Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(784)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/ssl_status_serialization.cc

Issue 1244863003: Attach a SecurityStyle to each request in ResourceLoader (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: update forgotten SerializeSecurityInfo() callsite Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/common/ssl_status_serialization.h ('K') | « content/common/ssl_status_serialization.h ('k') | content/common/ssl_status_serialization_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/ssl_status_serialization.h" 5 #include "content/common/ssl_status_serialization.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/pickle.h" 8 #include "base/pickle.h"
9 9
10 namespace {
11
12 // Checks that an integer |security_style| is a valid SecurityStyle enum
13 // value. Returns true if valid, false otherwise.
14 bool CheckSecurityStyle(int security_style) {
15 switch (security_style) {
16 case content::SECURITY_STYLE_UNKNOWN:
17 return true;
davidben 2015/07/22 20:56:58 Can a renderer ever legally send this one now? I g
estark 2015/07/22 22:56:55 Agree on both counts. I added that to crbug.com/50
18 case content::SECURITY_STYLE_UNAUTHENTICATED:
19 return true;
20 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN:
21 return true;
22 case content::SECURITY_STYLE_WARNING:
23 return true;
24 case content::SECURITY_STYLE_AUTHENTICATED:
palmer 2015/07/22 22:30:00 Nit: Maybe just implement these as fall-throughs?
estark 2015/07/22 22:56:55 Done (I think -- can you please check that I did w
25 return true;
26 }
27 return false;
28 }
29
30 } // namespace
31
10 namespace content { 32 namespace content {
11 33
12 std::string SerializeSecurityInfo( 34 std::string SerializeSecurityInfo(SecurityStyle security_style,
13 int cert_id, 35 int cert_id,
14 net::CertStatus cert_status, 36 net::CertStatus cert_status,
15 int security_bits, 37 int security_bits,
16 int ssl_connection_status, 38 int ssl_connection_status,
17 const SignedCertificateTimestampIDStatusList& 39 const SignedCertificateTimestampIDStatusList&
18 signed_certificate_timestamp_ids) { 40 signed_certificate_timestamp_ids) {
19 base::Pickle pickle; 41 base::Pickle pickle;
42 pickle.WriteInt(security_style);
20 pickle.WriteInt(cert_id); 43 pickle.WriteInt(cert_id);
21 pickle.WriteUInt32(cert_status); 44 pickle.WriteUInt32(cert_status);
22 pickle.WriteInt(security_bits); 45 pickle.WriteInt(security_bits);
23 pickle.WriteInt(ssl_connection_status); 46 pickle.WriteInt(ssl_connection_status);
24 pickle.WriteInt(signed_certificate_timestamp_ids.size()); 47 pickle.WriteInt(signed_certificate_timestamp_ids.size());
25 for (SignedCertificateTimestampIDStatusList::const_iterator iter = 48 for (SignedCertificateTimestampIDStatusList::const_iterator iter =
26 signed_certificate_timestamp_ids.begin(); 49 signed_certificate_timestamp_ids.begin();
27 iter != signed_certificate_timestamp_ids.end(); ++iter) { 50 iter != signed_certificate_timestamp_ids.end(); ++iter) {
28 pickle.WriteInt(iter->id); 51 pickle.WriteInt(iter->id);
29 pickle.WriteUInt16(iter->status); 52 pickle.WriteUInt16(iter->status);
30 } 53 }
31 return std::string(static_cast<const char*>(pickle.data()), pickle.size()); 54 return std::string(static_cast<const char*>(pickle.data()), pickle.size());
32 } 55 }
33 56
34 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) { 57 bool DeserializeSecurityInfo(const std::string& state, SSLStatus* ssl_status) {
35 *ssl_status = SSLStatus(); 58 *ssl_status = SSLStatus();
36 59
37 if (state.empty()) { 60 if (state.empty()) {
38 // No SSL used. 61 // No SSL used.
39 return true; 62 return true;
40 } 63 }
41 64
42 base::Pickle pickle(state.data(), static_cast<int>(state.size())); 65 base::Pickle pickle(state.data(), static_cast<int>(state.size()));
43 base::PickleIterator iter(pickle); 66 base::PickleIterator iter(pickle);
67 int security_style;
44 int num_scts_to_read; 68 int num_scts_to_read;
45 if (!iter.ReadInt(&ssl_status->cert_id) || 69 if (!iter.ReadInt(&security_style) || !iter.ReadInt(&ssl_status->cert_id) ||
46 !iter.ReadUInt32(&ssl_status->cert_status) || 70 !iter.ReadUInt32(&ssl_status->cert_status) ||
47 !iter.ReadInt(&ssl_status->security_bits) || 71 !iter.ReadInt(&ssl_status->security_bits) ||
48 !iter.ReadInt(&ssl_status->connection_status) || 72 !iter.ReadInt(&ssl_status->connection_status) ||
49 !iter.ReadInt(&num_scts_to_read)) { 73 !iter.ReadInt(&num_scts_to_read)) {
50 *ssl_status = SSLStatus(); 74 *ssl_status = SSLStatus();
51 return false; 75 return false;
52 } 76 }
53 77
78 if (!CheckSecurityStyle(security_style)) {
79 *ssl_status = SSLStatus();
80 return false;
81 }
82
83 ssl_status->security_style = static_cast<SecurityStyle>(security_style);
davidben 2015/07/22 20:56:58 NOTE: We are now trusting the renderer to set secu
estark 2015/07/22 22:56:55 I took a quick look through and this seems fine. I
84
54 // Sanity check |security_bits|: the only allowed negative value is -1. 85 // Sanity check |security_bits|: the only allowed negative value is -1.
55 if (ssl_status->security_bits < -1) { 86 if (ssl_status->security_bits < -1) {
56 *ssl_status = SSLStatus(); 87 *ssl_status = SSLStatus();
57 return false; 88 return false;
58 } 89 }
59 90
60 for (; num_scts_to_read > 0; --num_scts_to_read) { 91 for (; num_scts_to_read > 0; --num_scts_to_read) {
61 int id; 92 int id;
62 uint16 status; 93 uint16 status;
63 if (!iter.ReadInt(&id) || !iter.ReadUInt16(&status)) { 94 if (!iter.ReadInt(&id) || !iter.ReadUInt16(&status)) {
64 *ssl_status = SSLStatus(); 95 *ssl_status = SSLStatus();
65 return false; 96 return false;
66 } 97 }
67 98
68 ssl_status->signed_certificate_timestamp_ids.push_back( 99 ssl_status->signed_certificate_timestamp_ids.push_back(
69 SignedCertificateTimestampIDAndStatus( 100 SignedCertificateTimestampIDAndStatus(
70 id, static_cast<net::ct::SCTVerifyStatus>(status))); 101 id, static_cast<net::ct::SCTVerifyStatus>(status)));
71 } 102 }
72 103
73 return true; 104 return true;
74 } 105 }
75 106
76 } // namespace content 107 } // namespace content
OLDNEW
« content/common/ssl_status_serialization.h ('K') | « content/common/ssl_status_serialization.h ('k') | content/common/ssl_status_serialization_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698