Chromium Code Reviews Chromium Code Reviews
Issue 1100003006:
Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" | 9 #include "base/base64.h" |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 #include "chrome/browser/net/chrome_net_log.h" | 33 #include "chrome/browser/net/chrome_net_log.h" |
| 34 #include "chrome/browser/net/chrome_network_delegate.h" | 34 #include "chrome/browser/net/chrome_network_delegate.h" |
| 35 #include "chrome/browser/net/connect_interceptor.h" | 35 #include "chrome/browser/net/connect_interceptor.h" |
| 36 #include "chrome/browser/net/dns_probe_service.h" | 36 #include "chrome/browser/net/dns_probe_service.h" |
| 37 #include "chrome/browser/net/pref_proxy_config_tracker.h" | 37 #include "chrome/browser/net/pref_proxy_config_tracker.h" |
| 38 #include "chrome/browser/net/proxy_service_factory.h" | 38 #include "chrome/browser/net/proxy_service_factory.h" |
| 39 #include "chrome/common/chrome_content_client.h" | 39 #include "chrome/common/chrome_content_client.h" |
| 40 #include "chrome/common/chrome_switches.h" | 40 #include "chrome/common/chrome_switches.h" |
| 41 #include "chrome/common/chrome_version_info.h" | 41 #include "chrome/common/chrome_version_info.h" |
| 42 #include "chrome/common/pref_names.h" | 42 #include "chrome/common/pref_names.h" |
| 43 #include "components/certificate_transparency/log_proof_fetcher.h" | |
| 44 #include "components/certificate_transparency/tree_state_tracker.h" | |
| 43 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_pref s.h" | 45 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_pref s.h" |
| 44 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_param s.h" | 46 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_param s.h" |
| 45 #include "components/policy/core/common/policy_service.h" | 47 #include "components/policy/core/common/policy_service.h" |
| 46 #include "components/variations/variations_associated_data.h" | 48 #include "components/variations/variations_associated_data.h" |
| 47 #include "content/public/browser/browser_thread.h" | 49 #include "content/public/browser/browser_thread.h" |
| 48 #include "content/public/browser/cookie_store_factory.h" | 50 #include "content/public/browser/cookie_store_factory.h" |
| 49 #include "net/base/host_mapping_rules.h" | 51 #include "net/base/host_mapping_rules.h" |
| 50 #include "net/base/net_util.h" | 52 #include "net/base/net_util.h" |
| 51 #include "net/base/network_quality_estimator.h" | 53 #include "net/base/network_quality_estimator.h" |
| 52 #include "net/base/sdch_manager.h" | 54 #include "net/base/sdch_manager.h" |
| (...skipping 624 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 677 // Creates a CertVerifyProc that doesn't allow any profile-provided certs. | 679 // Creates a CertVerifyProc that doesn't allow any profile-provided certs. |
| 678 globals_->cert_verifier.reset(new net::MultiThreadedCertVerifier( | 680 globals_->cert_verifier.reset(new net::MultiThreadedCertVerifier( |
| 679 new chromeos::CertVerifyProcChromeOS())); | 681 new chromeos::CertVerifyProcChromeOS())); |
| 680 #else | 682 #else |
| 681 globals_->cert_verifier.reset(new net::MultiThreadedCertVerifier( | 683 globals_->cert_verifier.reset(new net::MultiThreadedCertVerifier( |
| 682 net::CertVerifyProc::CreateDefault())); | 684 net::CertVerifyProc::CreateDefault())); |
| 683 #endif | 685 #endif |
| 684 | 686 |
| 685 globals_->transport_security_state.reset(new net::TransportSecurityState()); | 687 globals_->transport_security_state.reset(new net::TransportSecurityState()); |
| 686 | 688 |
| 687 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 689 // Add built-in logs |
| 688 // is fixed. | |
| 689 tracked_objects::ScopedTracker tracking_profile7( | |
| 690 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
| 691 "466432 IOThread::InitAsync::CreateMultiLogVerifier")); | |
| 692 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); | |
| 693 globals_->cert_transparency_verifier.reset(ct_verifier); | |
| 694 | |
| 695 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 690 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 696 // is fixed. | 691 // is fixed. |
| 697 tracked_objects::ScopedTracker tracking_profile8( | 692 tracked_objects::ScopedTracker tracking_profile8( |
| 698 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 693 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 699 "466432 IOThread::InitAsync::CreateLogVerifiers::Start")); | 694 "466432 IOThread::InitAsync::AddKnownLogs::Start")); |
| 700 // Add built-in logs | 695 ScopedVector<net::CTLogVerifier> known_logs( |
| 701 ct_verifier->AddLogs(net::ct::CreateLogVerifiersForKnownLogs()); | 696 net::ct::CreateLogVerifiersForKnownLogs()); |
| 697 for (auto it = known_logs.begin(); it != known_logs.end(); ++it) | |
|
Ryan Sleevi
2015/06/29 11:58:12
STYLE: "const auto&"
alternatively:
for (known_lo
Eran Messeri
2015/07/10 13:15:48
Done.
