| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/spdy/spdy_session.h" | 5 #include "net/spdy/spdy_session.h" |
| 6 | 6 |
| 7 #include <map> | 7 #include <map> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 385 SSLClientSocket::NextProto protocol = default_protocol_; | 385 SSLClientSocket::NextProto protocol = default_protocol_; |
| 386 if (is_secure_) { | 386 if (is_secure_) { |
| 387 SSLClientSocket* ssl_socket = GetSSLClientSocket(); | 387 SSLClientSocket* ssl_socket = GetSSLClientSocket(); |
| 388 | 388 |
| 389 SSLClientSocket::NextProto protocol_negotiated = | 389 SSLClientSocket::NextProto protocol_negotiated = |
| 390 ssl_socket->protocol_negotiated(); | 390 ssl_socket->protocol_negotiated(); |
| 391 if (protocol_negotiated != SSLClientSocket::kProtoUnknown) { | 391 if (protocol_negotiated != SSLClientSocket::kProtoUnknown) { |
| 392 protocol = protocol_negotiated; | 392 protocol = protocol_negotiated; |
| 393 } | 393 } |
| 394 | 394 |
| 395 if (ssl_socket->WasOriginBoundCertSent()) { | 395 if (ssl_socket->WasDomainBoundCertSent()) { |
| 396 // According to the SPDY spec, the credential associated with the TLS | 396 // According to the SPDY spec, the credential associated with the TLS |
| 397 // connection is stored in slot[0]. | 397 // connection is stored in slot[0]. |
| 398 credential_state_.SetHasCredential(host_port_pair()); | 398 credential_state_.SetHasCredential(host_port_pair()); |
| 399 } | 399 } |
| 400 } | 400 } |
| 401 | 401 |
| 402 DCHECK(protocol >= SSLClientSocket::kProtoSPDY2); | 402 DCHECK(protocol >= SSLClientSocket::kProtoSPDY2); |
| 403 DCHECK(protocol <= SSLClientSocket::kProtoSPDY3); | 403 DCHECK(protocol <= SSLClientSocket::kProtoSPDY3); |
| 404 int version = (protocol == SSLClientSocket::kProtoSPDY3) ? 3 : 2; | 404 int version = (protocol == SSLClientSocket::kProtoSPDY3) ? 3 : 2; |
| 405 flow_control_ = (protocol >= SSLClientSocket::kProtoSPDY21); | 405 flow_control_ = (protocol >= SSLClientSocket::kProtoSPDY21); |
| (...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 577 DCHECK_EQ(active_streams_[stream_id].get(), stream.get()); | 577 DCHECK_EQ(active_streams_[stream_id].get(), stream.get()); |
| 578 return OK; | 578 return OK; |
| 579 } | 579 } |
| 580 | 580 |
| 581 bool SpdySession::NeedsCredentials(const HostPortPair& origin) const { | 581 bool SpdySession::NeedsCredentials(const HostPortPair& origin) const { |
| 582 if (!is_secure_) | 582 if (!is_secure_) |
| 583 return false; | 583 return false; |
| 584 SSLClientSocket* ssl_socket = GetSSLClientSocket(); | 584 SSLClientSocket* ssl_socket = GetSSLClientSocket(); |
| 585 if (ssl_socket->protocol_negotiated() < SSLClientSocket::kProtoSPDY3) | 585 if (ssl_socket->protocol_negotiated() < SSLClientSocket::kProtoSPDY3) |
| 586 return false; | 586 return false; |
| 587 if (!ssl_socket->WasOriginBoundCertSent()) | 587 if (!ssl_socket->WasDomainBoundCertSent()) |
| 588 return false; | 588 return false; |
| 589 return !credential_state_.HasCredential(origin); | 589 return !credential_state_.HasCredential(origin); |
| 590 } | 590 } |
| 591 | 591 |
| 592 void SpdySession::AddPooledAlias(const HostPortProxyPair& alias) { | 592 void SpdySession::AddPooledAlias(const HostPortProxyPair& alias) { |
| 593 pooled_aliases_.insert(alias); | 593 pooled_aliases_.insert(alias); |
| 594 } | 594 } |
| 595 | 595 |
| 596 int SpdySession::WriteSynStream( | 596 int SpdySession::WriteSynStream( |
| 597 spdy::SpdyStreamId stream_id, | 597 spdy::SpdyStreamId stream_id, |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 654 | 654 |
| 655 std::vector<uint8> proof; | 655 std::vector<uint8> proof; |
| 656 switch (type) { | 656 switch (type) { |
| 657 case CLIENT_CERT_ECDSA_SIGN: { | 657 case CLIENT_CERT_ECDSA_SIGN: { |
| 658 base::StringPiece spki_piece; | 658 base::StringPiece spki_piece; |
| 659 asn1::ExtractSPKIFromDERCert(cert, &spki_piece); | 659 asn1::ExtractSPKIFromDERCert(cert, &spki_piece); |
| 660 std::vector<uint8> spki(spki_piece.data(), | 660 std::vector<uint8> spki(spki_piece.data(), |
