OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/dns_cert_provenance_checker.h" | 5 #include "net/socket/dns_cert_provenance_checker.h" |
6 | 6 |
7 #if !defined(USE_OPENSSL) | 7 #if !defined(USE_OPENSSL) |
8 | 8 |
9 #include <nspr.h> | 9 #include <nspr.h> |
10 | 10 |
11 #include <hasht.h> | 11 #include <hasht.h> |
12 #include <keyhi.h> | 12 #include <keyhi.h> |
13 #include <pk11pub.h> | 13 #include <pk11pub.h> |
14 #include <sechash.h> | 14 #include <sechash.h> |
15 | 15 |
16 #include <set> | 16 #include <set> |
17 #include <string> | 17 #include <string> |
18 | 18 |
19 #include "base/basictypes.h" | 19 #include "base/basictypes.h" |
20 #include "base/crypto/encryptor.h" | 20 #include "base/crypto/encryptor.h" |
21 #include "base/crypto/symmetric_key.h" | 21 #include "base/crypto/symmetric_key.h" |
| 22 #include "base/lazy_instance.h" |
22 #include "base/non_thread_safe.h" | 23 #include "base/non_thread_safe.h" |
23 #include "base/pickle.h" | 24 #include "base/pickle.h" |
24 #include "base/scoped_ptr.h" | 25 #include "base/scoped_ptr.h" |
25 #include "base/singleton.h" | |
26 #include "net/base/completion_callback.h" | 26 #include "net/base/completion_callback.h" |
27 #include "net/base/dns_util.h" | 27 #include "net/base/dns_util.h" |
28 #include "net/base/dnsrr_resolver.h" | 28 #include "net/base/dnsrr_resolver.h" |
29 #include "net/base/net_errors.h" | 29 #include "net/base/net_errors.h" |
30 #include "net/base/net_log.h" | 30 #include "net/base/net_log.h" |
31 | 31 |
32 namespace net { | 32 namespace net { |
33 | 33 |
34 namespace { | 34 namespace { |
35 | 35 |
(...skipping 29 matching lines...) Expand all Loading... |
65 // about the given hostname in this session. | 65 // about the given hostname in this session. |
66 bool HaveUploadedForHostname(const std::string& hostname) { | 66 bool HaveUploadedForHostname(const std::string& hostname) { |
67 return uploaded_hostnames_.count(hostname) > 0; | 67 return uploaded_hostnames_.count(hostname) > 0; |
68 } | 68 } |
69 | 69 |
70 void DidUpload(const std::string& hostname) { | 70 void DidUpload(const std::string& hostname) { |
71 uploaded_hostnames_.insert(hostname); | 71 uploaded_hostnames_.insert(hostname); |
72 } | 72 } |
73 | 73 |
74 private: | 74 private: |
75 friend struct DefaultSingletonTraits<DnsCertLimits>; | 75 friend struct base::DefaultLazyInstanceTraits<DnsCertLimits>; |
76 | 76 |
77 std::set<std::string> uploaded_hostnames_; | 77 std::set<std::string> uploaded_hostnames_; |
78 | 78 |
79 DISALLOW_COPY_AND_ASSIGN(DnsCertLimits); | 79 DISALLOW_COPY_AND_ASSIGN(DnsCertLimits); |
80 }; | 80 }; |
81 | 81 |
| 82 static base::LazyInstance<DnsCertLimits> g_dns_cert_limits( |
| 83 base::LINKER_INITIALIZED); |
| 84 |
82 // DnsCertProvenanceCheck performs the DNS lookup of the certificate. This | 85 // DnsCertProvenanceCheck performs the DNS lookup of the certificate. This |
83 // class is self-deleting. | 86 // class is self-deleting. |
84 class DnsCertProvenanceCheck : public NonThreadSafe { | 87 class DnsCertProvenanceCheck : public NonThreadSafe { |
85 public: | 88 public: |
86 DnsCertProvenanceCheck( | 89 DnsCertProvenanceCheck( |
87 const std::string& hostname, | 90 const std::string& hostname, |
88 DnsRRResolver* dnsrr_resolver, | 91 DnsRRResolver* dnsrr_resolver, |
89 DnsCertProvenanceChecker::Delegate* delegate, | 92 DnsCertProvenanceChecker::Delegate* delegate, |
90 const std::vector<base::StringPiece>& der_certs) | 93 const std::vector<base::StringPiece>& der_certs) |
91 : hostname_(hostname), | 94 : hostname_(hostname), |
92 dnsrr_resolver_(dnsrr_resolver), | 95 dnsrr_resolver_(dnsrr_resolver), |
