net/socket/ssl_client_socket_pool.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/time/time.h"
  13 #include "net/base/privacy_mode.h"
  14 #include "net/http/http_response_info.h"
  15 #include "net/socket/client_socket_pool.h"
  16 #include "net/socket/client_socket_pool_base.h"
  17 #include "net/socket/connection_attempts.h"
  18 #include "net/socket/ssl_client_socket.h"
  19 #include "net/ssl/ssl_config_service.h"
  20
  21 namespace net {
  22
  23 class CertPolicyEnforcer;
  24 class CertVerifier;
  25 class ClientSocketFactory;
  26 class ConnectJobFactory;
  27 class CTVerifier;
  28 class HostPortPair;
  29 class HttpProxyClientSocketPool;
  30 class HttpProxySocketParams;
  31 class SOCKSClientSocketPool;
  32 class SOCKSSocketParams;
  33 class SSLClientSocket;
  34 class TransportClientSocketPool;
  35 class TransportSecurityState;
  36 class TransportSocketParams;
  37
  38 class NET_EXPORT_PRIVATE SSLSocketParams
  39     : public base::RefCounted<SSLSocketParams> {
  40  public:
  41   enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
  42
  43   // Exactly one of |direct_params|, |socks_proxy_params|, and
  44   // |http_proxy_params| must be non-NULL.
  45   SSLSocketParams(const scoped_refptr<TransportSocketParams>& direct_params,
  46                   const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
  47                   const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
  48                   const HostPortPair& host_and_port,
  49                   const SSLConfig& ssl_config,
  50                   PrivacyMode privacy_mode,
  51                   int load_flags,
  52                   bool expect_spdy);
  53
  54   // Returns the type of the underlying connection.
  55   ConnectionType GetConnectionType() const;
  56
  57   // Must be called only when GetConnectionType() returns DIRECT.
  58   const scoped_refptr<TransportSocketParams>&
  59       GetDirectConnectionParams() const;
  60
  61   // Must be called only when GetConnectionType() returns SOCKS_PROXY.
  62   const scoped_refptr<SOCKSSocketParams>&
  63       GetSocksProxyConnectionParams() const;
  64
  65   // Must be called only when GetConnectionType() returns HTTP_PROXY.
  66   const scoped_refptr<HttpProxySocketParams>&
  67       GetHttpProxyConnectionParams() const;
  68
  69   const HostPortPair& host_and_port() const { return host_and_port_; }
  70   const SSLConfig& ssl_config() const { return ssl_config_; }
  71   PrivacyMode privacy_mode() const { return privacy_mode_; }
  72   int load_flags() const { return load_flags_; }
  73   bool expect_spdy() const { return expect_spdy_; }
  74   bool ignore_limits() const { return ignore_limits_; }
  75
  76  private:
  77   friend class base::RefCounted<SSLSocketParams>;
  78   ~SSLSocketParams();
  79
  80   const scoped_refptr<TransportSocketParams> direct_params_;
  81   const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
  82   const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
  83   const HostPortPair host_and_port_;
  84   const SSLConfig ssl_config_;
  85   const PrivacyMode privacy_mode_;
  86   const int load_flags_;
  87   const bool expect_spdy_;
  88   bool ignore_limits_;
  89
  90   DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
  91 };
  92
  93 // SSLConnectJob handles the SSL handshake after setting up the underlying
  94 // connection as specified in the params.
  95 class SSLConnectJob : public ConnectJob {
  96  public:
  97   // Note: the SSLConnectJob does not own |messenger| so it must outlive the
  98   // job.
  99   SSLConnectJob(const std::string& group_name,
 100                 RequestPriority priority,
 101                 const scoped_refptr<SSLSocketParams>& params,
 102                 const base::TimeDelta& timeout_duration,
 103                 TransportClientSocketPool* transport_pool,
 104                 SOCKSClientSocketPool* socks_pool,
 105                 HttpProxyClientSocketPool* http_proxy_pool,
 106                 ClientSocketFactory* client_socket_factory,
 107                 const SSLClientSocketContext& context,
 108                 Delegate* delegate,
 109                 NetLog* net_log);
 110   ~SSLConnectJob() override;
 111
 112   // ConnectJob methods.
 113   LoadState GetLoadState() const override;
 114
 115   void GetAdditionalErrorState(ClientSocketHandle* handle) override;
 116
 117  private:
 118   enum State {
 119     STATE_TRANSPORT_CONNECT,
 120     STATE_TRANSPORT_CONNECT_COMPLETE,
 121     STATE_SOCKS_CONNECT,
 122     STATE_SOCKS_CONNECT_COMPLETE,
 123     STATE_TUNNEL_CONNECT,
 124     STATE_TUNNEL_CONNECT_COMPLETE,
 125     STATE_SSL_CONNECT,
 126     STATE_SSL_CONNECT_COMPLETE,
 127     STATE_NONE,
 128   };
 129
 130   void OnIOComplete(int result);
 131
 132   // Runs the state transition loop.
 133   int DoLoop(int result);
 134
 135   int DoTransportConnect();
 136   int DoTransportConnectComplete(int result);
 137   int DoSOCKSConnect();
 138   int DoSOCKSConnectComplete(int result);
 139   int DoTunnelConnect();
 140   int DoTunnelConnectComplete(int result);
 141   int DoSSLConnect();
 142   int DoSSLConnectComplete(int result);
 143
 144   // Returns the initial state for the state machine based on the
 145   // |connection_type|.
 146   static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
 147
 148   // Starts the SSL connection process.  Returns OK on success and
 149   // ERR_IO_PENDING if it cannot immediately service the request.
 150   // Otherwise, it returns a net error code.
