net/spdy/spdy_session.cc - Issue 10807088: Implement TLS Channel ID support for SPDY CREDENTIAL frames

Side by Side Diff: net/spdy/spdy_session.cc

Issue 10807088: Implement TLS Channel ID support for SPDY CREDENTIAL frames (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Factor out MockClientSocket::kTlsUnique. Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/spdy/spdy_session.h"	5 #include "net/spdy/spdy_session.h"

6	6

7 #include <map>	7 #include <map>

8	8

9 #include "base/basictypes.h"	9 #include "base/basictypes.h"

10 #include "base/bind.h"	10 #include "base/bind.h"

(...skipping 13 matching lines...) Expand all Loading...
24 #include "crypto/ec_private_key.h"	24 #include "crypto/ec_private_key.h"

25 #include "crypto/ec_signature_creator.h"	25 #include "crypto/ec_signature_creator.h"

26 #include "crypto/signature_creator.h"	26 #include "crypto/signature_creator.h"

27 #include "net/base/asn1_util.h"	27 #include "net/base/asn1_util.h"

28 #include "net/base/connection_type_histograms.h"	28 #include "net/base/connection_type_histograms.h"

29 #include "net/base/net_log.h"	29 #include "net/base/net_log.h"

30 #include "net/base/net_util.h"	30 #include "net/base/net_util.h"

31 #include "net/base/server_bound_cert_service.h"	31 #include "net/base/server_bound_cert_service.h"

32 #include "net/http/http_network_session.h"	32 #include "net/http/http_network_session.h"

33 #include "net/http/http_server_properties.h"	33 #include "net/http/http_server_properties.h"

	34 #include "net/spdy/spdy_credential_builder.h"

34 #include "net/spdy/spdy_frame_builder.h"	35 #include "net/spdy/spdy_frame_builder.h"

35 #include "net/spdy/spdy_http_utils.h"	36 #include "net/spdy/spdy_http_utils.h"

36 #include "net/spdy/spdy_protocol.h"	37 #include "net/spdy/spdy_protocol.h"

37 #include "net/spdy/spdy_session_pool.h"	38 #include "net/spdy/spdy_session_pool.h"

38 #include "net/spdy/spdy_stream.h"	39 #include "net/spdy/spdy_stream.h"

39	40

40 namespace net {	41 namespace net {

41	42

42 namespace {	43 namespace {

43	44

(...skipping 575 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
619 return syn_frame.release();	620 return syn_frame.release();

620 }	621 }

621	622

622 SpdyCredentialControlFrame* SpdySession::CreateCredentialFrame(	623 SpdyCredentialControlFrame* SpdySession::CreateCredentialFrame(

623 const std::string& origin,	624 const std::string& origin,

624 SSLClientCertType type,	625 SSLClientCertType type,

625 const std::string& key,	626 const std::string& key,

626 const std::string& cert,	627 const std::string& cert,

627 RequestPriority priority) {	628 RequestPriority priority) {

628 DCHECK(is_secure_);	629 DCHECK(is_secure_);

629 unsigned char secret[32]; // 32 bytes from the spec	630 SSLClientSocket* ssl_socket = GetSSLClientSocket();

630 GetSSLClientSocket()->ExportKeyingMaterial("SPDY certificate proof",	631 DCHECK(ssl_socket);

631 true, origin,	632 DCHECK(ssl_socket->WasChannelIDSent());

632 secret, arraysize(secret));

633

634 // Convert the key string into a vector<unit8>

635 std::vector<uint8> key_data;

636 for (size_t i = 0; i < key.length(); i++) {

637 key_data.push_back(key[i]);

638 }

639

640 std::vector<uint8> proof;

641 switch (type) {

642 case CLIENT_CERT_ECDSA_SIGN: {

643 base::StringPiece spki_piece;

644 asn1::ExtractSPKIFromDERCert(cert, &spki_piece);

645 std::vector<uint8> spki(spki_piece.data(),

646 spki_piece.data() + spki_piece.size());

