Line data Source code
1 : /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 :
3 : /* This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : #ifndef mozilla_net_TLSFilterTransaction_h
8 : #define mozilla_net_TLSFilterTransaction_h
9 :
10 : #include "mozilla/Attributes.h"
11 : #include "mozilla/UniquePtr.h"
12 : #include "nsAHttpTransaction.h"
13 : #include "nsIAsyncInputStream.h"
14 : #include "nsIAsyncOutputStream.h"
15 : #include "nsISocketTransport.h"
16 : #include "nsITimer.h"
17 : #include "NullHttpTransaction.h"
18 : #include "mozilla/TimeStamp.h"
19 : #include "prio.h"
20 :
21 : // a TLSFilterTransaction wraps another nsAHttpTransaction but
22 : // applies a encode/decode filter of TLS onto the ReadSegments
23 : // and WriteSegments data. It is not used for basic https://
24 : // but it is used for supplemental TLS tunnels - such as those
25 : // needed by CONNECT tunnels in HTTP/2 or even CONNECT tunnels when
26 : // the underlying proxy connection is already running TLS
27 : //
28 : // HTTP/2 CONNECT tunnels cannot use pushed IO layers because of
29 : // the multiplexing involved on the base stream. i.e. the base stream
30 : // once it is decrypted may have parts that are encrypted with a
31 : // variety of keys, or none at all
32 :
33 : /* ************************************************************************
34 : The input path of http over a spdy CONNECT tunnel once it is established as a stream
35 :
36 : note the "real http transaction" can be either a http/1 transaction or another spdy session
37 : inside the tunnel.
38 :
39 : nsHttpConnection::OnInputStreamReady (real socket)
40 : nsHttpConnection::OnSocketReadable()
41 : SpdySession::WriteSegment()
42 : SpdyStream::WriteSegment (tunnel stream)
43 : SpdyConnectTransaction::WriteSegment
44 : SpdyStream::OnWriteSegment(tunnel stream)
45 : SpdySession::OnWriteSegment()
46 : SpdySession::NetworkRead()
47 : nsHttpConnection::OnWriteSegment (real socket)
48 : realSocketIn->Read() return data from network
49 :
50 : now pop the stack back up to SpdyConnectTransaction::WriteSegment, the data
51 : that has been read is stored mInputData
52 :
53 : SpdyConnectTransaction.mTunneledConn::OnInputStreamReady(mTunnelStreamIn)
54 : SpdyConnectTransaction.mTunneledConn::OnSocketReadable()
55 : TLSFilterTransaction::WriteSegment()
56 : nsHttpTransaction::WriteSegment(real http transaction)
57 : TLSFilterTransaction::OnWriteSegment() removes tls on way back up stack
58 : SpdyConnectTransaction.mTunneledConn::OnWriteSegment()
59 : SpdyConnectTransaction.mTunneledConn.mTunnelStreamIn->Read() // gets data from mInputData
60 :
61 : The output path works similarly:
62 : nsHttpConnection::OnOutputStreamReady (real socket)
63 : nsHttpConnection::OnSocketWritable()
64 : SpdySession::ReadSegments (locates tunnel)
65 : SpdyStream::ReadSegments (tunnel stream)
66 : SpdyConnectTransaction::ReadSegments()
67 : SpdyConnectTransaction.mTunneledConn::OnOutputStreamReady (tunnel connection)
68 : SpdyConnectTransaction.mTunneledConn::OnSocketWritable (tunnel connection)
69 : TLSFilterTransaction::ReadSegment()
70 : nsHttpTransaction::ReadSegment (real http transaction generates plaintext on way down)
71 : TLSFilterTransaction::OnReadSegment (BUF and LEN gets encrypted here on way down)
72 : SpdyConnectTransaction.mTunneledConn::OnReadSegment (BUF and LEN) (tunnel connection)
