| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/spdy/spdy_session.h" | 5 #include "net/spdy/spdy_session.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <limits> | 8 #include <limits> |
| 9 #include <map> | 9 #include <map> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 #include "base/strings/string_util.h" | 23 #include "base/strings/string_util.h" |
| 24 #include "base/strings/stringprintf.h" | 24 #include "base/strings/stringprintf.h" |
| 25 #include "base/strings/utf_string_conversions.h" | 25 #include "base/strings/utf_string_conversions.h" |
| 26 #include "base/thread_task_runner_handle.h" | 26 #include "base/thread_task_runner_handle.h" |
| 27 #include "base/time/time.h" | 27 #include "base/time/time.h" |
| 28 #include "base/values.h" | 28 #include "base/values.h" |
| 29 #include "crypto/ec_private_key.h" | 29 #include "crypto/ec_private_key.h" |
| 30 #include "crypto/ec_signature_creator.h" | 30 #include "crypto/ec_signature_creator.h" |
| 31 #include "net/base/connection_type_histograms.h" | 31 #include "net/base/connection_type_histograms.h" |
| 32 #include "net/base/net_util.h" | 32 #include "net/base/net_util.h" |
| 33 #include "net/base/proxy_delegate.h" |
| 33 #include "net/cert/asn1_util.h" | 34 #include "net/cert/asn1_util.h" |
| 34 #include "net/cert/cert_verify_result.h" | 35 #include "net/cert/cert_verify_result.h" |
| 35 #include "net/http/http_log_util.h" | 36 #include "net/http/http_log_util.h" |
| 36 #include "net/http/http_network_session.h" | 37 #include "net/http/http_network_session.h" |
| 37 #include "net/http/http_server_properties.h" | 38 #include "net/http/http_server_properties.h" |
| 38 #include "net/http/http_util.h" | 39 #include "net/http/http_util.h" |
| 39 #include "net/http/transport_security_state.h" | 40 #include "net/http/transport_security_state.h" |
| 40 #include "net/log/net_log.h" | 41 #include "net/log/net_log.h" |
| 42 #include "net/proxy/proxy_server.h" |
| 41 #include "net/socket/ssl_client_socket.h" | 43 #include "net/socket/ssl_client_socket.h" |
| 42 #include "net/spdy/spdy_buffer_producer.h" | 44 #include "net/spdy/spdy_buffer_producer.h" |
| 43 #include "net/spdy/spdy_frame_builder.h" | 45 #include "net/spdy/spdy_frame_builder.h" |
| 44 #include "net/spdy/spdy_http_utils.h" | 46 #include "net/spdy/spdy_http_utils.h" |
| 45 #include "net/spdy/spdy_protocol.h" | 47 #include "net/spdy/spdy_protocol.h" |
| 46 #include "net/spdy/spdy_session_pool.h" | 48 #include "net/spdy/spdy_session_pool.h" |
| 47 #include "net/spdy/spdy_stream.h" | 49 #include "net/spdy/spdy_stream.h" |
| 48 #include "net/ssl/channel_id_service.h" | 50 #include "net/ssl/channel_id_service.h" |
| 49 #include "net/ssl/ssl_cipher_suite_names.h" | 51 #include "net/ssl/ssl_cipher_suite_names.h" |
| 50 #include "net/ssl/ssl_connection_status_flags.h" | 52 #include "net/ssl/ssl_connection_status_flags.h" |
| (...skipping 600 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 651 TransportSecurityState* transport_security_state, | 653 TransportSecurityState* transport_security_state, |
| 652 bool verify_domain_authentication, | 654 bool verify_domain_authentication, |
| 653 bool enable_sending_initial_data, | 655 bool enable_sending_initial_data, |
| 654 bool enable_compression, | 656 bool enable_compression, |
| 655 bool enable_ping_based_connection_checking, | 657 bool enable_ping_based_connection_checking, |
| 656 NextProto default_protocol, | 658 NextProto default_protocol, |
| 657 size_t session_max_recv_window_size, | 659 size_t session_max_recv_window_size, |
| 658 size_t stream_max_recv_window_size, | 660 size_t stream_max_recv_window_size, |
| 659 size_t initial_max_concurrent_streams, | 661 size_t initial_max_concurrent_streams, |
| 660 TimeFunc time_func, | 662 TimeFunc time_func, |
| 661 const HostPortPair& trusted_spdy_proxy, | 663 ProxyDelegate* proxy_delegate, |
| 662 NetLog* net_log) | 664 NetLog* net_log) |
| 663 : in_io_loop_(false), | 665 : in_io_loop_(false), |
| 664 spdy_session_key_(spdy_session_key), | 666 spdy_session_key_(spdy_session_key), |
| 665 pool_(NULL), | 667 pool_(NULL), |
| 666 http_server_properties_(http_server_properties), | 668 http_server_properties_(http_server_properties), |
| 667 transport_security_state_(transport_security_state), | 669 transport_security_state_(transport_security_state), |
| 668 read_buffer_(new IOBuffer(kReadBufferSize)), | 670 read_buffer_(new IOBuffer(kReadBufferSize)), |
| 669 stream_hi_water_mark_(kFirstStreamId), | 671 stream_hi_water_mark_(kFirstStreamId), |
| 670 last_accepted_push_stream_id_(0), | 672 last_accepted_push_stream_id_(0), |
| 671 num_pushed_streams_(0u), | 673 num_pushed_streams_(0u), |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 706 net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP2_SESSION)), | 708 net_log_(BoundNetLog::Make(net_log, NetLog::SOURCE_HTTP2_SESSION)), |
