C++程序  |  95行  |  3.14 KB

/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef _DNS_DNSTLSTRANSPORT_H
#define _DNS_DNSTLSTRANSPORT_H

#include <future>
#include <map>
#include <mutex>
#include <vector>

#include <android-base/thread_annotations.h>
#include <android-base/unique_fd.h>

#include "dns/DnsTlsSessionCache.h"
#include "dns/DnsTlsQueryMap.h"
#include "dns/DnsTlsServer.h"
#include "dns/IDnsTlsSocket.h"
#include "dns/IDnsTlsSocketObserver.h"

#include <netdutils/Slice.h>

namespace android {
namespace net {

class IDnsTlsSocketFactory;

// Manages at most one DnsTlsSocket at a time.  This class handles socket lifetime issues,
// such as reopening the socket and reissuing pending queries.
class DnsTlsTransport : public IDnsTlsSocketObserver {
public:
    DnsTlsTransport(const DnsTlsServer& server, unsigned mark,
                    IDnsTlsSocketFactory* _Nonnull factory) :
            mMark(mark), mServer(server), mFactory(factory) {}
    ~DnsTlsTransport();

    typedef DnsTlsServer::Response Response;
    typedef DnsTlsServer::Result Result;

    // Given a |query|, this method sends it to the server and returns the result asynchronously.
    std::future<Result> query(const netdutils::Slice query) EXCLUDES(mLock);

    // Check that a given TLS server is fully working on the specified netid, and has the
    // provided SHA-256 fingerprint (if nonempty).  This function is used in ResolverController
    // to ensure that we don't enable DNS over TLS on networks where it doesn't actually work.
    static bool validate(const DnsTlsServer& server, unsigned netid);

    // Implement IDnsTlsSocketObserver
    void onResponse(std::vector<uint8_t> response) override;
    void onClosed() override EXCLUDES(mLock);

private:
    std::mutex mLock;

    DnsTlsSessionCache mCache;
    DnsTlsQueryMap mQueries;

    const unsigned mMark;  // Socket mark
    const DnsTlsServer mServer;
    IDnsTlsSocketFactory* _Nonnull const mFactory;

    void doConnect() REQUIRES(mLock);

    // doReconnect is used by onClosed.  It runs on the reconnect thread.
    void doReconnect() EXCLUDES(mLock);
    std::unique_ptr<std::thread> mReconnectThread GUARDED_BY(mLock);

    // Used to prevent onClosed from starting a reconnect during the destructor.
    bool mClosing GUARDED_BY(mLock) = false;

    // Sending queries on the socket is thread-safe, but construction/destruction is not.
    std::unique_ptr<IDnsTlsSocket> mSocket GUARDED_BY(mLock);

    // Send a query to the socket.
    bool sendQuery(const DnsTlsQueryMap::Query q) REQUIRES(mLock);
};

}  // end of namespace net
}  // end of namespace android

#endif  // _DNS_DNSTLSTRANSPORT_H