73 : SpdyConnectTransaction.mTunneledConn.mTunnelStreamOut->Write(BUF, LEN) .. get stored in mOutputData
74 :
75 : Now pop the stack back up to SpdyConnectTransaction::ReadSegment(), where it has
76 : the encrypted text available in mOutputData
77 :
78 : SpdyStream->OnReadSegment(BUF,LEN) from mOutputData. Tunnel stream
79 : SpdySession->OnReadSegment() // encrypted data gets put in a data frame
80 : nsHttpConnection->OnReadSegment()
81 : realSocketOut->write() writes data to network
82 :
83 : **************************************************************************/
84 :
85 : struct PRSocketOptionData;
86 :
87 : namespace mozilla { namespace net {
88 :
89 : class nsHttpRequestHead;
90 : class NullHttpTransaction;
91 : class TLSFilterTransaction;
92 :
93 3 : class NudgeTunnelCallback : public nsISupports
94 : {
95 : public:
96 : virtual void OnTunnelNudged(TLSFilterTransaction *) = 0;
97 : };
98 :
99 : #define NS_DECL_NUDGETUNNELCALLBACK void OnTunnelNudged(TLSFilterTransaction *) override;
100 :
101 : class TLSFilterTransaction final
102 : : public nsAHttpTransaction
103 : , public nsAHttpSegmentReader
104 : , public nsAHttpSegmentWriter
105 : , public nsITimerCallback
106 : {
107 : ~TLSFilterTransaction();
108 : public:
109 : NS_DECL_THREADSAFE_ISUPPORTS
110 : NS_DECL_NSAHTTPTRANSACTION
111 : NS_DECL_NSAHTTPSEGMENTREADER
112 : NS_DECL_NSAHTTPSEGMENTWRITER
113 : NS_DECL_NSITIMERCALLBACK
114 :
115 : TLSFilterTransaction(nsAHttpTransaction *aWrappedTransaction,
116 : const char *tlsHost, int32_t tlsPort,
117 : nsAHttpSegmentReader *reader,
118 : nsAHttpSegmentWriter *writer);
119 :
120 0 : const nsAHttpTransaction *Transaction() const { return mTransaction.get(); }
121 : MOZ_MUST_USE nsresult CommitToSegmentSize(uint32_t size,
122 : bool forceCommitment) override;
123 : MOZ_MUST_USE nsresult GetTransactionSecurityInfo(nsISupports **) override;
124 : MOZ_MUST_USE nsresult NudgeTunnel(NudgeTunnelCallback *callback);
125 : MOZ_MUST_USE nsresult SetProxiedTransaction(nsAHttpTransaction *aTrans);
126 : void newIODriver(nsIAsyncInputStream *aSocketIn,
127 : nsIAsyncOutputStream *aSocketOut,
128 : nsIAsyncInputStream **outSocketIn,
129 : nsIAsyncOutputStream **outSocketOut);
130 :
131 : // nsAHttpTransaction overloads
132 : bool IsNullTransaction() override;
133 : NullHttpTransaction *QueryNullTransaction() override;
134 : nsHttpTransaction *QueryHttpTransaction() override;
135 : SpdyConnectTransaction *QuerySpdyConnectTransaction() override;
136 :
137 : private:
138 : MOZ_MUST_USE nsresult StartTimerCallback();
139 : void Cleanup();
140 : int32_t FilterOutput(const char *aBuf, int32_t aAmount);
141 : int32_t FilterInput(char *aBuf, int32_t aAmount);
142 :
143 : static PRStatus GetPeerName(PRFileDesc *fd, PRNetAddr*addr);
144 : static PRStatus GetSocketOption(PRFileDesc *fd, PRSocketOptionData *data);
145 : static PRStatus SetSocketOption(PRFileDesc *fd, const PRSocketOptionData *data);
146 : static int32_t FilterWrite(PRFileDesc *fd, const void *buf, int32_t amount);
147 : static int32_t FilterRead(PRFileDesc *fd, void *buf, int32_t amount);
148 : static int32_t FilterSend(PRFileDesc *fd, const void *buf, int32_t amount, int flags,
149 : PRIntervalTime timeout);
150 : static int32_t FilterRecv(PRFileDesc *fd, void *buf, int32_t amount, int flags,
151 : PRIntervalTime timeout);
152 : static PRStatus FilterClose(PRFileDesc *fd);
153 :
154 : private:
155 : RefPtr<nsAHttpTransaction> mTransaction;
