1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_
12 #include "base/memory/ref_counted.h"
13 #include "base/memory/scoped_ptr.h"
14 #include "base/time/time.h"
15 #include "net/base/privacy_mode.h"
16 #include "net/dns/host_resolver.h"
17 #include "net/http/http_response_info.h"
18 #include "net/socket/client_socket_pool.h"
19 #include "net/socket/client_socket_pool_base.h"
20 #include "net/socket/client_socket_pool_histograms.h"
21 #include "net/socket/ssl_client_socket.h"
22 #include "net/ssl/ssl_config_service.h"
27 class ClientSocketFactory;
28 class ConnectJobFactory;
31 class HttpProxyClientSocketPool;
32 class HttpProxySocketParams;
33 class SOCKSClientSocketPool;
34 class SOCKSSocketParams;
35 class SSLClientSocket;
36 class TransportClientSocketPool;
37 class TransportSecurityState;
38 class TransportSocketParams;
40 class NET_EXPORT_PRIVATE SSLSocketParams
41 : public base::RefCounted<SSLSocketParams> {
43 enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY };
45 // Exactly one of |direct_params|, |socks_proxy_params|, and
46 // |http_proxy_params| must be non-NULL.
48 const scoped_refptr<TransportSocketParams>& direct_params,
49 const scoped_refptr<SOCKSSocketParams>& socks_proxy_params,
50 const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
51 const HostPortPair& host_and_port,
52 const SSLConfig& ssl_config,
53 PrivacyMode privacy_mode,
55 bool force_spdy_over_ssl,
56 bool want_spdy_over_npn);
58 // Returns the type of the underlying connection.
59 ConnectionType GetConnectionType() const;
61 // Must be called only when GetConnectionType() returns DIRECT.
62 const scoped_refptr<TransportSocketParams>&
63 GetDirectConnectionParams() const;
65 // Must be called only when GetConnectionType() returns SOCKS_PROXY.
66 const scoped_refptr<SOCKSSocketParams>&
67 GetSocksProxyConnectionParams() const;
69 // Must be called only when GetConnectionType() returns HTTP_PROXY.
70 const scoped_refptr<HttpProxySocketParams>&
71 GetHttpProxyConnectionParams() const;
73 const HostPortPair& host_and_port() const { return host_and_port_; }
74 const SSLConfig& ssl_config() const { return ssl_config_; }
75 PrivacyMode privacy_mode() const { return privacy_mode_; }
76 int load_flags() const { return load_flags_; }
77 bool force_spdy_over_ssl() const { return force_spdy_over_ssl_; }
78 bool want_spdy_over_npn() const { return want_spdy_over_npn_; }
79 bool ignore_limits() const { return ignore_limits_; }
82 friend class base::RefCounted<SSLSocketParams>;
85 const scoped_refptr<TransportSocketParams> direct_params_;
86 const scoped_refptr<SOCKSSocketParams> socks_proxy_params_;
87 const scoped_refptr<HttpProxySocketParams> http_proxy_params_;
88 const HostPortPair host_and_port_;
89 const SSLConfig ssl_config_;
90 const PrivacyMode privacy_mode_;
91 const int load_flags_;
92 const bool force_spdy_over_ssl_;
93 const bool want_spdy_over_npn_;
96 DISALLOW_COPY_AND_ASSIGN(SSLSocketParams);
99 // SSLConnectJobMessenger handles communication between concurrent
100 // SSLConnectJobs that share the same SSL session cache key.
102 // SSLConnectJobMessengers tell the session cache when a certain
103 // connection should be monitored for success or failure, and
104 // tell SSLConnectJobs when to pause or resume their connections.
105 class SSLConnectJobMessenger {
107 struct SocketAndCallback {
108 SocketAndCallback(SSLClientSocket* ssl_socket,
109 const base::Closure& job_resumption_callback);
110 ~SocketAndCallback();
112 SSLClientSocket* socket;
113 base::Closure callback;
116 typedef std::vector<SocketAndCallback> SSLPendingSocketsAndCallbacks;
118 SSLConnectJobMessenger();
119 ~SSLConnectJobMessenger();
121 // Removes |socket| from the set of sockets being monitored. This
122 // guarantees that |job_resumption_callback| will not be called for
124 void RemovePendingSocket(SSLClientSocket* ssl_socket);
126 // Returns true if |ssl_socket|'s Connect() method should be called.
127 bool CanProceed(SSLClientSocket* ssl_socket);
129 // Configures the SSLConnectJobMessenger to begin monitoring |ssl_socket|'s
130 // connection status. After a successful connection, or an error,
131 // the messenger will determine which sockets that have been added
132 // via AddPendingSocket() to allow to proceed.
133 void MonitorConnectionResult(SSLClientSocket* ssl_socket);
135 // Adds |socket| to the list of sockets waiting to Connect(). When
136 // the messenger has determined that it's an appropriate time for |socket|
137 // to connect, it will invoke |callback|.
