1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker // 5*6777b538SAndroid Build Coastguard Worker // NOTE: This class is provided to support existing Chromium consumers; it is 6*6777b538SAndroid Build Coastguard Worker // NOT intended for use in NEW code. Configuring a TLS server correctly is a 7*6777b538SAndroid Build Coastguard Worker // security-sensitive activity with many subtle nuances, and thus care should be 8*6777b538SAndroid Build Coastguard Worker // taken to discuss with //net/OWNERS before any new usages. 9*6777b538SAndroid Build Coastguard Worker // 10*6777b538SAndroid Build Coastguard Worker // As such, this header should be treated as an internal implementation detail 11*6777b538SAndroid Build Coastguard Worker // of //net (where it's used for some unit test infrastructure), not as 12*6777b538SAndroid Build Coastguard Worker // appropriate for general use. 13*6777b538SAndroid Build Coastguard Worker // 14*6777b538SAndroid Build Coastguard Worker // See https://crbug.com/621176 for more details. 15*6777b538SAndroid Build Coastguard Worker 16*6777b538SAndroid Build Coastguard Worker #ifndef NET_SOCKET_SSL_SERVER_SOCKET_H_ 17*6777b538SAndroid Build Coastguard Worker #define NET_SOCKET_SSL_SERVER_SOCKET_H_ 18*6777b538SAndroid Build Coastguard Worker 19*6777b538SAndroid Build Coastguard Worker #include <memory> 20*6777b538SAndroid Build Coastguard Worker 21*6777b538SAndroid Build Coastguard Worker #include "net/base/completion_once_callback.h" 22*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 23*6777b538SAndroid Build Coastguard Worker #include "net/socket/ssl_socket.h" 24*6777b538SAndroid Build Coastguard Worker #include "net/socket/stream_socket.h" 25*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/base.h" 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker namespace crypto { 28*6777b538SAndroid Build Coastguard Worker class RSAPrivateKey; 29*6777b538SAndroid Build Coastguard Worker } // namespace crypto 30*6777b538SAndroid Build Coastguard Worker 31*6777b538SAndroid Build Coastguard Worker namespace net { 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker struct SSLServerConfig; 34*6777b538SAndroid Build Coastguard Worker class SSLPrivateKey; 35*6777b538SAndroid Build Coastguard Worker class X509Certificate; 36*6777b538SAndroid Build Coastguard Worker 37*6777b538SAndroid Build Coastguard Worker // A server socket that uses SSL as the transport layer. 38*6777b538SAndroid Build Coastguard Worker class SSLServerSocket : public SSLSocket { 39*6777b538SAndroid Build Coastguard Worker public: 40*6777b538SAndroid Build Coastguard Worker ~SSLServerSocket() override = default; 41*6777b538SAndroid Build Coastguard Worker 42*6777b538SAndroid Build Coastguard Worker // Perform the SSL server handshake, and notify the supplied callback 43*6777b538SAndroid Build Coastguard Worker // if the process completes asynchronously. If Disconnect is called before 44*6777b538SAndroid Build Coastguard Worker // completion then the callback will be silently, as for other StreamSocket 45*6777b538SAndroid Build Coastguard Worker // calls. 46*6777b538SAndroid Build Coastguard Worker virtual int Handshake(CompletionOnceCallback callback) = 0; 47*6777b538SAndroid Build Coastguard Worker }; 48*6777b538SAndroid Build Coastguard Worker 49*6777b538SAndroid Build Coastguard Worker class SSLServerContext { 50*6777b538SAndroid Build Coastguard Worker public: 51*6777b538SAndroid Build Coastguard Worker virtual ~SSLServerContext() = default; 52*6777b538SAndroid Build Coastguard Worker 53*6777b538SAndroid Build Coastguard Worker // Creates an SSL server socket over an already-connected transport socket. 54*6777b538SAndroid Build Coastguard Worker // The caller must ensure the returned socket does not outlive the server 55*6777b538SAndroid Build Coastguard Worker // context. 56*6777b538SAndroid Build Coastguard Worker // 57*6777b538SAndroid Build Coastguard Worker // The caller starts the SSL server handshake by calling Handshake on the 58*6777b538SAndroid Build Coastguard Worker // returned socket. 59*6777b538SAndroid Build Coastguard Worker virtual std::unique_ptr<SSLServerSocket> CreateSSLServerSocket( 60*6777b538SAndroid Build Coastguard Worker std::unique_ptr<StreamSocket> socket) = 0; 61*6777b538SAndroid Build Coastguard Worker }; 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker // Creates an SSL server socket context where all sockets spawned using this 64*6777b538SAndroid Build Coastguard Worker // context will share the same session cache. 65*6777b538SAndroid Build Coastguard Worker // 66*6777b538SAndroid Build Coastguard Worker // The caller must provide the server certificate and private key to use. 67*6777b538SAndroid Build Coastguard Worker // It takes a reference to |certificate| and |pkey|. 68*6777b538SAndroid Build Coastguard Worker // The |ssl_config| parameter is copied. 69*6777b538SAndroid Build Coastguard Worker // 70*6777b538SAndroid Build Coastguard Worker NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext( 71*6777b538SAndroid Build Coastguard Worker X509Certificate* certificate, 72*6777b538SAndroid Build Coastguard Worker EVP_PKEY* pkey, 73*6777b538SAndroid Build Coastguard Worker const SSLServerConfig& ssl_config); 74*6777b538SAndroid Build Coastguard Worker 75*6777b538SAndroid Build Coastguard Worker // As above, but takes an RSAPrivateKey object. Deprecated, use the EVP_PKEY 76*6777b538SAndroid Build Coastguard Worker // version instead. 77*6777b538SAndroid Build Coastguard Worker // TODO(mattm): convert existing callers and remove this function. 78*6777b538SAndroid Build Coastguard Worker NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext( 79*6777b538SAndroid Build Coastguard Worker X509Certificate* certificate, 80*6777b538SAndroid Build Coastguard Worker const crypto::RSAPrivateKey& key, 81*6777b538SAndroid Build Coastguard Worker const SSLServerConfig& ssl_config); 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker NET_EXPORT std::unique_ptr<SSLServerContext> CreateSSLServerContext( 84*6777b538SAndroid Build Coastguard Worker X509Certificate* certificate, 85*6777b538SAndroid Build Coastguard Worker scoped_refptr<SSLPrivateKey> key, 86*6777b538SAndroid Build Coastguard Worker const SSLServerConfig& ssl_config); 87*6777b538SAndroid Build Coastguard Worker 88*6777b538SAndroid Build Coastguard Worker } // namespace net 89*6777b538SAndroid Build Coastguard Worker 90*6777b538SAndroid Build Coastguard Worker #endif // NET_SOCKET_SSL_SERVER_SOCKET_H_ 91