| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #ifndef _DNS_DNSTLSTRANSPORT_H |
| #define _DNS_DNSTLSTRANSPORT_H |
| |
| #include <future> |
| #include <map> |
| #include <mutex> |
| #include <vector> |
| |
| #include <android-base/thread_annotations.h> |
| #include <android-base/unique_fd.h> |
| #include <netdutils/Slice.h> |
| |
| #include "DnsTlsQueryMap.h" |
| #include "DnsTlsServer.h" |
| #include "DnsTlsSessionCache.h" |
| #include "IDnsTlsSocket.h" |
| #include "IDnsTlsSocketObserver.h" |
| |
| namespace android { |
| namespace net { |
| |
| class IDnsTlsSocketFactory; |
| |
| // Manages at most one DnsTlsSocket at a time. This class handles socket lifetime issues, |
| // such as reopening the socket and reissuing pending queries. |
| class DnsTlsTransport : public IDnsTlsSocketObserver { |
| public: |
| DnsTlsTransport(const DnsTlsServer& server, unsigned mark, |
| IDnsTlsSocketFactory* _Nonnull factory) |
| : mMark(mark), mServer(server), mFactory(factory) {} |
| ~DnsTlsTransport(); |
| |
| typedef DnsTlsServer::Response Response; |
| typedef DnsTlsServer::Result Result; |
| |
| // Given a |query|, this method sends it to the server and returns the result asynchronously. |
| std::future<Result> query(const netdutils::Slice query) EXCLUDES(mLock); |
| |
| // Check that a given TLS server is fully working on the specified netid, and has the |
| // provided SHA-256 fingerprint (if nonempty). This function is used in ResolverController |
| // to ensure that we don't enable DNS over TLS on networks where it doesn't actually work. |
| static bool validate(const DnsTlsServer& server, unsigned netid, uint32_t mark); |
| |
| // Implement IDnsTlsSocketObserver |
| void onResponse(std::vector<uint8_t> response) override; |
| void onClosed() override EXCLUDES(mLock); |
| |
| private: |
| std::mutex mLock; |
| |
| DnsTlsSessionCache mCache; |
| DnsTlsQueryMap mQueries; |
| |
| const unsigned mMark; // Socket mark |
| const DnsTlsServer mServer; |
| IDnsTlsSocketFactory* _Nonnull const mFactory; |
| |
| void doConnect() REQUIRES(mLock); |
| |
| // doReconnect is used by onClosed. It runs on the reconnect thread. |
| void doReconnect() EXCLUDES(mLock); |
| std::unique_ptr<std::thread> mReconnectThread GUARDED_BY(mLock); |
| |
| // Used to prevent onClosed from starting a reconnect during the destructor. |
| bool mClosing GUARDED_BY(mLock) = false; |
| |
| // Sending queries on the socket is thread-safe, but construction/destruction is not. |
| std::unique_ptr<IDnsTlsSocket> mSocket GUARDED_BY(mLock); |
| |
| // Send a query to the socket. |
| bool sendQuery(const DnsTlsQueryMap::Query q) REQUIRES(mLock); |
| }; |
| |
| } // end of namespace net |
| } // end of namespace android |
| |
| #endif // _DNS_DNSTLSTRANSPORT_H |