93 delegate_(delegate), | 96 delegate_(delegate), |
94 der_certs_(der_certs.size()), | 97 der_certs_(der_certs.size()), |
95 handle_(DnsRRResolver::kInvalidHandle), | 98 handle_(DnsRRResolver::kInvalidHandle), |
96 ALLOW_THIS_IN_INITIALIZER_LIST(callback_( | 99 ALLOW_THIS_IN_INITIALIZER_LIST(callback_( |
97 this, &DnsCertProvenanceCheck::ResolutionComplete)) { | 100 this, &DnsCertProvenanceCheck::ResolutionComplete)) { |
98 for (size_t i = 0; i < der_certs.size(); i++) | 101 for (size_t i = 0; i < der_certs.size(); i++) |
99 der_certs_[i] = der_certs[i].as_string(); | 102 der_certs_[i] = der_certs[i].as_string(); |
100 } | 103 } |
101 | 104 |
102 void Start() { | 105 void Start() { |
103 DCHECK(CalledOnValidThread()); | 106 DCHECK(CalledOnValidThread()); |
104 | 107 |
105 if (der_certs_.empty()) | 108 if (der_certs_.empty()) |
106 return; | 109 return; |
107 | 110 |
108 DnsCertLimits* const limits = Singleton<DnsCertLimits>::get(); | 111 DnsCertLimits* const limits = g_dns_cert_limits.Pointer(); |
109 if (limits->HaveReachedMaxUploads() || | 112 if (limits->HaveReachedMaxUploads() || |
110 limits->HaveUploadedForHostname(hostname_)) { | 113 limits->HaveUploadedForHostname(hostname_)) { |
111 return; | 114 return; |
112 } | 115 } |
113 | 116 |
114 uint8 fingerprint[SHA1_LENGTH]; | 117 uint8 fingerprint[SHA1_LENGTH]; |
115 SECStatus rv = HASH_HashBuf( | 118 SECStatus rv = HASH_HashBuf( |
116 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), | 119 HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(), |
117 der_certs_[0].size()); | 120 der_certs_[0].size()); |
118 DCHECK_EQ(SECSuccess, rv); | 121 DCHECK_EQ(SECSuccess, rv); |
(...skipping 20 matching lines...) Expand all Loading... |
139 | 142 |
140 private: | 143 private: |
141 void ResolutionComplete(int status) { | 144 void ResolutionComplete(int status) { |
142 DCHECK(CalledOnValidThread()); | 145 DCHECK(CalledOnValidThread()); |
143 | 146 |
144 if (status == ERR_NAME_NOT_RESOLVED || | 147 if (status == ERR_NAME_NOT_RESOLVED || |
145 (status == OK && response_.rrdatas.empty())) { | 148 (status == OK && response_.rrdatas.empty())) { |
146 LOG(ERROR) << "FAILED" | 149 LOG(ERROR) << "FAILED" |
147 << " hostname:" << hostname_ | 150 << " hostname:" << hostname_ |
148 << " domain:" << domain_; | 151 << " domain:" << domain_; |
149 Singleton<DnsCertLimits>::get()->DidUpload(hostname_); | 152 g_dns_cert_limits.Get().DidUpload(hostname_); |
150 delegate_->OnDnsCertLookupFailed(hostname_, der_certs_); | 153 delegate_->OnDnsCertLookupFailed(hostname_, der_certs_); |
151 } else if (status == OK) { | 154 } else if (status == OK) { |
152 LOG(ERROR) << "GOOD" | 155 LOG(ERROR) << "GOOD" |
153 << " hostname:" << hostname_ | 156 << " hostname:" << hostname_ |
154 << " resp:" << response_.rrdatas[0]; | 157 << " resp:" << response_.rrdatas[0]; |
155 } else { | 158 } else { |
156 LOG(ERROR) << "Unknown error " << status << " for " << domain_; | 159 LOG(ERROR) << "Unknown error " << status << " for " << domain_; |
157 } | 160 } |
158 | 161 |
159 delete this; | 162 delete this; |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
321 | 324 |
322 DnsCertProvenanceChecker::Delegate::~Delegate() { | 325 DnsCertProvenanceChecker::Delegate::~Delegate() { |
323 } | 326 } |
324 | 327 |
325 DnsCertProvenanceChecker::~DnsCertProvenanceChecker() { | 328 DnsCertProvenanceChecker::~DnsCertProvenanceChecker() { |
326 } | 329 } |
327 | 330 |
328 } // namespace net | 331 } // namespace net |
329 | 332 |
330 #endif // USE_OPENSSL | 333 #endif // USE_OPENSSL |
OLD | NEW |