1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 //
5 // NOTE: This class is provided to support existing Chromium consumers; it is
6 // NOT intended for use in NEW code. Configuring a TLS server correctly is a
7 // security-sensitive activity with many subtle nuances, and thus care should be
8 // taken to discuss with //net/OWNERS before any new usages.
9 //
10 // As such, this header should be treated as an internal implementation detail
11 // of //net (where it's used for some unit test infrastructure), not as
12 // appropriate for general use.
13 //
14 // See https://crbug.com/621176 for more details.
15 
16 #ifndef NET_SOCKET_SSL_SERVER_SOCKET_H_
17 #define NET_SOCKET_SSL_SERVER_SOCKET_H_
18 
19 #include <memory>
20 
21 #include "net/base/completion_once_callback.h"
22 #include "net/base/net_export.h"
23 #include "net/socket/ssl_socket.h"
24 #include "net/socket/stream_socket.h"
25 #include "third_party/boringssl/src/include/openssl/base.h"
26 
27 namespace crypto {
28 class RSAPrivateKey;
29 }  // namespace crypto
30 
31 namespace net {
32 
33 struct SSLServerConfig;
34 class SSLPrivateKey;
35 class X509Certificate;
36 
37 // A server socket that uses SSL as the transport layer.
38 class SSLServerSocket : public SSLSocket {
39  public:
~SSLServerSocket()40   ~SSLServerSocket() override {}
41 
42   // Perform the SSL server handshake, and notify the supplied callback
43   // if the process completes asynchronously.  If Disconnect is called before
44   // completion then the callback will be silently, as for other StreamSocket
45   // calls.
46   virtual int Handshake(CompletionOnceCallback callback) = 0;
47 };
48 
49 class SSLServerContext {
50  public:
~SSLServerContext()51   virtual ~SSLServerContext() {}
52 
53   // Creates an SSL server socket over an already-connected transport socket.
54   // The caller must ensure the returned socket does not outlive the server
55   // context.
56   //
57   // The caller starts the SSL server handshake by calling Handshake on the
58   // returned socket.
59   virtual std::unique_ptr<SSLServerSocket> CreateSSLServerSocket(
60       std::unique_ptr<StreamSocket> socket) = 0;
61 };
62 
63 // Creates an SSL server socket context where all sockets spawned using this
64 // context will share the same session cache.
65 //
66 // The caller must provide the server certificate and private key to use.
67 // It takes a reference to |certificate| and |pkey|.
68 // The |ssl_config| parameter is copied.
69 //
70 NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext(
71     X509Certificate* certificate,
72     EVP_PKEY* pkey,
73     const SSLServerConfig& ssl_config);
74 
75 // As above, but takes an RSAPrivateKey object. Deprecated, use the EVP_PKEY
76 // version instead.
77 // TODO(mattm): convert existing callers and remove this function.
78 NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext(
79     X509Certificate* certificate,
80     const crypto::RSAPrivateKey& key,
81     const SSLServerConfig& ssl_config);
82 
83 NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext(
84     X509Certificate* certificate,
85     scoped_refptr<SSLPrivateKey> key,
86     const SSLServerConfig& ssl_config);
87 
88 }  // namespace net
89 
90 #endif  // NET_SOCKET_SSL_SERVER_SOCKET_H_
91