156 : nsCOMPtr<nsISupports> mSecInfo;
157 : nsCOMPtr<nsITimer> mTimer;
158 : RefPtr<NudgeTunnelCallback> mNudgeCallback;
159 :
160 : // buffered network output, after encryption
161 : UniquePtr<char[]> mEncryptedText;
162 : uint32_t mEncryptedTextUsed;
163 : uint32_t mEncryptedTextSize;
164 :
165 : PRFileDesc *mFD;
166 : nsAHttpSegmentReader *mSegmentReader;
167 : nsAHttpSegmentWriter *mSegmentWriter;
168 :
169 : nsresult mFilterReadCode;
170 : bool mForce;
171 : bool mReadSegmentBlocked;
172 : uint32_t mNudgeCounter;
173 : };
174 :
175 : class SocketTransportShim;
176 : class InputStreamShim;
177 : class OutputStreamShim;
178 : class nsHttpConnection;
179 :
180 : class SpdyConnectTransaction final : public NullHttpTransaction
181 : {
182 : public:
183 : SpdyConnectTransaction(nsHttpConnectionInfo *ci,
184 : nsIInterfaceRequestor *callbacks,
185 : uint32_t caps,
186 : nsHttpTransaction *trans,
187 : nsAHttpConnection *session);
188 : ~SpdyConnectTransaction();
189 :
190 0 : SpdyConnectTransaction *QuerySpdyConnectTransaction() override { return this; }
191 :
192 : // A transaction is forced into plaintext when it is intended to be used as a CONNECT
193 : // tunnel but the setup fails. The plaintext only carries the CONNECT error.
194 : void ForcePlainText();
195 : void MapStreamToHttpConnection(nsISocketTransport *aTransport,
196 : nsHttpConnectionInfo *aConnInfo);
197 :
198 : MOZ_MUST_USE nsresult ReadSegments(nsAHttpSegmentReader *reader,
199 : uint32_t count,
200 : uint32_t *countRead) override final;
201 : MOZ_MUST_USE nsresult WriteSegments(nsAHttpSegmentWriter *writer,
202 : uint32_t count,
203 : uint32_t *countWritten) override final;
204 : nsHttpRequestHead *RequestHead() override final;
205 : void Close(nsresult reason) override final;
206 :
207 : // ConnectedReadyForInput() tests whether the spdy connect transaction is attached to
208 : // an nsHttpConnection that can properly deal with flow control, etc..
209 : bool ConnectedReadyForInput();
210 :
211 : private:
212 : friend class InputStreamShim;
213 : friend class OutputStreamShim;
214 :
215 : MOZ_MUST_USE nsresult Flush(uint32_t count, uint32_t *countRead);
216 : void CreateShimError(nsresult code);
217 :
218 : nsCString mConnectString;
219 : uint32_t mConnectStringOffset;
220 :
221 : nsAHttpConnection *mSession;
222 : nsAHttpSegmentReader *mSegmentReader;
223 :
224 : UniquePtr<char[]> mInputData;
225 : uint32_t mInputDataSize;
226 : uint32_t mInputDataUsed;
227 : uint32_t mInputDataOffset;
228 :
229 : UniquePtr<char[]> mOutputData;
230 : uint32_t mOutputDataSize;
231 : uint32_t mOutputDataUsed;
232 : uint32_t mOutputDataOffset;
233 :
234 : bool mForcePlainText;
235 : TimeStamp mTimestampSyn;
236 : RefPtr<nsHttpConnectionInfo> mConnInfo;
237 :
238 : // mTunneledConn, mTunnelTransport, mTunnelStreamIn, mTunnelStreamOut
239 : // are the connectors to the "real" http connection. They are created
240 : // together when the tunnel setup is complete and a static reference is held
241 : // for the lifetime of the tunnel.
242 : RefPtr<nsHttpConnection> mTunneledConn;
243 : RefPtr<SocketTransportShim> mTunnelTransport;
244 : RefPtr<InputStreamShim> mTunnelStreamIn;
245 : RefPtr<OutputStreamShim> mTunnelStreamOut;
246 : RefPtr<nsHttpTransaction> mDrivingTransaction;
247 : };
248 :
249 : } // namespace net
250 : } // namespace mozilla
251 :
252 : #endif // mozilla_net_TLSFilterTransaction_h
|
