Added SSLHostInfo. Storing of server host info to our standard disk cache.

net/socket/ssl_client_socket_nss.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
 // from AuthCertificateCallback() in
 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
 
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ skipping 88 matching lines @@
 #include "net/cert/scoped_nss_types.h"
 #include "net/cert/sct_status_flags.h"
 #include "net/cert/single_request_cert_verifier.h"
 #include "net/cert/x509_certificate_net_log_param.h"
 #include "net/cert/x509_util.h"
 #include "net/http/transport_security_state.h"
 #include "net/ocsp/nss_ocsp.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/nss_ssl_util.h"
 #include "net/socket/ssl_error_params.h"
+#include "net/socket/ssl_host_info.h"
 #include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_config_service.h"

[wtc, 2014/01/15 19:08:59]

I assume it is necessary to add this header? It's not in the original revert CL.

[ramant (doing other things), 2014/01/18 00:21:56]

Done.

 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
 
 #if defined(OS_WIN)
 #include <windows.h>
 #include <wincrypt.h>
 
 #include "base/win/windows_version.h"
 #elif defined(OS_MACOSX)
 #include <Security/SecBase.h>
@@ skipping 286 matching lines @@
 struct HandshakeState {
   HandshakeState() { Reset(); }
 
   void Reset() {
     next_proto_status = SSLClientSocket::kNextProtoUnsupported;
     next_proto.clear();
     server_protos.clear();
     channel_id_sent = false;
     server_cert_chain.Reset(NULL);
     server_cert = NULL;
+    predicted_cert_chain_correct = false;
     sct_list_from_tls_extension.clear();
     stapled_ocsp_response.clear();
     resumed_handshake = false;
     ssl_connection_status = 0;
   }
 
   // Set to kNextProtoNegotiated if NPN was successfully negotiated, with the
   // negotiated protocol stored in |next_proto|.
   SSLClientSocket::NextProtoStatus next_proto_status;
   std::string next_proto;
@@ skipping 16 matching lines @@
   // libraries (i.e.: when running within a sandbox, different parsing
   // algorithms, etc), so it's not safe to assume that |server_cert| will
   // always be non-NULL.
   PeerCertificateChain server_cert_chain;
   scoped_refptr<X509Certificate> server_cert;
   // SignedCertificateTimestampList received via TLS extension (RFC 6962).
   std::string sct_list_from_tls_extension;
   // Stapled OCSP response received.
   std::string stapled_ocsp_response;
 
+  // True if we predicted a certificate chain (via
+  // Core::SetPredictedCertificates) and that prediction matched what the
+  // server sent.
+  bool predicted_cert_chain_correct;

[wtc, 2014/01/15 19:08:59]

List this right after server_cert.

[ramant (doing other things), 2014/01/18 00:21:56]

Done.

+
   // True if the current handshake was the result of TLS session resumption.
   bool resumed_handshake;
 
   // The negotiated security parameters (TLS version, cipher, extensions) of
   // the SSL connection.
   int ssl_connection_status;
 };
 
 // Client-side error mapping functions.
 
@@ skipping 1184 matching lines @@
     nss_handshake_state_.resumed_handshake = false;
   }
 
   RecordChannelIDSupportOnNSSTaskRunner();
   UpdateServerCert();
   UpdateSignedCertTimestamps();
   UpdateStapledOCSPResponse();
   UpdateConnectionStatus();
   UpdateNextProto();
 
+  // We need to see if the predicted certificate chain (from
+  // SetPredictedCertificates) matches the actual certificate chain.
+  nss_handshake_state_.predicted_cert_chain_correct = false;
+  if (!predicted_certs_.empty()) {
+    PeerCertificateChain& certs = nss_handshake_state_.server_cert_chain;
+    nss_handshake_state_.predicted_cert_chain_correct =
+        certs.size() == predicted_certs_.size();
+
+    if (nss_handshake_state_.predicted_cert_chain_correct) {
+      for (unsigned i = 0; i < certs.size(); i++) {
+        if (certs[i]->derCert.len != predicted_certs_[i].size() ||
+            memcmp(certs[i]->derCert.data, predicted_certs_[i].data(),
+                   certs[i]->derCert.len) != 0) {
+          nss_handshake_state_.predicted_cert_chain_correct = false;
+          break;
+        }
+      }
+    }
+  }
+
   // Update the network task runners view of the handshake state whenever
   // a handshake has completed.
   PostOrRunCallback(
       FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
                             nss_handshake_state_));
 }
 
