Chromium Code Reviews Chromium Code Reviews
Issue 1244863003:
Attach a SecurityStyle to each request in ResourceLoader (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/loader/resource_loader.h" | 5 #include "content/browser/loader/resource_loader.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/location.h" | 8 #include "base/location.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/profiler/scoped_tracker.h" | 10 #include "base/profiler/scoped_tracker.h" |
| 11 #include "base/single_thread_task_runner.h" | 11 #include "base/single_thread_task_runner.h" |
| 12 #include "base/thread_task_runner_handle.h" | 12 #include "base/thread_task_runner_handle.h" |
| 13 #include "base/time/time.h" | 13 #include "base/time/time.h" |
| 14 #include "content/browser/appcache/appcache_interceptor.h" | 14 #include "content/browser/appcache/appcache_interceptor.h" |
| 15 #include "content/browser/child_process_security_policy_impl.h" | 15 #include "content/browser/child_process_security_policy_impl.h" |
| 16 #include "content/browser/loader/cross_site_resource_handler.h" | 16 #include "content/browser/loader/cross_site_resource_handler.h" |
| 17 #include "content/browser/loader/detachable_resource_handler.h" | 17 #include "content/browser/loader/detachable_resource_handler.h" |
| 18 #include "content/browser/loader/resource_loader_delegate.h" | 18 #include "content/browser/loader/resource_loader_delegate.h" |
| 19 #include "content/browser/loader/resource_request_info_impl.h" | 19 #include "content/browser/loader/resource_request_info_impl.h" |
| 20 #include "content/browser/service_worker/service_worker_request_handler.h" | 20 #include "content/browser/service_worker/service_worker_request_handler.h" |
| 21 #include "content/browser/ssl/ssl_client_auth_handler.h" | 21 #include "content/browser/ssl/ssl_client_auth_handler.h" |
| 22 #include "content/browser/ssl/ssl_manager.h" | 22 #include "content/browser/ssl/ssl_manager.h" |
| 23 #include "content/browser/ssl/ssl_policy.h" | |
| 23 #include "content/common/ssl_status_serialization.h" | 24 #include "content/common/ssl_status_serialization.h" |
| 24 #include "content/public/browser/cert_store.h" | 25 #include "content/public/browser/cert_store.h" |
| 25 #include "content/public/browser/resource_context.h" | 26 #include "content/public/browser/resource_context.h" |
| 26 #include "content/public/browser/resource_dispatcher_host_login_delegate.h" | 27 #include "content/public/browser/resource_dispatcher_host_login_delegate.h" |
| 27 #include "content/public/browser/signed_certificate_timestamp_store.h" | 28 #include "content/public/browser/signed_certificate_timestamp_store.h" |
| 28 #include "content/public/common/content_client.h" | 29 #include "content/public/common/content_client.h" |
| 29 #include "content/public/common/content_switches.h" | 30 #include "content/public/common/content_switches.h" |
| 30 #include "content/public/common/process_type.h" | 31 #include "content/public/common/process_type.h" |
| 31 #include "content/public/common/resource_response.h" | 32 #include "content/public/common/resource_response.h" |
| 33 #include "content/public/common/security_style.h" | |
| 32 #include "net/base/io_buffer.h" | 34 #include "net/base/io_buffer.h" |
| 33 #include "net/base/load_flags.h" | 35 #include "net/base/load_flags.h" |
| 34 #include "net/http/http_response_headers.h" | 36 #include "net/http/http_response_headers.h" |