| |
| 698 globals_->ct_logs.push_back(linked_ptr<net::CTLogVerifier>(*it)); | |
| 699 known_logs.weak_clear(); | |
| 700 | |
| 702 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 701 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 703 // is fixed. | 702 // is fixed. |
| 704 tracked_objects::ScopedTracker tracking_profile9( | 703 tracked_objects::ScopedTracker tracking_profile9( |
| 705 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 704 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 706 "466432 IOThread::InitAsync::CreateLogVerifiers::End")); | 705 "466432 IOThread::InitAsync::AddKnownLogs::End")); |
| 707 | 706 |
| 708 // Add logs from command line | 707 // Add logs from command line |
| 709 if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) { | 708 if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) { |
| 710 std::string switch_value = command_line.GetSwitchValueASCII( | 709 std::string switch_value = command_line.GetSwitchValueASCII( |
| 711 switches::kCertificateTransparencyLog); | 710 switches::kCertificateTransparencyLog); |
| 712 std::vector<std::string> logs; | 711 std::vector<std::string> logs; |
| 713 base::SplitString(switch_value, ',', &logs); | 712 base::SplitString(switch_value, ',', &logs); |
| 714 for (std::vector<std::string>::iterator it = logs.begin(); it != logs.end(); | 713 for (std::vector<std::string>::iterator it = logs.begin(); it != logs.end(); |
| 715 ++it) { | 714 ++it) { |
| 716 const std::string& curr_log = *it; | 715 const std::string& curr_log = *it; |
| 717 std::vector<std::string> log_metadata; | 716 std::vector<std::string> log_metadata; |
| 718 base::SplitString(curr_log, ':', &log_metadata); | 717 base::SplitString(curr_log, ':', &log_metadata); |
| 719 CHECK_GE(log_metadata.size(), 3u) | 718 CHECK_GE(log_metadata.size(), 3u) |
| 720 << "CT log metadata missing: Switch format is " | 719 << "CT log metadata missing: Switch format is " |
| 721 << "'description:base64_key:url_without_schema'."; | 720 << "'description:base64_key:url_without_schema'."; |
| 722 std::string log_description(log_metadata[0]); | 721 std::string log_description(log_metadata[0]); |
| 723 std::string log_url(std::string("https://") + log_metadata[2]); | 722 std::string log_url(std::string("https://") + log_metadata[2]); |
| 724 std::string ct_public_key_data; | 723 std::string ct_public_key_data; |
| 725 CHECK(base::Base64Decode(log_metadata[1], &ct_public_key_data)) | 724 CHECK(base::Base64Decode(log_metadata[1], &ct_public_key_data)) |
| 726 << "Unable to decode CT public key."; | 725 << "Unable to decode CT public key."; |
| 727 scoped_ptr<net::CTLogVerifier> external_log_verifier( | 726 scoped_ptr<net::CTLogVerifier> external_log_verifier( |
| 728 net::CTLogVerifier::Create(ct_public_key_data, log_description, | 727 net::CTLogVerifier::Create(ct_public_key_data, log_description, |
| 729 log_url)); | 728 log_url)); |
| 730 CHECK(external_log_verifier) << "Unable to parse CT public key."; | 729 CHECK(external_log_verifier) << "Unable to parse CT public key."; |
| 731 VLOG(1) << "Adding log with description " << log_description; | 730 VLOG(1) << "Adding log with description " << log_description; |
| 732 ct_verifier->AddLog(external_log_verifier.Pass()); | 731 globals_->ct_logs.push_back( |
