1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_SOCKET_SSL_CONNECT_JOB_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_SOCKET_SSL_CONNECT_JOB_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <stdint.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include <memory> 11*6777b538SAndroid Build Coastguard Worker #include <optional> 12*6777b538SAndroid Build Coastguard Worker #include <set> 13*6777b538SAndroid Build Coastguard Worker #include <string> 14*6777b538SAndroid Build Coastguard Worker #include <vector> 15*6777b538SAndroid Build Coastguard Worker 16*6777b538SAndroid Build Coastguard Worker #include "base/memory/ref_counted.h" 17*6777b538SAndroid Build Coastguard Worker #include "base/time/time.h" 18*6777b538SAndroid Build Coastguard Worker #include "net/base/completion_once_callback.h" 19*6777b538SAndroid Build Coastguard Worker #include "net/base/completion_repeating_callback.h" 20*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 21*6777b538SAndroid Build Coastguard Worker #include "net/base/network_anonymization_key.h" 22*6777b538SAndroid Build Coastguard Worker #include "net/dns/public/host_resolver_results.h" 23*6777b538SAndroid Build Coastguard Worker #include "net/dns/public/resolve_error_info.h" 24*6777b538SAndroid Build Coastguard Worker #include "net/socket/connect_job.h" 25*6777b538SAndroid Build Coastguard Worker #include "net/socket/connect_job_params.h" 26*6777b538SAndroid Build Coastguard Worker #include "net/socket/connection_attempts.h" 27*6777b538SAndroid Build Coastguard Worker #include "net/socket/ssl_client_socket.h" 28*6777b538SAndroid Build Coastguard Worker #include "net/ssl/ssl_cert_request_info.h" 29*6777b538SAndroid Build Coastguard Worker #include "net/ssl/ssl_config_service.h" 30*6777b538SAndroid Build Coastguard Worker 31*6777b538SAndroid Build Coastguard Worker namespace net { 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker class HostPortPair; 34*6777b538SAndroid Build Coastguard Worker class HttpProxySocketParams; 35*6777b538SAndroid Build Coastguard Worker class SocketTag; 36*6777b538SAndroid Build Coastguard Worker class SOCKSSocketParams; 37*6777b538SAndroid Build Coastguard Worker class TransportSocketParams; 38*6777b538SAndroid Build Coastguard Worker 39*6777b538SAndroid Build Coastguard Worker class NET_EXPORT_PRIVATE SSLSocketParams 40*6777b538SAndroid Build Coastguard Worker : public base::RefCounted<SSLSocketParams> { 41*6777b538SAndroid Build Coastguard Worker public: 42*6777b538SAndroid Build Coastguard Worker enum ConnectionType { DIRECT, SOCKS_PROXY, HTTP_PROXY }; 43*6777b538SAndroid Build Coastguard Worker 44*6777b538SAndroid Build Coastguard Worker // Exactly one of |direct_params|, |socks_proxy_params|, and 45*6777b538SAndroid Build Coastguard Worker // |http_proxy_params| must be non-NULL. 46*6777b538SAndroid Build Coastguard Worker SSLSocketParams(ConnectJobParams params, 47*6777b538SAndroid Build Coastguard Worker const HostPortPair& host_and_port, 48*6777b538SAndroid Build Coastguard Worker const SSLConfig& ssl_config, 49*6777b538SAndroid Build Coastguard Worker NetworkAnonymizationKey network_anonymization_key); 50*6777b538SAndroid Build Coastguard Worker 51*6777b538SAndroid Build Coastguard Worker SSLSocketParams(const SSLSocketParams&) = delete; 52*6777b538SAndroid Build Coastguard Worker SSLSocketParams& operator=(const SSLSocketParams&) = delete; 53*6777b538SAndroid Build Coastguard Worker 54*6777b538SAndroid Build Coastguard Worker // Returns the type of the underlying connection. 55*6777b538SAndroid Build Coastguard Worker ConnectionType GetConnectionType() const; 56*6777b538SAndroid Build Coastguard Worker 57*6777b538SAndroid Build Coastguard Worker // Must be called only when GetConnectionType() returns DIRECT. GetDirectConnectionParams()58*6777b538SAndroid Build Coastguard Worker const scoped_refptr<TransportSocketParams>& GetDirectConnectionParams() 59*6777b538SAndroid Build Coastguard Worker const { 60*6777b538SAndroid Build Coastguard Worker return nested_params_.transport(); 61*6777b538SAndroid Build Coastguard Worker } 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker // Must be called only when GetConnectionType() returns