| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/dns_cert_provenance_checker.h" | 5 #include "net/socket/dns_cert_provenance_checker.h" |
| 6 | 6 |
| 7 #if !defined(USE_OPENSSL) | 7 #if !defined(USE_OPENSSL) |
| 8 | 8 |
| 9 #include <nspr.h> | 9 #include <nspr.h> |
| 10 | 10 |
| 11 #include <hasht.h> | 11 #include <hasht.h> |
| 12 #include <keyhi.h> | 12 #include <keyhi.h> |
| 13 #include <pk11pub.h> | 13 #include <pk11pub.h> |
| 14 #include <sechash.h> | 14 #include <sechash.h> |
| 15 | 15 |
| 16 #include <set> | 16 #include <set> |
| 17 #include <string> | 17 #include <string> |
| 18 | 18 |
| 19 #include "base/basictypes.h" | 19 #include "base/basictypes.h" |
| 20 #include "base/crypto/encryptor.h" | 20 #include "base/crypto/encryptor.h" |
| 21 #include "base/crypto/symmetric_key.h" | 21 #include "base/crypto/symmetric_key.h" |
| 22 #include "base/lazy_instance.h" |
| 22 #include "base/non_thread_safe.h" | 23 #include "base/non_thread_safe.h" |
| 23 #include "base/pickle.h" | 24 #include "base/pickle.h" |
| 24 #include "base/scoped_ptr.h" | 25 #include "base/scoped_ptr.h" |
| 25 #include "base/singleton.h" | |
| 26 #include "net/base/completion_callback.h" | 26 #include "net/base/completion_callback.h" |
| 27 #include "net/base/dns_util.h" | 27 #include "net/base/dns_util.h" |
| 28 #include "net/base/dnsrr_resolver.h" | 28 #include "net/base/dnsrr_resolver.h" |
| 29 #include "net/base/net_errors.h" | 29 #include "net/base/net_errors.h" |
| 30 #include "net/base/net_log.h" | 30 #include "net/base/net_log.h" |
| 31 | 31 |
| 32 namespace net { | 32 namespace net { |
| 33 | 33 |
| 34 namespace { | 34 namespace { |
| 35 | 35 |
| (...skipping 29 matching lines...) Expand all Loading... |
| 65 // about the given hostname in this session. | 65 // about the given hostname in this session. |
| 66 bool HaveUploadedForHostname(const std::string& hostname) { | 66 bool HaveUploadedForHostname(const std::string& hostname) { |
| 67 return uploaded_hostnames_.count(hostname) > 0; | 67 return uploaded_hostnames_.count(hostname) > 0; |
| 68 } | 68 } |
| 69 | 69 |
| 70 void DidUpload(const std::string& hostname) { | 70 void DidUpload(const std::string& hostname) { |
| 71 uploaded_hostnames_.insert(hostname); | 71 uploaded_hostnames_.insert(hostname); |
| 72 } | 72 } |
| 73 | 73 |
| 74 private: | 74 private: |
| 75 friend struct DefaultSingletonTraits<DnsCertLimits>; | 75 friend struct base::DefaultLazyInstanceTraits<DnsCertLimits>; |
| 76 | 76 |
| 77 std::set<std::string> uploaded_hostnames_; | 77 std::set<std::string> uploaded_hostnames_; |
| 78 | 78 |
| 79 DISALLOW_COPY_AND_ASSIGN(DnsCertLimits); | 79 DISALLOW_COPY_AND_ASSIGN(DnsCertLimits); |
| 80 }; | 80 }; |
| 81 | 81 |
| 82 static base::LazyInstance<DnsCertLimits> g_dns_cert_limits( |
| 83 base::LINKER_INITIALIZED); |
| 84 |
| 82 // DnsCertProvenanceCheck performs the DNS lookup of the certificate. This | 85 // DnsCertProvenanceCheck performs the DNS lookup of the certificate. This |
| 83 // class is self-deleting. | 86 // class is self-deleting. |
| 84 class DnsCertProvenanceCheck : public NonThreadSafe { | 87 class DnsCertProvenanceCheck : public NonThreadSafe { |
| 85 public: | 88 public: |
| 86 DnsCertProvenanceCheck( | 89 DnsCertProvenanceCheck( |
| 87 const std::string& hostname, | 90 const std::string& hostname, |
| 88 DnsRRResolver* dnsrr_resolver, | 91 DnsRRResolver* dnsrr_resolver, |
| 89 DnsCertProvenanceChecker::Delegate* delegate, | 92 DnsCertProvenanceChecker::Delegate* delegate, |
| 90 const std::vector<base::StringPiece>& der_certs) | 93 const std::vector<base::StringPiece>& der_certs) |
| 91 : hostname_(hostname), | 94 : hostname_(hostname), |
| 92 dnsrr_resolver_(dnsrr_resolver), | 95 dnsrr_resolver_(dnsrr_resolver), |
| 93 delegate_(delegate), | 96 delegate_(delegate), |
