Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(471)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/renderer_host/x509_user_cert_resource_handler.cc

Issue 6487012: Clear the SSL Client Auth cache when a new SSL Client Certificate is... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/browser/browser_main_win.cc ('k') | net/base/ssl_client_auth_cache.h » ('j') | net/base/ssl_client_auth_cache.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "chrome/browser/renderer_host/x509_user_cert_resource_handler.h" 5 #include "chrome/browser/renderer_host/x509_user_cert_resource_handler.h"
6 6
7 #include "base/string_util.h" 7 #include "base/string_util.h"
8 #include "chrome/browser/download/download_types.h" 8 #include "chrome/browser/download/download_types.h"
9 #include "chrome/browser/renderer_host/resource_dispatcher_host.h" 9 #include "chrome/browser/renderer_host/resource_dispatcher_host.h"
10 #include "chrome/browser/renderer_host/resource_dispatcher_host_request_info.h" 10 #include "chrome/browser/renderer_host/resource_dispatcher_host_request_info.h"
11 #include "chrome/browser/ssl/ssl_add_cert_handler.h" 11 #include "chrome/browser/ssl/ssl_add_cert_handler.h"
12 #include "chrome/common/resource_response.h" 12 #include "chrome/common/resource_response.h"
13 #include "chrome/common/url_constants.h" 13 #include "chrome/common/url_constants.h"
14 #include "net/base/io_buffer.h" 14 #include "net/base/io_buffer.h"
15 #include "net/base/mime_sniffer.h" 15 #include "net/base/mime_sniffer.h"
16 #include "net/base/mime_util.h" 16 #include "net/base/mime_util.h"
17 #include "net/base/ssl_client_auth_cache.h"
17 #include "net/base/x509_certificate.h" 18 #include "net/base/x509_certificate.h"
19 #include "net/http/http_network_session.h"
18 #include "net/http/http_response_headers.h" 20 #include "net/http/http_response_headers.h"
21 #include "net/http/http_transaction_factory.h"
22 #include "net/socket/client_socket_factory.h"
23 #include "net/spdy/spdy_session_pool.h"
19 #include "net/url_request/url_request.h" 24 #include "net/url_request/url_request.h"
25 #include "net/url_request/url_request_context.h"
20 #include "net/url_request/url_request_status.h" 26 #include "net/url_request/url_request_status.h"
21 27
22 X509UserCertResourceHandler::X509UserCertResourceHandler( 28 X509UserCertResourceHandler::X509UserCertResourceHandler(
23 ResourceDispatcherHost* host, net::URLRequest* request, 29 ResourceDispatcherHost* host, net::URLRequest* request,
24 int render_process_host_id, int render_view_id) 30 int render_process_host_id, int render_view_id)
25 : host_(host), 31 : host_(host),
26 request_(request), 32 request_(request),
27 content_length_(0), 33 content_length_(0),
28 buffer_(new DownloadBuffer), 34 buffer_(new DownloadBuffer),
29 read_buffer_(NULL), 35 read_buffer_(NULL),
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
100 106
101 // TODO(gauravsh): Verify that 'request_id' was actually a keygen form post 107 // TODO(gauravsh): Verify that 'request_id' was actually a keygen form post
102 // and only then import the certificate. 108 // and only then import the certificate.
103 AssembleResource(); 109 AssembleResource();
104 scoped_refptr<net::X509Certificate> cert( 110 scoped_refptr<net::X509Certificate> cert(
105 net::X509Certificate::CreateFromBytes(resource_buffer_->data(), 111 net::X509Certificate::CreateFromBytes(resource_buffer_->data(),
106 content_length_)); 112 content_length_));
107 // The handler will run the UI and delete itself when it's finished. 113 // The handler will run the UI and delete itself when it's finished.
108 new SSLAddCertHandler(request_, cert, render_process_host_id_, 114 new SSLAddCertHandler(request_, cert, render_process_host_id_,
109 render_view_id_); 115 render_view_id_);
116 // Force all new SSL connects to renegotiate, and hence use this new
117 // certificate if necessary.
118 if (request_->context()->http_transaction_factory()) {
119 net::HttpNetworkSession* session =
120 request_->context()->http_transaction_factory()->GetSession();
wtc 2011/02/15 20:50:40 It seems bad to expose so much internals of HttpNe
Ryan Hamilton 2011/02/16 17:44:40 Sounds reasonable. I move all this logic to a new
121 // Erase any mapping from host:port to client certificate.
122 session->ssl_client_auth_cache()->Clear();
123 // Clear any cached ssl sessions so that we do not resume with the old
124 // certificate.
125 net::ClientSocketFactory::ClearSSLSessionCache();
126 // Close all connections to force a reconnection.
127 session->FlushSocketPools();
128 session->spdy_session_pool()->CloseAllSessions();
129 }
110 return true; 130 return true;
111 } 131 }
112 132
113 void X509UserCertResourceHandler::OnRequestClosed() { 133 void X509UserCertResourceHandler::OnRequestClosed() {
114 } 134 }
115 135
116 X509UserCertResourceHandler::~X509UserCertResourceHandler() { 136 X509UserCertResourceHandler::~X509UserCertResourceHandler() {
117 } 137 }
118 138
119 void X509UserCertResourceHandler::AssembleResource() { 139 void X509UserCertResourceHandler::AssembleResource() {
120 size_t bytes_copied = 0; 140 size_t bytes_copied = 0;
121 resource_buffer_ = new net::IOBuffer(content_length_); 141 resource_buffer_ = new net::IOBuffer(content_length_);
122 142
123 for (size_t i = 0; i < buffer_->contents.size(); ++i) { 143 for (size_t i = 0; i < buffer_->contents.size(); ++i) {
124 net::IOBuffer* data = buffer_->contents[i].first; 144 net::IOBuffer* data = buffer_->contents[i].first;
125 const int data_len = buffer_->contents[i].second; 145 const int data_len = buffer_->contents[i].second;
126 DCHECK(bytes_copied + data_len <= content_length_); 146 DCHECK(bytes_copied + data_len <= content_length_);
127 memcpy(resource_buffer_->data() + bytes_copied, data->data(), data_len); 147 memcpy(resource_buffer_->data() + bytes_copied, data->data(), data_len);
128 bytes_copied += data_len; 148 bytes_copied += data_len;
129 } 149 }
130 } 150 }
OLDNEW
« no previous file with comments | « chrome/browser/browser_main_win.cc ('k') | net/base/ssl_client_auth_cache.h » ('j') | net/base/ssl_client_auth_cache.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698