net/socket/ssl_client_socket_pool.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
   7
   8 #include <string>
   9
  10 #include "base/memory/ref_counted.h"
  11 #include "base/memory/scoped_ptr.h"
  12 #include "base/time/time.h"
  13 #include "net/base/privacy_mode.h"
  14 #include "net/http/http_response_info.h"
  15 #include "net/socket/client_socket_pool.h"
  16 #include "net/socket/client_socket_pool_base.h"
  17 #include "net/socket/connection_attempts.h"
  18 #include "net/socket/ssl_client_socket.h"
  19 #include "net/ssl/ssl_config_service.h"
  20
  21 namespace net {
  22
  23 class CertPolicyEnforcer;
  24 class CertVerifier;
  25 class ClientSocketFactory;
  26 class ConnectJobFactory;
  27 class CTVerifier;
  28 class HostPortPair;
  29 class HttpProxyClientSocketPool;
  30 class HttpProxySocketParams;
  31 class SOCKSClientSocketPool;
  32 class SOCKSSocketParams;
  33 class SSLClientSocket;
  34 class TransportClientSocketPool;
  35 class TransportSecurityState;
  36 class TransportSocketParams;
  37
  38 class NET_EXPORT_PRIVATE SSLSocketParams
  39     : public base::RefCounted<SSLSocketParams> {
  40  public:
  41   enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
  42
  43   // Exactly one of |direct_params|, |socks_proxy_params|, and
  44   // |http_proxy_params| must be non-NULL.
  45   SSLSocketParams(
  46       const scoped_refptr<TransportSocketParams>& direct_params,
  47       const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
  48       const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
  49       const HostPortPair& host_and_port,
  50       const SSLConfig& ssl_config,
  51       PrivacyMode privacy_mode,
  52       int load_flags,
  53       bool want_spdy_over_npn);
  54
  55   // Returns the type of the underlying connection.
  56   ConnectionType GetConnectionType() const;
  57
  58   // Must be called only when GetConnectionType() returns DIRECT.
  59   const scoped_refptr<TransportSocketParams>&
  60       GetDirectConnectionParams() const;
  61
  62   // Must be called only when GetConnectionType() returns SOCKS_PROXY.
  63   const scoped_refptr<SOCKSSocketParams>&
  64       GetSocksProxyConnectionParams() const;
  65
  66   // Must be called only when GetConnectionType() returns HTTP_PROXY.
  67   const scoped_refptr<HttpProxySocketParams>&
  68       GetHttpProxyConnectionParams() const;
  69
  70   const HostPortPair& host_and_port() const { return host_and_port_; }
  71   const SSLConfig& ssl_config() const { return ssl_config_; }
  72   PrivacyMode privacy_mode() const { return privacy_mode_; }
  73   int load_flags() const { return load_flags_; }
  74   bool want_spdy_over_npn() const { return want_spdy_over_npn_; }
  75   bool ignore_limits() const { return ignore_limits_; }
  76
  77  private:
  78   friend class base::RefCounted<SSLSocketParams>;
  79   ~SSLSocketParams();
  80
  81   const scoped_refptr<TransportSocketParams> direct_params_;
  82   const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
  83   const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
  84   const HostPortPair host_and_port_;
  85   const SSLConfig ssl_config_;
  86   const PrivacyMode privacy_mode_;
  87   const int load_flags_;
  88   const bool want_spdy_over_npn_;
  89   bool ignore_limits_;
  90
  91   DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
  92 };
  93
  94 // SSLConnectJob handles the SSL handshake after setting up the underlying
  95 // connection as specified in the params.
  96 class SSLConnectJob : public ConnectJob {
  97  public:
  98   // Note: the SSLConnectJob does not own |messenger| so it must outlive the
  99   // job.
