Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(214)

Side by Side Diff: net/spdy/spdy_session.cc

Issue 9617039: Change Origin bound certs -> Domain bound certs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rename all the things Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_session.h" 5 #include "net/spdy/spdy_session.h"
6 6
7 #include <map> 7 #include <map>
8 8
9 #include "base/basictypes.h" 9 #include "base/basictypes.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after
385 SSLClientSocket::NextProto protocol = default_protocol_; 385 SSLClientSocket::NextProto protocol = default_protocol_;
386 if (is_secure_) { 386 if (is_secure_) {
387 SSLClientSocket* ssl_socket = GetSSLClientSocket(); 387 SSLClientSocket* ssl_socket = GetSSLClientSocket();
388 388
389 SSLClientSocket::NextProto protocol_negotiated = 389 SSLClientSocket::NextProto protocol_negotiated =
390 ssl_socket->protocol_negotiated(); 390 ssl_socket->protocol_negotiated();
391 if (protocol_negotiated != SSLClientSocket::kProtoUnknown) { 391 if (protocol_negotiated != SSLClientSocket::kProtoUnknown) {
392 protocol = protocol_negotiated; 392 protocol = protocol_negotiated;
393 } 393 }
394 394
395 if (ssl_socket->WasOriginBoundCertSent()) { 395 if (ssl_socket->WasDomainBoundCertSent()) {
396 // According to the SPDY spec, the credential associated with the TLS 396 // According to the SPDY spec, the credential associated with the TLS
397 // connection is stored in slot[0]. 397 // connection is stored in slot[0].
398 credential_state_.SetHasCredential(host_port_pair()); 398 credential_state_.SetHasCredential(host_port_pair());
399 } 399 }
400 } 400 }
401 401
402 DCHECK(protocol >= SSLClientSocket::kProtoSPDY2); 402 DCHECK(protocol >= SSLClientSocket::kProtoSPDY2);
403 DCHECK(protocol <= SSLClientSocket::kProtoSPDY3); 403 DCHECK(protocol <= SSLClientSocket::kProtoSPDY3);
404 int version = (protocol == SSLClientSocket::kProtoSPDY3) ? 3 : 2; 404 int version = (protocol == SSLClientSocket::kProtoSPDY3) ? 3 : 2;
405 flow_control_ = (protocol >= SSLClientSocket::kProtoSPDY21); 405 flow_control_ = (protocol >= SSLClientSocket::kProtoSPDY21);
(...skipping 171 matching lines...) Expand 10 before | Expand all | Expand 10 after
577 DCHECK_EQ(active_streams_[stream_id].get(), stream.get()); 577 DCHECK_EQ(active_streams_[stream_id].get(), stream.get());
578 return OK; 578 return OK;
579 } 579 }
580 580
581 bool SpdySession::NeedsCredentials(const HostPortPair& origin) const { 581 bool SpdySession::NeedsCredentials(const HostPortPair& origin) const {
582 if (!is_secure_) 582 if (!is_secure_)
583 return false; 583 return false;
584 SSLClientSocket* ssl_socket = GetSSLClientSocket(); 584 SSLClientSocket* ssl_socket = GetSSLClientSocket();
585 if (ssl_socket->protocol_negotiated() < SSLClientSocket::kProtoSPDY3) 585 if (ssl_socket->protocol_negotiated() < SSLClientSocket::kProtoSPDY3)
586 return false; 586 return false;
587 if (!ssl_socket->WasOriginBoundCertSent()) 587 if (!ssl_socket->WasDomainBoundCertSent())
588 return false; 588 return false;
589 return !credential_state_.HasCredential(origin); 589 return !credential_state_.HasCredential(origin);
590 } 590 }
591 591
592 void SpdySession::AddPooledAlias(const HostPortProxyPair& alias) { 592 void SpdySession::AddPooledAlias(const HostPortProxyPair& alias) {
593 pooled_aliases_.insert(alias); 593 pooled_aliases_.insert(alias);
594 } 594 }
595 595
596 int SpdySession::WriteSynStream( 596 int SpdySession::WriteSynStream(
597 spdy::SpdyStreamId stream_id, 597 spdy::SpdyStreamId stream_id,
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
654 654
655 std::vector<uint8> proof; 655 std::vector<uint8> proof;
656 switch (type) { 656 switch (type) {
657 case CLIENT_CERT_ECDSA_SIGN: { 657 case CLIENT_CERT_ECDSA_SIGN: {
658 base::StringPiece spki_piece; 658 base::StringPiece spki_piece;