 151   int ConnectInternal() override;
 152
 153   scoped_refptr<SSLSocketParams> params_;
 154   TransportClientSocketPool* const transport_pool_;
 155   SOCKSClientSocketPool* const socks_pool_;
 156   HttpProxyClientSocketPool* const http_proxy_pool_;
 157   ClientSocketFactory* const client_socket_factory_;
 158
 159   const SSLClientSocketContext context_;
 160
 161   State next_state_;
 162   CompletionCallback callback_;
 163   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
 164   scoped_ptr<SSLClientSocket> ssl_socket_;
 165
 166   HttpResponseInfo error_response_info_;
 167
 168   ConnectionAttempts connection_attempts_;
 169   // The address of the server the connect job is connected to. Populated if
 170   // and only if the connect job is connected *directly* to the server (not
 171   // through an HTTPS CONNECT request or a SOCKS proxy).
 172   IPEndPoint server_address_;
 173
 174   DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
 175 };
 176
 177 class NET_EXPORT_PRIVATE SSLClientSocketPool
 178     : public ClientSocketPool,
 179       public HigherLayeredPool,
 180       public SSLConfigService::Observer {
 181  public:
 182   typedef SSLSocketParams SocketParams;
 183
 184   // Only the pools that will be used are required. i.e. if you never
 185   // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
 186   SSLClientSocketPool(int max_sockets,
 187                       int max_sockets_per_group,
 188                       CertVerifier* cert_verifier,
 189                       ChannelIDService* channel_id_service,
 190                       TransportSecurityState* transport_security_state,
 191                       CTVerifier* cert_transparency_verifier,
 192                       CertPolicyEnforcer* cert_policy_enforcer,
 193                       const std::string& ssl_session_cache_shard,
 194                       ClientSocketFactory* client_socket_factory,
 195                       TransportClientSocketPool* transport_pool,
 196                       SOCKSClientSocketPool* socks_pool,
 197                       HttpProxyClientSocketPool* http_proxy_pool,
 198                       SSLConfigService* ssl_config_service,
 199                       NetLog* net_log);
 200
 201   ~SSLClientSocketPool() override;
 202
 203   // ClientSocketPool implementation.
 204   int RequestSocket(const std::string& group_name,
 205                     const void* connect_params,
 206                     RequestPriority priority,
 207                     ClientSocketHandle* handle,
 208                     const CompletionCallback& callback,
 209                     const BoundNetLog& net_log) override;
 210
 211   void RequestSockets(const std::string& group_name,
 212                       const void* params,
 213                       int num_sockets,
 214                       const BoundNetLog& net_log) override;
 215
 216   void CancelRequest(const std::string& group_name,
 217                      ClientSocketHandle* handle) override;
 218
 219   void ReleaseSocket(const std::string& group_name,
 220                      scoped_ptr<StreamSocket> socket,
 221                      int id) override;
 222
 223   void FlushWithError(int error) override;
 224
 225   void CloseIdleSockets() override;
 226
 227   int IdleSocketCount() const override;
 228
 229   int IdleSocketCountInGroup(const std::string& group_name) const override;
 230
 231   LoadState GetLoadState(const std::string& group_name,
 232                          const ClientSocketHandle* handle) const override;
 233
 234   scoped_ptr<base::DictionaryValue> GetInfoAsValue(
 235       const std::string& name,
 236       const std::string& type,
 237       bool include_nested_pools) const override;
 238
 239   base::TimeDelta ConnectionTimeout() const override;
 240
 241   // LowerLayeredPool implementation.
 242   bool IsStalled() const override;
 243
 244   void AddHigherLayeredPool(HigherLayeredPool* higher_pool) override;
 245
 246   void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) override;
 247
 248   // HigherLayeredPool implementation.
 249   bool CloseOneIdleConnection() override;
 250
 251  private:
 252   typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
 253
 254   // SSLConfigService::Observer implementation.
 255
 256   // When the user changes the SSL config, we flush all idle sockets so they
 257   // won't get re-used.
 258   void OnSSLConfigChanged() override;
 259
 260   class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
 261    public:
 262     SSLConnectJobFactory(
 263         TransportClientSocketPool* transport_pool,
 264         SOCKSClientSocketPool* socks_pool,
 265         HttpProxyClientSocketPool* http_proxy_pool,
 266         ClientSocketFactory* client_socket_factory,
 267         const SSLClientSocketContext& context,
 268         NetLog* net_log);
 269
 270     ~SSLConnectJobFactory() override;
 271
 272     // ClientSocketPoolBase::ConnectJobFactory methods.
 273     scoped_ptr<ConnectJob> NewConnectJob(
 274         const std::string& group_name,
 275         const PoolBase::Request& request,
 276         ConnectJob::Delegate* delegate) const override;
 277
 278     base::TimeDelta ConnectionTimeout() const override;
 279
 280    private:
 281     TransportClientSocketPool* const transport_pool_;
 282     SOCKSClientSocketPool* const socks_pool_;
 283     HttpProxyClientSocketPool* const http_proxy_pool_;
 284     ClientSocketFactory* const client_socket_factory_;
 285     const SSLClientSocketContext context_;
 286     base::TimeDelta timeout_;
 287     NetLog* net_log_;
 288
 289     DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
 290   };
 291
 292   TransportClientSocketPool* const transport_pool_;
 293   SOCKSClientSocketPool* const socks_pool_;
 294   HttpProxyClientSocketPool* const http_proxy_pool_;
 295   PoolBase base_;
 296   const scoped_refptr<SSLConfigService> ssl_config_service_;
 297
 298   DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
 299 };
 300
 301 }  // namespace net
 302
 303 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_