| 35 #include "net/ssl/client_cert_store.h" | 37 #include "net/ssl/client_cert_store.h" |
| 36 #include "net/url_request/redirect_info.h" | 38 #include "net/url_request/redirect_info.h" |
| 37 #include "net/url_request/url_request_status.h" | 39 #include "net/url_request/url_request_status.h" |
| 38 | 40 |
| 39 using base::TimeDelta; | 41 using base::TimeDelta; |
| 40 using base::TimeTicks; | 42 using base::TimeTicks; |
| 41 | 43 |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 68 handler->GetExtraResponseInfo(&response->head); | 70 handler->GetExtraResponseInfo(&response->head); |
| 69 } | 71 } |
| 70 AppCacheInterceptor::GetExtraResponseInfo( | 72 AppCacheInterceptor::GetExtraResponseInfo( |
| 71 request, | 73 request, |
| 72 &response->head.appcache_id, | 74 &response->head.appcache_id, |
| 73 &response->head.appcache_manifest_url); | 75 &response->head.appcache_manifest_url); |
| 74 if (info->is_load_timing_enabled()) | 76 if (info->is_load_timing_enabled()) |
| 75 request->GetLoadTimingInfo(&response->head.load_timing); | 77 request->GetLoadTimingInfo(&response->head.load_timing); |
| 76 } | 78 } |
| 77 | 79 |
| 80 void StoreSignedCertificateTimestamps( | |
| 81 const net::SignedCertificateTimestampAndStatusList& sct_list, | |
| 82 int process_id, | |
| 83 SignedCertificateTimestampIDStatusList* sct_ids) { | |
| 84 SignedCertificateTimestampStore* sct_store( | |
| 85 SignedCertificateTimestampStore::GetInstance()); | |
| 86 | |
| 87 for (net::SignedCertificateTimestampAndStatusList::const_iterator iter = | |
|
palmer
2015/07/22 22:30:00
Nit: Could use auto here.
estark
2015/07/22 22:56:55
Done.
| |
| 88 sct_list.begin(); | |
| 89 iter != sct_list.end(); ++iter) { | |
| 90 const int sct_id(sct_store->Store(iter->sct.get(), process_id)); | |
| 91 sct_ids->push_back( | |
| 92 SignedCertificateTimestampIDAndStatus(sct_id, iter->status)); | |
| 93 } | |
| 94 } | |
| 95 | |
| 96 void GetSSLStatusForRequest(const GURL& url, | |
| 97 const net::SSLInfo& ssl_info, | |
| 98 int child_id, | |
| 99 SSLStatus* ssl_status) { | |
| 100 DCHECK(ssl_info.cert); | |
| 101 | |
| 102 int cert_id = | |
| 103 CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), child_id); | |
| 104 | |
| 105 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | |
| 106 StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps, | |
| 107 child_id, &signed_certificate_timestamp_ids); | |
| 108 | |
| 109 ssl_status->cert_id = cert_id; | |
| 110 ssl_status->cert_status = ssl_info.cert_status; | |
| 111 ssl_status->security_bits = ssl_info.security_bits; | |
| 112 ssl_status->connection_status = ssl_info.connection_status; | |
| 113 ssl_status->signed_certificate_timestamp_ids = | |
| 114 signed_certificate_timestamp_ids; | |
| 115 ssl_status->security_style = | |
| 116 SSLPolicy::GetSecurityStyleForResource(url, *ssl_status); | |
| 117 } | |
| 118 | |
| 78 } // namespace | 119 } // namespace |
| 79 | 120 |
| 80 ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request, | 121 ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request, |
| 81 scoped_ptr<ResourceHandler> handler, | 122 scoped_ptr<ResourceHandler> handler, |
| 82 ResourceLoaderDelegate* delegate) | 123 ResourceLoaderDelegate* delegate) |
| 83 : deferred_stage_(DEFERRED_NONE), | 124 : deferred_stage_(DEFERRED_NONE), |
| 84 request_(request.Pass()), | 125 request_(request.Pass()), |
| 85 handler_(handler.Pass()), | 126 handler_(handler.Pass()), |
| 86 delegate_(delegate), | 127 delegate_(delegate), |