647 scoped_ptr<crypto::ECPrivateKey> private_key(

648 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(

649 ServerBoundCertService::kEPKIPassword, key_data, spki));

650 scoped_ptr<crypto::ECSignatureCreator> creator(

651 crypto::ECSignatureCreator::Create(private_key.get()));

652 creator->Sign(secret, arraysize(secret), &proof);

653 break;

654 }

655 default:

656 NOTREACHED();

657 }

658	633

659 SpdyCredential credential;	634 SpdyCredential credential;

660 GURL origin_url(origin);	635 std::string tls_unique;

661 credential.slot =	636 ssl_socket->GetTLSUniqueChannelBinding(&tls_unique);

662 credential_state_.SetHasCredential(origin_url);	637 size_t slot = credential_state_.SetHasCredential(GURL(origin));

663 credential.certs.push_back(cert);	638 SpdyCredentialBuilder::Build(tls_unique, type, key, cert, slot, &credential);
	ramant (doing other things) 2012/08/02 00:03:05 nit: should we consider checking errors returned b nit: should we consider checking errors returned by SpdyCredentialBuilder::Build? or CHECK_EQ(OK, ...) jar (doing other things) 2012/08/02 16:21:56 I think you skipped this question somehow. I thin I think you skipped this question somehow. I think the code can generate an error (return), so it seems better to check for it. On 2012/08/02 00:03:05, ramant wrote: Show quoted text > nit: should we consider checking errors returned by > SpdyCredentialBuilder::Build? or CHECK_EQ(OK, ...) Ryan Hamilton 2012/08/02 16:42:39 Eeek! You're exactly right, of course. Done. Show quoted text On 2012/08/02 16:21:56, jar wrote: > I think you skipped this question somehow. I think the code can generate an > error (return), so it seems better to check for it. > > On 2012/08/02 00:03:05, ramant wrote: > > nit: should we consider checking errors returned by > > SpdyCredentialBuilder::Build? or CHECK_EQ(OK, ...) > Eeek! You're exactly right, of course. Done.
664 credential.proof.assign(proof.begin(), proof.end());

665	639

666 DCHECK(buffered_spdy_framer_.get());	640 DCHECK(buffered_spdy_framer_.get());

667 scoped_ptr<SpdyCredentialControlFrame> credential_frame(	641 scoped_ptr<SpdyCredentialControlFrame> credential_frame(

668 buffered_spdy_framer_->CreateCredentialFrame(credential));	642 buffered_spdy_framer_->CreateCredentialFrame(credential));

669	643

670 if (net_log().IsLoggingAllEvents()) {	644 if (net_log().IsLoggingAllEvents()) {

671 net_log().AddEvent(	645 net_log().AddEvent(

672 NetLog::TYPE_SPDY_SESSION_SEND_CREDENTIAL,	646 NetLog::TYPE_SPDY_SESSION_SEND_CREDENTIAL,

673 base::Bind(&NetLogSpdyCredentialCallback, credential.slot, &origin));	647 base::Bind(&NetLogSpdyCredentialCallback, credential.slot, &origin));

674 }	648 }

(...skipping 1295 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1970 SSLClientSocket* SpdySession::GetSSLClientSocket() const {	1944 SSLClientSocket* SpdySession::GetSSLClientSocket() const {

1971 if (!is_secure_)	1945 if (!is_secure_)

1972 return NULL;	1946 return NULL;

1973 SSLClientSocket* ssl_socket =	1947 SSLClientSocket* ssl_socket =

1974 reinterpret_cast<SSLClientSocket*>(connection_->socket());	1948 reinterpret_cast<SSLClientSocket*>(connection_->socket());

1975 DCHECK(ssl_socket);	1949 DCHECK(ssl_socket);

1976 return ssl_socket;	1950 return ssl_socket;

1977 }	1951 }

1978	1952

1979 } // namespace net	1953 } // namespace net

OLD	NEW

« net/spdy/spdy_credential_builder_unittest.cc ('K') | « net/spdy/spdy_http_stream_spdy3_unittest.cc ('k') | no next file » | no next file with comments »