| 94 der_certs_(der_certs.size()), | 97 der_certs_(der_certs.size()), |
| 95 handle_(DnsRRResolver::kInvalidHandle), | 98 handle_(DnsRRResolver::kInvalidHandle), |
| 96 ALLOW_THIS_IN_INITIALIZER_LIST(callback_( | 99 ALLOW_THIS_IN_INITIALIZER_LIST(callback_( |
| 97 this, &DnsCertProvenanceCheck::ResolutionComplete)) { | 100 this, &DnsCertProvenanceCheck::ResolutionComplete)) { |
| 98 for (size_t i = 0; i < der_certs.size(); i++) | 101 for (size_t i = 0; i < der_certs.size(); i++) |
| 99 der_certs_[i] = der_certs[i].as_string(); | 102 der_certs_[i] = der_certs[i].as_string(); |
| 100 } | 103 } |
| 101 | 104 |
| 102 void Start() { | 105 void Start() { |
| 103 DCHECK(CalledOnValidThread()); | 106 DCHECK(CalledOnValidThread()); |
| 104 | 107 |
| 105 if (der_certs_.empty()) | 108 if (der_certs_.empty()) |
| 106 return; | 109 return; |
| 107 | 110 |
| 108 DnsCertLimits* const limits = Singleton<DnsCertLimits>::get(); | 111 DnsCertLimits* const limits = g_dns_cert_limits.Pointer(); |
| 109 if (limits->HaveReachedMaxUploads() || | 112 if (limits->HaveReachedMaxUploads() || |
| 110 limits->HaveUploadedForHostname(hostname_)) { | 113 limits->HaveUploadedForHostname(hostname_)) { |
| 111 return; | 114 return; |
| 112 } | 115 } |
| 113 | 116 |
| 114 uint8 fingerprint[SHA1_LENGTH]; | 117 uint8 fingerprint[SHA1_LENGTH]; |
| 115 SECStatus rv = HASH_HashBuf( | 118 SECStatus rv = HASH_HashBuf( |
| 116 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), | 119 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), |
| 117 der_certs_[0].size()); | 120 der_certs_[0].size()); |
| 118 DCHECK_EQ(SECSuccess, rv); | 121 DCHECK_EQ(SECSuccess, rv); |
| (...skipping 20 matching lines...) Expand all Loading... |
| 139 | 142 |
| 140 private: | 143 private: |
| 141 void ResolutionComplete(int status) { | 144 void ResolutionComplete(int status) { |
| 142 DCHECK(CalledOnValidThread()); | 145 DCHECK(CalledOnValidThread()); |
| 143 | 146 |
| 144 if (status == ERR_NAME_NOT_RESOLVED || | 147 if (status == ERR_NAME_NOT_RESOLVED || |
| 145 (status == OK && response_.rrdatas.empty())) { | 148 (status == OK && response_.rrdatas.empty())) { |
| 146 LOG(ERROR) << "FAILED" | 149 LOG(ERROR) << "FAILED" |
| 147 << " hostname:" << hostname_ | 150 << " hostname:" << hostname_ |
| 148 << " domain:" << domain_; | 151 << " domain:" << domain_; |
| 149 Singleton<DnsCertLimits>::get()->DidUpload(hostname_); | 152 g_dns_cert_limits.Get().DidUpload(hostname_); |
| 150 delegate_->OnDnsCertLookupFailed(hostname_, der_certs_); | 153 delegate_->OnDnsCertLookupFailed(hostname_, der_certs_); |
| 151 } else if (status == OK) { | 154 } else if (status == OK) { |
| 152 LOG(ERROR) << "GOOD" | 155 LOG(ERROR) << "GOOD" |
| 153 << " hostname:" << hostname_ | 156 << " hostname:" << hostname_ |
| 154 << " resp:" << response_.rrdatas[0]; | 157 << " resp:" << response_.rrdatas[0]; |
| 155 } else { | 158 } else { |
| 156 LOG(ERROR) << "Unknown error " << status << " for " << domain_; | 159 LOG(ERROR) << "Unknown error " << status << " for " << domain_; |
| 157 } | 160 } |
| 158 | 161 |
| 159 delete this; | 162 delete this; |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 321 | 324 |
| 322 DnsCertProvenanceChecker::Delegate::~Delegate() { | 325 DnsCertProvenanceChecker::Delegate::~Delegate() { |
| 323 } | 326 } |
| 324 | 327 |
| 325 DnsCertProvenanceChecker::~DnsCertProvenanceChecker() { | 328 DnsCertProvenanceChecker::~DnsCertProvenanceChecker() { |
| 326 } | 329 } |
| 327 | 330 |
| 328 } // namespace net | 331 } // namespace net |
| 329 | 332 |
| 330 #endif // USE_OPENSSL | 333 #endif // USE_OPENSSL |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5682008:
Make members of Singleton<T> private and only visible to the singleton type. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src