| 661 spki_piece.data() + spki_piece.size()); | 661 spki_piece.data() + spki_piece.size()); |
| 662 scoped_ptr<crypto::ECPrivateKey> private_key( | 662 scoped_ptr<crypto::ECPrivateKey> private_key( |
| 663 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 663 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 664 OriginBoundCertService::kEPKIPassword, key_data, spki)); | 664 ServerBoundCertService::kEPKIPassword, key_data, spki)); |
| 665 scoped_ptr<crypto::ECSignatureCreator> creator( | 665 scoped_ptr<crypto::ECSignatureCreator> creator( |
| 666 crypto::ECSignatureCreator::Create(private_key.get())); | 666 crypto::ECSignatureCreator::Create(private_key.get())); |
| 667 creator->Sign(secret, arraysize(secret), &proof); | 667 creator->Sign(secret, arraysize(secret), &proof); |
| 668 break; | 668 break; |
| 669 } | 669 } |
| 670 default: | 670 default: |
| 671 NOTREACHED(); | 671 NOTREACHED(); |
| 672 } | 672 } |
| 673 | 673 |
| 674 spdy::SpdyCredential credential; | 674 spdy::SpdyCredential credential; |
| (...skipping 570 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1245 } | 1245 } |
| 1246 | 1246 |
| 1247 bool SpdySession::GetSSLCertRequestInfo( | 1247 bool SpdySession::GetSSLCertRequestInfo( |
| 1248 SSLCertRequestInfo* cert_request_info) { | 1248 SSLCertRequestInfo* cert_request_info) { |
| 1249 if (!is_secure_) | 1249 if (!is_secure_) |
| 1250 return false; | 1250 return false; |
| 1251 GetSSLClientSocket()->GetSSLCertRequestInfo(cert_request_info); | 1251 GetSSLClientSocket()->GetSSLCertRequestInfo(cert_request_info); |
| 1252 return true; | 1252 return true; |
| 1253 } | 1253 } |
| 1254 | 1254 |
| 1255 OriginBoundCertService* SpdySession::GetOriginBoundCertService() const { | 1255 ServerBoundCertService* SpdySession::GetServerBoundCertService() const { |
| 1256 if (!is_secure_) | 1256 if (!is_secure_) |
| 1257 return NULL; | 1257 return NULL; |
| 1258 return GetSSLClientSocket()->GetOriginBoundCertService(); | 1258 return GetSSLClientSocket()->GetServerBoundCertService(); |
| 1259 } | 1259 } |
| 1260 | 1260 |
| 1261 SSLClientCertType SpdySession::GetOriginBoundCertType() const { | 1261 SSLClientCertType SpdySession::GetDomainBoundCertType() const { |
| 1262 if (!is_secure_) | 1262 if (!is_secure_) |
| 1263 return CLIENT_CERT_INVALID_TYPE; | 1263 return CLIENT_CERT_INVALID_TYPE; |
| 1264 return GetSSLClientSocket()->origin_bound_cert_type(); | 1264 return GetSSLClientSocket()->domain_bound_cert_type(); |
| 1265 } | 1265 } |
| 1266 | 1266 |
| 1267 void SpdySession::OnError(int error_code) { | 1267 void SpdySession::OnError(int error_code) { |
| 1268 std::string description = base::StringPrintf( | 1268 std::string description = base::StringPrintf( |
| 1269 "SPDY_ERROR error_code: %d.", error_code); | 1269 "SPDY_ERROR error_code: %d.", error_code); |
| 1270 CloseSessionOnError(net::ERR_SPDY_PROTOCOL_ERROR, true, description); | 1270 CloseSessionOnError(net::ERR_SPDY_PROTOCOL_ERROR, true, description); |
| 1271 } | 1271 } |
| 1272 | 1272 |
| 1273 void SpdySession::OnStreamError(spdy::SpdyStreamId stream_id, | 1273 void SpdySession::OnStreamError(spdy::SpdyStreamId stream_id, |
| 1274 const std::string& description) { | 1274 const std::string& description) { |
| (...skipping 659 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1934 SSLClientSocket* SpdySession::GetSSLClientSocket() const { | 1934 SSLClientSocket* SpdySession::GetSSLClientSocket() const { |
| 1935 if (!is_secure_) | 1935 if (!is_secure_) |
| 1936 return NULL; | 1936 return NULL; |
| 1937 SSLClientSocket* ssl_socket = | 1937 SSLClientSocket* ssl_socket = |
| 1938 reinterpret_cast<SSLClientSocket*>(connection_->socket()); | 1938 reinterpret_cast<SSLClientSocket*>(connection_->socket()); |
| 1939 DCHECK(ssl_socket); | 1939 DCHECK(ssl_socket); |
| 1940 return ssl_socket; | 1940 return ssl_socket; |
| 1941 } | 1941 } |
| 1942 | 1942 |
| 1943 } // namespace net | 1943 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9617039:
Change Origin bound certs -> Domain bound certs. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src