Chromium Code Reviews Chromium Code Reviews
Issue 1772603002:
Addition of Certificate Transparency details to Security panel of DevTools (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/web_url_loader_impl.h" | 5 #include "content/child/web_url_loader_impl.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| 11 #include <string> | 11 #include <string> |
| 12 #include <utility> | 12 #include <utility> |
| 13 #include <vector> | 13 #include <vector> |
| 14 | 14 |
| 15 #include "base/bind.h" | 15 #include "base/bind.h" |
| 16 #include "base/files/file_path.h" | 16 #include "base/files/file_path.h" |
| 17 #include "base/logging.h" | 17 #include "base/logging.h" |
| 18 #include "base/memory/ptr_util.h" | 18 #include "base/memory/ptr_util.h" |
| 19 #include "base/single_thread_task_runner.h" | 19 #include "base/single_thread_task_runner.h" |
| 20 #include "base/strings/string_number_conversions.h" | |
| 20 #include "base/strings/string_util.h" | 21 #include "base/strings/string_util.h" |
| 21 #include "base/time/time.h" | 22 #include "base/time/time.h" |
| 22 #include "build/build_config.h" | 23 #include "build/build_config.h" |
| 23 #include "components/mime_util/mime_util.h" | 24 #include "components/mime_util/mime_util.h" |
| 24 #include "components/scheduler/child/web_task_runner_impl.h" | 25 #include "components/scheduler/child/web_task_runner_impl.h" |
| 25 #include "content/child/child_thread_impl.h" | 26 #include "content/child/child_thread_impl.h" |
| 26 #include "content/child/ftp_directory_listing_response_delegate.h" | 27 #include "content/child/ftp_directory_listing_response_delegate.h" |
| 27 #include "content/child/request_extra_data.h" | 28 #include "content/child/request_extra_data.h" |
| 28 #include "content/child/request_info.h" | 29 #include "content/child/request_info.h" |
| 29 #include "content/child/resource_dispatcher.h" | 30 #include "content/child/resource_dispatcher.h" |
| 30 #include "content/child/shared_memory_data_consumer_handle.h" | 31 #include "content/child/shared_memory_data_consumer_handle.h" |
| 31 #include "content/child/sync_load_response.h" | 32 #include "content/child/sync_load_response.h" |
| 32 #include "content/child/web_url_request_util.h" | 33 #include "content/child/web_url_request_util.h" |
| 33 #include "content/child/weburlresponse_extradata_impl.h" | 34 #include "content/child/weburlresponse_extradata_impl.h" |
| 34 #include "content/common/resource_messages.h" | 35 #include "content/common/resource_messages.h" |
| 35 #include "content/common/resource_request_body.h" | 36 #include "content/common/resource_request_body.h" |
| 36 #include "content/common/service_worker/service_worker_types.h" | 37 #include "content/common/service_worker/service_worker_types.h" |
| 37 #include "content/common/ssl_status_serialization.h" | 38 #include "content/common/ssl_status_serialization.h" |
| 38 #include "content/public/child/fixed_received_data.h" | 39 #include "content/public/child/fixed_received_data.h" |
| 39 #include "content/public/child/request_peer.h" | 40 #include "content/public/child/request_peer.h" |
| 40 #include "content/public/common/browser_side_navigation_policy.h" | 41 #include "content/public/common/browser_side_navigation_policy.h" |
| 41 #include "content/public/common/ssl_status.h" | 42 #include "content/public/common/ssl_status.h" |
| 42 #include "net/base/data_url.h" | 43 #include "net/base/data_url.h" |
| 43 #include "net/base/filename_util.h" | 44 #include "net/base/filename_util.h" |
| 44 #include "net/base/net_errors.h" | 45 #include "net/base/net_errors.h" |
| 45 #include "net/cert/cert_status_flags.h" | 46 #include "net/cert/cert_status_flags.h" |
| 46 #include "net/cert/sct_status_flags.h" | 47 #include "net/cert/ct_sct_to_string.h" |
| 47 #include "net/http/http_response_headers.h" | 48 #include "net/http/http_response_headers.h" |
| 48 #include "net/http/http_util.h" | 49 #include "net/http/http_util.h" |
| 49 #include "net/ssl/ssl_cipher_suite_names.h" | 50 #include "net/ssl/ssl_cipher_suite_names.h" |
| 50 #include "net/ssl/ssl_connection_status_flags.h" | 51 #include "net/ssl/ssl_connection_status_flags.h" |
| 51 #include "net/url_request/url_request_data_job.h" | 52 #include "net/url_request/url_request_data_job.h" |
| 52 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" | 53 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" |
| 53 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" | 54 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" |
| 54 #include "third_party/WebKit/public/platform/WebTraceLocation.h" | 55 #include "third_party/WebKit/public/platform/WebTraceLocation.h" |
| 55 #include "third_party/WebKit/public/platform/WebURL.h" | 56 #include "third_party/WebKit/public/platform/WebURL.h" |