| 732 linked_ptr<net::CTLogVerifier>(external_log_verifier.release())); | |
| 733 } | 733 } |
| 734 } | 734 } |
| 735 | 735 |
| 736 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); | |
| 737 ct_verifier->AddLogs(globals_->ct_logs); | |
| 738 globals_->cert_transparency_verifier.reset(ct_verifier); | |
| 739 | |
| 736 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 740 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 737 // is fixed. | 741 // is fixed. |
| 738 tracked_objects::ScopedTracker tracking_profile10( | 742 tracked_objects::ScopedTracker tracking_profile10( |
| 739 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 743 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 740 "466432 IOThread::InitAsync::CertPolicyEnforcer")); | 744 "466432 IOThread::InitAsync::CertPolicyEnforcer")); |
| 741 net::CertPolicyEnforcer* policy_enforcer = new net::CertPolicyEnforcer; | 745 net::CertPolicyEnforcer* policy_enforcer = new net::CertPolicyEnforcer; |
| 742 globals_->cert_policy_enforcer.reset(policy_enforcer); | 746 globals_->cert_policy_enforcer.reset(policy_enforcer); |
| 743 | 747 |
| 744 globals_->ssl_config_service = GetSSLConfigService(); | 748 globals_->ssl_config_service = GetSSLConfigService(); |
| 745 | 749 |
| (...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 910 base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); | 914 base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); |
| 911 | 915 |
| 912 #if defined(USE_NSS_CERTS) || defined(OS_IOS) | 916 #if defined(USE_NSS_CERTS) || defined(OS_IOS) |
| 913 net::ShutdownNSSHttpIO(); | 917 net::ShutdownNSSHttpIO(); |
| 914 #endif | 918 #endif |
| 915 | 919 |
| 916 system_url_request_context_getter_ = NULL; | 920 system_url_request_context_getter_ = NULL; |
| 917 | 921 |
| 918 // Release objects that the net::URLRequestContext could have been pointing | 922 // Release objects that the net::URLRequestContext could have been pointing |
| 919 // to. | 923 // to. |
| 924 globals()->cert_transparency_verifier->StopNotifications(); | |
| 920 | 925 |
| 921 // Shutdown the HistogramWatcher on the IO thread. | 926 // Shutdown the HistogramWatcher on the IO thread. |
| 922 net::NetworkChangeNotifier::ShutdownHistogramWatcher(); | 927 net::NetworkChangeNotifier::ShutdownHistogramWatcher(); |
| 923 | 928 |
| 924 // This must be reset before the ChromeNetLog is destroyed. | 929 // This must be reset before the ChromeNetLog is destroyed. |
| 925 network_change_observer_.reset(); | 930 network_change_observer_.reset(); |
| 926 | 931 |
| 927 system_proxy_config_service_.reset(); | 932 system_proxy_config_service_.reset(); |
| 928 | 933 |
| 929 delete globals_; | 934 delete globals_; |
| (...skipping 306 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1236 new net::HttpNetworkLayer( | 1241 new net::HttpNetworkLayer( |
| 1237 new net::HttpNetworkSession(system_params))); | 1242 new net::HttpNetworkSession(system_params))); |
| 1238 globals_->system_url_request_job_factory.reset( | 1243 globals_->system_url_request_job_factory.reset( |
| 1239 new net::URLRequestJobFactoryImpl()); | 1244 new net::URLRequestJobFactoryImpl()); |
| 1240 globals_->system_request_context.reset( | 1245 globals_->system_request_context.reset( |
