content/child/web_url_loader_impl.cc - Issue 1772603002: Addition of Certificate Transparency details to Security panel of DevTools

Side by Side Diff: content/child/web_url_loader_impl.cc

Issue 1772603002: Addition of Certificate Transparency details to Security panel of DevTools (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: changed a dictionary key Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/child/web_url_loader_impl.h"	5 #include "content/child/web_url_loader_impl.h"

6	6

7 #include <stdint.h>	7 #include <stdint.h>

8	8

9 #include <algorithm>	9 #include <algorithm>

10 #include <memory>	10 #include <memory>

11 #include <string>	11 #include <string>

12 #include <utility>	12 #include <utility>

13 #include <vector>	13 #include <vector>

14	14

15 #include "base/bind.h"	15 #include "base/bind.h"

16 #include "base/files/file_path.h"	16 #include "base/files/file_path.h"

17 #include "base/logging.h"	17 #include "base/logging.h"

18 #include "base/memory/ptr_util.h"	18 #include "base/memory/ptr_util.h"

19 #include "base/single_thread_task_runner.h"	19 #include "base/single_thread_task_runner.h"

	20 #include "base/strings/string_number_conversions.h"

20 #include "base/strings/string_util.h"	21 #include "base/strings/string_util.h"

21 #include "base/time/time.h"	22 #include "base/time/time.h"

22 #include "build/build_config.h"	23 #include "build/build_config.h"

23 #include "components/mime_util/mime_util.h"	24 #include "components/mime_util/mime_util.h"

24 #include "components/scheduler/child/web_task_runner_impl.h"	25 #include "components/scheduler/child/web_task_runner_impl.h"

25 #include "content/child/child_thread_impl.h"	26 #include "content/child/child_thread_impl.h"

26 #include "content/child/ftp_directory_listing_response_delegate.h"	27 #include "content/child/ftp_directory_listing_response_delegate.h"

27 #include "content/child/request_extra_data.h"	28 #include "content/child/request_extra_data.h"

28 #include "content/child/request_info.h"	29 #include "content/child/request_info.h"

29 #include "content/child/resource_dispatcher.h"	30 #include "content/child/resource_dispatcher.h"

30 #include "content/child/shared_memory_data_consumer_handle.h"	31 #include "content/child/shared_memory_data_consumer_handle.h"

31 #include "content/child/sync_load_response.h"	32 #include "content/child/sync_load_response.h"

32 #include "content/child/web_url_request_util.h"	33 #include "content/child/web_url_request_util.h"

33 #include "content/child/weburlresponse_extradata_impl.h"	34 #include "content/child/weburlresponse_extradata_impl.h"

34 #include "content/common/resource_messages.h"	35 #include "content/common/resource_messages.h"

35 #include "content/common/resource_request_body.h"	36 #include "content/common/resource_request_body.h"

36 #include "content/common/service_worker/service_worker_types.h"	37 #include "content/common/service_worker/service_worker_types.h"

37 #include "content/common/ssl_status_serialization.h"	38 #include "content/common/ssl_status_serialization.h"

38 #include "content/public/child/fixed_received_data.h"	39 #include "content/public/child/fixed_received_data.h"

39 #include "content/public/child/request_peer.h"	40 #include "content/public/child/request_peer.h"

40 #include "content/public/common/browser_side_navigation_policy.h"	41 #include "content/public/common/browser_side_navigation_policy.h"

41 #include "content/public/common/ssl_status.h"	42 #include "content/public/common/ssl_status.h"

42 #include "net/base/data_url.h"	43 #include "net/base/data_url.h"

43 #include "net/base/filename_util.h"	44 #include "net/base/filename_util.h"

44 #include "net/base/net_errors.h"	45 #include "net/base/net_errors.h"

45 #include "net/cert/cert_status_flags.h"	46 #include "net/cert/cert_status_flags.h"

46 #include "net/cert/sct_status_flags.h"	47 #include "net/cert/ct_sct_to_string.h"

47 #include "net/http/http_response_headers.h"	48 #include "net/http/http_response_headers.h"

48 #include "net/http/http_util.h"	49 #include "net/http/http_util.h"

49 #include "net/ssl/ssl_cipher_suite_names.h"	50 #include "net/ssl/ssl_cipher_suite_names.h"

50 #include "net/ssl/ssl_connection_status_flags.h"	51 #include "net/ssl/ssl_connection_status_flags.h"

