| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 681 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 692 | 692 |
| 693 // The underlying transport to use for network IO. | 693 // The underlying transport to use for network IO. |
| 694 ClientSocketHandle* transport_; | 694 ClientSocketHandle* transport_; |
| 695 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; | 695 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; |
| 696 | 696 |
| 697 // The current handshake state. Mirrors |nss_handshake_state_|. | 697 // The current handshake state. Mirrors |nss_handshake_state_|. |
| 698 HandshakeState network_handshake_state_; | 698 HandshakeState network_handshake_state_; |
| 699 | 699 |
| 700 // The service for retrieving Channel ID keys. May be NULL. | 700 // The service for retrieving Channel ID keys. May be NULL. |
| 701 ChannelIDService* channel_id_service_; | 701 ChannelIDService* channel_id_service_; |
| 702 ChannelIDService::RequestHandle domain_bound_cert_request_handle_; | 702 ChannelIDService::RequestHandle channel_id_request_handle_; |
| 703 | 703 |
| 704 // The information about NSS task runner. | 704 // The information about NSS task runner. |
| 705 int unhandled_buffer_size_; | 705 int unhandled_buffer_size_; |
| 706 bool nss_waiting_read_; | 706 bool nss_waiting_read_; |
| 707 bool nss_waiting_write_; | 707 bool nss_waiting_write_; |
| 708 bool nss_is_closed_; | 708 bool nss_is_closed_; |
| 709 | 709 |
| 710 // Set when Read() or Write() successfully reads or writes data to or from the | 710 // Set when Read() or Write() successfully reads or writes data to or from the |
| 711 // network. | 711 // network. |
| 712 bool was_ever_used_; | 712 bool was_ever_used_; |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 778 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; | 778 scoped_refptr<base::SequencedTaskRunner> nss_task_runner_; |
| 779 | 779 |
| 780 // Dereferenced only on the network task runner, but bound to tasks destined | 780 // Dereferenced only on the network task runner, but bound to tasks destined |
| 781 // for the network task runner from the NSS task runner. | 781 // for the network task runner from the NSS task runner. |
| 782 base::WeakPtr<BoundNetLog> weak_net_log_; | 782 base::WeakPtr<BoundNetLog> weak_net_log_; |
| 783 | 783 |
| 784 // Written on the network task runner by the |channel_id_service_|, | 784 // Written on the network task runner by the |channel_id_service_|, |
| 785 // prior to invoking OnHandshakeIOComplete. | 785 // prior to invoking OnHandshakeIOComplete. |
| 786 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked | 786 // Read on the NSS task runner when once OnHandshakeIOComplete is invoked |
| 787 // on the NSS task runner. | 787 // on the NSS task runner. |
| 788 std::string domain_bound_private_key_; | 788 scoped_ptr<crypto::ECPrivateKey> channel_id_key_; |
| 789 std::string domain_bound_cert_; | |
| 790 | 789 |
| 791 DISALLOW_COPY_AND_ASSIGN(Core); | 790 DISALLOW_COPY_AND_ASSIGN(Core); |
| 792 }; | 791 }; |
| 793 | 792 |
| 794 SSLClientSocketNSS::Core::Core( | 793 SSLClientSocketNSS::Core::Core( |
| 795 base::SequencedTaskRunner* network_task_runner, | 794 base::SequencedTaskRunner* network_task_runner, |
| 796 base::SequencedTaskRunner* nss_task_runner, | 795 base::SequencedTaskRunner* nss_task_runner, |
| 797 ClientSocketHandle* transport, | 796 ClientSocketHandle* transport, |
| 798 const HostPortPair& host_and_port, | 797 const HostPortPair& host_and_port, |
| 799 const SSLConfig& ssl_config, | 798 const SSLConfig& ssl_config, |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 948 | 947 |
| 949 void SSLClientSocketNSS::Core::Detach() { | 948 void SSLClientSocketNSS::Core::Detach() { |
| 950 DCHECK(OnNetworkTaskRunner()); | 949 DCHECK(OnNetworkTaskRunner()); |
| 951 | 950 |
| 952 detached_ = true; | 951 detached_ = true; |
| 953 transport_ = NULL; | 952 transport_ = NULL; |
| 954 weak_net_log_factory_.InvalidateWeakPtrs(); | 953 weak_net_log_factory_.InvalidateWeakPtrs(); |
| 955 | 954 |
| 956 network_handshake_state_.Reset(); | 955 network_handshake_state_.Reset(); |
| 957 | 956 |
| 958 domain_bound_cert_request_handle_.Cancel(); | 957 channel_id_request_handle_.Cancel(); |
| 959 } | 958 } |
| 960 | 959 |
| 961 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, | 960 int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len, |
| 962 const CompletionCallback& callback) { | 961 const CompletionCallback& callback) { |
| 963 if (!OnNSSTaskRunner()) { | 962 if (!OnNSSTaskRunner()) { |
| 964 DCHECK(OnNetworkTaskRunner()); | 963 DCHECK(OnNetworkTaskRunner()); |
| 965 DCHECK(!detached_); | 964 DCHECK(!detached_); |
| 966 DCHECK(transport_); | 965 DCHECK(transport_); |
| 967 DCHECK(!nss_waiting_read_); | 966 DCHECK(!nss_waiting_read_); |