 int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error,
                                              bool handshake_error) {
   DCHECK(OnNSSTaskRunner());
@@ skipping 725 matching lines @@
       SSL_PeerStapledOCSPResponses(nss_fd_);
   if (!ocsp_responses || !ocsp_responses->len)
     return;
 
   nss_handshake_state_.stapled_ocsp_response = std::string(
       reinterpret_cast<char*>(ocsp_responses->items[0].data),
       ocsp_responses->items[0].len);
 
   // TODO(agl): figure out how to plumb an OCSP response into the Mac
   // system library and update IsOCSPStaplingSupported for Mac.
-  if (IsOCSPStaplingSupported()) {
+  if (!nss_handshake_state_.predicted_cert_chain_correct &&
+      IsOCSPStaplingSupported()) {
   #if defined(OS_WIN)
     if (nss_handshake_state_.server_cert) {
       CRYPT_DATA_BLOB ocsp_response_blob;
       ocsp_response_blob.cbData = ocsp_responses->items[0].len;
       ocsp_response_blob.pbData = ocsp_responses->items[0].data;
       BOOL ok = CertSetCertificateContextProperty(
           nss_handshake_state_.server_cert->os_cert_handle(),
           CERT_OCSP_RESPONSE_PROP_ID,
           CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG,
           &ocsp_response_blob);
@@ skipping 350 matching lines @@
   PostOrRunCallback(
       FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
                             nss_handshake_state_));
 }
 
 SSLClientSocketNSS::SSLClientSocketNSS(
     base::SequencedTaskRunner* nss_task_runner,
     scoped_ptr<ClientSocketHandle> transport_socket,
     const HostPortPair& host_and_port,
     const SSLConfig& ssl_config,
+    SSLHostInfo* ssl_host_info,
     const SSLClientSocketContext& context)
     : nss_task_runner_(nss_task_runner),
       transport_(transport_socket.Pass()),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
+      server_cert_verify_result_(NULL),
       cert_verifier_(context.cert_verifier),
       cert_transparency_verifier_(context.cert_transparency_verifier),
       server_bound_cert_service_(context.server_bound_cert_service),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       completed_handshake_(false),
       next_handshake_state_(STATE_NONE),
       nss_fd_(NULL),
       net_log_(transport_->socket()->NetLog()),
+      ssl_host_info_(ssl_host_info),
       transport_security_state_(context.transport_security_state),
       valid_thread_id_(base::kInvalidThreadId) {
   EnterFunction("");
   InitCore();
   LeaveFunction("");
 }
 
 SSLClientSocketNSS::~SSLClientSocketNSS() {
   EnterFunction("");
   Disconnect();
@@ skipping 11 matching lines @@
 }
 
 bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   EnterFunction("");
   ssl_info->Reset();
   if (core_->state().server_cert_chain.empty() ||
       !core_->state().server_cert_chain[0]) {
     return false;
   }
 
-  ssl_info->cert_status = server_cert_verify_result_.cert_status;
-  ssl_info->cert = server_cert_verify_result_.verified_cert;
+  ssl_info->cert_status = server_cert_verify_result_->cert_status;
+  ssl_info->cert = server_cert_verify_result_->verified_cert;
 
   AddSCTInfoToSSLInfo(ssl_info);
 
   ssl_info->connection_status =
       core_->state().ssl_connection_status;
-  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
+  ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes;
   ssl_info->is_issued_by_known_root =
-      server_cert_verify_result_.is_issued_by_known_root;
+      server_cert_verify_result_->is_issued_by_known_root;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert.get();
   ssl_info->channel_id_sent = WasChannelIDSent();
 
   PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite(
       core_->state().ssl_connection_status);
   SSLCipherSuiteInfo cipher_info;
   SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite,
                                         &cipher_info, sizeof(cipher_info));
   if (ok == SECSuccess) {
@@ skipping 89 matching lines @@
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     return rv;
   }
 
   rv = InitializeSSLPeerName();
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     return rv;
   }
 
-  GotoState(STATE_HANDSHAKE);
+  if (ssl_host_info_.get()) {
+    GotoState(STATE_LOAD_SSL_HOST_INFO);
+  } else {
+    GotoState(STATE_HANDSHAKE);
+  }
 
   rv = DoHandshakeLoop(OK);
   if (rv == ERR_IO_PENDING) {
     user_connect_callback_ = callback;
   } else {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
   }
 
   LeaveFunction("");
   return rv > OK ? OK : rv;
 }
 
 void SSLClientSocketNSS::Disconnect() {
   EnterFunction("");
 
   CHECK(CalledOnValidThread());
 
   // Shut down anything that may call us back.
   core_->Detach();
   verifier_.reset();
   transport_->socket()->Disconnect();
 
   // Reset object state.
   user_connect_callback_.Reset();
-  server_cert_verify_result_.Reset();
+  local_server_cert_verify_result_.Reset();
+  server_cert_verify_result_ = NULL;
   completed_handshake_   = false;
   start_cert_verification_time_ = base::TimeTicks();
   InitCore();
 
   LeaveFunction("");
 }
 
 bool SSLClientSocketNSS::IsConnected() const {
   EnterFunction("");
   bool ret = completed_handshake_ &&
@@ skipping 308 matching lines @@
 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) {
   EnterFunction(result);
   int rv = DoHandshakeLoop(result);
   if (rv != ERR_IO_PENDING) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     DoConnectCallback(rv);
   }
   LeaveFunction("");
 }
 
+void SSLClientSocketNSS::LoadSSLHostInfo() {
+  const SSLHostInfo::State& state(ssl_host_info_->state());
+
+  if (state.certs.empty())
+    return;
+
+  /* TODO(rtenneti): Implement the following */
+  // const std::vector<std::string>& certs_in = state.certs;
+  // core_->SetPredictedCertificates(certs_in);
+}
+
+int SSLClientSocketNSS::DoLoadSSLHostInfo() {
+  EnterFunction("");
+  int rv = ssl_host_info_->WaitForDataReady(
+      base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
+                 base::Unretained(this)));
+  GotoState(STATE_HANDSHAKE);
+
+  if (rv == OK) {
+    LoadSSLHostInfo();
+  } else {
+    DCHECK_EQ(ERR_IO_PENDING, rv);
+    GotoState(STATE_LOAD_SSL_HOST_INFO);
+  }
+
+  LeaveFunction("");
+  return rv;
+}
+
 int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
   EnterFunction(last_io_result);
   int rv = last_io_result;
   do {
     // Default to STATE_NONE for next state.
     // (This is a quirk carried over from the windows
     // implementation.  It makes reading the logs a bit harder.)
     // State handlers can and often do call GotoState just
     // to stay in the current state.
     State state = next_handshake_state_;
     GotoState(STATE_NONE);
     switch (state) {
+      case STATE_LOAD_SSL_HOST_INFO:
+        DCHECK(rv == OK || rv == ERR_IO_PENDING);
+        rv = DoLoadSSLHostInfo();
+        break;
       case STATE_HANDSHAKE:
         rv = DoHandshake();
         break;
       case STATE_HANDSHAKE_COMPLETE:
         rv = DoHandshakeComplete(rv);
         break;
       case STATE_VERIFY_CERT:
         DCHECK(rv == OK);
         rv = DoVerifyCert(rv);
         break;
@@ skipping 19 matching lines @@
   GotoState(STATE_HANDSHAKE_COMPLETE);
 