SOCKS_PROXY. GetSocksProxyConnectionParams()64*6777b538SAndroid Build Coastguard Worker const scoped_refptr<SOCKSSocketParams>& GetSocksProxyConnectionParams() 65*6777b538SAndroid Build Coastguard Worker const { 66*6777b538SAndroid Build Coastguard Worker return nested_params_.socks(); 67*6777b538SAndroid Build Coastguard Worker } 68*6777b538SAndroid Build Coastguard Worker 69*6777b538SAndroid Build Coastguard Worker // Must be called only when GetConnectionType() returns HTTP_PROXY. GetHttpProxyConnectionParams()70*6777b538SAndroid Build Coastguard Worker const scoped_refptr<HttpProxySocketParams>& GetHttpProxyConnectionParams() 71*6777b538SAndroid Build Coastguard Worker const { 72*6777b538SAndroid Build Coastguard Worker return nested_params_.http_proxy(); 73*6777b538SAndroid Build Coastguard Worker } 74*6777b538SAndroid Build Coastguard Worker host_and_port()75*6777b538SAndroid Build Coastguard Worker const HostPortPair& host_and_port() const { return host_and_port_; } ssl_config()76*6777b538SAndroid Build Coastguard Worker const SSLConfig& ssl_config() const { return ssl_config_; } network_anonymization_key()77*6777b538SAndroid Build Coastguard Worker const NetworkAnonymizationKey& network_anonymization_key() const { 78*6777b538SAndroid Build Coastguard Worker return network_anonymization_key_; 79*6777b538SAndroid Build Coastguard Worker } 80*6777b538SAndroid Build Coastguard Worker 81*6777b538SAndroid Build Coastguard Worker private: 82*6777b538SAndroid Build Coastguard Worker friend class base::RefCounted<SSLSocketParams>; 83*6777b538SAndroid Build Coastguard Worker ~SSLSocketParams(); 84*6777b538SAndroid Build Coastguard Worker 85*6777b538SAndroid Build Coastguard Worker const ConnectJobParams nested_params_; 86*6777b538SAndroid Build Coastguard Worker const HostPortPair host_and_port_; 87*6777b538SAndroid Build Coastguard Worker const SSLConfig ssl_config_; 88*6777b538SAndroid Build Coastguard Worker const NetworkAnonymizationKey network_anonymization_key_; 89*6777b538SAndroid Build Coastguard Worker }; 90*6777b538SAndroid Build Coastguard Worker 91*6777b538SAndroid Build Coastguard Worker // SSLConnectJob establishes a connection, through a proxy if needed, and then 92*6777b538SAndroid Build Coastguard Worker // handles the SSL handshake. It returns an SSLClientSocket on success. 93*6777b538SAndroid Build Coastguard Worker class NET_EXPORT_PRIVATE SSLConnectJob : public ConnectJob, 94*6777b538SAndroid Build Coastguard Worker public ConnectJob::Delegate { 95*6777b538SAndroid Build Coastguard Worker public: 96*6777b538SAndroid Build Coastguard Worker class NET_EXPORT_PRIVATE Factory { 97*6777b538SAndroid Build Coastguard Worker public: 98*6777b538SAndroid Build Coastguard Worker Factory() = default; 99*6777b538SAndroid Build Coastguard Worker virtual ~Factory() = default; 100*6777b538SAndroid Build Coastguard Worker 101*6777b538SAndroid Build Coastguard Worker virtual std::unique_ptr<SSLConnectJob> Create( 102*6777b538SAndroid Build Coastguard Worker RequestPriority priority, 103*6777b538SAndroid Build Coastguard Worker const SocketTag& socket_tag, 104*6777b538SAndroid Build Coastguard Worker const CommonConnectJobParams* common_connect_job_params, 105*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLSocketParams> params, 106*6777b538SAndroid Build Coastguard Worker ConnectJob::Delegate* delegate, 107*6777b538SAndroid Build Coastguard Worker const NetLogWithSource* net_log); 108*6777b538SAndroid Build Coastguard Worker }; 109*6777b538SAndroid Build Coastguard Worker 110*6777b538SAndroid Build Coastguard Worker SSLConnectJob(RequestPriority priority, 111*6777b538SAndroid Build Coastguard Worker const SocketTag& socket_tag, 112*6777b538SAndroid Build Coastguard Worker const CommonConnectJobParams* common_connect_job_params, 113*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLSocketParams> params, 114*6777b538SAndroid Build Coastguard Worker ConnectJob::Delegate* delegate, 115*6777b538SAndroid Build Coastguard Worker const NetLogWithSource* net_log); 116*6777b538SAndroid Build Coastguard Worker 117*6777b538SAndroid Build Coastguard Worker SSLConnectJob(const SSLConnectJob&) = delete; 118*6777b538SAndroid Build Coastguard Worker SSLConnectJob& operator=(const SSLConnectJob&) = delete; 119*6777b538SAndroid Build Coastguard Worker 120*6777b538SAndroid Build Coastguard Worker ~SSLConnectJob() override; 121*6777b538SAndroid Build Coastguard Worker 122*6777b538SAndroid Build Coastguard Worker // ConnectJob methods. 