1*6777b538SAndroid Build Coastguard Worker // Copyright 2015 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_SSL_SSL_KEY_LOGGER_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_SSL_SSL_KEY_LOGGER_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <memory> 9*6777b538SAndroid Build Coastguard Worker #include <string> 10*6777b538SAndroid Build Coastguard Worker 11*6777b538SAndroid Build Coastguard Worker #include "base/no_destructor.h" 12*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 13*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/ssl.h" 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker namespace net { 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker // SSLKeyLogger logs SSL key material for debugging purposes. This should only 18*6777b538SAndroid Build Coastguard Worker // be used when requested by the user, typically via the SSLKEYLOGFILE 19*6777b538SAndroid Build Coastguard Worker // environment variable. See also 20*6777b538SAndroid Build Coastguard Worker // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. 21*6777b538SAndroid Build Coastguard Worker class NET_EXPORT SSLKeyLogger { 22*6777b538SAndroid Build Coastguard Worker public: 23*6777b538SAndroid Build Coastguard Worker virtual ~SSLKeyLogger() = default; 24*6777b538SAndroid Build Coastguard Worker 25*6777b538SAndroid Build Coastguard Worker // Writes |line| followed by a newline. This may be called by multiple threads 26*6777b538SAndroid Build Coastguard Worker // simultaneously. If two calls race, the order of the lines is undefined, but 27*6777b538SAndroid Build Coastguard Worker // each line will be written atomically. 28*6777b538SAndroid Build Coastguard Worker virtual void WriteLine(const std::string& line) = 0; 29*6777b538SAndroid Build Coastguard Worker }; 30*6777b538SAndroid Build Coastguard Worker 31*6777b538SAndroid Build Coastguard Worker // SSLKeyLoggerManager owns a single global instance of SSLKeyLogger, allowing 32*6777b538SAndroid Build Coastguard Worker // it to safely be registered on multiple SSL_CTX instances. 33*6777b538SAndroid Build Coastguard Worker class NET_EXPORT SSLKeyLoggerManager { 34*6777b538SAndroid Build Coastguard Worker public: 35*6777b538SAndroid Build Coastguard Worker ~SSLKeyLoggerManager() = delete; 36*6777b538SAndroid Build Coastguard Worker SSLKeyLoggerManager(const SSLKeyLoggerManager&) = delete; 37*6777b538SAndroid Build Coastguard Worker SSLKeyLoggerManager& operator=(const SSLKeyLoggerManager&) = delete; 38*6777b538SAndroid Build Coastguard Worker 39*6777b538SAndroid Build Coastguard Worker // Returns true if an SSLKeyLogger has been set. 40*6777b538SAndroid Build Coastguard Worker static bool IsActive(); 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Worker // Set the SSLKeyLogger to use. 43*6777b538SAndroid Build Coastguard Worker static void SetSSLKeyLogger(std::unique_ptr<SSLKeyLogger> logger); 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker // Logs |line| to the |logger| that was registered with SetSSLKeyLogger. 46*6777b538SAndroid Build Coastguard Worker // This function will crash if a logger has not been registered. 47*6777b538SAndroid Build Coastguard Worker // The function signature allows it to be registered with 48*6777b538SAndroid Build Coastguard Worker // SSL_CTX_set_keylog_callback, the |ssl| parameter is unused. 49*6777b538SAndroid Build Coastguard Worker static void KeyLogCallback(const SSL* /*ssl*/, const char* line); 50*6777b538SAndroid Build Coastguard Worker 51*6777b538SAndroid Build Coastguard Worker private: 52*6777b538SAndroid Build Coastguard Worker friend base::NoDestructor<SSLKeyLoggerManager>; 53*6777b538SAndroid Build Coastguard Worker 54*6777b538SAndroid Build Coastguard Worker SSLKeyLoggerManager(); 55*6777b538SAndroid Build Coastguard Worker 56*6777b538SAndroid Build Coastguard Worker // Get the global SSLKeyLoggerManager instance. 57*6777b538SAndroid Build Coastguard Worker static SSLKeyLoggerManager* Get(); 58*6777b538SAndroid Build Coastguard Worker 59*6777b538SAndroid Build Coastguard Worker std::unique_ptr<SSLKeyLogger> ssl_key_logger_; 60*6777b538SAndroid Build Coastguard Worker }; 61*6777b538SAndroid Build Coastguard Worker 62*6777b538SAndroid Build Coastguard Worker } // namespace net 63*6777b538SAndroid Build Coastguard Worker 64*6777b538SAndroid Build Coastguard Worker #endif // NET_SSL_SSL_KEY_LOGGER_H_ 65