| 56 #include "third_party/WebKit/public/platform/WebURLError.h" | 57 #include "third_party/WebKit/public/platform/WebURLError.h" |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 180 info->headers = headers; | 181 info->headers = headers; |
| 181 info->mime_type.swap(mime_type); | 182 info->mime_type.swap(mime_type); |
| 182 info->charset.swap(charset); | 183 info->charset.swap(charset); |
| 183 info->security_info.clear(); | 184 info->security_info.clear(); |
| 184 info->content_length = data->length(); | 185 info->content_length = data->length(); |
| 185 info->encoded_data_length = 0; | 186 info->encoded_data_length = 0; |
| 186 | 187 |
| 187 return net::OK; | 188 return net::OK; |
| 188 } | 189 } |
| 189 | 190 |
| 191 // Convert a net::SignedCertificateTimestampAndStatus object to a | |
| 192 // blink::WebURLResponse::SignedCertificateTimestamp object. | |
| 193 blink::WebURLResponse::SignedCertificateTimestamp NetSCTToBlinkSCT( | |
| 194 const net::SignedCertificateTimestampAndStatus& sct_and_status) { | |
| 195 return blink::WebURLResponse::SignedCertificateTimestamp( | |
| 196 WebString::fromUTF8(net::ct::StatusToString(sct_and_status.status)), | |
| 197 WebString::fromUTF8(net::ct::OriginToString(sct_and_status.sct->origin)), | |
| 198 WebString::fromUTF8(sct_and_status.sct->log_description), | |
| 199 WebString::fromUTF8( | |
| 200 base::HexEncode(reinterpret_cast<const unsigned char*>( | |
| 201 sct_and_status.sct->log_id.data()), | |
| 202 sct_and_status.sct->log_id.length())), | |
| 203 sct_and_status.sct->timestamp.ToJavaTime(), | |
| 204 WebString::fromUTF8(net::ct::HashAlgorithmToString( | |
| 205 sct_and_status.sct->signature.hash_algorithm)), | |
| 206 WebString::fromUTF8(net::ct::SignatureAlgorithmToString( | |
| 207 sct_and_status.sct->signature.signature_algorithm)), | |
| 208 WebString::fromUTF8(base::HexEncode( | |
| 209 reinterpret_cast<const unsigned char*>( | |
| 210 sct_and_status.sct->signature.signature_data.data()), | |
| 211 sct_and_status.sct->signature.signature_data.length()))); | |
| 212 } | |
| 213 | |
| 190 void SetSecurityStyleAndDetails(const GURL& url, | 214 void SetSecurityStyleAndDetails(const GURL& url, |
| 191 const std::string& security_info, | 215 const ResourceResponseInfo& info, |
| 192 WebURLResponse* response, | 216 WebURLResponse* response, |
| 193 bool report_security_info) { | 217 bool report_security_info) { |
| 194 if (!report_security_info) { | 218 if (!report_security_info) { |
| 195 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 219 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 196 return; | 220 return; |
| 197 } | 221 } |
| 198 if (!url.SchemeIsCryptographic()) { | 222 if (!url.SchemeIsCryptographic()) { |
| 199 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); | 223 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); |
| 200 return; | 224 return; |
| 201 } | 225 } |
| 202 | 226 |
| 203 // There are cases where an HTTPS request can come in without security | 227 // There are cases where an HTTPS request can come in without security |
| 204 // info attached (such as a redirect response). | 228 // info attached (such as a redirect response). |
| 229 const std::string& security_info = info.security_info; | |
| 205 if (security_info.empty()) { | 230 if (security_info.empty()) { |
| 206 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 231 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 207 return; | 232 return; |
| 208 } | 233 } |
| 209 | 234 |
| 210 SSLStatus ssl_status; | 235 SSLStatus ssl_status; |
| 211 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { | 236 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { |
| 212 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 237 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 213 DLOG(ERROR) | 238 DLOG(ERROR) |
| 214 << "DeserializeSecurityInfo() failed for an authenticated request."; | 239 << "DeserializeSecurityInfo() failed for an authenticated request."; |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 252 securityStyle = WebURLResponse::SecurityStyleAuthenticated; | 277 securityStyle = WebURLResponse::SecurityStyleAuthenticated; |
| 253 break; | 278 break; |
| 254 } | 279 } |
| 255 | 280 |
| 256 response->setSecurityStyle(securityStyle); | 281 response->setSecurityStyle(securityStyle); |
| 257 | 282 |
| 258 size_t num_unknown_scts = ssl_status.num_unknown_scts; | 283 size_t num_unknown_scts = ssl_status.num_unknown_scts; |
| 259 size_t num_invalid_scts = ssl_status.num_invalid_scts; | 284 size_t num_invalid_scts = ssl_status.num_invalid_scts; |
| 260 size_t num_valid_scts = ssl_status.num_valid_scts; | 285 size_t num_valid_scts = ssl_status.num_valid_scts; |
