Google Git
Sign in
chromium / chromium / src.git / 5399828968478f2f269444622256d06e004de342 / . / net / socket / client_socket_factory.cc
blob: ade687454a99efa329aa354f086e5ab3cc5e87c7 [file] [log] [blame]
[email protected]80c75f682012-05-26 16:22:17[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
license.botbf09a502008-08-24 00:55:55[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]4
[email protected]f7984fc62009-06-22 23:26:44[diff] [blame]5#include "net/socket/client_socket_factory.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]6
[email protected]625332e02010-12-14 07:48:49[diff] [blame]7#include "base/lazy_instance.h"
[email protected]53998282012-06-06 22:08:52[diff] [blame^]8#include "base/thread_task_runner_handle.h"
9#include "base/threading/thread.h"
[email protected]68bf9152008-09-25 19:47:30[diff] [blame]10#include "build/build_config.h"
[email protected]62635c72011-03-10 04:16:25[diff] [blame]11#include "net/base/cert_database.h"
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]12#include "net/socket/client_socket_handle.h"
[email protected]68bf9152008-09-25 19:47:30[diff] [blame]13#if defined(OS_WIN)
[email protected]2380f372011-02-23 21:35:19[diff] [blame]14#include "net/socket/ssl_client_socket_nss.h"
[email protected]f7984fc62009-06-22 23:26:44[diff] [blame]15#include "net/socket/ssl_client_socket_win.h"
[email protected]d518cd92010-09-29 12:27:44[diff] [blame]16#elif defined(USE_OPENSSL)
17#include "net/socket/ssl_client_socket_openssl.h"
[email protected]1a157302010-01-29 03:36:45[diff] [blame]18#elif defined(USE_NSS)
[email protected]f7984fc62009-06-22 23:26:44[diff] [blame]19#include "net/socket/ssl_client_socket_nss.h"
[email protected]b75523f2008-10-17 14:49:07[diff] [blame]20#elif defined(OS_MACOSX)
[email protected]2380f372011-02-23 21:35:19[diff] [blame]21#include "net/socket/ssl_client_socket_mac.h"
[email protected]fd4f139f2010-06-11 17:02:20[diff] [blame]22#include "net/socket/ssl_client_socket_nss.h"
[email protected]68bf9152008-09-25 19:47:30[diff] [blame]23#endif
[email protected]d0672be2010-10-20 16:30:19[diff] [blame]24#include "net/socket/ssl_host_info.h"
[email protected]f7984fc62009-06-22 23:26:44[diff] [blame]25#include "net/socket/tcp_client_socket.h"
[email protected]98b0e582011-06-22 14:31:41[diff] [blame]26#include "net/udp/udp_client_socket.h"
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]27
28namespace net {
29
[email protected]62635c72011-03-10 04:16:25[diff] [blame]30class X509Certificate;
31
[email protected]abe48d32010-02-03 02:09:36[diff] [blame]32namespace {
33
[email protected]2380f372011-02-23 21:35:19[diff] [blame]34bool g_use_system_ssl = false;
[email protected]abe48d32010-02-03 02:09:36[diff] [blame]35
[email protected]53998282012-06-06 22:08:52[diff] [blame^]36// ChromeOS uses a hardware TPM module that may cause NSS operations to
37// block for upwards of several seconds. To avoid blocking all network and
38// IPC activity, run NSS SSL functions on a dedicated thread.
39#if defined(OS_CHROMEOS)
40bool g_use_dedicated_nss_thread = true;
41#else
42bool g_use_dedicated_nss_thread = false;
43#endif
44
[email protected]62635c72011-03-10 04:16:25[diff] [blame]45class DefaultClientSocketFactory : public ClientSocketFactory,
46 public CertDatabase::Observer {
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]47 public:
[email protected]62635c72011-03-10 04:16:25[diff] [blame]48 DefaultClientSocketFactory() {
[email protected]53998282012-06-06 22:08:52[diff] [blame^]49 if (g_use_dedicated_nss_thread) {
50 nss_thread_.reset(new base::Thread("NSS SSL Thread"));
51 if (nss_thread_->Start())
52 nss_thread_task_runner_ = nss_thread_->message_loop_proxy();
53 }
54
[email protected]62635c72011-03-10 04:16:25[diff] [blame]55 CertDatabase::AddObserver(this);
56 }
57
58 virtual ~DefaultClientSocketFactory() {
[email protected]53998282012-06-06 22:08:52[diff] [blame^]59 // Note: This code never runs, as the factory is defined as a Leaky
60 // singleton.
