| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 53 #include "net/socket/client_socket_factory.h" | 53 #include "net/socket/client_socket_factory.h" |
| 54 #include "net/socket/socks_client_socket_pool.h" | 54 #include "net/socket/socks_client_socket_pool.h" |
| 55 #include "net/socket/ssl_client_socket.h" | 55 #include "net/socket/ssl_client_socket.h" |
| 56 #include "net/socket/ssl_client_socket_pool.h" | 56 #include "net/socket/ssl_client_socket_pool.h" |
| 57 #include "net/socket/transport_client_socket_pool.h" | 57 #include "net/socket/transport_client_socket_pool.h" |
| 58 #include "net/spdy/spdy_http_stream.h" | 58 #include "net/spdy/spdy_http_stream.h" |
| 59 #include "net/spdy/spdy_session.h" | 59 #include "net/spdy/spdy_session.h" |
| 60 #include "net/spdy/spdy_session_pool.h" | 60 #include "net/spdy/spdy_session_pool.h" |
| 61 #include "net/ssl/ssl_cert_request_info.h" | 61 #include "net/ssl/ssl_cert_request_info.h" |
| 62 #include "net/ssl/ssl_connection_status_flags.h" | 62 #include "net/ssl/ssl_connection_status_flags.h" |
| 63 #include "net/ssl/ssl_private_key.h" |
| 63 #include "url/gurl.h" | 64 #include "url/gurl.h" |
| 64 #include "url/url_canon.h" | 65 #include "url/url_canon.h" |
| 65 | 66 |
| 66 namespace net { | 67 namespace net { |
| 67 | 68 |
| 68 namespace { | 69 namespace { |
| 69 | 70 |
| 70 void ProcessAlternativeServices(HttpNetworkSession* session, | 71 void ProcessAlternativeServices(HttpNetworkSession* session, |
| 71 const HttpResponseHeaders& headers, | 72 const HttpResponseHeaders& headers, |
| 72 const HostPortPair& http_host_port_pair) { | 73 const HostPortPair& http_host_port_pair) { |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 213 | 214 |
| 214 next_state_ = STATE_CREATE_STREAM; | 215 next_state_ = STATE_CREATE_STREAM; |
| 215 | 216 |
| 216 int rv = DoLoop(OK); | 217 int rv = DoLoop(OK); |
| 217 if (rv == ERR_IO_PENDING) | 218 if (rv == ERR_IO_PENDING) |
| 218 callback_ = callback; | 219 callback_ = callback; |
| 219 return rv; | 220 return rv; |
| 220 } | 221 } |
| 221 | 222 |
| 222 int HttpNetworkTransaction::RestartWithCertificate( | 223 int HttpNetworkTransaction::RestartWithCertificate( |
| 223 X509Certificate* client_cert, const CompletionCallback& callback) { | 224 X509Certificate* client_cert, |
| 225 SSLPrivateKey* client_private_key, |
| 226 const CompletionCallback& callback) { |
| 224 // In HandleCertificateRequest(), we always tear down existing stream | 227 // In HandleCertificateRequest(), we always tear down existing stream |
| 225 // requests to force a new connection. So we shouldn't have one here. | 228 // requests to force a new connection. So we shouldn't have one here. |
| 226 DCHECK(!stream_request_.get()); | 229 DCHECK(!stream_request_.get()); |
| 227 DCHECK(!stream_.get()); | 230 DCHECK(!stream_.get()); |
| 228 DCHECK_EQ(STATE_NONE, next_state_); | 231 DCHECK_EQ(STATE_NONE, next_state_); |
| 229 | 232 |
| 230 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? | 233 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? |
| 231 &proxy_ssl_config_ : &server_ssl_config_; | 234 &proxy_ssl_config_ : &server_ssl_config_; |
| 232 ssl_config->send_client_cert = true; | 235 ssl_config->send_client_cert = true; |
| 233 ssl_config->client_cert = client_cert; | 236 ssl_config->client_cert = client_cert; |
| 237 ssl_config->client_private_key = client_private_key; |
| 234 session_->ssl_client_auth_cache()->Add( | 238 session_->ssl_client_auth_cache()->Add( |
| 235 response_.cert_request_info->host_and_port, client_cert); | 239 response_.cert_request_info->host_and_port, client_cert, |
| 240 client_private_key); |
| 236 // Reset the other member variables. | 241 // Reset the other member variables. |
| 237 // Note: this is necessary only with SSL renegotiation. | 242 // Note: this is necessary only with SSL renegotiation. |
| 238 ResetStateForRestart(); | 243 ResetStateForRestart(); |
| 239 next_state_ = STATE_CREATE_STREAM; | 244 next_state_ = STATE_CREATE_STREAM; |
| 240 int rv = DoLoop(OK); | 245 int rv = DoLoop(OK); |
| 241 if (rv == ERR_IO_PENDING) | 246 if (rv == ERR_IO_PENDING) |
| 242 callback_ = callback; | 247 callback_ = callback; |
| 243 return rv; | 248 return rv; |
| 244 } | 249 } |
| 245 | 250 |
| (...skipping 973 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1219 } | 1224 } |
| 1220 | 1225 |
| 1221 // The server is asking for a client certificate during the initial | 1226 // The server is asking for a client certificate during the initial |
| 1222 // handshake. | 1227 // handshake. |
| 1223 stream_request_.reset(); | 1228 stream_request_.reset(); |
| 1224 | 1229 |