139 // Note: It is an error to call AddPendingSocket() without having first
140 // called MonitorConnectionResult() and configuring a socket that WILL
141 // have Connect() called on it.
142 void AddPendingSocket(SSLClientSocket* ssl_socket,
143 const base::Closure& callback);
146 // Processes pending callbacks when a socket completes its SSL handshake --
147 // either successfully or unsuccessfully.
148 void OnSSLHandshakeCompleted();
150 // Runs all callbacks stored in |pending_sockets_and_callbacks_|.
151 void RunAllCallbacks(
152 const SSLPendingSocketsAndCallbacks& pending_socket_and_callbacks);
154 base::WeakPtrFactory<SSLConnectJobMessenger> weak_factory_;
156 SSLPendingSocketsAndCallbacks pending_sockets_and_callbacks_;
157 // Note: this field is a vector to allow for future design changes. Currently,
158 // this vector should only ever have one entry.
159 std::vector<SSLClientSocket*> connecting_sockets_;
162 // SSLConnectJob handles the SSL handshake after setting up the underlying
163 // connection as specified in the params.
164 class SSLConnectJob : public ConnectJob {
166 // Note: the SSLConnectJob does not own |messenger| so it must outlive the
168 SSLConnectJob(const std::string& group_name,
169 RequestPriority priority,
170 const scoped_refptr<SSLSocketParams>& params,
171 const base::TimeDelta& timeout_duration,
172 TransportClientSocketPool* transport_pool,
173 SOCKSClientSocketPool* socks_pool,
174 HttpProxyClientSocketPool* http_proxy_pool,
175 ClientSocketFactory* client_socket_factory,
176 HostResolver* host_resolver,
177 const SSLClientSocketContext& context,
178 SSLConnectJobMessenger* messenger,
181 virtual ~SSLConnectJob();
183 // ConnectJob methods.
184 virtual LoadState GetLoadState() const OVERRIDE;
186 virtual void GetAdditionalErrorState(ClientSocketHandle * handle) OVERRIDE;
190 STATE_TRANSPORT_CONNECT,
191 STATE_TRANSPORT_CONNECT_COMPLETE,
193 STATE_SOCKS_CONNECT_COMPLETE,
194 STATE_TUNNEL_CONNECT,
195 STATE_TUNNEL_CONNECT_COMPLETE,
196 STATE_CREATE_SSL_SOCKET,
197 STATE_CHECK_FOR_RESUME,
199 STATE_SSL_CONNECT_COMPLETE,
203 void OnIOComplete(int result);
205 // Runs the state transition loop.
206 int DoLoop(int result);
208 int DoTransportConnect();
209 int DoTransportConnectComplete(int result);
210 int DoSOCKSConnect();
211 int DoSOCKSConnectComplete(int result);
212 int DoTunnelConnect();
213 int DoTunnelConnectComplete(int result);
214 int DoCreateSSLSocket();
215 int DoCheckForResume();
217 int DoSSLConnectComplete(int result);
219 // Tells a waiting SSLConnectJob to resume its SSL connection.
220 void ResumeSSLConnection();
222 // Returns the initial state for the state machine based on the
223 // |connection_type|.
224 static State GetInitialState(SSLSocketParams::ConnectionType connection_type);
226 // Starts the SSL connection process. Returns OK on success and
227 // ERR_IO_PENDING if it cannot immediately service the request.
228 // Otherwise, it returns a net error code.
229 virtual int ConnectInternal() OVERRIDE;
231 scoped_refptr<SSLSocketParams> params_;
232 TransportClientSocketPool* const transport_pool_;
233 SOCKSClientSocketPool* const socks_pool_;
234 HttpProxyClientSocketPool* const http_proxy_pool_;
235 ClientSocketFactory* const client_socket_factory_;
236 HostResolver* const host_resolver_;
238 const SSLClientSocketContext context_;
241 CompletionCallback io_callback_;
242 scoped_ptr<ClientSocketHandle> transport_socket_handle_;
243 scoped_ptr<SSLClientSocket> ssl_socket_;
245 SSLConnectJobMessenger* messenger_;
246 HttpResponseInfo error_response_info_;
248 base::WeakPtrFactory<SSLConnectJob> weak_factory_;
250 DISALLOW_COPY_AND_ASSIGN(SSLConnectJob);
253 class NET_EXPORT_PRIVATE SSLClientSocketPool
254 : public ClientSocketPool,
255 public HigherLayeredPool,
256 public SSLConfigService::Observer {
258 typedef SSLSocketParams SocketParams;
260 // Only the pools that will be used are required. i.e. if you never
261 // try to create an SSL over SOCKS socket, |socks_pool| may be NULL.