 100   SSLConnectJob(const std::string& group_name,
 101                 RequestPriority priority,
 102                 const scoped_refptr<SSLSocketParams>& params,
 103                 const base::TimeDelta& timeout_duration,
 104                 TransportClientSocketPool* transport_pool,
 105                 SOCKSClientSocketPool* socks_pool,
 106                 HttpProxyClientSocketPool* http_proxy_pool,
 107                 ClientSocketFactory* client_socket_factory,
 108                 const SSLClientSocketContext& context,
 109                 Delegate* delegate,
 110                 NetLog* net_log);
 111   ~SSLConnectJob() override;
 112
 113   // ConnectJob methods.
 114   LoadState GetLoadState() const override;
 115
 116   void GetAdditionalErrorState(ClientSocketHandle* handle) override;
 117
 118  private:
 119   enum State {
 120     STATE_TRANSPORT_CONNECT,
 121     STATE_TRANSPORT_CONNECT_COMPLETE,
 122     STATE_SOCKS_CONNECT,
 123     STATE_SOCKS_CONNECT_COMPLETE,
 124     STATE_TUNNEL_CONNECT,
 125     STATE_TUNNEL_CONNECT_COMPLETE,
 126     STATE_SSL_CONNECT,
 127     STATE_SSL_CONNECT_COMPLETE,
 128     STATE_NONE,
 129   };
 130
 131   void OnIOComplete(int result);
 132
 133   // Runs the state transition loop.
 134   int DoLoop(int result);
 135
 136   int DoTransportConnect();
 137   int DoTransportConnectComplete(int result);
 138   int DoSOCKSConnect();
 139   int DoSOCKSConnectComplete(int result);
 140   int DoTunnelConnect();
 141   int DoTunnelConnectComplete(int result);
 142   int DoSSLConnect();
 143   int DoSSLConnectComplete(int result);
 144
 145   // Returns the initial state for the state machine based on the
 146   // |connection_type|.
 147   static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
 148
 149   // Starts the SSL connection process.  Returns OK on success and
 150   // ERR_IO_PENDING if it cannot immediately service the request.
 151   // Otherwise, it returns a net error code.
 152   int ConnectInternal() override;
 153
 154   scoped_refptr<SSLSocketParams> params_;
 155   TransportClientSocketPool* const transport_pool_;
 156   SOCKSClientSocketPool* const socks_pool_;
 157   HttpProxyClientSocketPool* const http_proxy_pool_;
 158   ClientSocketFactory* const client_socket_factory_;
 159
 160   const SSLClientSocketContext context_;
 161
 162   State next_state_;
 163   CompletionCallback callback_;
 164   scoped_ptr<ClientSocketHandle> transport_socket_handle_;
 165   scoped_ptr<SSLClientSocket> ssl_socket_;
 166
 167   HttpResponseInfo error_response_info_;
 168
 169   ConnectionAttempts connection_attempts_;
 170   // The address of the server the connect job is connected to. Populated if
 171   // and only if the connect job is connected *directly* to the server (not
 172   // through an HTTPS CONNECT request or a SOCKS proxy).
 173   IPEndPoint server_address_;
 174
 175   DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
 176 };
 177
 178 class NET_EXPORT_PRIVATE SSLClientSocketPool
 179     : public ClientSocketPool,
 180       public HigherLayeredPool,
 181       public SSLConfigService::Observer {
 182  public:
 183   typedef SSLSocketParams SocketParams;
 184
 185   // Only the pools that will be used are required. i.e. if you never
 186   // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
 187   SSLClientSocketPool(int max_sockets,
 188                       int max_sockets_per_group,
 189                       CertVerifier* cert_verifier,
 190                       ChannelIDService* channel_id_service,
 191                       TransportSecurityState* transport_security_state,
 192                       CTVerifier* cert_transparency_verifier,
 193                       CertPolicyEnforcer* cert_policy_enforcer,
 194                       const std::string& ssl_session_cache_shard,
 195                       ClientSocketFactory* client_socket_factory,
 196                       TransportClientSocketPool* transport_pool,
 197                       SOCKSClientSocketPool* socks_pool,
 198                       HttpProxyClientSocketPool* http_proxy_pool,
 199                       SSLConfigService* ssl_config_service,
 200                       NetLog* net_log);
 201
 202   ~SSLClientSocketPool() override;
 203
 204   // ClientSocketPool implementation.
