PeerConnector.h

Go to the documentation of this file.

/*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */
 
#ifndef SQUID_SRC_SECURITY_PEERCONNECTOR_H
#define SQUID_SRC_SECURITY_PEERCONNECTOR_H
 
#include "acl/Acl.h"
#include "acl/ChecklistFiller.h"
#include "base/AsyncCallbacks.h"
#include "base/AsyncJob.h"
#include "base/JobWait.h"
#include "CommCalls.h"
#include "http/forward.h"
#include "security/EncryptorAnswer.h"
#include "security/forward.h"
#include "security/KeyLogger.h"
#if USE_OPENSSL
#include "ssl/support.h"
#endif
 
#include <iosfwd>
#include <queue>
 
class Downloader;
class DownloaderAnswer;
class AccessLogEntry;
typedef RefCount<AccessLogEntry> AccessLogEntryPointer;
 
namespace Security
{
 
class IoResult;
typedef RefCount<IoResult> IoResultPointer;
 
class PeerConnector: virtual public AsyncJob, public Acl::ChecklistFiller
{
    CBDATA_INTERMEDIATE();
 
public:
    typedef CbcPointer<PeerConnector> Pointer;
 
    PeerConnector(const Comm::ConnectionPointer &aServerConn,
                  const AsyncCallback<EncryptorAnswer> &,
                  const AccessLogEntryPointer &alp,
                  const time_t timeout = 0);
    ~PeerConnector() override;
 
    bool noteFwdPconnUse;
 
protected:
    // AsyncJob API
    void start() override;
    bool doneAll() const override;
    void swanSong() override;
    const char *status() const override;
 
    /* Acl::ChecklistFiller API */
    void fillChecklist(ACLFilledChecklist &) const override;
 
    void commTimeoutHandler(const CommTimeoutCbParams &);
 
    void commCloseHandler(const CommCloseCbParams &params);
 
    virtual bool initialize(Security::SessionPointer &);
 
    void negotiate();
 
    bool sslFinalized();
 
    void handleNegotiationResult(const Security::IoResult &);
 
    void noteWantRead();
 
    bool isSuspended() const { return static_cast<bool>(suspendedError_); }
 
#if USE_OPENSSL
    void suspendNegotiation(const Security::IoResult &lastError);
 
    void resumeNegotiation();
 
    void handleMissingCertificates(const Security::IoResult &lastError);
 
    void startCertDownloading(SBuf &url);
 
    void certDownloadingDone(DownloaderAnswer &);
#endif
 
    virtual void noteWantWrite();
 
    virtual void noteNegotiationError(const Security::ErrorDetailPointer &);
 
    virtual void noteNegotiationDone(ErrorState *) {}
 
    virtual Security::ContextPointer getTlsContext() = 0;
 
    Comm::ConnectionPointer const &serverConnection() const { return serverConn; }
 
    void bail(ErrorState *error);
 
    void sendSuccess();
 
    void callBack();
 
    void disconnect();
 
    void countFailingConnection(const ErrorState *);
 
    void bypassCertValidator() {useCertValidator_ = false;}
 
    void recordNegotiationDetails();
 
    EncryptorAnswer &answer();
 
    HttpRequestPointer request; 
    Comm::ConnectionPointer serverConn; 
    AccessLogEntryPointer al; 
 
    AsyncCallback<EncryptorAnswer> callback;
 
private:
    PeerConnector(const PeerConnector &); // not implemented
    PeerConnector &operator =(const PeerConnector &); // not implemented
 
#if USE_OPENSSL
    unsigned int certDownloadNestingLevel() const;
 
    void sslCrtvdHandleReply(Ssl::CertValidationResponsePointer &);
 
    Security::CertErrors *sslCrtvdCheckForErrors(Ssl::CertValidationResponse const &, ErrorDetailPointer &);
 
    bool computeMissingCertificateUrls(const Connection &);
#endif
 
    static void NegotiateSsl(int fd, void *data);
    void negotiateSsl();
 
    static const unsigned int MaxCertsDownloads = 10;
 
    static const unsigned int MaxNestedDownloads = 3;
 
    Security::KeyLogger keyLogger;
 
    AsyncCall::Pointer closeHandler; 
    time_t negotiationTimeout; 
    time_t startTime; 
    bool useCertValidator_; 
    std::queue<SBuf> urlsOfMissingCerts;
    unsigned int certsDownloads; 
 
#if USE_OPENSSL
    Ssl::X509_STACK_Pointer downloadedCerts;
#endif
 
    Security::IoResultPointer suspendedError_;
 
    JobWait<Downloader> certDownloadWait; 
};
 
} // namespace Security
 
#endif /* SQUID_SRC_SECURITY_PEERCONNECTOR_H */