262 SSLClientSocketPool(int max_sockets,
263 int max_sockets_per_group,
264 ClientSocketPoolHistograms* histograms,
265 HostResolver* host_resolver,
266 CertVerifier* cert_verifier,
267 ChannelIDService* channel_id_service,
268 TransportSecurityState* transport_security_state,
269 CTVerifier* cert_transparency_verifier,
270 const std::string& ssl_session_cache_shard,
271 ClientSocketFactory* client_socket_factory,
272 TransportClientSocketPool* transport_pool,
273 SOCKSClientSocketPool* socks_pool,
274 HttpProxyClientSocketPool* http_proxy_pool,
275 SSLConfigService* ssl_config_service,
276 bool enable_ssl_connect_job_waiting,
279 virtual ~SSLClientSocketPool();
281 // ClientSocketPool implementation.
282 virtual int RequestSocket(const std::string& group_name,
283 const void* connect_params,
284 RequestPriority priority,
285 ClientSocketHandle* handle,
286 const CompletionCallback& callback,
287 const BoundNetLog& net_log) OVERRIDE;
289 virtual void RequestSockets(const std::string& group_name,
292 const BoundNetLog& net_log) OVERRIDE;
294 virtual void CancelRequest(const std::string& group_name,
295 ClientSocketHandle* handle) OVERRIDE;
297 virtual void ReleaseSocket(const std::string& group_name,
298 scoped_ptr<StreamSocket> socket,
301 virtual void FlushWithError(int error) OVERRIDE;
303 virtual void CloseIdleSockets() OVERRIDE;
305 virtual int IdleSocketCount() const OVERRIDE;
307 virtual int IdleSocketCountInGroup(
308 const std::string& group_name) const OVERRIDE;
310 virtual LoadState GetLoadState(
311 const std::string& group_name,
312 const ClientSocketHandle* handle) const OVERRIDE;
314 virtual base::DictionaryValue* GetInfoAsValue(
315 const std::string& name,
316 const std::string& type,
317 bool include_nested_pools) const OVERRIDE;
319 virtual base::TimeDelta ConnectionTimeout() const OVERRIDE;
321 virtual ClientSocketPoolHistograms* histograms() const OVERRIDE;
323 // LowerLayeredPool implementation.
324 virtual bool IsStalled() const OVERRIDE;
326 virtual void AddHigherLayeredPool(HigherLayeredPool* higher_pool) OVERRIDE;
328 virtual void RemoveHigherLayeredPool(HigherLayeredPool* higher_pool) OVERRIDE;
330 // HigherLayeredPool implementation.
331 virtual bool CloseOneIdleConnection() OVERRIDE;
334 typedef ClientSocketPoolBase<SSLSocketParams> PoolBase;
336 // SSLConfigService::Observer implementation.
338 // When the user changes the SSL config, we flush all idle sockets so they
339 // won't get re-used.
340 virtual void OnSSLConfigChanged() OVERRIDE;
342 class SSLConnectJobFactory : public PoolBase::ConnectJobFactory {
344 SSLConnectJobFactory(TransportClientSocketPool* transport_pool,
345 SOCKSClientSocketPool* socks_pool,
346 HttpProxyClientSocketPool* http_proxy_pool,
347 ClientSocketFactory* client_socket_factory,
348 HostResolver* host_resolver,
349 const SSLClientSocketContext& context,
350 bool enable_ssl_connect_job_waiting,
353 virtual ~SSLConnectJobFactory();
355 // ClientSocketPoolBase::ConnectJobFactory methods.
356 virtual scoped_ptr<ConnectJob> NewConnectJob(
357 const std::string& group_name,
358 const PoolBase::Request& request,
359 ConnectJob::Delegate* delegate) const OVERRIDE;
361 virtual base::TimeDelta ConnectionTimeout() const OVERRIDE;
364 // Maps SSLConnectJob cache keys to SSLConnectJobMessenger objects.
365 typedef std::map<std::string, SSLConnectJobMessenger*> MessengerMap;
367 TransportClientSocketPool* const transport_pool_;
368 SOCKSClientSocketPool* const socks_pool_;
369 HttpProxyClientSocketPool* const http_proxy_pool_;
370 ClientSocketFactory* const client_socket_factory_;
371 HostResolver* const host_resolver_;
372 const SSLClientSocketContext context_;
373 base::TimeDelta timeout_;
374 bool enable_ssl_connect_job_waiting_;
376 // |messenger_map_| is currently a pointer so that an element can be
377 // added to it inside of the const method NewConnectJob. In the future,
378 // elements will be added in a different method.
379 // TODO(mshelley) Change this to a non-pointer.
380 scoped_ptr<MessengerMap> messenger_map_;
382 DISALLOW_COPY_AND_ASSIGN(SSLConnectJobFactory);
385 TransportClientSocketPool* const transport_pool_;
386 SOCKSClientSocketPool* const socks_pool_;
387 HttpProxyClientSocketPool* const http_proxy_pool_;
389 const scoped_refptr<SSLConfigService> ssl_config_service_;
391 DISALLOW_COPY_AND_ASSIGN(SSLClientSocketPool);
396 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_POOL_H_