/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _DNS_DNSTLSTRANSPORT_H
#define _DNS_DNSTLSTRANSPORT_H
#include <future>
#include <map>
#include <mutex>
#include <vector>
#include <android-base/thread_annotations.h>
#include <android-base/unique_fd.h>
#include "dns/DnsTlsSessionCache.h"
#include "dns/DnsTlsQueryMap.h"
#include "dns/DnsTlsServer.h"
#include "dns/IDnsTlsSocket.h"
#include "dns/IDnsTlsSocketObserver.h"
#include <netdutils/Slice.h>
namespace android {
namespace net {
class IDnsTlsSocketFactory;
// Manages at most one DnsTlsSocket at a time. This class handles socket lifetime issues,
// such as reopening the socket and reissuing pending queries.
class DnsTlsTransport : public IDnsTlsSocketObserver {
public:
DnsTlsTransport(const DnsTlsServer& server, unsigned mark,
IDnsTlsSocketFactory* _Nonnull factory) :
mMark(mark), mServer(server), mFactory(factory) {}
~DnsTlsTransport();
typedef DnsTlsServer::Response Response;
typedef DnsTlsServer::Result Result;
// Given a |query|, this method sends it to the server and returns the result asynchronously.
std::future<Result> query(const netdutils::Slice query) EXCLUDES(mLock);
// Check that a given TLS server is fully working on the specified netid, and has the
// provided SHA-256 fingerprint (if nonempty). This function is used in ResolverController
// to ensure that we don't enable DNS over TLS on networks where it doesn't actually work.
static bool validate(const DnsTlsServer& server, unsigned netid);
// Implement IDnsTlsSocketObserver
void onResponse(std::vector<uint8_t> response) override;
void onClosed() override EXCLUDES(mLock);
private:
std::mutex mLock;
DnsTlsSessionCache mCache;
DnsTlsQueryMap mQueries;
const unsigned mMark; // Socket mark
const DnsTlsServer mServer;
IDnsTlsSocketFactory* _Nonnull const mFactory;
void doConnect() REQUIRES(mLock);
// doReconnect is used by onClosed. It runs on the reconnect thread.
void doReconnect() EXCLUDES(mLock);
std::unique_ptr<std::thread> mReconnectThread GUARDED_BY(mLock);
// Used to prevent onClosed from starting a reconnect during the destructor.
bool mClosing GUARDED_BY(mLock) = false;
// Sending queries on the socket is thread-safe, but construction/destruction is not.
std::unique_ptr<IDnsTlsSocket> mSocket GUARDED_BY(mLock);
// Send a query to the socket.
bool sendQuery(const DnsTlsQueryMap::Query q) REQUIRES(mLock);
};
} // end of namespace net
} // end of namespace android
#endif // _DNS_DNSTLSTRANSPORT_H