| 261 | 286 |
| 287 blink::WebURLResponse::SignedCertificateTimestampList sct_list( | |
| 288 info.signed_certificate_timestamps.size()); | |
| 289 | |
| 290 for (size_t i = 0; i < sct_list.size(); ++i) | |
| 291 sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]); | |
|
Mike West
2016/06/23 16:32:30
Note: Now that you've extracted everything here, t
| |
| 292 | |
| 262 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( | 293 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( |
| 263 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), | 294 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), |
| 264 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), | 295 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id, |
| 265 ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts); | 296 num_unknown_scts, num_invalid_scts, num_valid_scts, sct_list); |
| 266 | 297 |
| 267 response->setSecurityDetails(webSecurityDetails); | 298 response->setSecurityDetails(webSecurityDetails); |
| 268 } | 299 } |
| 269 | 300 |
| 270 } // namespace | 301 } // namespace |
| 271 | 302 |
| 272 // This inner class exists since the WebURLLoader may be deleted while inside a | 303 // This inner class exists since the WebURLLoader may be deleted while inside a |
| 273 // call to WebURLLoaderClient. Refcounting is to keep the context from being | 304 // call to WebURLLoaderClient. Refcounting is to keep the context from being |
| 274 // deleted if it may have work to do after calling into the client. | 305 // deleted if it may have work to do after calling into the client. |
| 275 class WebURLLoaderImpl::Context : public base::RefCounted<Context> { | 306 class WebURLLoaderImpl::Context : public base::RefCounted<Context> { |
| (...skipping 681 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 957 ? blink::WebString::fromUTF8(info.cache_storage_cache_name) | 988 ? blink::WebString::fromUTF8(info.cache_storage_cache_name) |
| 958 : blink::WebString()); | 989 : blink::WebString()); |
| 959 blink::WebVector<blink::WebString> cors_exposed_header_names( | 990 blink::WebVector<blink::WebString> cors_exposed_header_names( |
| 960 info.cors_exposed_header_names.size()); | 991 info.cors_exposed_header_names.size()); |
| 961 std::transform( | 992 std::transform( |
| 962 info.cors_exposed_header_names.begin(), | 993 info.cors_exposed_header_names.begin(), |
| 963 info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(), | 994 info.cors_exposed_header_names.end(), cors_exposed_header_names.begin(), |
| 964 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); | 995 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); |
| 965 response->setCorsExposedHeaderNames(cors_exposed_header_names); | 996 response->setCorsExposedHeaderNames(cors_exposed_header_names); |
| 966 | 997 |
| 967 SetSecurityStyleAndDetails(url, info.security_info, response, | 998 SetSecurityStyleAndDetails(url, info, response, report_security_info); |
| 968 report_security_info); | |
| 969 | 999 |
| 970 WebURLResponseExtraDataImpl* extra_data = | 1000 WebURLResponseExtraDataImpl* extra_data = |
| 971 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol); | 1001 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol); |
| 972 response->setExtraData(extra_data); | 1002 response->setExtraData(extra_data); |
| 973 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy); | 1003 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy); |
| 974 extra_data->set_was_npn_negotiated(info.was_npn_negotiated); | 1004 extra_data->set_was_npn_negotiated(info.was_npn_negotiated); |
| 975 extra_data->set_was_alternate_protocol_available( | 1005 extra_data->set_was_alternate_protocol_available( |
| 976 info.was_alternate_protocol_available); | 1006 info.was_alternate_protocol_available); |
| 977 extra_data->set_connection_info(info.connection_info); | 1007 extra_data->set_connection_info(info.connection_info); |
| 978 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy); | 1008 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy); |
| (...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1198 response->clearHTTPHeaderField(webStringName); | 1228 response->clearHTTPHeaderField(webStringName); |
| 1199 while (response_headers->EnumerateHeader(&iterator, name, &value)) { | 1229 while (response_headers->EnumerateHeader(&iterator, name, &value)) { |
| 1200 response->addHTTPHeaderField(webStringName, | 1230 response->addHTTPHeaderField(webStringName, |
| 1201 WebString::fromLatin1(value)); | 1231 WebString::fromLatin1(value)); |
| 1202 } | 1232 } |
| 1203 } | 1233 } |
| 1204 return true; | 1234 return true; |
| 1205 } | 1235 } |
| 1206 | 1236 |
| 1207 } // namespace content | 1237 } // namespace content |
| OLD | NEW |
