Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / net / socket / ssl_client_socket_pool.h
blob2e4b20c51abca402e323ccd2d9c5e2c17e50f362
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
8 #include <string>
10 #include "base/memory/ref_counted.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/time/time.h"
13 #include "net/base/privacy_mode.h"
14 #include "net/http/http_response_info.h"
15 #include "net/socket/client_socket_pool.h"
16 #include "net/socket/client_socket_pool_base.h"
17 #include "net/socket/connection_attempts.h"
18 #include "net/socket/ssl_client_socket.h"
19 #include "net/ssl/ssl_config_service.h"
21 namespace net {
23 class CertPolicyEnforcer;
24 class CertVerifier;
25 class ClientSocketFactory;
26 class ConnectJobFactory;
27 class CTVerifier;
28 class HostPortPair;
29 class HttpProxyClientSocketPool;
30 class HttpProxySocketParams;
31 class SOCKSClientSocketPool;
32 class SOCKSSocketParams;
33 class SSLClientSocket;
34 class TransportClientSocketPool;
35 class TransportSecurityState;
36 class TransportSocketParams;
38 class NET_EXPORT_PRIVATE SSLSocketParams
39 : public base::RefCounted<SSLSocketParams> {
40 public:
41 enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
43 // Exactly one of |direct_params|, |socks_proxy_params|, and
44 // |http_proxy_params| must be non-NULL.
45 SSLSocketParams(const scoped_refptr<TransportSocketParams>& direct_params,
46 const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
47 const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
48 const HostPortPair& host_and_port,
49 const SSLConfig& ssl_config,
50 PrivacyMode privacy_mode,
51 int load_flags,
52 bool expect_spdy);
54 // Returns the type of the underlying connection.
55 ConnectionType GetConnectionType() const;
57 // Must be called only when GetConnectionType() returns DIRECT.
58 const scoped_refptr<TransportSocketParams>&
59 GetDirectConnectionParams() const;
61 // Must be called only when GetConnectionType() returns SOCKS_PROXY.
62 const scoped_refptr<SOCKSSocketParams>&
63 GetSocksProxyConnectionParams() const;
65 // Must be called only when GetConnectionType() returns HTTP_PROXY.
66 const scoped_refptr<HttpProxySocketParams>&
67 GetHttpProxyConnectionParams() const;
69 const HostPortPair& host_and_port() const { return host_and_port_; }
70 const SSLConfig& ssl_config() const { return ssl_config_; }
71 PrivacyMode privacy_mode() const { return privacy_mode_; }
72 int load_flags() const { return load_flags_; }
73 bool expect_spdy() const { return expect_spdy_; }
74 bool ignore_limits() const { return ignore_limits_; }
76 private:
77 friend class base::RefCounted<SSLSocketParams>;
78 ~SSLSocketParams();
80 const scoped_refptr<TransportSocketParams> direct_params_;
81 const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
82 const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
83 const HostPortPair host_and_port_;
84 const SSLConfig ssl_config_;
85 const PrivacyMode privacy_mode_;
86 const int load_flags_;
87 const bool expect_spdy_;
88 bool ignore_limits_;
90 DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
93 // SSLConnectJob handles the SSL handshake after setting up the underlying
94 // connection as specified in the params.
95 class SSLConnectJob : public ConnectJob {
96 public:
97 // Note: the SSLConnectJob does not own |messenger| so it must outlive the
98 // job.
99 SSLConnectJob(const std::string& group_name,
100 RequestPriority priority,
101 const scoped_refptr<SSLSocketParams>& params,
102 const base::TimeDelta& timeout_duration,
103 TransportClientSocketPool* transport_pool,
104 SOCKSClientSocketPool* socks_pool,
105 HttpProxyClientSocketPool* http_proxy_pool,
106 ClientSocketFactory* client_socket_factory,
107 const SSLClientSocketContext& context,
108 Delegate* delegate,
109 NetLog* net_log);
110 ~SSLConnectJob() override;
112 // ConnectJob methods.
113 LoadState GetLoadState() const override;
115 void GetAdditionalErrorState(ClientSocketHandle* handle) override;
117 private:
118 enum State {
119 STATE_TRANSPORT_CONNECT,
120 STATE_TRANSPORT_CONNECT_COMPLETE,
121 STATE_SOCKS_CONNECT,
122 STATE_SOCKS_CONNECT_COMPLETE,
123 STATE_TUNNEL_CONNECT,
124 STATE_TUNNEL_CONNECT_COMPLETE,
125 STATE_SSL_CONNECT,
126 STATE_SSL_CONNECT_COMPLETE,
127 STATE_NONE,
130 void OnIOComplete(int result);
132 // Runs the state transition loop.
133 int DoLoop(int result);
135 int DoTransportConnect();
136 int DoTransportConnectComplete(int result);
137 int DoSOCKSConnect();
138 int DoSOCKSConnectComplete(int result);
139 int DoTunnelConnect();
140 int DoTunnelConnectComplete(int result);
141 int DoSSLConnect();
142 int DoSSLConnectComplete(int result);
144 // Returns the initial state for the state machine based on the
145 // |connection_type|.