51 #include "net/url_request/url_request_data_job.h"	52 #include "net/url_request/url_request_data_job.h"

52 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"	53 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h"

53 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"	54 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h"

54 #include "third_party/WebKit/public/platform/WebTraceLocation.h"	55 #include "third_party/WebKit/public/platform/WebTraceLocation.h"

55 #include "third_party/WebKit/public/platform/WebURL.h"	56 #include "third_party/WebKit/public/platform/WebURL.h"

56 #include "third_party/WebKit/public/platform/WebURLError.h"	57 #include "third_party/WebKit/public/platform/WebURLError.h"

(...skipping 124 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
181 info->mime_type.swap(mime_type);	182 info->mime_type.swap(mime_type);

182 info->charset.swap(charset);	183 info->charset.swap(charset);

183 info->security_info.clear();	184 info->security_info.clear();

184 info->content_length = data->length();	185 info->content_length = data->length();

185 info->encoded_data_length = 0;	186 info->encoded_data_length = 0;

186	187

187 return net::OK;	188 return net::OK;

188 }	189 }

189	190

190 void SetSecurityStyleAndDetails(const GURL& url,	191 void SetSecurityStyleAndDetails(const GURL& url,

191 const std::string& security_info,	192 const ResourceResponseInfo& info,

192 WebURLResponse* response,	193 WebURLResponse* response,

193 bool report_security_info) {	194 bool report_security_info) {

194 if (!report_security_info) {	195 if (!report_security_info) {

195 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);	196 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);

196 return;	197 return;

197 }	198 }

198 if (!url.SchemeIsCryptographic()) {	199 if (!url.SchemeIsCryptographic()) {

199 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated);	200 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated);

200 return;	201 return;

201 }	202 }

202	203

203 // There are cases where an HTTPS request can come in without security	204 // There are cases where an HTTPS request can come in without security

204 // info attached (such as a redirect response).	205 // info attached (such as a redirect response).

	206 const std::string& security_info = info.security_info;

205 if (security_info.empty()) {	207 if (security_info.empty()) {

206 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);	208 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);

207 return;	209 return;

208 }	210 }

209	211

210 SSLStatus ssl_status;	212 SSLStatus ssl_status;

211 if (!DeserializeSecurityInfo(security_info, &ssl_status)) {	213 if (!DeserializeSecurityInfo(security_info, &ssl_status)) {

212 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);	214 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown);

213 DLOG(ERROR)	215 DLOG(ERROR)

214 << "DeserializeSecurityInfo() failed for an authenticated request.";	216 << "DeserializeSecurityInfo() failed for an authenticated request.";

(...skipping 37 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
252 securityStyle = WebURLResponse::SecurityStyleAuthenticated;	254 securityStyle = WebURLResponse::SecurityStyleAuthenticated;

253 break;	255 break;

254 }	256 }

255	257

256 response->setSecurityStyle(securityStyle);	258 response->setSecurityStyle(securityStyle);

257	259

258 size_t num_unknown_scts = ssl_status.num_unknown_scts;	260 size_t num_unknown_scts = ssl_status.num_unknown_scts;

259 size_t num_invalid_scts = ssl_status.num_invalid_scts;	261 size_t num_invalid_scts = ssl_status.num_invalid_scts;

260 size_t num_valid_scts = ssl_status.num_valid_scts;	262 size_t num_valid_scts = ssl_status.num_valid_scts;

261	263

	264 blink::WebURLResponse::SignedCertificateTimestampList sct_list(

	265 info.signed_certificate_timestamps.size());