| 87 last_upload_position_(0), | 128 last_upload_position_(0), |
| (...skipping 460 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 548 if (!was_pending) { | 589 if (!was_pending) { |
| 549 // If the request isn't in flight, then we won't get an asynchronous | 590 // If the request isn't in flight, then we won't get an asynchronous |
| 550 // notification from the request, so we have to signal ourselves to finish | 591 // notification from the request, so we have to signal ourselves to finish |
| 551 // this request. | 592 // this request. |
| 552 base::ThreadTaskRunnerHandle::Get()->PostTask( | 593 base::ThreadTaskRunnerHandle::Get()->PostTask( |
| 553 FROM_HERE, base::Bind(&ResourceLoader::ResponseCompleted, | 594 FROM_HERE, base::Bind(&ResourceLoader::ResponseCompleted, |
| 554 weak_ptr_factory_.GetWeakPtr())); | 595 weak_ptr_factory_.GetWeakPtr())); |
| 555 } | 596 } |
| 556 } | 597 } |
| 557 | 598 |
| 558 void ResourceLoader::StoreSignedCertificateTimestamps( | |
| 559 const net::SignedCertificateTimestampAndStatusList& sct_list, | |
| 560 int process_id, | |
| 561 SignedCertificateTimestampIDStatusList* sct_ids) { | |
| 562 SignedCertificateTimestampStore* sct_store( | |
| 563 SignedCertificateTimestampStore::GetInstance()); | |
| 564 | |
| 565 for (net::SignedCertificateTimestampAndStatusList::const_iterator iter = | |
| 566 sct_list.begin(); iter != sct_list.end(); ++iter) { | |
| 567 const int sct_id(sct_store->Store(iter->sct.get(), process_id)); | |
| 568 sct_ids->push_back( | |
| 569 SignedCertificateTimestampIDAndStatus(sct_id, iter->status)); | |
| 570 } | |
| 571 } | |
| 572 | |
| 573 void ResourceLoader::CompleteResponseStarted() { | 599 void ResourceLoader::CompleteResponseStarted() { |
| 574 ResourceRequestInfoImpl* info = GetRequestInfo(); | 600 ResourceRequestInfoImpl* info = GetRequestInfo(); |
| 575 scoped_refptr<ResourceResponse> response(new ResourceResponse()); | 601 scoped_refptr<ResourceResponse> response(new ResourceResponse()); |
| 576 PopulateResourceResponse(info, request_.get(), response.get()); | 602 PopulateResourceResponse(info, request_.get(), response.get()); |
| 577 | 603 |
| 578 if (request_->ssl_info().cert.get()) { | 604 if (request_->ssl_info().cert.get()) { |
| 579 int cert_id = CertStore::GetInstance()->StoreCert( | 605 SSLStatus ssl_status; |
| 580 request_->ssl_info().cert.get(), info->GetChildID()); | 606 GetSSLStatusForRequest(request_->url(), request_->ssl_info(), |
| 581 | 607 info->GetChildID(), &ssl_status); |
| 582 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | |
| 583 StoreSignedCertificateTimestamps( | |
| 584 request_->ssl_info().signed_certificate_timestamps, | |
| 585 info->GetChildID(), | |
| 586 &signed_certificate_timestamp_ids); | |
| 587 | 608 |
| 588 response->head.security_info = SerializeSecurityInfo( | 609 response->head.security_info = SerializeSecurityInfo( |
| 589 cert_id, | 610 ssl_status.security_style, ssl_status.cert_id, ssl_status.cert_status, |
| 590 request_->ssl_info().cert_status, | 611 ssl_status.security_bits, ssl_status.connection_status, |
| 591 request_->ssl_info().security_bits, | 612 ssl_status.signed_certificate_timestamp_ids); |
| 592 request_->ssl_info().connection_status, | |
| 593 signed_certificate_timestamp_ids); | |
| 594 } else { | 613 } else { |
| 595 // We should not have any SSL state. | 614 // We should not have any SSL state. |