146 static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
148 // Starts the SSL connection process. Returns OK on success and
149 // ERR_IO_PENDING if it cannot immediately service the request.
150 // Otherwise, it returns a net error code.
151 int ConnectInternal() override;
153 scoped_refptr<SSLSocketParams> params_;
154 TransportClientSocketPool* const transport_pool_;
155 SOCKSClientSocketPool* const socks_pool_;
156 HttpProxyClientSocketPool* const http_proxy_pool_;
157 ClientSocketFactory* const client_socket_factory_;
159 const SSLClientSocketContext context_;
161 State next_state_;
162 CompletionCallback callback_;
163 scoped_ptr<ClientSocketHandle> transport_socket_handle_;
164 scoped_ptr<SSLClientSocket> ssl_socket_;
166 HttpResponseInfo error_response_info_;
168 ConnectionAttempts connection_attempts_;
169 // The address of the server the connect job is connected to. Populated if
170 // and only if the connect job is connected *directly* to the server (not
171 // through an HTTPS CONNECT request or a SOCKS proxy).
172 IPEndPoint server_address_;
174 DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
177 class NET_EXPORT_PRIVATE SSLClientSocketPool
178 : public ClientSocketPool,
179 public HigherLayeredPool,
180 public SSLConfigService::Observer {
181 public:
182 typedef SSLSocketParams SocketParams;
184 // Only the pools that will be used are required. i.e. if you never
185 // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
186 SSLClientSocketPool(int max_sockets,
187 int max_sockets_per_group,
188 CertVerifier* cert_verifier,
189 ChannelIDService* channel_id_service,
190 TransportSecurityState* transport_security_state,
191 CTVerifier* cert_transparency_verifier,
192 CertPolicyEnforcer* cert_policy_enforcer,
193 const std::string& ssl_session_cache_shard,
194 ClientSocketFactory* client_socket_factory,
195 TransportClientSocketPool* transport_pool,
196 SOCKSClientSocketPool* socks_pool,
197 HttpProxyClientSocketPool* http_proxy_pool,
198 SSLConfigService* ssl_config_service,
199 NetLog* net_log);
201 ~SSLClientSocketPool() override;
203 // ClientSocketPool implementation.
204 int RequestSocket(const std::string& group_name,
205 const void* connect_params,
206 RequestPriority priority,
207 ClientSocketHandle* handle,
208 const CompletionCallback& callback,
209 const BoundNetLog& net_log) override;
211 void RequestSockets(const std::string& group_name,
212 const void* params,
213 int num_sockets,
214 const BoundNetLog& net_log) override;
216 void CancelRequest(const std::string& group_name,
217 ClientSocketHandle* handle) override;
219 void ReleaseSocket(const std::string& group_name,
220 scoped_ptr<StreamSocket> socket,
221 int id) override;
223 void FlushWithError(int error) override;
225 void CloseIdleSockets() override;
227 int IdleSocketCount() const override;
229 int IdleSocketCountInGroup(const std::string& group_name) const override;
231 LoadState GetLoadState(const std::string& group_name,
232 const ClientSocketHandle* handle) const override;
234 scoped_ptr<base::DictionaryValue> GetInfoAsValue(
235 const std::string& name,
236 const std::string& type,
237 bool include_nested_pools) const override;
239 base::TimeDelta ConnectionTimeout() const override;
241 // LowerLayeredPool implementation.
242 bool IsStalled() const override;
244 void AddHigherLayeredPool(HigherLayeredPool* higher_pool) override;
246 void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) override;
248 // HigherLayeredPool implementation.
249 bool CloseOneIdleConnection() override;
251 private:
252 typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
254 // SSLConfigService::Observer implementation.
256 // When the user changes the SSL config, we flush all idle sockets so they
257 // won't get re-used.
258 void OnSSLConfigChanged() override;
260 class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
261 public:
262 SSLConnectJobFactory(
263 TransportClientSocketPool* transport_pool,
264 SOCKSClientSocketPool* socks_pool,
265 HttpProxyClientSocketPool* http_proxy_pool,
266 ClientSocketFactory* client_socket_factory,
267 const SSLClientSocketContext& context,
268 NetLog* net_log);
270 ~SSLConnectJobFactory() override;
272 // ClientSocketPoolBase::ConnectJobFactory methods.
273 scoped_ptr<ConnectJob> NewConnectJob(
274 const std::string& group_name,
275 const PoolBase::Request& request,
276 ConnectJob::Delegate* delegate) const override;
278 base::TimeDelta ConnectionTimeout() const override;
280 private:
281 TransportClientSocketPool* const transport_pool_;
282 SOCKSClientSocketPool* const socks_pool_;
283 HttpProxyClientSocketPool* const http_proxy_pool_;
284 ClientSocketFactory* const client_socket_factory_;
285 const SSLClientSocketContext context_;
286 base::TimeDelta timeout_;
287 NetLog* net_log_;
289 DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
292 TransportClientSocketPool* const transport_pool_;
293 SOCKSClientSocketPool* const socks_pool_;
294 HttpProxyClientSocketPool* const http_proxy_pool_;
295 PoolBase base_;
296 const scoped_refptr<SSLConfigService> ssl_config_service_;
298 DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
301 } // namespace net
303 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_