   LeaveFunction(rv);
   return rv;
 }
 
 int SSLClientSocketNSS::DoHandshakeComplete(int result) {
   EnterFunction(result);
 
   if (result == OK) {
+    SaveSSLHostInfo();
     // SSL handshake is completed. Let's verify the certificate.
     GotoState(STATE_VERIFY_CERT);
     // Done!
   }
   set_channel_id_sent(core_->state().channel_id_sent);
   set_signed_cert_timestamps_received(
       !core_->state().sct_list_from_tls_extension.empty());
   set_stapled_ocsp_response_received(
       !core_->state().stapled_ocsp_response.empty());
 
@@ skipping 10 matching lines @@
   // If the certificate is expected to be bad we can use the expectation as
   // the cert status.
   base::StringPiece der_cert(
       reinterpret_cast<char*>(
           core_->state().server_cert_chain[0]->derCert.data),
       core_->state().server_cert_chain[0]->derCert.len);
   CertStatus cert_status;
   if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) {
     DCHECK(start_cert_verification_time_.is_null());
     VLOG(1) << "Received an expected bad cert with status: " << cert_status;
-    server_cert_verify_result_.Reset();
-    server_cert_verify_result_.cert_status = cert_status;
-    server_cert_verify_result_.verified_cert = core_->state().server_cert;
+    server_cert_verify_result_ = &local_server_cert_verify_result_;
+    local_server_cert_verify_result_.Reset();
+    local_server_cert_verify_result_.cert_status = cert_status;
+    local_server_cert_verify_result_.verified_cert =
+        core_->state().server_cert;
     return OK;
   }
 
   // We may have failed to create X509Certificate object if we are
   // running inside sandbox.
   if (!core_->state().server_cert.get()) {
-    server_cert_verify_result_.Reset();
-    server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
+    server_cert_verify_result_ = &local_server_cert_verify_result_;
+    local_server_cert_verify_result_.Reset();
+    local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID;
     return ERR_CERT_INVALID;
   }
 
   start_cert_verification_time_ = base::TimeTicks::Now();
 
+  if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() &&
+      core_->state().predicted_cert_chain_correct) {
+    // If the SSLHostInfo had a prediction for the certificate chain of this
+    // server then it will have optimistically started a verification of that
+    // chain. So, if the prediction was correct, we should wait for that
+    // verification to finish rather than start our own.
+    net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED);
+    UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2);
+    base::TimeTicks end_time = ssl_host_info_->verification_end_time();
+    if (end_time.is_null())
+      end_time = base::TimeTicks::Now();
+    UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved",
+                        end_time - ssl_host_info_->verification_start_time());
+    server_cert_verify_result_ = &ssl_host_info_->cert_verify_result();
+    return ssl_host_info_->WaitForCertVerification(
+        base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
+                   base::Unretained(this)));
+  } else {
+    UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2);
+  }
+
   int flags = 0;
   if (ssl_config_.rev_checking_enabled)
     flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED;
   if (ssl_config_.verify_ev_cert)
     flags |= CertVerifier::VERIFY_EV_CERT;
   if (ssl_config_.cert_io_enabled)
     flags |= CertVerifier::VERIFY_CERT_IO_ENABLED;
   if (ssl_config_.rev_checking_required_local_anchors)
     flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS;
   verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
+  server_cert_verify_result_ = &local_server_cert_verify_result_;
   return verifier_->Verify(
       core_->state().server_cert.get(),
       host_and_port_.host(),
       flags,
       SSLConfigService::GetCRLSet().get(),
-      &server_cert_verify_result_,
+      &local_server_cert_verify_result_,
       base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
                  base::Unretained(this)),
       net_log_);
 }
 
 // Derived from AuthCertificateCallback() in
 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp.
 int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
   verifier_.reset();
 