| 1241 ConstructSystemRequestContext(globals_, net_log_)); | 1246 ConstructSystemRequestContext(globals_, net_log_)); |
| 1242 globals_->system_request_context->set_ssl_config_service( | 1247 globals_->system_request_context->set_ssl_config_service( |
| 1243 globals_->ssl_config_service.get()); | 1248 globals_->ssl_config_service.get()); |
| 1244 globals_->system_request_context->set_http_server_properties( | 1249 globals_->system_request_context->set_http_server_properties( |
| 1245 globals_->http_server_properties->GetWeakPtr()); | 1250 globals_->http_server_properties->GetWeakPtr()); |
| 1251 | |
| 1252 VLOG(1) << "Creating TreeStateTracker observer on IOThread."; | |
| 1253 scoped_ptr<certificate_transparency::LogProofFetcher> proof_fetcher( | |
| 1254 new certificate_transparency::LogProofFetcher( | |
| 1255 globals_->system_request_context.get())); | |
| 1256 | |
| 1257 certificate_transparency::TreeStateTracker* scts_observer( | |
| 1258 new certificate_transparency::TreeStateTracker( | |
| 1259 proof_fetcher.Pass(), globals_->ct_logs)); | |
| 1260 globals_->cert_transparency_observer.reset(scts_observer); | |
| 1261 // The |cert_transparency_verifier| is the same one held by | |
| 1262 // the |proxy_script_fetcher_context| and |system_request_context|, | |
| 1263 // so no need to set the observer in their cert_transparency_verifiers. | |
| 1264 globals_->cert_transparency_verifier->SetObserver(scts_observer); | |
| 1265 VLOG(1) << "TreeStateTracker observer on IOThread created."; | |
| 1246 } | 1266 } |
| 1247 | 1267 |
| 1248 void IOThread::UpdateDnsClientEnabled() { | 1268 void IOThread::UpdateDnsClientEnabled() { |
| 1249 globals()->host_resolver->SetDnsClientEnabled(*dns_client_enabled_); | 1269 globals()->host_resolver->SetDnsClientEnabled(*dns_client_enabled_); |
| 1250 } | 1270 } |
| 1251 | 1271 |
| 1252 void IOThread::ConfigureQuic(const base::CommandLine& command_line) { | 1272 void IOThread::ConfigureQuic(const base::CommandLine& command_line) { |
| 1253 // Always fetch the field trial group to ensure it is reported correctly. | 1273 // Always fetch the field trial group to ensure it is reported correctly. |
| 1254 // The command line flags will be associated with a group that is reported | 1274 // The command line flags will be associated with a group that is reported |
| 1255 // so long as trial is actually queried. | 1275 // so long as trial is actually queried. |
| (...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1595 net::QuicVersionVector supported_versions = net::QuicSupportedVersions(); | 1615 net::QuicVersionVector supported_versions = net::QuicSupportedVersions(); |
| 1596 for (size_t i = 0; i < supported_versions.size(); ++i) { | 1616 for (size_t i = 0; i < supported_versions.size(); ++i) { |
| 1597 net::QuicVersion version = supported_versions[i]; | 1617 net::QuicVersion version = supported_versions[i]; |
| 1598 if (net::QuicVersionToString(version) == quic_version) { | 1618 if (net::QuicVersionToString(version) == quic_version) { |
| 1599 return version; | 1619 return version; |
| 1600 } | 1620 } |
| 1601 } | 1621 } |
| 1602 | 1622 |
| 1603 return net::QUIC_VERSION_UNSUPPORTED; | 1623 return net::QUIC_VERSION_UNSUPPORTED; |
| 1604 } | 1624 } |
| OLD | NEW |