659 asn1::ExtractSPKIFromDERCert(cert, &spki_piece); 659 asn1::ExtractSPKIFromDERCert(cert, &spki_piece);
660 std::vector<uint8> spki(spki_piece.data(), 660 std::vector<uint8> spki(spki_piece.data(),
661 spki_piece.data() + spki_piece.size()); 661 spki_piece.data() + spki_piece.size());
662 scoped_ptr<crypto::ECPrivateKey> private_key( 662 scoped_ptr<crypto::ECPrivateKey> private_key(
663 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( 663 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
664 OriginBoundCertService::kEPKIPassword, key_data, spki)); 664 ServerBoundCertService::kEPKIPassword, key_data, spki));
665 scoped_ptr<crypto::ECSignatureCreator> creator( 665 scoped_ptr<crypto::ECSignatureCreator> creator(
666 crypto::ECSignatureCreator::Create(private_key.get())); 666 crypto::ECSignatureCreator::Create(private_key.get()));
667 creator->Sign(secret, arraysize(secret), &proof); 667 creator->Sign(secret, arraysize(secret), &proof);
668 break; 668 break;
669 } 669 }
670 default: 670 default:
671 NOTREACHED(); 671 NOTREACHED();
672 } 672 }
673 673
674 spdy::SpdyCredential credential; 674 spdy::SpdyCredential credential;
(...skipping 570 matching lines...) Expand 10 before | Expand all | Expand 10 after
1245 } 1245 }
1246 1246
1247 bool SpdySession::GetSSLCertRequestInfo( 1247 bool SpdySession::GetSSLCertRequestInfo(
1248 SSLCertRequestInfo* cert_request_info) { 1248 SSLCertRequestInfo* cert_request_info) {
1249 if (!is_secure_) 1249 if (!is_secure_)
1250 return false; 1250 return false;
1251 GetSSLClientSocket()->GetSSLCertRequestInfo(cert_request_info); 1251 GetSSLClientSocket()->GetSSLCertRequestInfo(cert_request_info);
1252 return true; 1252 return true;
1253 } 1253 }
1254 1254
1255 OriginBoundCertService* SpdySession::GetOriginBoundCertService() const { 1255 ServerBoundCertService* SpdySession::GetServerBoundCertService() const {
1256 if (!is_secure_) 1256 if (!is_secure_)
1257 return NULL; 1257 return NULL;
1258 return GetSSLClientSocket()->GetOriginBoundCertService(); 1258 return GetSSLClientSocket()->GetServerBoundCertService();
1259 } 1259 }
1260 1260
1261 SSLClientCertType SpdySession::GetOriginBoundCertType() const { 1261 SSLClientCertType SpdySession::GetDomainBoundCertType() const {
1262 if (!is_secure_) 1262 if (!is_secure_)
1263 return CLIENT_CERT_INVALID_TYPE; 1263 return CLIENT_CERT_INVALID_TYPE;
1264 return GetSSLClientSocket()->origin_bound_cert_type(); 1264 return GetSSLClientSocket()->domain_bound_cert_type();
1265 } 1265 }
1266 1266
1267 void SpdySession::OnError(int error_code) { 1267 void SpdySession::OnError(int error_code) {
1268 std::string description = base::StringPrintf( 1268 std::string description = base::StringPrintf(
1269 "SPDY_ERROR error_code: %d.", error_code); 1269 "SPDY_ERROR error_code: %d.", error_code);
1270 CloseSessionOnError(net::ERR_SPDY_PROTOCOL_ERROR, true, description); 1270 CloseSessionOnError(net::ERR_SPDY_PROTOCOL_ERROR, true, description);
1271 } 1271 }
1272 1272
1273 void SpdySession::OnStreamError(spdy::SpdyStreamId stream_id, 1273 void SpdySession::OnStreamError(spdy::SpdyStreamId stream_id,
1274 const std::string& description) { 1274 const std::string& description) {
(...skipping 659 matching lines...) Expand 10 before | Expand all | Expand 10 after
1934 SSLClientSocket* SpdySession::GetSSLClientSocket() const { 1934 SSLClientSocket* SpdySession::GetSSLClientSocket() const {
1935 if (!is_secure_) 1935 if (!is_secure_)
1936 return NULL; 1936 return NULL;
1937 SSLClientSocket* ssl_socket = 1937 SSLClientSocket* ssl_socket =
1938 reinterpret_cast<SSLClientSocket*>(connection_->socket()); 1938 reinterpret_cast<SSLClientSocket*>(connection_->socket());
1939 DCHECK(ssl_socket); 1939 DCHECK(ssl_socket);
1940 return ssl_socket; 1940 return ssl_socket;
1941 } 1941 }
1942 1942
1943 } // namespace net 1943 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698