| 1225 // If the user selected one of the certificates in client_certs or declined | 1230 // If the user selected one of the certificates in client_certs or declined |
| 1226 // to provide one for this server before, use the past decision | 1231 // to provide one for this server before, use the past decision |
| 1227 // automatically. | 1232 // automatically. |
| 1228 scoped_refptr<X509Certificate> client_cert; | 1233 scoped_refptr<X509Certificate> client_cert; |
| 1234 scoped_refptr<SSLPrivateKey> client_private_key; |
| 1229 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( | 1235 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( |
| 1230 response_.cert_request_info->host_and_port, &client_cert); | 1236 response_.cert_request_info->host_and_port, &client_cert, |
| 1237 &client_private_key); |
| 1231 if (!found_cached_cert) | 1238 if (!found_cached_cert) |
| 1232 return error; | 1239 return error; |
| 1233 | 1240 |
| 1234 // Check that the certificate selected is still a certificate the server | 1241 // Check that the certificate selected is still a certificate the server |
| 1235 // is likely to accept, based on the criteria supplied in the | 1242 // is likely to accept, based on the criteria supplied in the |
| 1236 // CertificateRequest message. | 1243 // CertificateRequest message. |
| 1237 if (client_cert.get()) { | 1244 if (client_cert.get()) { |
| 1238 const std::vector<std::string>& cert_authorities = | 1245 const std::vector<std::string>& cert_authorities = |
| 1239 response_.cert_request_info->cert_authorities; | 1246 response_.cert_request_info->cert_authorities; |
| 1240 | 1247 |
| 1241 bool cert_still_valid = cert_authorities.empty() || | 1248 bool cert_still_valid = cert_authorities.empty() || |
| 1242 client_cert->IsIssuedByEncoded(cert_authorities); | 1249 client_cert->IsIssuedByEncoded(cert_authorities); |
| 1243 if (!cert_still_valid) | 1250 if (!cert_still_valid) |
| 1244 return error; | 1251 return error; |
| 1245 } | 1252 } |
| 1246 | 1253 |
| 1247 // TODO(davidben): Add a unit test which covers this path; we need to be | 1254 // TODO(davidben): Add a unit test which covers this path; we need to be |
| 1248 // able to send a legitimate certificate and also bypass/clear the | 1255 // able to send a legitimate certificate and also bypass/clear the |
| 1249 // SSL session cache. | 1256 // SSL session cache. |
| 1250 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? | 1257 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? |
| 1251 &proxy_ssl_config_ : &server_ssl_config_; | 1258 &proxy_ssl_config_ : &server_ssl_config_; |
| 1252 ssl_config->send_client_cert = true; | 1259 ssl_config->send_client_cert = true; |
| 1253 ssl_config->client_cert = client_cert; | 1260 ssl_config->client_cert = client_cert; |
| 1261 ssl_config->client_private_key = client_private_key; |
| 1254 next_state_ = STATE_CREATE_STREAM; | 1262 next_state_ = STATE_CREATE_STREAM; |
| 1255 // Reset the other member variables. | 1263 // Reset the other member variables. |
| 1256 // Note: this is necessary only with SSL renegotiation. | 1264 // Note: this is necessary only with SSL renegotiation. |
| 1257 ResetStateForRestart(); | 1265 ResetStateForRestart(); |
| 1258 return OK; | 1266 return OK; |
| 1259 } | 1267 } |
| 1260 | 1268 |
| 1261 int HttpNetworkTransaction::HandleHttp11Required(int error) { | 1269 int HttpNetworkTransaction::HandleHttp11Required(int error) { |
| 1262 DCHECK(error == ERR_HTTP_1_1_REQUIRED || | 1270 DCHECK(error == ERR_HTTP_1_1_REQUIRED || |
| 1263 error == ERR_PROXY_HTTP_1_1_REQUIRED); | 1271 error == ERR_PROXY_HTTP_1_1_REQUIRED); |
| (...skipping 409 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1673 DCHECK(stream_request_); | 1681 DCHECK(stream_request_); |
| 1674 | 1682 |
| 1675 // Since the transaction can restart with auth credentials, it may create a | 1683 // Since the transaction can restart with auth credentials, it may create a |
| 1676 // stream more than once. Accumulate all of the connection attempts across | 1684 // stream more than once. Accumulate all of the connection attempts across |
| 1677 // those streams by appending them to the vector: | 1685 // those streams by appending them to the vector: |
| 1678 for (const auto& attempt : stream_request_->connection_attempts()) | 1686 for (const auto& attempt : stream_request_->connection_attempts()) |
| 1679 connection_attempts_.push_back(attempt); | 1687 connection_attempts_.push_back(attempt); |
| 1680 } | 1688 } |
| 1681 | 1689 |
| 1682 } // namespace net | 1690 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1422573008:
Plumbing SSLPrivateKey (//net) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master