 205   int RequestSocket(const std::string& group_name,
 206                     const void* connect_params,
 207                     RequestPriority priority,
 208                     ClientSocketHandle* handle,
 209                     const CompletionCallback& callback,
 210                     const BoundNetLog& net_log) override;
 211
 212   void RequestSockets(const std::string& group_name,
 213                       const void* params,
 214                       int num_sockets,
 215                       const BoundNetLog& net_log) override;
 216
 217   void CancelRequest(const std::string& group_name,
 218                      ClientSocketHandle* handle) override;
 219
 220   void ReleaseSocket(const std::string& group_name,
 221                      scoped_ptr<StreamSocket> socket,
 222                      int id) override;
 223
 224   void FlushWithError(int error) override;
 225
 226   void CloseIdleSockets() override;
 227
 228   int IdleSocketCount() const override;
 229
 230   int IdleSocketCountInGroup(const std::string& group_name) const override;
 231
 232   LoadState GetLoadState(const std::string& group_name,
 233                          const ClientSocketHandle* handle) const override;
 234
 235   scoped_ptr<base::DictionaryValue> GetInfoAsValue(
 236       const std::string& name,
 237       const std::string& type,
 238       bool include_nested_pools) const override;
 239
 240   base::TimeDelta ConnectionTimeout() const override;
 241
 242   // LowerLayeredPool implementation.
 243   bool IsStalled() const override;
 244
 245   void AddHigherLayeredPool(HigherLayeredPool* higher_pool) override;
 246
 247   void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) override;
 248
 249   // HigherLayeredPool implementation.
 250   bool CloseOneIdleConnection() override;
 251
 252  private:
 253   typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
 254
 255   // SSLConfigService::Observer implementation.
 256
 257   // When the user changes the SSL config, we flush all idle sockets so they
 258   // won't get re-used.
 259   void OnSSLConfigChanged() override;
 260
 261   class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
 262    public:
 263     SSLConnectJobFactory(
 264         TransportClientSocketPool* transport_pool,
 265         SOCKSClientSocketPool* socks_pool,
 266         HttpProxyClientSocketPool* http_proxy_pool,
 267         ClientSocketFactory* client_socket_factory,
 268         const SSLClientSocketContext& context,
 269         NetLog* net_log);
 270
 271     ~SSLConnectJobFactory() override;
 272
 273     // ClientSocketPoolBase::ConnectJobFactory methods.
 274     scoped_ptr<ConnectJob> NewConnectJob(
 275         const std::string& group_name,
 276         const PoolBase::Request& request,
 277         ConnectJob::Delegate* delegate) const override;
 278
 279     base::TimeDelta ConnectionTimeout() const override;
 280
 281    private:
 282     TransportClientSocketPool* const transport_pool_;
 283     SOCKSClientSocketPool* const socks_pool_;
 284     HttpProxyClientSocketPool* const http_proxy_pool_;
 285     ClientSocketFactory* const client_socket_factory_;
 286     const SSLClientSocketContext context_;
 287     base::TimeDelta timeout_;
 288     NetLog* net_log_;
 289
 290     DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
 291   };
 292
 293   TransportClientSocketPool* const transport_pool_;
 294   SOCKSClientSocketPool* const socks_pool_;
 295   HttpProxyClientSocketPool* const http_proxy_pool_;
 296   PoolBase base_;
 297   const scoped_refptr<SSLConfigService> ssl_config_service_;
 298
 299   DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
 300 };
 301
 302 }  // namespace net
 303
 304 #endif  // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_