Chromium Code Reviews Chromium Code Reviews
Issue 1244863003:
Attach a SecurityStyle to each request in ResourceLoader (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/browser/loader/resource_loader.cc |
| diff --git a/content/browser/loader/resource_loader.cc b/content/browser/loader/resource_loader.cc |
| index 06d0363d7d0f68475233af1b4f0bb1baded8dd18..408451f34115ef52f540223aac83933b2dd7c7e2 100644 |
| --- a/content/browser/loader/resource_loader.cc |
| +++ b/content/browser/loader/resource_loader.cc |
| @@ -20,6 +20,7 @@ |
| #include "content/browser/service_worker/service_worker_request_handler.h" |
| #include "content/browser/ssl/ssl_client_auth_handler.h" |
| #include "content/browser/ssl/ssl_manager.h" |
| +#include "content/browser/ssl/ssl_policy.h" |
| #include "content/common/ssl_status_serialization.h" |
| #include "content/public/browser/cert_store.h" |
| #include "content/public/browser/resource_context.h" |
| @@ -29,6 +30,7 @@ |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/process_type.h" |
| #include "content/public/common/resource_response.h" |
| +#include "content/public/common/security_style.h" |
| #include "net/base/io_buffer.h" |
| #include "net/base/load_flags.h" |
| #include "net/http/http_response_headers.h" |
| @@ -75,6 +77,45 @@ void PopulateResourceResponse(ResourceRequestInfoImpl* info, |
| request->GetLoadTimingInfo(&response->head.load_timing); |
| } |
| +void StoreSignedCertificateTimestamps( |
| + const net::SignedCertificateTimestampAndStatusList& sct_list, |
| + int process_id, |
| + SignedCertificateTimestampIDStatusList* sct_ids) { |
| + SignedCertificateTimestampStore* sct_store( |
| + SignedCertificateTimestampStore::GetInstance()); |
| + |
| + for (net::SignedCertificateTimestampAndStatusList::const_iterator iter = |
|
palmer
2015/07/22 22:30:00
Nit: Could use auto here.
estark
2015/07/22 22:56:55
Done.
|
| + sct_list.begin(); |
| + iter != sct_list.end(); ++iter) { |
| + const int sct_id(sct_store->Store(iter->sct.get(), process_id)); |
| + sct_ids->push_back( |
| + SignedCertificateTimestampIDAndStatus(sct_id, iter->status)); |
| + } |
| +} |
| + |
| +void GetSSLStatusForRequest(const GURL& url, |
| + const net::SSLInfo& ssl_info, |
| + int child_id, |
| + SSLStatus* ssl_status) { |
| + DCHECK(ssl_info.cert); |
| + |
| + int cert_id = |
| + CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), child_id); |
| + |
| + SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; |
| + StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps, |
| + child_id, &signed_certificate_timestamp_ids); |
| + |
| + ssl_status->cert_id = cert_id; |
| + ssl_status->cert_status = ssl_info.cert_status; |
| + ssl_status->security_bits = ssl_info.security_bits; |
| + ssl_status->connection_status = ssl_info.connection_status; |
| + ssl_status->signed_certificate_timestamp_ids = |
| + signed_certificate_timestamp_ids; |
| + ssl_status->security_style = |
| + SSLPolicy::GetSecurityStyleForResource(url, *ssl_status); |
| +} |
| + |
| } // namespace |
| ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request, |
| @@ -555,42 +596,20 @@ void ResourceLoader::CancelRequestInternal(int error, bool from_renderer) { |
| } |
| } |
| -void ResourceLoader::StoreSignedCertificateTimestamps( |
| - const net::SignedCertificateTimestampAndStatusList& sct_list, |
| - int process_id, |
| - SignedCertificateTimestampIDStatusList* sct_ids) { |
| - SignedCertificateTimestampStore* sct_store( |
| - SignedCertificateTimestampStore::GetInstance()); |
| - |
| - for (net::SignedCertificateTimestampAndStatusList::const_iterator iter = |
| - sct_list.begin(); iter != sct_list.end(); ++iter) { |
| - const int sct_id(sct_store->Store(iter->sct.get(), process_id)); |
| - sct_ids->push_back( |
| - SignedCertificateTimestampIDAndStatus(sct_id, iter->status)); |
| - } |
| -} |
| - |
| void ResourceLoader::CompleteResponseStarted() { |
| ResourceRequestInfoImpl* info = GetRequestInfo(); |
| scoped_refptr<ResourceResponse> response(new ResourceResponse()); |
| PopulateResourceResponse(info, request_.get(), response.get()); |
| if (request_->ssl_info().cert.get()) { |
| - int cert_id = CertStore::GetInstance()->StoreCert( |
| - request_->ssl_info().cert.get(), info->GetChildID()); |
| - |
| - SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; |
| - StoreSignedCertificateTimestamps( |
| - request_->ssl_info().signed_certificate_timestamps, |
| - info->GetChildID(), |
| - &signed_certificate_timestamp_ids); |
| + SSLStatus ssl_status; |
| + GetSSLStatusForRequest(request_->url(), request_->ssl_info(), |
| + info->GetChildID(), &ssl_status); |
| response->head.security_info = SerializeSecurityInfo( |
| - cert_id, |
| - request_->ssl_info().cert_status, |
| - request_->ssl_info().security_bits, |
| - request_->ssl_info().connection_status, |
| - signed_certificate_timestamp_ids); |
| + ssl_status.security_style, ssl_status.cert_id, ssl_status.cert_status, |
| + ssl_status.security_bits, ssl_status.connection_status, |
| + ssl_status.signed_certificate_timestamp_ids); |
| } else { |
| // We should not have any SSL state. |
| DCHECK(!request_->ssl_info().cert_status && |
| @@ -706,16 +725,14 @@ void ResourceLoader::ResponseCompleted() { |
| std::string security_info; |
| const net::SSLInfo& ssl_info = request_->ssl_info(); |
| if (ssl_info.cert.get() != NULL) { |
| - int cert_id = CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), |
| - info->GetChildID()); |
| - SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; |
| - StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps, |
| - info->GetChildID(), |
| - &signed_certificate_timestamp_ids); |
| + SSLStatus ssl_status; |
| + GetSSLStatusForRequest(request_->url(), ssl_info, info->GetChildID(), |
| + &ssl_status); |
| security_info = SerializeSecurityInfo( |
| - cert_id, ssl_info.cert_status, ssl_info.security_bits, |
| - ssl_info.connection_status, signed_certificate_timestamp_ids); |
| + ssl_status.security_style, ssl_status.cert_id, ssl_status.cert_status, |
| + ssl_status.security_bits, ssl_status.connection_status, |
| + ssl_status.signed_certificate_timestamp_ids); |
| } |
| bool defer = false; |