	266

	267 for (size_t i = 0; i < sct_list.size(); ++i) {
	Mike West 2016/06/23 06:48:01 Can you not iterate through `info.signed_certifica Can you not iterate through `info.signed_certificate_timestamps` with a fancy new C++11 for loop? dwaxweiler 2016/06/23 11:53:02 This is possible, but I would still need a counter Show quoted text On 2016/06/23 06:48:01, Mike West wrote: > Can you not iterate through `info.signed_certificate_timestamps` with a fancy > new C++11 for loop? This is possible, but I would still need a counter for sct_list. Mike West 2016/06/23 16:32:30 `sct_list.append(sct)` seems like it would work. T Show quoted text On 2016/06/23 at 11:53:02, dwaxweiler wrote: > On 2016/06/23 06:48:01, Mike West wrote: > > Can you not iterate through `info.signed_certificate_timestamps` with a fancy > > new C++11 for loop? > > This is possible, but I would still need a counter for sct_list. `sct_list.append(sct)` seems like it would work. This is a nit; it's not terribly important, but dropping the assignment below, and not thinking about sizes anymore seems like a (small) win. dwaxweiler 2016/06/28 09:51:06 Unfortunately, blink::WebVector does not provide s Show quoted text On 2016/06/23 16:32:30, Mike West wrote: > On 2016/06/23 at 11:53:02, dwaxweiler wrote: > > On 2016/06/23 06:48:01, Mike West wrote: > > > Can you not iterate through `info.signed_certificate_timestamps` with a > fancy > > > new C++11 for loop? > > > > This is possible, but I would still need a counter for sct_list. > > `sct_list.append(sct)` seems like it would work. This is a nit; it's not > terribly important, but dropping the assignment below, and not thinking about > sizes anymore seems like a (small) win. Unfortunately, blink::WebVector does not provide such a handy method.
	268 const net::SignedCertificateTimestampAndStatus& sct_and_status =

	269 info.signed_certificate_timestamps[i];

	270 // Extract SCT's details.

	271 blink::WebURLResponse::SignedCertificateTimestamp sct(
	Charlie Reis 2016/06/21 23:44:03 This seems too complicated to be embedded inside t This seems too complicated to be embedded inside this already complex function. I'm guessing we can't do it inside SignedCertificateTimestamp because Blink shouldn't depend on net::SignedCertificateTimestampAndStatus? At the least, we should have a conversion helper function. dwaxweiler 2016/06/23 11:53:02 Acknowledged. Show quoted text On 2016/06/21 23:44:03, Charlie Reis wrote: > This seems too complicated to be embedded inside this already complex function. > I'm guessing we can't do it inside SignedCertificateTimestamp because Blink > shouldn't depend on net::SignedCertificateTimestampAndStatus? > > At the least, we should have a conversion helper function. Acknowledged.
	272 WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)),

	273 WebString::fromUTF8(

	274 net::ct::OriginToString(sct_and_status.sct->origin)),

	275 WebString::fromUTF8(sct_and_status.sct->log_description),

	276 WebString::fromUTF8(

	277 base::HexEncode(reinterpret_cast<const unsigned char*>(
	Charlie Reis 2016/06/21 23:44:03 We generally don't like using reinterpret_casts. We generally don't like using reinterpret_casts. Is there a way to avoid it? dwaxweiler 2016/06/23 11:53:02 I am not aware of an alternative, but I am willing Show quoted text On 2016/06/21 23:44:03, Charlie Reis wrote: > We generally don't like using reinterpret_casts. Is there a way to avoid it? I am not aware of an alternative, but I am willing to learn. Mike West 2016/06/23 16:32:30 Wouldn't `base::HexEncode(sct_and_status.sct->log_ Show quoted text On 2016/06/23 at 11:53:02, dwaxweiler wrote: > On 2016/06/21 23:44:03, Charlie Reis wrote: > > We generally don't like using reinterpret_casts. Is there a way to avoid it? > > I am not aware of an alternative, but I am willing to learn. Wouldn't `base::HexEncode(sct_and_status.sct->log_id.c_str(), sct_and_status.sct->log_id.size())` work? I don't understand what the cast is doing for you here. dwaxweiler 2016/06/28 09:51:06 You are totally right! Show quoted text On 2016/06/23 16:32:30, Mike West wrote: > On 2016/06/23 at 11:53:02, dwaxweiler wrote: > > On 2016/06/21 23:44:03, Charlie Reis wrote: > > > We generally don't like using reinterpret_casts. Is there a way to avoid > it? > > > > I am not aware of an alternative, but I am willing to learn. > > Wouldn't `base::HexEncode(sct_and_status.sct->log_id.c_str(), > sct_and_status.sct->log_id.size())` work? I don't understand what the cast is > doing for you here. You are totally right!
	278 sct_and_status.sct->log_id.data()),