@@ skipping 35 matching lines @@
   // Perform pin validation if, and only if, all these conditions obtain:
   //
   // * a TransportSecurityState object is available;
   // * the server's certificate chain is valid (or suffers from only a minor
   //   error);
   // * the server's certificate chain chains up to a known root (i.e. not a
   //   user-installed trust anchor); and
   // * the build is recent (very old builds should fail open so that users
   //   have some chance to recover).
   //
-  const CertStatus cert_status = server_cert_verify_result_.cert_status;
+  const CertStatus cert_status = server_cert_verify_result_->cert_status;
   if (transport_security_state_ &&
       (result == OK ||
        (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
-      server_cert_verify_result_.is_issued_by_known_root &&
+      server_cert_verify_result_->is_issued_by_known_root &&
       TransportSecurityState::IsBuildTimely()) {
     bool sni_available =
         ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 ||
         ssl_config_.version_fallback;
     const std::string& host = host_and_port_.host();
 
     TransportSecurityState::DomainState domain_state;
     if (transport_security_state_->GetDomainState(host, sni_available,
                                                   &domain_state) &&
         domain_state.HasPublicKeyPins()) {
       if (!domain_state.CheckPublicKeyPins(
-              server_cert_verify_result_.public_key_hashes)) {
+              server_cert_verify_result_->public_key_hashes)) {
         result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
         UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
         TransportSecurityState::ReportUMAOnPinFailure(host);
       } else {
         UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
       }
     }
   }
 #endif
 
@@ skipping 14 matching lines @@
 }
 
 void SSLClientSocketNSS::VerifyCT() {
   if (!cert_transparency_verifier_)
     return;
 
   // Note that this is a completely synchronous operation: The CT Log Verifier
   // gets all the data it needs for SCT verification and does not do any
   // external communication.
   int result = cert_transparency_verifier_->Verify(
-      server_cert_verify_result_.verified_cert,
+      server_cert_verify_result_->verified_cert,
       core_->state().stapled_ocsp_response,
       core_->state().sct_list_from_tls_extension,
       &ct_verify_result_,
       net_log_);
   // TODO(ekasper): wipe stapled_ocsp_response and sct_list_from_tls_extension
   // from the state after verification is complete, to conserve memory.
 
   VLOG(1) << "CT Verification complete: result " << result
           << " Invalid scts: " << ct_verify_result_.invalid_scts.size()
           << " Verified scts: " << ct_verify_result_.verified_scts.size()
@@ skipping 17 matching lines @@
       break;
     case SSL_CONNECTION_VERSION_TLS1_1:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1);
       break;
     case SSL_CONNECTION_VERSION_TLS1_2:
       UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2);
       break;
   };
 }
 
+// SaveSSLHostInfo saves the certificate chain of the connection so that we can
+// start verification faster in the future.
+void SSLClientSocketNSS::SaveSSLHostInfo() {
+  if (!ssl_host_info_.get())
+    return;
+
+  // If the SSLHostInfo hasn't managed to load from disk yet then we can't save
+  // anything.
+  if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK)
+    return;
+
+  SSLHostInfo::State* state = ssl_host_info_->mutable_state();
+
+  state->certs.clear();
+  const PeerCertificateChain& certs = core_->state().server_cert_chain;
+  for (unsigned i = 0; i < certs.size(); i++) {
+    if (certs[i] == NULL ||
+        certs[i]->derCert.len > std::numeric_limits<uint16>::max()) {
+      return;
+    }
+
+    state->certs.push_back(std::string(
+          reinterpret_cast<char*>(certs[i]->derCert.data),
+          certs[i]->derCert.len));
+  }
+
+  ssl_host_info_->Persist();
+}
+
 void SSLClientSocketNSS::EnsureThreadIdAssigned() const {
   base::AutoLock auto_lock(lock_);
   if (valid_thread_id_ != base::kInvalidThreadId)
     return;
   valid_thread_id_ = base::PlatformThread::CurrentId();
 }
 
 bool SSLClientSocketNSS::CalledOnValidThread() const {
   EnsureThreadIdAssigned();
   base::AutoLock auto_lock(lock_);
@@ skipping 20 matching lines @@
         SignedCertificateTimestampAndStatus(*iter,
                                             ct::SCT_STATUS_LOG_UNKNOWN));
   }
 }
 
 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
   return server_bound_cert_service_;
 }
 
 }  // namespace net