net/socket/ssl_host_info.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SOCKET_SSL_HOST_INFO_H_
   6 #define NET_SOCKET_SSL_HOST_INFO_H_
   7
   8 #include <string>
   9 #include <vector>
  10
  11 #include "base/memory/ref_counted.h"
  12 #include "base/memory/weak_ptr.h"
  13 #include "base/time.h"
  14 #include "net/base/cert_verifier.h"
  15 #include "net/base/cert_verify_result.h"
  16 #include "net/base/completion_callback.h"
  17 #include "net/base/net_export.h"
  18 #include "net/base/single_request_cert_verifier.h"
  19 #include "net/socket/ssl_client_socket.h"
  20
  21 namespace net {
  22
  23 class X509Certificate;
  24 struct SSLConfig;
  25
  26 // SSLHostInfo is an interface for fetching information about an SSL server.
  27 // This information may be stored on disk so does not include keys or session
  28 // information etc. Primarily it's intended for caching the server's
  29 // certificates.
  30 class NET_EXPORT_PRIVATE SSLHostInfo {
  31  public:
  32   SSLHostInfo(const std::string& hostname,
  33               const SSLConfig& ssl_config,
  34               CertVerifier* certVerifier);
  35   virtual ~SSLHostInfo();
  36
  37   // Start will commence the lookup. This must be called before any other
  38   // methods. By opportunistically calling this early, it may be possible to
  39   // overlap this object's lookup and reduce latency.
  40   virtual void Start() = 0;
  41
  42   // WaitForDataReady returns OK if the fetch of the requested data has
  43   // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on
  44   // the current thread when ready.
  45   //
  46   // Only a single callback can be outstanding at a given time and, in the
  47   // event that WaitForDataReady returns OK, it's the caller's responsibility
  48   // to delete |callback|.
  49   //
  50   // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned
  51   // but, obviously, a callback will never be made.
  52   virtual int WaitForDataReady(const CompletionCallback& callback) = 0;
  53
  54   // Persist allows for the host information to be updated for future users.
  55   // This is a fire and forget operation: the caller may drop its reference
  56   // from this object and the store operation will still complete. This can
  57   // only be called once WaitForDataReady has returned OK or called its
  58   // callback.
  59   virtual void Persist() = 0;
  60
  61   struct State {
  62     State();
  63     ~State();
  64
  65     void Clear();
  66
  67     // certs is a vector of DER encoded X.509 certificates, as the server
  68     // returned them and in the same order.
  69     std::vector<std::string> certs;
  70
  71    private:
  72     DISALLOW_COPY_AND_ASSIGN(State);
  73   };
  74
  75   // Once the data is ready, it can be read using the following members. These
  76   // members can then be updated before calling |Persist|.
  77   const State& state() const;
  78   State* mutable_state();
  79
  80   // If WaitForCertVerification reports the certificate verification has
  81   // completed, then this contains the result of verifying the certificate.
  82   const CertVerifyResult& cert_verify_result() const;
  83
  84   // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in
  85   // |state().certs| is still being validated and arranges for the given
  86   // callback to be called when the verification completes. If the verification
  87   // has already finished then WaitForCertVerification returns the result of
  88   // that verification.
  89   int WaitForCertVerification(const CompletionCallback& callback);
  90
  91   base::TimeTicks verification_start_time() const {
  92     return verification_start_time_;
  93   }
  94
  95   base::TimeTicks verification_end_time() const {
  96     return verification_end_time_;
  97   }
  98
  99  protected:
 100   // Parse parses an opaque blob of data and fills out the public member fields
 101   // of this object. It returns true iff the parse was successful. The public
 102   // member fields will be set to something sane in any case.
 103   bool Parse(const std::string& data);
 104   std::string Serialize() const;
 105   State state_;
 106   bool cert_verification_complete_;
 107   int cert_verification_error_;
 108
 109  private:
 110   // This is the callback function which the CertVerifier calls via |callback_|.
 111   void VerifyCallback(int rv);
 112
 113   // ParseInner is a helper function for Parse.
 114   bool ParseInner(const std::string& data);
 115
 116   // This is the hostname that we'll validate the certificates against.
 117   const std::string hostname_;
 118   bool cert_parsing_failed_;
 119   CompletionCallback cert_verification_callback_;
 120   // These three members are taken from the SSLConfig.
 121   bool rev_checking_enabled_;
 122   bool verify_ev_cert_;
 123   base::TimeTicks verification_start_time_;
 124   base::TimeTicks verification_end_time_;
 125   CertVerifyResult cert_verify_result_;
 126   SingleRequestCertVerifier verifier_;
 127   scoped_refptr<X509Certificate> cert_;
 128   base::WeakPtrFactory<SSLHostInfo> weak_factory_;
 129   base::TimeTicks cert_verification_finished_time_;
 130 };
 131
 132 class SSLHostInfoFactory {
 133  public:
 134   virtual ~SSLHostInfoFactory();
 135
 136   // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname
 137   // or NULL on failure.
 138   virtual SSLHostInfo* GetForHost(const std::string& hostname,
 139                                   const SSLConfig& ssl_config) = 0;
 140 };
 141
 142 }  // namespace net
 143
 144 #endif  // NET_SOCKET_SSL_HOST_INFO_H_