1 // Copyright 2018 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef SERVICES_NETWORK_TLS_SOCKET_FACTORY_H_
6 #define SERVICES_NETWORK_TLS_SOCKET_FACTORY_H_
7
8 #include <memory>
9 #include <vector>
10
11 #include "base/component_export.h"
12 #include "base/macros.h"
13 #include "mojo/public/cpp/bindings/pending_receiver.h"
14 #include "mojo/public/cpp/bindings/pending_remote.h"
15 #include "mojo/public/cpp/bindings/unique_receiver_set.h"
16 #include "net/http/http_network_session.h"
17 #include "net/socket/ssl_client_socket.h"
18 #include "net/traffic_annotation/network_traffic_annotation.h"
19 #include "services/network/public/mojom/network_service.mojom.h"
20 #include "services/network/public/mojom/tls_socket.mojom.h"
21
22 namespace net {
23 class ClientSocketFactory;
24 class SSLConfigService;
25 class StreamSocket;
26 } // namespace net
27
28 namespace network {
29
30 // Helper class that handles TLS socket requests.
COMPONENT_EXPORT(NETWORK_SERVICE)31 class COMPONENT_EXPORT(NETWORK_SERVICE) TLSSocketFactory {
32 public:
33 class Delegate {
34 public:
35 virtual const net::StreamSocket* BorrowSocket() = 0;
36 virtual std::unique_ptr<net::StreamSocket> TakeSocket() = 0;
37 };
38
39 // See documentation of UpgradeToTLS in tcp_socket.mojom for
40 // the semantics of the results.
41 using UpgradeToTLSCallback =
42 base::OnceCallback<void(int32_t net_error,
43 mojo::ScopedDataPipeConsumerHandle receive_stream,
44 mojo::ScopedDataPipeProducerHandle send_stream,
45 const base::Optional<net::SSLInfo>& ssl_info)>;
46
47 // Constructs a TLSSocketFactory. If |net_log| is non-null, it is used to
48 // log NetLog events when logging is enabled. |net_log| used to must outlive
49 // |this|. Sockets will be created using, the earliest available from:
50 // 1) A ClientSocketFactory set on a non-null |http_context|.
51 // 2) A ClientSocketFactory set on |url_request_context|'s
52 // HttpNetworkSession::Context
53 // 3) The default ClientSocketFactory.
54 TLSSocketFactory(net::URLRequestContext* url_request_context,
55 const net::HttpNetworkSession::Context* http_context);
56 virtual ~TLSSocketFactory();
57
58 // Upgrades an existing socket to TLS. The previous pipes and data pump
59 // must already have been destroyed before the call to this method.
60 void UpgradeToTLS(
61 Delegate* socket_delegate,
62 const net::HostPortPair& host_port_pair,
63 mojom::TLSClientSocketOptionsPtr socket_options,
64 const net::MutableNetworkTrafficAnnotationTag& traffic_annotation,
65 mojo::PendingReceiver<mojom::TLSClientSocket> receiver,
66 mojo::PendingRemote<mojom::SocketObserver> observer,
67 UpgradeToTLSCallback callback);
68
69 private:
70 void CreateTLSClientSocket(
71 const net::HostPortPair& host_port_pair,
72 mojom::TLSClientSocketOptionsPtr socket_options,
73 mojo::PendingReceiver<mojom::TLSClientSocket> receiver,
74 std::unique_ptr<net::StreamSocket> underlying_socket,
75 mojo::PendingRemote<mojom::SocketObserver> observer,
76 const net::NetworkTrafficAnnotationTag& traffic_annotation,
77 mojom::TCPConnectedSocket::UpgradeToTLSCallback callback);
78
79 // The following are used when |unsafely_skip_cert_verification| is specified
80 // in upgrade options.
81 std::unique_ptr<net::SSLClientContext> no_verification_ssl_client_context_;
82 std::unique_ptr<net::CertVerifier> no_verification_cert_verifier_;
83 std::unique_ptr<net::TransportSecurityState>
84 no_verification_transport_security_state_;
85 std::unique_ptr<net::CTVerifier> no_verification_cert_transparency_verifier_;
86 std::unique_ptr<net::CTPolicyEnforcer> no_verification_ct_policy_enforcer_;
87
88 net::SSLClientContext ssl_client_context_;
89 net::ClientSocketFactory* client_socket_factory_;
90 net::SSLConfigService* const ssl_config_service_;
91 mojo::UniqueReceiverSet<mojom::TLSClientSocket> tls_socket_receivers_;
92
93 DISALLOW_COPY_AND_ASSIGN(TLSSocketFactory);
94 };
95
96 } // namespace network
97
98 #endif // SERVICES_NETWORK_SOCKET_FACTORY_H_
99