123*6777b538SAndroid Build Coastguard Worker LoadState GetLoadState() const override; 124*6777b538SAndroid Build Coastguard Worker bool HasEstablishedConnection() const override; 125*6777b538SAndroid Build Coastguard Worker 126*6777b538SAndroid Build Coastguard Worker // ConnectJob::Delegate methods. 127*6777b538SAndroid Build Coastguard Worker void OnConnectJobComplete(int result, ConnectJob* job) override; 128*6777b538SAndroid Build Coastguard Worker void OnNeedsProxyAuth(const HttpResponseInfo& response, 129*6777b538SAndroid Build Coastguard Worker HttpAuthController* auth_controller, 130*6777b538SAndroid Build Coastguard Worker base::OnceClosure restart_with_auth_callback, 131*6777b538SAndroid Build Coastguard Worker ConnectJob* job) override; 132*6777b538SAndroid Build Coastguard Worker ConnectionAttempts GetConnectionAttempts() const override; 133*6777b538SAndroid Build Coastguard Worker ResolveErrorInfo GetResolveErrorInfo() const override; 134*6777b538SAndroid Build Coastguard Worker bool IsSSLError() const override; 135*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLCertRequestInfo> GetCertRequestInfo() override; 136*6777b538SAndroid Build Coastguard Worker 137*6777b538SAndroid Build Coastguard Worker // Returns the timeout for the SSL handshake. This is the same for all 138*6777b538SAndroid Build Coastguard Worker // connections regardless of whether or not there is a proxy in use. 139*6777b538SAndroid Build Coastguard Worker static base::TimeDelta HandshakeTimeoutForTesting(); 140*6777b538SAndroid Build Coastguard Worker 141*6777b538SAndroid Build Coastguard Worker private: 142*6777b538SAndroid Build Coastguard Worker enum State { 143*6777b538SAndroid Build Coastguard Worker STATE_TRANSPORT_CONNECT, 144*6777b538SAndroid Build Coastguard Worker STATE_TRANSPORT_CONNECT_COMPLETE, 145*6777b538SAndroid Build Coastguard Worker STATE_SOCKS_CONNECT, 146*6777b538SAndroid Build Coastguard Worker STATE_SOCKS_CONNECT_COMPLETE, 147*6777b538SAndroid Build Coastguard Worker STATE_TUNNEL_CONNECT, 148*6777b538SAndroid Build Coastguard Worker STATE_TUNNEL_CONNECT_COMPLETE, 149*6777b538SAndroid Build Coastguard Worker STATE_SSL_CONNECT, 150*6777b538SAndroid Build Coastguard Worker STATE_SSL_CONNECT_COMPLETE, 151*6777b538SAndroid Build Coastguard Worker STATE_NONE, 152*6777b538SAndroid Build Coastguard Worker }; 153*6777b538SAndroid Build Coastguard Worker 154*6777b538SAndroid Build Coastguard Worker void OnIOComplete(int result); 155*6777b538SAndroid Build Coastguard Worker 156*6777b538SAndroid Build Coastguard Worker // Runs the state transition loop. 157*6777b538SAndroid Build Coastguard Worker int DoLoop(int result); 158*6777b538SAndroid Build Coastguard Worker 159*6777b538SAndroid Build Coastguard Worker int DoTransportConnect(); 160*6777b538SAndroid Build Coastguard Worker int DoTransportConnectComplete(int result); 161*6777b538SAndroid Build Coastguard Worker int DoSOCKSConnect(); 162*6777b538SAndroid Build Coastguard Worker int DoSOCKSConnectComplete(int result); 163*6777b538SAndroid Build Coastguard Worker int DoTunnelConnect(); 164*6777b538SAndroid Build Coastguard Worker int DoTunnelConnectComplete(int result); 165*6777b538SAndroid Build Coastguard Worker int DoSSLConnect(); 166*6777b538SAndroid Build Coastguard Worker int DoSSLConnectComplete(int result); 167*6777b538SAndroid Build Coastguard Worker 168*6777b538SAndroid Build Coastguard Worker // Returns the initial state for the state machine based on the 169*6777b538SAndroid Build Coastguard Worker // |connection_type|. 170*6777b538SAndroid Build Coastguard Worker static State GetInitialState(SSLSocketParams::ConnectionType connection_type); 171*6777b538SAndroid Build Coastguard Worker 172*6777b538SAndroid Build Coastguard Worker // Starts the SSL connection process. Returns OK on success and 173*6777b538SAndroid Build Coastguard Worker // ERR_IO_PENDING if it cannot immediately service the request. 