OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
176 NOTREACHED() << "requires a valid context"; | 176 NOTREACHED() << "requires a valid context"; |
177 return new URLRequestErrorJob(request, ERR_INVALID_ARGUMENT); | 177 return new URLRequestErrorJob(request, ERR_INVALID_ARGUMENT); |
178 } | 178 } |
179 | 179 |
180 TransportSecurityState::DomainState domain_state; | 180 TransportSecurityState::DomainState domain_state; |
181 if (scheme == "http" && | 181 if (scheme == "http" && |
182 request->context()->transport_security_state() && | 182 request->context()->transport_security_state() && |
183 request->context()->transport_security_state()->IsEnabledForHost( | 183 request->context()->transport_security_state()->IsEnabledForHost( |
184 &domain_state, | 184 &domain_state, |
185 request->url().host(), | 185 request->url().host(), |
186 IsSNIAvailable(request->context()))) { | 186 request->context()->IsSNIAvailable())) { |
187 if (domain_state.mode == | 187 if (domain_state.mode == |
188 TransportSecurityState::DomainState::MODE_STRICT) { | 188 TransportSecurityState::DomainState::MODE_STRICT) { |
189 DCHECK_EQ(request->url().scheme(), "http"); | 189 DCHECK_EQ(request->url().scheme(), "http"); |
190 url_canon::Replacements<char> replacements; | 190 url_canon::Replacements<char> replacements; |
191 static const char kNewScheme[] = "https"; | 191 static const char kNewScheme[] = "https"; |
192 replacements.SetScheme(kNewScheme, | 192 replacements.SetScheme(kNewScheme, |
193 url_parse::Component(0, strlen(kNewScheme))); | 193 url_parse::Component(0, strlen(kNewScheme))); |
194 GURL new_location = request->url().ReplaceComponents(replacements); | 194 GURL new_location = request->url().ReplaceComponents(replacements); |
195 return new URLRequestRedirectJob(request, new_location); | 195 return new URLRequestRedirectJob(request, new_location); |
196 } else { | 196 } else { |
(...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
658 // merges into a SPDY connection to www.example.com, and gets a different | 658 // merges into a SPDY connection to www.example.com, and gets a different |
659 // certificate. | 659 // certificate. |
660 const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info; | 660 const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info; |
661 if (result == OK && | 661 if (result == OK && |
662 ssl_info.is_valid() && | 662 ssl_info.is_valid() && |
663 context_->transport_security_state()) { | 663 context_->transport_security_state()) { |
664 TransportSecurityState::DomainState domain_state; | 664 TransportSecurityState::DomainState domain_state; |
665 if (context_->transport_security_state()->IsEnabledForHost( | 665 if (context_->transport_security_state()->IsEnabledForHost( |
666 &domain_state, | 666 &domain_state, |
667 request_->url().host(), | 667 request_->url().host(), |
668 IsSNIAvailable(context_)) && | 668 context_->IsSNIAvailable()) && |
669 ssl_info.is_issued_by_known_root && | 669 ssl_info.is_issued_by_known_root && |
670 !domain_state.IsChainOfPublicKeysPermitted(ssl_info.public_key_hashes)){ | 670 !domain_state.IsChainOfPublicKeysPermitted(ssl_info.public_key_hashes)){ |
671 result = ERR_CERT_INVALID; | 671 result = ERR_CERT_INVALID; |
672 } | 672 } |
673 } | 673 } |
674 | 674 |
675 if (result == OK) { | 675 if (result == OK) { |
676 SaveCookiesAndNotifyHeadersComplete(); | 676 SaveCookiesAndNotifyHeadersComplete(); |
677 } else if (ShouldTreatAsCertificateError(result)) { | 677 } else if (ShouldTreatAsCertificateError(result)) { |
678 // We encountered an SSL certificate error. Ask our delegate to decide | 678 // We encountered an SSL certificate error. Ask our delegate to decide |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
713 if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION) | 713 if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION) |
714 return true; | 714 return true; |
715 | 715 |
716 // Check whether our context is using Strict-Transport-Security. | 716 // Check whether our context is using Strict-Transport-Security. |
717 if (!context_->transport_security_state()) | 717 if (!context_->transport_security_state()) |
718 return true; | 718 return true; |
719 | 719 |
720 TransportSecurityState::DomainState domain_state; | 720 TransportSecurityState::DomainState domain_state; |
721 // TODO(agl): don't ignore opportunistic mode. | 721 // TODO(agl): don't ignore opportunistic mode. |
722 const bool r = context_->transport_security_state()->IsEnabledForHost( | 722 const bool r = context_->transport_security_state()->IsEnabledForHost( |
723 &domain_state, request_info_.url.host(), IsSNIAvailable(context_)); | 723 &domain_state, request_info_.url.host(), context_->IsSNIAvailable()); |
724 | 724 |
725 return !r || domain_state.mode == | 725 return !r || domain_state.mode == |
726 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; | 726 TransportSecurityState::DomainState::MODE_OPPORTUNISTIC; |
727 } | 727 } |
728 | 728 |
729 void URLRequestHttpJob::RestartTransactionWithAuth( | 729 void URLRequestHttpJob::RestartTransactionWithAuth( |
730 const string16& username, | 730 const string16& username, |
731 const string16& password) { | 731 const string16& password) { |
732 username_ = username; | 732 username_ = username; |
733 password_ = password; | 733 password_ = password; |
(...skipping 629 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1363 } | 1363 } |
1364 } | 1364 } |
1365 | 1365 |
1366 bool URLRequestHttpJob::IsCompressibleContent() const { | 1366 bool URLRequestHttpJob::IsCompressibleContent() const { |
1367 std::string mime_type; | 1367 std::string mime_type; |
1368 return GetMimeType(&mime_type) && | 1368 return GetMimeType(&mime_type) && |
1369 (IsSupportedJavascriptMimeType(mime_type.c_str()) || | 1369 (IsSupportedJavascriptMimeType(mime_type.c_str()) || |
1370 IsSupportedNonImageMimeType(mime_type.c_str())); | 1370 IsSupportedNonImageMimeType(mime_type.c_str())); |
1371 } | 1371 } |
1372 | 1372 |
1373 // static | |
1374 bool URLRequestHttpJob::IsSNIAvailable(URLRequestContext* context) { | |
1375 if (!context->ssl_config_service()) | |
1376 return false; | |
1377 | |
1378 SSLConfig ssl_config; | |
1379 context->ssl_config_service()->GetSSLConfig(&ssl_config); | |
1380 return ssl_config.tls1_enabled; | |
1381 } | |
1382 | |
1383 } // namespace net | 1373 } // namespace net |
OLD | NEW |