| 968 | 967 |
| (...skipping 988 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1957 rv = SECFailure; | 1956 rv = SECFailure; |
| 1958 } else { | 1957 } else { |
| 1959 rv = SECFailure; | 1958 rv = SECFailure; |
| 1960 } | 1959 } |
| 1961 | 1960 |
| 1962 return rv; | 1961 return rv; |
| 1963 } | 1962 } |
| 1964 | 1963 |
| 1965 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, | 1964 int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key, |
| 1966 SECKEYPrivateKey** key) { | 1965 SECKEYPrivateKey** key) { |
| 1967 // Set the certificate. | 1966 if (!channel_id_key_) |
| 1968 SECItem cert_item; | 1967 return SECFailure; |
| 1969 cert_item.data = (unsigned char*) domain_bound_cert_.data(); | |
| 1970 cert_item.len = domain_bound_cert_.size(); | |
| 1971 ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(), | |
| 1972 &cert_item, | |
| 1973 NULL, | |
| 1974 PR_FALSE, | |
| 1975 PR_TRUE)); | |
| 1976 if (cert == NULL) | |
| 1977 return MapNSSError(PORT_GetError()); | |
| 1978 | 1968 |
| 1979 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); | 1969 *public_key = SECKEY_CopyPublicKey(channel_id_key_->public_key()); |
| 1980 // Set the private key. | 1970 *key = SECKEY_CopyPrivateKey(channel_id_key_->key()); |
| 1981 if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo( | |
| 1982 slot.get(), | |
| 1983 ChannelIDService::kEPKIPassword, | |
| 1984 reinterpret_cast<const unsigned char*>( | |
| 1985 domain_bound_private_key_.data()), | |
| 1986 domain_bound_private_key_.size(), | |
| 1987 &cert->subjectPublicKeyInfo, | |
| 1988 false, | |
| 1989 false, | |
| 1990 key, | |
| 1991 public_key)) { | |
| 1992 int error = MapNSSError(PORT_GetError()); | |
| 1993 return error; | |
| 1994 } | |
| 1995 | 1971 |
| 1996 return OK; | 1972 return OK; |
| 1997 } | 1973 } |
| 1998 | 1974 |
| 1999 void SSLClientSocketNSS::Core::UpdateServerCert() { | 1975 void SSLClientSocketNSS::Core::UpdateServerCert() { |
| 2000 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); | 1976 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); |
| 2001 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( | 1977 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( |
| 2002 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); | 1978 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); |
| 2003 if (nss_handshake_state_.server_cert.get()) { | 1979 if (nss_handshake_state_.server_cert.get()) { |
| 2004 // Since this will be called asynchronously on another thread, it needs to | 1980 // Since this will be called asynchronously on another thread, it needs to |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2228 | 2204 |
| 2229 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { | 2205 int SSLClientSocketNSS::Core::DoGetChannelID(const std::string& host) { |
| 2230 DCHECK(OnNetworkTaskRunner()); | 2206 DCHECK(OnNetworkTaskRunner()); |
| 2231 | 2207 |
| 2232 if (detached_) | 2208 if (detached_) |
| 2233 return ERR_ABORTED; | 2209 return ERR_ABORTED; |
| 2234 | 2210 |
| 2235 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); | 2211 weak_net_log_->BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT); |
| 2236 | 2212 |
| 2237 int rv = channel_id_service_->GetOrCreateChannelID( | 2213 int rv = channel_id_service_->GetOrCreateChannelID( |
| 2238 host, | 2214 host, &channel_id_key_, |
| 2239 &domain_bound_private_key_, | |
| 2240 &domain_bound_cert_, | |
| 2241 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), | 2215 base::Bind(&Core::OnGetChannelIDComplete, base::Unretained(this)), |
| 2242 &domain_bound_cert_request_handle_); | 2216 &channel_id_request_handle_); |
| 2243 | 2217 |
| 2244 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { | 2218 if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) { |
| 2245 nss_task_runner_->PostTask( | 2219 nss_task_runner_->PostTask( |
| 2246 FROM_HERE, | 2220 FROM_HERE, |
| 2247 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); | 2221 base::Bind(&Core::OnHandshakeIOComplete, this, rv)); |
| 2248 return ERR_IO_PENDING; | 2222 return ERR_IO_PENDING; |
| 2249 } | 2223 } |
| 2250 | 2224 |
| 2251 return rv; | 2225 return rv; |
| 2252 } | 2226 } |
| (...skipping 956 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3209 return channel_id_service_; | 3183 return channel_id_service_; |
| 3210 } | 3184 } |
| 3211 | 3185 |
| 3212 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3186 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
| 3213 if (completed_handshake_) | 3187 if (completed_handshake_) |
| 3214 return SSL_FAILURE_NONE; | 3188 return SSL_FAILURE_NONE; |
| 3215 return SSL_FAILURE_UNKNOWN; | 3189 return SSL_FAILURE_UNKNOWN; |
| 3216 } | 3190 } |
| 3217 | 3191 |
| 3218 } // namespace net | 3192 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master