	279 sct_and_status.sct->log_id.length())),

	280 sct_and_status.sct->timestamp.ToJavaTime(),

	281 WebString::fromUTF8(net::ct::HashAlgorithmToString(

	282 sct_and_status.sct->signature.hash_algorithm)),

	283 WebString::fromUTF8(net::ct::SignatureAlgorithmToString(

	284 sct_and_status.sct->signature.signature_algorithm)),

	285 WebString::fromUTF8(base::HexEncode(

	286 reinterpret_cast<const unsigned char*>(

	287 sct_and_status.sct->signature.signature_data.data()),

	288 sct_and_status.sct->signature.signature_data.length())));
	Charlie Reis 2016/06/21 23:44:03 I'm not qualified to review all these conversions I'm not qualified to review all these conversions and whether they're safe or correct. Has someone taken a close look at them already?
	289 sct_list[i] = sct;

	290 }

	291

262 blink::WebURLResponse::WebSecurityDetails webSecurityDetails(	292 blink::WebURLResponse::WebSecurityDetails webSecurityDetails(

263 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),	293 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange),

264 WebString::fromUTF8(cipher), WebString::fromUTF8(mac),	294 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id,

265 ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts);	295 num_unknown_scts, num_invalid_scts, num_valid_scts, sct_list);

266	296

267 response->setSecurityDetails(webSecurityDetails);	297 response->setSecurityDetails(webSecurityDetails);

268 }	298 }

269	299

270 } // namespace	300 } // namespace

271	301

272 // This inner class exists since the WebURLLoader may be deleted while inside a	302 // This inner class exists since the WebURLLoader may be deleted while inside a

273 // call to WebURLLoaderClient. Refcounting is to keep the context from being	303 // call to WebURLLoaderClient. Refcounting is to keep the context from being

274 // deleted if it may have work to do after calling into the client.	304 // deleted if it may have work to do after calling into the client.

275 class WebURLLoaderImpl::Context : public base::RefCounted<Context> {	305 class WebURLLoaderImpl::Context : public base::RefCounted<Context> {

(...skipping 681 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
957 ? blink::WebString::fromUTF8(info.cache_storage_cache_name)	987 ? blink::WebString::fromUTF8(info.cache_storage_cache_name)

958 : blink::WebString());	988 : blink::WebString());

959 blink::WebVector<blink::WebString> cors_exposed_header_names(	989 blink::WebVector<blink::WebString> cors_exposed_header_names(

960 info.cors_exposed_header_names.size());	990 info.cors_exposed_header_names.size());

961 std::transform(	991 std::transform(

962 info.cors_exposed_header_names.begin(),	992 info.cors_exposed_header_names.begin(),

963 info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(),	993 info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(),

964 [](const std::string& h) { return blink::WebString::fromLatin1(h); });	994 [](const std::string& h) { return blink::WebString::fromLatin1(h); });

965 response->setCorsExposedHeaderNames(cors_exposed_header_names);	995 response->setCorsExposedHeaderNames(cors_exposed_header_names);

966	996

967 SetSecurityStyleAndDetails(url, info.security_info, response,	997 SetSecurityStyleAndDetails(url, info, response, report_security_info);

968 report_security_info);

969	998

970 WebURLResponseExtraDataImpl* extra_data =	999 WebURLResponseExtraDataImpl* extra_data =

971 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);	1000 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol);

972 response->setExtraData(extra_data);	1001 response->setExtraData(extra_data);

973 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy);	1002 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy);

974 extra_data->set_was_npn_negotiated(info.was_npn_negotiated);	1003 extra_data->set_was_npn_negotiated(info.was_npn_negotiated);

975 extra_data->set_was_alternate_protocol_available(	1004 extra_data->set_was_alternate_protocol_available(

976 info.was_alternate_protocol_available);	1005 info.was_alternate_protocol_available);

977 extra_data->set_connection_info(info.connection_info);	1006 extra_data->set_connection_info(info.connection_info);

978 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy);	1007 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy);

(...skipping 219 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1198 response->clearHTTPHeaderField(webStringName);	1227 response->clearHTTPHeaderField(webStringName);

1199 while (response_headers->EnumerateHeader(&iterator, name, &value)) {	1228 while (response_headers->EnumerateHeader(&iterator, name, &value)) {

1200 response->addHTTPHeaderField(webStringName,	1229 response->addHTTPHeaderField(webStringName,

1201 WebString::fromLatin1(value));	1230 WebString::fromLatin1(value));

1202 }	1231 }

1203 }	1232 }

1204 return true;	1233 return true;

1205 }	1234 }

1206	1235

1207 } // namespace content	1236 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | net/cert/ct_sct_to_string.h » ('j') | third_party/WebKit/Source/core/inspector/browser_protocol.json » ('J')