Remove repaint callbacks from Viewport.
[chromium-blink-merge.git] / net / socket / ssl_client_socket.h
bloba43e58cc26b852fb86d92a1a5ac7c4e7c357b286
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_H_
8 #include <string>
10 #include "base/gtest_prod_util.h"
11 #include "net/base/completion_callback.h"
12 #include "net/base/load_flags.h"
13 #include "net/base/net_errors.h"
14 #include "net/socket/ssl_socket.h"
15 #include "net/socket/stream_socket.h"
17 namespace net {
19 class CertVerifier;
20 class CTVerifier;
21 class ServerBoundCertService;
22 class SSLCertRequestInfo;
23 struct SSLConfig;
24 class SSLInfo;
25 class TransportSecurityState;
26 class X509Certificate;
28 // This struct groups together several fields which are used by various
29 // classes related to SSLClientSocket.
30 struct SSLClientSocketContext {
31 SSLClientSocketContext()
32 : cert_verifier(NULL),
33 server_bound_cert_service(NULL),
34 transport_security_state(NULL),
35 cert_transparency_verifier(NULL) {}
37 SSLClientSocketContext(CertVerifier* cert_verifier_arg,
38 ServerBoundCertService* server_bound_cert_service_arg,
39 TransportSecurityState* transport_security_state_arg,
40 CTVerifier* cert_transparency_verifier_arg,
41 const std::string& ssl_session_cache_shard_arg)
42 : cert_verifier(cert_verifier_arg),
43 server_bound_cert_service(server_bound_cert_service_arg),
44 transport_security_state(transport_security_state_arg),
45 cert_transparency_verifier(cert_transparency_verifier_arg),
46 ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
48 CertVerifier* cert_verifier;
49 ServerBoundCertService* server_bound_cert_service;
50 TransportSecurityState* transport_security_state;
51 CTVerifier* cert_transparency_verifier;
52 // ssl_session_cache_shard is an opaque string that identifies a shard of the
53 // SSL session cache. SSL sockets with the same ssl_session_cache_shard may
54 // resume each other's SSL sessions but we'll never sessions between shards.
55 const std::string ssl_session_cache_shard;
58 // A client socket that uses SSL as the transport layer.
60 // NOTE: The SSL handshake occurs within the Connect method after a TCP
61 // connection is established. If a SSL error occurs during the handshake,
62 // Connect will fail.
64 class NET_EXPORT SSLClientSocket : public SSLSocket {
65 public:
66 SSLClientSocket();
68 // Next Protocol Negotiation (NPN) allows a TLS client and server to come to
69 // an agreement about the application level protocol to speak over a
70 // connection.
71 enum NextProtoStatus {
72 // WARNING: These values are serialized to disk. Don't change them.
74 kNextProtoUnsupported = 0, // The server doesn't support NPN.
75 kNextProtoNegotiated = 1, // We agreed on a protocol.
76 kNextProtoNoOverlap = 2, // No protocols in common. We requested
77 // the first protocol in our list.
80 // StreamSocket:
81 virtual bool WasNpnNegotiated() const OVERRIDE;
82 virtual NextProto GetNegotiatedProtocol() const OVERRIDE;
84 // Gets the SSL CertificateRequest info of the socket after Connect failed
85 // with ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
86 virtual void GetSSLCertRequestInfo(
87 SSLCertRequestInfo* cert_request_info) = 0;
89 // Get the application level protocol that we negotiated with the server.
90 // *proto is set to the resulting protocol (n.b. that the string may have
91 // embedded NULs).
92 // kNextProtoUnsupported: *proto is cleared.
93 // kNextProtoNegotiated: *proto is set to the negotiated protocol.
94 // kNextProtoNoOverlap: *proto is set to the first protocol in the
95 // supported list.
96 // *server_protos is set to the server advertised protocols.
97 virtual NextProtoStatus GetNextProto(std::string* proto,
98 std::string* server_protos) = 0;
100 static NextProto NextProtoFromString(const std::string& proto_string);
102 static const char* NextProtoToString(NextProto next_proto);
104 static const char* NextProtoStatusToString(const NextProtoStatus status);
106 // Can be used with the second argument(|server_protos|) of |GetNextProto| to
107 // construct a comma separated string of server advertised protocols.
108 static std::string ServerProtosToString(const std::string& server_protos);
110 static bool IgnoreCertError(int error, int load_flags);
112 // ClearSessionCache clears the SSL session cache, used to resume SSL
113 // sessions.
114 static void ClearSessionCache();
116 virtual bool set_was_npn_negotiated(bool negotiated);
118 virtual bool was_spdy_negotiated() const;
120 virtual bool set_was_spdy_negotiated(bool negotiated);
122 virtual void set_protocol_negotiated(NextProto protocol_negotiated);
124 // Returns the ServerBoundCertService used by this socket, or NULL if
125 // server bound certificates are not supported.
126 virtual ServerBoundCertService* GetServerBoundCertService() const = 0;
128 // Returns true if a channel ID was sent on this connection.
129 // This may be useful for protocols, like SPDY, which allow the same
130 // connection to be shared between multiple domains, each of which need
131 // a channel ID.
133 // Public for ssl_client_socket_openssl_unittest.cc.
134 virtual bool WasChannelIDSent() const;
136 protected:
137 virtual void set_channel_id_sent(bool channel_id_sent);
139 virtual void set_signed_cert_timestamps_received(
140 bool signed_cert_timestamps_received);
142 virtual void set_stapled_ocsp_response_received(
143 bool stapled_ocsp_response_received);
145 // Records histograms for channel id support during full handshakes - resumed
146 // handshakes are ignored.
147 static void RecordChannelIDSupport(
148 ServerBoundCertService* server_bound_cert_service,
149 bool negotiated_channel_id,
150 bool channel_id_enabled,
151 bool supports_ecc);
153 // Returns whether TLS channel ID is enabled.
154 static bool IsChannelIDEnabled(
155 const SSLConfig& ssl_config,
156 ServerBoundCertService* server_bound_cert_service);
158 // For unit testing only.
159 // Returns the unverified certificate chain as presented by server.
160 // Note that chain may be different than the verified chain returned by
161 // StreamSocket::GetSSLInfo().
162 virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
163 const = 0;
165 private:
166 // For signed_cert_timestamps_received_ and stapled_ocsp_response_received_.
167 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
168 ConnectSignedCertTimestampsEnabledTLSExtension);
169 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
170 ConnectSignedCertTimestampsEnabledOCSP);
171 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
172 ConnectSignedCertTimestampsDisabled);
173 FRIEND_TEST_ALL_PREFIXES(SSLClientSocketTest,
174 VerifyServerChainProperlyOrdered);
176 // True if NPN was responded to, independent of selecting SPDY or HTTP.
177 bool was_npn_negotiated_;
178 // True if NPN successfully negotiated SPDY.
179 bool was_spdy_negotiated_;
180 // Protocol that we negotiated with the server.
181 NextProto protocol_negotiated_;
182 // True if a channel ID was sent.
183 bool channel_id_sent_;
184 // True if SCTs were received via a TLS extension.
185 bool signed_cert_timestamps_received_;
186 // True if a stapled OCSP response was received.
187 bool stapled_ocsp_response_received_;
190 } // namespace net
192 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_H_