| 596 DCHECK(!request_->ssl_info().cert_status && | 615 DCHECK(!request_->ssl_info().cert_status && |
| 597 request_->ssl_info().security_bits == -1 && | 616 request_->ssl_info().security_bits == -1 && |
| 598 !request_->ssl_info().connection_status); | 617 !request_->ssl_info().connection_status); |
| 599 } | 618 } |
| 600 | 619 |
| 601 delegate_->DidReceiveResponse(this); | 620 delegate_->DidReceiveResponse(this); |
| 602 | 621 |
| 603 // TODO(darin): Remove ScopedTracker below once crbug.com/475761 is fixed. | 622 // TODO(darin): Remove ScopedTracker below once crbug.com/475761 is fixed. |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 699 } | 718 } |
| 700 | 719 |
| 701 void ResourceLoader::ResponseCompleted() { | 720 void ResourceLoader::ResponseCompleted() { |
| 702 DVLOG(1) << "ResponseCompleted: " << request_->url().spec(); | 721 DVLOG(1) << "ResponseCompleted: " << request_->url().spec(); |
| 703 RecordHistograms(); | 722 RecordHistograms(); |
| 704 ResourceRequestInfoImpl* info = GetRequestInfo(); | 723 ResourceRequestInfoImpl* info = GetRequestInfo(); |
| 705 | 724 |
| 706 std::string security_info; | 725 std::string security_info; |
| 707 const net::SSLInfo& ssl_info = request_->ssl_info(); | 726 const net::SSLInfo& ssl_info = request_->ssl_info(); |
| 708 if (ssl_info.cert.get() != NULL) { | 727 if (ssl_info.cert.get() != NULL) { |
| 709 int cert_id = CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), | 728 SSLStatus ssl_status; |
| 710 info->GetChildID()); | 729 GetSSLStatusForRequest(request_->url(), ssl_info, info->GetChildID(), |
| 711 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | 730 &ssl_status); |
| 712 StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps, | |
| 713 info->GetChildID(), | |
| 714 &signed_certificate_timestamp_ids); | |
| 715 | 731 |
| 716 security_info = SerializeSecurityInfo( | 732 security_info = SerializeSecurityInfo( |
| 717 cert_id, ssl_info.cert_status, ssl_info.security_bits, | 733 ssl_status.security_style, ssl_status.cert_id, ssl_status.cert_status, |
| 718 ssl_info.connection_status, signed_certificate_timestamp_ids); | 734 ssl_status.security_bits, ssl_status.connection_status, |
| 735 ssl_status.signed_certificate_timestamp_ids); | |
| 719 } | 736 } |
| 720 | 737 |
| 721 bool defer = false; | 738 bool defer = false; |
| 722 { | 739 { |
| 723 // TODO(darin): Remove ScopedTracker below once crbug.com/475761 is fixed. | 740 // TODO(darin): Remove ScopedTracker below once crbug.com/475761 is fixed. |
| 724 tracked_objects::ScopedTracker tracking_profile( | 741 tracked_objects::ScopedTracker tracking_profile( |
| 725 FROM_HERE_WITH_EXPLICIT_FUNCTION("475761 OnResponseCompleted()")); | 742 FROM_HERE_WITH_EXPLICIT_FUNCTION("475761 OnResponseCompleted()")); |
| 726 | 743 |
| 727 handler_->OnResponseCompleted(request_->status(), security_info, &defer); | 744 handler_->OnResponseCompleted(request_->status(), security_info, &defer); |
| 728 } | 745 } |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 767 case net::URLRequestStatus::FAILED: | 784 case net::URLRequestStatus::FAILED: |
| 768 status = STATUS_UNDEFINED; | 785 status = STATUS_UNDEFINED; |
| 769 break; | 786 break; |
| 770 } | 787 } |
| 771 | 788 |
| 772 UMA_HISTOGRAM_ENUMERATION("Net.Prefetch.Pattern", status, STATUS_MAX); | 789 UMA_HISTOGRAM_ENUMERATION("Net.Prefetch.Pattern", status, STATUS_MAX); |
| 773 } | 790 } |
| 774 } | 791 } |
| 775 | 792 |
| 776 } // namespace content | 793 } // namespace content |
| OLD | NEW |