[email protected]62635c72011-03-10 04:16:25[diff] [blame]61 CertDatabase::RemoveObserver(this);
62 }
63
[email protected]c940d372011-04-13 17:20:18[diff] [blame]64 virtual void OnUserCertAdded(const X509Certificate* cert) {
65 ClearSSLSessionCache();
66 }
67
68 virtual void OnCertTrustChanged(const X509Certificate* cert) {
69 // Per wtc, we actually only need to flush when trust is reduced.
70 // Always flush now because OnCertTrustChanged does not tell us this.
71 // See comments in ClientSocketPoolManager::OnCertTrustChanged.
[email protected]62635c72011-03-10 04:16:25[diff] [blame]72 ClearSSLSessionCache();
73 }
74
[email protected]98b0e582011-06-22 14:31:41[diff] [blame]75 virtual DatagramClientSocket* CreateDatagramClientSocket(
[email protected]5370c012011-06-29 03:47:04[diff] [blame]76 DatagramSocket::BindType bind_type,
77 const RandIntCallback& rand_int_cb,
[email protected]98b0e582011-06-22 14:31:41[diff] [blame]78 NetLog* net_log,
79 const NetLog::Source& source) {
[email protected]5370c012011-06-29 03:47:04[diff] [blame]80 return new UDPClientSocket(bind_type, rand_int_cb, net_log, source);
[email protected]98b0e582011-06-22 14:31:41[diff] [blame]81 }
82
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]83 virtual StreamSocket* CreateTransportClientSocket(
[email protected]0a0b7682010-08-25 17:08:07[diff] [blame]84 const AddressList& addresses,
85 NetLog* net_log,
86 const NetLog::Source& source) {
87 return new TCPClientSocket(addresses, net_log, source);
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]88 }
89
[email protected]aaead502008-10-15 00:20:11[diff] [blame]90 virtual SSLClientSocket* CreateSSLClientSocket(
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]91 ClientSocketHandle* transport_socket,
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]92 const HostPortPair& host_and_port,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]93 const SSLConfig& ssl_config,
[email protected]d8fbf582010-11-04 21:51:12[diff] [blame]94 SSLHostInfo* ssl_host_info,
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]95 const SSLClientSocketContext& context) {
[email protected]2380f372011-02-23 21:35:19[diff] [blame]96 scoped_ptr<SSLHostInfo> shi(ssl_host_info);
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]97
[email protected]53998282012-06-06 22:08:52[diff] [blame^]98 // nss_thread_task_runner_ may be NULL if g_use_dedicated_nss_thread is
99 // false or if the dedicated NSS thread failed to start. If so, cause NSS
100 // functions to execute on the current task runner.
101 //
102 // Note: The current task runner is obtained on each call due to unit
103 // tests, which may create and tear down the current thread's TaskRunner
104 // between each test. Because the DefaultClientSocketFactory is leaky, it
105 // may span multiple tests, and thus the current task runner may change
106 // from call to call.