| 707 verify_domain_authentication_(verify_domain_authentication), | 709 verify_domain_authentication_(verify_domain_authentication), |
| 708 enable_sending_initial_data_(enable_sending_initial_data), | 710 enable_sending_initial_data_(enable_sending_initial_data), |
| 709 enable_compression_(enable_compression), | 711 enable_compression_(enable_compression), |
| 710 enable_ping_based_connection_checking_( | 712 enable_ping_based_connection_checking_( |
| 711 enable_ping_based_connection_checking), | 713 enable_ping_based_connection_checking), |
| 712 protocol_(default_protocol), | 714 protocol_(default_protocol), |
| 713 connection_at_risk_of_loss_time_( | 715 connection_at_risk_of_loss_time_( |
| 714 base::TimeDelta::FromSeconds(kDefaultConnectionAtRiskOfLossSeconds)), | 716 base::TimeDelta::FromSeconds(kDefaultConnectionAtRiskOfLossSeconds)), |
| 715 hung_interval_(base::TimeDelta::FromSeconds(kHungIntervalSeconds)), | 717 hung_interval_(base::TimeDelta::FromSeconds(kHungIntervalSeconds)), |
| 716 trusted_spdy_proxy_(trusted_spdy_proxy), | 718 proxy_delegate_(proxy_delegate), |
| 717 time_func_(time_func), | 719 time_func_(time_func), |
| 718 send_priority_dependency_(priority_dependency_enabled_default), | 720 send_priority_dependency_(priority_dependency_enabled_default), |
| 719 weak_factory_(this) { | 721 weak_factory_(this) { |
| 720 DCHECK_GE(protocol_, kProtoSPDYMinimumVersion); | 722 DCHECK_GE(protocol_, kProtoSPDYMinimumVersion); |
| 721 DCHECK_LE(protocol_, kProtoSPDYMaximumVersion); | 723 DCHECK_LE(protocol_, kProtoSPDYMaximumVersion); |
| 722 DCHECK(HttpStreamFactory::spdy_enabled()); | 724 DCHECK(HttpStreamFactory::spdy_enabled()); |
| 723 net_log_.BeginEvent( | 725 net_log_.BeginEvent( |
| 724 NetLog::TYPE_HTTP2_SESSION, | 726 NetLog::TYPE_HTTP2_SESSION, |
| 725 base::Bind(&NetLogSpdySessionCallback, &host_port_proxy_pair())); | 727 base::Bind(&NetLogSpdySessionCallback, &host_port_proxy_pair())); |
| 726 next_unclaimed_push_stream_sweep_time_ = time_func_() + | 728 next_unclaimed_push_stream_sweep_time_ = time_func_() + |
| (...skipping 1968 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2695 stream_id, | 2697 stream_id, |
| 2696 request_priority, | 2698 request_priority, |
| 2697 RST_STREAM_INVALID_STREAM, | 2699 RST_STREAM_INVALID_STREAM, |
| 2698 base::StringPrintf("Received push for inactive associated stream %d", | 2700 base::StringPrintf("Received push for inactive associated stream %d", |
| 2699 associated_stream_id)); | 2701 associated_stream_id)); |
| 2700 return false; | 2702 return false; |
| 2701 } | 2703 } |
| 2702 | 2704 |
| 2703 // Check that the pushed stream advertises the same origin as its associated | 2705 // Check that the pushed stream advertises the same origin as its associated |
| 2704 // stream. Bypass this check if and only if this session is with a SPDY proxy | 2706 // stream. Bypass this check if and only if this session is with a SPDY proxy |
| 2705 // that is trusted explicitly via the --trusted-spdy-proxy switch. | 2707 // that is trusted explicitly as determined by the |proxy_delegate_|. |
| 2706 if (trusted_spdy_proxy_.Equals(host_port_pair())) { | 2708 if (proxy_delegate_ && |
| 2709 proxy_delegate_->IsTrustedSpdyProxy( |
| 2710 ProxyServer(ProxyServer::SCHEME_HTTPS, host_port_pair()))) { |
| 2707 // Disallow pushing of HTTPS content. | 2711 // Disallow pushing of HTTPS content. |
| 2708 if (gurl.SchemeIs("https")) { | 2712 if (gurl.SchemeIs("https")) { |
| 2709 EnqueueResetStreamFrame( | 2713 EnqueueResetStreamFrame( |
| 2710 stream_id, | 2714 stream_id, |
| 2711 request_priority, | 2715 request_priority, |
| 2712 RST_STREAM_REFUSED_STREAM, | 2716 RST_STREAM_REFUSED_STREAM, |
| 2713 base::StringPrintf("Rejected push of Cross Origin HTTPS content %d", | 2717 base::StringPrintf("Rejected push of Cross Origin HTTPS content %d", |
| 2714 associated_stream_id)); | 2718 associated_stream_id)); |
| 2715 return false; | 2719 return false; |
| 2716 } | 2720 } |
| (...skipping 569 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3286 if (!queue->empty()) { | 3290 if (!queue->empty()) { |
| 3287 SpdyStreamId stream_id = queue->front(); | 3291 SpdyStreamId stream_id = queue->front(); |
| 3288 queue->pop_front(); | 3292 queue->pop_front(); |
| 3289 return stream_id; | 3293 return stream_id; |
| 3290 } | 3294 } |
| 3291 } | 3295 } |
| 3292 return 0; | 3296 return 0; |
| 3293 } | 3297 } |
| 3294 | 3298 |
| 3295 } // namespace net | 3299 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1547273003:
Set trusted SPDY proxy dynamically on per-profile basis (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master