socket_;
 169
 170   HttpResponseInfo error_response_info_;
 171
 172   DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
 173 };
 174
 175 class NET_EXPORT_PRIVATE SSLClientSocketPool
 176     : public ClientSocketPool,
 177       public HigherLayeredPool,
 178       public SSLConfigService::Observer {
 179  public:
 180   typedef SSLSocketParams SocketParams;
 181
 182   // Only the pools that will be used are required. i.e. if you never
 183   // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
 184   SSLClientSocketPool(
 185       int max_sockets,
 186       int max_sockets_per_group,
 187       ClientSocketPoolHistograms* histograms,
 188       HostResolver* host_resolver,
 189       CertVerifier* cert_verifier,
 190       ServerBoundCertService* server_bound_cert_service,
 191       TransportSecurityState* transport_security_state,
 192       const std::string& ssl_session_cache_shard,
 193       ClientSocketFactory* client_socket_factory,
 194       TransportClientSocketPool* transport_pool,
 195       SOCKSClientSocketPool* socks_pool,
 196       HttpProxyClientSocketPool* http_proxy_pool,
 197       SSLConfigService* ssl_config_service,
 198       NetLog* net_log);
 199
 200   virtual ~SSLClientSocketPool();
 201
 202   // ClientSocketPool implementation.
 203   virtual int RequestSocket(const std::string& group_name,
 204                             const void* connect_params,
 205                             RequestPriority priority,
 206                             ClientSocketHandle* handle,
 207                             const CompletionCallback& callback,
 208                             const BoundNetLog& net_log) OVERRIDE;
 209
 210   virtual void RequestSockets(const std::string& group_name,
 211                               const void* params,
 212                               int num_sockets,
 213                               const BoundNetLog& net_log) OVERRIDE;
 214
 215   virtual void CancelRequest(const std::string& group_name,
 216                              ClientSocketHandle* handle) OVERRIDE;
 217
 218   virtual void ReleaseSocket(const std::string& group_name,
 219                              scoped_ptr<StreamSocket> socket,
 220                              int id) OVERRIDE;
 221
 222   virtual void FlushWithError(int error) OVERRIDE;
 223
 224   virtual void CloseIdleSockets() OVERRIDE;
 225
 226   virtual int IdleSocketCount() const OVERRIDE;
 227
 228   virtual int IdleSocketCountInGroup(
 229       const std::string& group_name) const OVERRIDE;
 230
 231   virtual LoadState GetLoadState(
 232       const std::string& group_name,
 233       const ClientSocketHandle* handle) const OVERRIDE;
 234
 235   virtual base::DictionaryValue* GetInfoAsValue(
 236       const std::string& name,
 237       const std::string& type,
 238       bool include_nested_pools) const OVERRIDE;
 239
 240   virtual base::TimeDelta ConnectionTimeout() const OVERRIDE;
 241
 242   virtual ClientSocketPoolHistograms* histograms() const OVERRIDE;
 243
 244   // LowerLayeredPool implementation.
 245   virtual bool IsStalled() const OVERRIDE;
 246
 247   virtual void AddHigherLayeredPool(HigherLayeredPool* higher_pool) OVERRIDE;
 248
 249   virtual void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) OVERRIDE;
 250
 251   // HigherLayeredPool implementation.
 252   virtual bool CloseOneIdleConnection() OVERRIDE;
 253
 254  private:
 255   typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
 256
 257   // SSLConfigService::Observer implementation.
 258
 259   // When the user changes the SSL config, we flush all idle sockets so they
 260   // won't get re-used.
 261   virtual void OnSSLConfigChanged() OVERRIDE;
 262
 263   class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
 264    public:
 265     SSLConnectJobFactory(
 266         TransportClientSocketPool* transport_pool,
 267         SOCKSClientSocketPool* socks_pool,
 268         HttpProxyClientSocketPool* http_proxy_pool,
 269         ClientSocketFactory* client_socket_factory,
 270         HostResolver* host_resolver,
 271         const SSLClientSocketContext& context,
 272         NetLog* net_log);
 273
 274     virtual ~SSLConnectJobFactory() {}
 275
 276     // ClientSocketPoolBase::ConnectJobFactory methods.
 277     virtual scoped_ptr<ConnectJob> NewConnectJob(
 278         const std::string& group_name,
 279         const PoolBase::Request& request,
 280         ConnectJob::Delegate* delegate) const OVERRIDE;
 281
 282     virtual base::TimeDelta ConnectionTimeout() const OVERRIDE;
 283
 284    private:
 285     TransportClientSocketPool* const transport_pool_;
 286     SOCKSClientSocketPool* const socks_pool_;
 287     HttpProxyClientSocketPool* const http_proxy_pool_;
 288     ClientSocketFactory* const client_socket_factory_;
 289     HostResolver* const host_resolver_;
 290     const SSLClientSocketContext context_;
 291     base::TimeDelta timeout_;
 292     NetLog* net_log_;
 293
 294     DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
 295   };
 296
 297   TransportClientSocketPool* const transport_pool_;
 298   SOCKSClientSocketPool* const socks_pool_;
 299   HttpProxyClientSocketPool* const http_proxy_pool_;
 300   PoolBase base_;
 301   const scoped_refptr<SSLConfigService> ssl_config_service_;
 302
 303   DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
 304 };
 305
 306 }  // namespace net
 307
 308 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_