107 scoped_refptr<base::SingleThreadTaskRunner> nss_task_runner(
108 nss_thread_task_runner_);
109 if (!nss_task_runner)
110 nss_task_runner = base::ThreadTaskRunnerHandle::Get();
111
112#if defined(USE_OPENSSL)
113 return new SSLClientSocketOpenSSL(transport_socket, host_and_port,
114 ssl_config, context);
115#elif defined(USE_NSS)
116 return new SSLClientSocketNSS(nss_task_runner, transport_socket,
117 host_and_port, ssl_config, shi.release(),
118 context);
119#elif defined(OS_WIN)
[email protected]2380f372011-02-23 21:35:19[diff] [blame]120 if (g_use_system_ssl) {
121 return new SSLClientSocketWin(transport_socket, host_and_port,
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]122 ssl_config, context);
[email protected]2380f372011-02-23 21:35:19[diff] [blame]123 }
[email protected]53998282012-06-06 22:08:52[diff] [blame^]124 return new SSLClientSocketNSS(nss_task_runner, transport_socket,
125 host_and_port, ssl_config, shi.release(),
126 context);
[email protected]2380f372011-02-23 21:35:19[diff] [blame]127#elif defined(OS_MACOSX)
128 if (g_use_system_ssl) {
129 return new SSLClientSocketMac(transport_socket, host_and_port,
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]130 ssl_config, context);
[email protected]2380f372011-02-23 21:35:19[diff] [blame]131 }
[email protected]53998282012-06-06 22:08:52[diff] [blame^]132 return new SSLClientSocketNSS(nss_task_runner, transport_socket,
133 host_and_port, ssl_config, shi.release(),
134 context);
[email protected]2380f372011-02-23 21:35:19[diff] [blame]135#else
136 NOTIMPLEMENTED();
137 return NULL;
138#endif
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]139 }
[email protected]25f47352011-02-25 16:31:59[diff] [blame]140
[email protected]25f47352011-02-25 16:31:59[diff] [blame]141 void ClearSSLSessionCache() {
[email protected]c3456bb2011-12-12 22:22:19[diff] [blame]142 SSLClientSocket::ClearSessionCache();
[email protected]25f47352011-02-25 16:31:59[diff] [blame]143 }
144
[email protected]53998282012-06-06 22:08:52[diff] [blame^]145 private:
146 scoped_ptr<base::Thread> nss_thread_;
147 scoped_refptr<base::SingleThreadTaskRunner> nss_thread_task_runner_;
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]148};
149
[email protected]53998282012-06-06 22:08:52[diff] [blame^]150static base::LazyInstance<DefaultClientSocketFactory>::Leaky
[email protected]6de0fd1d2011-11-15 13:31:49[diff] [blame]151 g_default_client_socket_factory = LAZY_INSTANCE_INITIALIZER;
[email protected]625332e02010-12-14 07:48:49[diff] [blame]152
[email protected]abe48d32010-02-03 02:09:36[diff] [blame]153} // namespace
154
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]155// Deprecated function (http://crbug.com/37810) that takes a StreamSocket.
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]156SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(
[email protected]3268023f2011-05-05 00:08:10[diff] [blame]157 StreamSocket* transport_socket,
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]158 const HostPortPair& host_and_port,
[email protected]7ab5bbd12010-10-19 13:33:21[diff] [blame]159 const SSLConfig& ssl_config,
[email protected]822581d2010-12-16 17:27:15[diff] [blame]160 SSLHostInfo* ssl_host_info,
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]161 const SSLClientSocketContext& context) {
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]162 ClientSocketHandle* socket_handle = new ClientSocketHandle();
163 socket_handle->set_socket(transport_socket);
[email protected]4f4de7e62010-11-12 19:55:27[diff] [blame]164 return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config,
[email protected]feb79bcd2011-07-21 16:55:17[diff] [blame]165 ssl_host_info, context);
[email protected]e60e47a2010-07-14 03:37:18[diff] [blame]166}
167
[email protected]d100e44f2011-01-26 22:47:11[diff] [blame]168// static
169ClientSocketFactory* ClientSocketFactory::GetDefaultFactory() {
170 return g_default_client_socket_factory.Pointer();
171}
172
173// static
[email protected]2380f372011-02-23 21:35:19[diff] [blame]174void ClientSocketFactory::UseSystemSSL() {
175 g_use_system_ssl = true;
[email protected]80c75f682012-05-26 16:22:17[diff] [blame]176
177#if defined(OS_WIN)
178 // Reflect the capability of SSLClientSocketWin.
179 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1);
180#elif defined(OS_MACOSX)
181 // Reflect the capability of SSLClientSocketMac.
182 SSLConfigService::SetDefaultVersionMax(SSL_PROTOCOL_VERSION_TLS1);
183#endif
[email protected]d100e44f2011-01-26 22:47:11[diff] [blame]184}
185
initial.commit586acc5fe2008-07-26 22:42:52[diff] [blame]186} // namespace net