174*6777b538SAndroid Build Coastguard Worker // Otherwise, it returns a net error code. 175*6777b538SAndroid Build Coastguard Worker int ConnectInternal() override; 176*6777b538SAndroid Build Coastguard Worker 177*6777b538SAndroid Build Coastguard Worker void ResetStateForRestart(); 178*6777b538SAndroid Build Coastguard Worker 179*6777b538SAndroid Build Coastguard Worker void ChangePriorityInternal(RequestPriority priority) override; 180*6777b538SAndroid Build Coastguard Worker 181*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLSocketParams> params_; 182*6777b538SAndroid Build Coastguard Worker 183*6777b538SAndroid Build Coastguard Worker State next_state_; 184*6777b538SAndroid Build Coastguard Worker CompletionRepeatingCallback callback_; 185*6777b538SAndroid Build Coastguard Worker std::unique_ptr<ConnectJob> nested_connect_job_; 186*6777b538SAndroid Build Coastguard Worker std::unique_ptr<StreamSocket> nested_socket_; 187*6777b538SAndroid Build Coastguard Worker std::unique_ptr<SSLClientSocket> ssl_socket_; 188*6777b538SAndroid Build Coastguard Worker 189*6777b538SAndroid Build Coastguard Worker // True once SSL negotiation has started. 190*6777b538SAndroid Build Coastguard Worker bool ssl_negotiation_started_ = false; 191*6777b538SAndroid Build Coastguard Worker 192*6777b538SAndroid Build Coastguard Worker // True if legacy crypto should be disabled for the job's current connection 193*6777b538SAndroid Build Coastguard Worker // attempt. On error, the connection will be retried with legacy crypto 194*6777b538SAndroid Build Coastguard Worker // enabled. 195*6777b538SAndroid Build Coastguard Worker bool disable_legacy_crypto_with_fallback_ = true; 196*6777b538SAndroid Build Coastguard Worker 197*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLCertRequestInfo> ssl_cert_request_info_; 198*6777b538SAndroid Build Coastguard Worker 199*6777b538SAndroid Build Coastguard Worker ConnectionAttempts connection_attempts_; 200*6777b538SAndroid Build Coastguard Worker ResolveErrorInfo resolve_error_info_; 201*6777b538SAndroid Build Coastguard Worker // The address of the server the connect job is connected to. Populated if 202*6777b538SAndroid Build Coastguard Worker // and only if the connect job is connected *directly* to the server (not 203*6777b538SAndroid Build Coastguard Worker // through an HTTPS CONNECT request or a SOCKS proxy). 204*6777b538SAndroid Build Coastguard Worker IPEndPoint server_address_; 205*6777b538SAndroid Build Coastguard Worker 206*6777b538SAndroid Build Coastguard Worker // Any DNS aliases for the remote endpoint. Includes all known aliases, e.g. 207*6777b538SAndroid Build Coastguard Worker // from A, AAAA, or HTTPS, not just from the address used for the connection, 208*6777b538SAndroid Build Coastguard Worker // in no particular order. Stored because `nested_connect_job_` has a limited 209*6777b538SAndroid Build Coastguard Worker // lifetime and the aliases can no longer be retrieved from there by by the 210*6777b538SAndroid Build Coastguard Worker // time that the aliases are needed to be passed in SetSocket. 211*6777b538SAndroid Build Coastguard Worker std::set<std::string> dns_aliases_; 212*6777b538SAndroid Build Coastguard Worker 213*6777b538SAndroid Build Coastguard Worker // The endpoint result used by `nested_connect_job_`. Stored because 214*6777b538SAndroid Build Coastguard Worker // `nested_connect_job_` has a limited lifetime. 215*6777b538SAndroid Build Coastguard Worker std::optional<HostResolverEndpointResult> endpoint_result_; 216*6777b538SAndroid Build Coastguard Worker 217*6777b538SAndroid Build Coastguard Worker // If not `std::nullopt`, the ECH retry configs to use in the ECH recovery 218*6777b538SAndroid Build Coastguard Worker // flow. `endpoint_result_` will then contain the endpoint to reconnect to. 219*6777b538SAndroid Build Coastguard Worker std::optional<std::vector<uint8_t>> ech_retry_configs_; 220*6777b538SAndroid Build Coastguard Worker }; 221*6777b538SAndroid Build Coastguard Worker 222*6777b538SAndroid Build Coastguard Worker } // namespace net 223*6777b538SAndroid Build Coastguard Worker 224*6777b538SAndroid Build Coastguard Worker #endif // NET_SOCKET_SSL_CONNECT_JOB_H_ 225