chrome/browser/io_thread.cc - Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT)

Unified Diff: chrome/browser/io_thread.cc

Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Revised design, addressed some comments Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/io_thread.cc

diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc

index d2fcf3909fee7a2246f84c9d3bbff1745102182e..41ab267bd6ae9e046d684a841e0cac3525968394 100644

--- a/chrome/browser/io_thread.cc

+++ b/chrome/browser/io_thread.cc

@@ -40,6 +40,8 @@

#include "chrome/common/chrome_switches.h"

#include "chrome/common/chrome_version_info.h"

#include "chrome/common/pref_names.h"

+#include "components/certificate_transparency/log_proof_fetcher.h"

+#include "components/certificate_transparency/tree_state_tracker.h"

#include "components/data_reduction_proxy/core/browser/data_reduction_proxy_prefs.h"

#include "components/data_reduction_proxy/core/common/data_reduction_proxy_params.h"

#include "components/policy/core/common/policy_service.h"

@@ -684,26 +686,23 @@ void IOThread::Init() {

globals_->transport_security_state.reset(new net::TransportSecurityState());

- // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432

- // is fixed.

- tracked_objects::ScopedTracker tracking_profile7(

- FROM_HERE_WITH_EXPLICIT_FUNCTION(

- "466432 IOThread::InitAsync::CreateMultiLogVerifier"));

- net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier();

- globals_->cert_transparency_verifier.reset(ct_verifier);

+ // Add built-in logs

// TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432

// is fixed.

tracked_objects::ScopedTracker tracking_profile8(

FROM_HERE_WITH_EXPLICIT_FUNCTION(

- "466432 IOThread::InitAsync::CreateLogVerifiers::Start"));

- // Add built-in logs

- ct_verifier->AddLogs(net::ct::CreateLogVerifiersForKnownLogs());

+ "466432 IOThread::InitAsync::AddKnownLogs::Start"));

+ ScopedVector<net::CTLogVerifier> known_logs(

+ net::ct::CreateLogVerifiersForKnownLogs());

+ for (auto it = known_logs.begin(); it != known_logs.end(); ++it)

Ryan Sleevi 2015/06/29 11:58:12 STYLE: "const auto&" alternatively: for (known_lo

Eran Messeri 2015/07/10 13:15:48 Done.

+ globals_->ct_logs.push_back(linked_ptr<net::CTLogVerifier>(*it));

+ known_logs.weak_clear();

// TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432

// is fixed.

tracked_objects::ScopedTracker tracking_profile9(

FROM_HERE_WITH_EXPLICIT_FUNCTION(

- "466432 IOThread::InitAsync::CreateLogVerifiers::End"));

+ "466432 IOThread::InitAsync::AddKnownLogs::End"));

// Add logs from command line

if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) {

@@ -729,10 +728,15 @@ void IOThread::Init() {

log_url));

CHECK(external_log_verifier) << "Unable to parse CT public key.";

VLOG(1) << "Adding log with description " << log_description;

- ct_verifier->AddLog(external_log_verifier.Pass());

+ globals_->ct_logs.push_back(

+ linked_ptr<net::CTLogVerifier>(external_log_verifier.release()));

}

+ net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier();

+ ct_verifier->AddLogs(globals_->ct_logs);

+ globals_->cert_transparency_verifier.reset(ct_verifier);

// TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432

// is fixed.

tracked_objects::ScopedTracker tracking_profile10(

@@ -917,6 +921,7 @@ void IOThread::CleanUp() {

// Release objects that the net::URLRequestContext could have been pointing

// to.

+ globals()->cert_transparency_verifier->StopNotifications();

// Shutdown the HistogramWatcher on the IO thread.

net::NetworkChangeNotifier::ShutdownHistogramWatcher();

@@ -1243,6 +1248,21 @@ void IOThread::InitSystemRequestContextOnIOThread() {

globals_->ssl_config_service.get());

globals_->system_request_context->set_http_server_properties(

globals_->http_server_properties->GetWeakPtr());

+ VLOG(1) << "Creating TreeStateTracker observer on IOThread.";

+ scoped_ptr<certificate_transparency::LogProofFetcher> proof_fetcher(

+ new certificate_transparency::LogProofFetcher(

+ globals_->system_request_context.get()));

+ certificate_transparency::TreeStateTracker* scts_observer(

+ new certificate_transparency::TreeStateTracker(

+ proof_fetcher.Pass(), globals_->ct_logs));

+ globals_->cert_transparency_observer.reset(scts_observer);

+ // The |cert_transparency_verifier| is the same one held by

+ // the |proxy_script_fetcher_context| and |system_request_context|,

+ // so no need to set the observer in their cert_transparency_verifiers.

+ globals_->cert_transparency_verifier->SetObserver(scts_observer);

+ VLOG(1) << "TreeStateTracker observer on IOThread created.";

}

void IOThread::UpdateDnsClientEnabled() {

« chrome/browser/io_thread.h ('K') | « chrome/browser/io_thread.h ('k') | chrome/browser/profiles/profile_impl_io_data.cc » ('j') | chrome/browser/profiles/profile_io_data.h » ('J')