Chromium Code Reviews Chromium Code Reviews
Issue 1579063002:
Implement a skeleton version of Expect CT reports (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 343 | 343 |
| 344 if (!is_cached_content_ && throttling_entry_.get()) | 344 if (!is_cached_content_ && throttling_entry_.get()) |
| 345 throttling_entry_->UpdateWithResponse(GetResponseCode()); | 345 throttling_entry_->UpdateWithResponse(GetResponseCode()); |
| 346 | 346 |
| 347 if (!is_cached_content_) | 347 if (!is_cached_content_) |
| 348 ProcessBackoffHeader(); | 348 ProcessBackoffHeader(); |
| 349 | 349 |
| 350 // The ordering of these calls is not important. | 350 // The ordering of these calls is not important. |
| 351 ProcessStrictTransportSecurityHeader(); | 351 ProcessStrictTransportSecurityHeader(); |
| 352 ProcessPublicKeyPinsHeader(); | 352 ProcessPublicKeyPinsHeader(); |
| 353 ProcessExpectCTHeader(); | |
| 353 | 354 |
| 354 // Handle the server notification of a new SDCH dictionary. | 355 // Handle the server notification of a new SDCH dictionary. |
| 355 SdchManager* sdch_manager(request()->context()->sdch_manager()); | 356 SdchManager* sdch_manager(request()->context()->sdch_manager()); |
| 356 if (sdch_manager) { | 357 if (sdch_manager) { |
| 357 SdchProblemCode rv = sdch_manager->IsInSupportedDomain(request()->url()); | 358 SdchProblemCode rv = sdch_manager->IsInSupportedDomain(request()->url()); |
| 358 if (rv != SDCH_OK) { | 359 if (rv != SDCH_OK) { |
| 359 SdchManager::SdchErrorRecovery(rv); | 360 SdchManager::SdchErrorRecovery(rv); |
| 360 request()->net_log().AddEvent( | 361 request()->net_log().AddEvent( |
| 361 NetLog::TYPE_SDCH_DECODING_ERROR, | 362 NetLog::TYPE_SDCH_DECODING_ERROR, |
| 362 base::Bind(&NetLogSdchResourceProblemCallback, rv)); | 363 base::Bind(&NetLogSdchResourceProblemCallback, rv)); |
| (...skipping 480 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 843 std::string value; | 844 std::string value; |
| 844 if (headers->EnumerateHeader(nullptr, "Public-Key-Pins", &value)) | 845 if (headers->EnumerateHeader(nullptr, "Public-Key-Pins", &value)) |
| 845 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); | 846 security_state->AddHPKPHeader(request_info_.url.host(), value, ssl_info); |
| 846 if (headers->EnumerateHeader(nullptr, "Public-Key-Pins-Report-Only", | 847 if (headers->EnumerateHeader(nullptr, "Public-Key-Pins-Report-Only", |
| 847 &value)) { | 848 &value)) { |
| 848 security_state->ProcessHPKPReportOnlyHeader( | 849 security_state->ProcessHPKPReportOnlyHeader( |
| 849 value, HostPortPair::FromURL(request_info_.url), ssl_info); | 850 value, HostPortPair::FromURL(request_info_.url), ssl_info); |
| 850 } | 851 } |
| 851 } | 852 } |
| 852 | 853 |
| 854 void URLRequestHttpJob::ProcessExpectCTHeader() { | |
| 855 DCHECK(response_info_); | |
| 856 TransportSecurityState* security_state = | |
| 857 request_->context()->transport_security_state(); | |
| 858 const SSLInfo& ssl_info = response_info_->ssl_info; | |
| 859 | |
| 860 // Only accept Expect CT headers on HTTPS connections that have no | |
| 861 // certificate errors. | |
| 862 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | |
| 863 !security_state) | |
| 864 return; | |
|
mmenke
2016/03/07 18:28:08
nit: Use braces if an if condition takes up multi
| |
| 865 | |
| 866 // Only process the first Expect-CT header value. | |
| 867 HttpResponseHeaders* headers = GetResponseHeaders(); | |
| 868 std::string value; | |
| 869 if (headers->EnumerateHeader(nullptr, "Expect-CT", &value)) { | |
| 870 security_state->ProcessExpectCTHeader( | |
| 871 value, HostPortPair::FromURL(request_info_.url), ssl_info); | |
| 872 } | |
| 873 } | |
| 874 | |
| 853 void URLRequestHttpJob::OnStartCompleted(int result) { | 875 void URLRequestHttpJob::OnStartCompleted(int result) { |
| 854 RecordTimer(); | 876 RecordTimer(); |
| 855 | 877 |
| 856 // If the request was destroyed, then there is no more work to do. | 878 // If the request was destroyed, then there is no more work to do. |
| 857 if (!request_) | 879 if (!request_) |
| 858 return; | 880 return; |
| 859 | 881 |
| 860 // If the job is done (due to cancellation), can just ignore this | 882 // If the job is done (due to cancellation), can just ignore this |
| 861 // notification. | 883 // notification. |
| 862 if (done_) | 884 if (done_) |
| (...skipping 659 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1522 return override_response_headers_.get() ? | 1544 return override_response_headers_.get() ? |
| 1523 override_response_headers_.get() : | 1545 override_response_headers_.get() : |
| 1524 transaction_->GetResponseInfo()->headers.get(); | 1546 transaction_->GetResponseInfo()->headers.get(); |
| 1525 } | 1547 } |
| 1526 | 1548 |
| 1527 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1549 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1528 awaiting_callback_ = false; | 1550 awaiting_callback_ = false; |
| 1529 } | 1551 } |
| 1530 | 1552 |
| 1531 } // namespace net | 1553 } // namespace net |
| OLD | NEW |
