| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <utility> | 8 #include <utility> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 689 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 700 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: | 700 case STATE_GENERATE_PROXY_AUTH_TOKEN_COMPLETE: |
| 701 rv = DoGenerateProxyAuthTokenComplete(rv); | 701 rv = DoGenerateProxyAuthTokenComplete(rv); |
| 702 break; | 702 break; |
| 703 case STATE_GENERATE_SERVER_AUTH_TOKEN: | 703 case STATE_GENERATE_SERVER_AUTH_TOKEN: |
| 704 DCHECK_EQ(OK, rv); | 704 DCHECK_EQ(OK, rv); |
| 705 rv = DoGenerateServerAuthToken(); | 705 rv = DoGenerateServerAuthToken(); |
| 706 break; | 706 break; |
| 707 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE: | 707 case STATE_GENERATE_SERVER_AUTH_TOKEN_COMPLETE: |
| 708 rv = DoGenerateServerAuthTokenComplete(rv); | 708 rv = DoGenerateServerAuthTokenComplete(rv); |
| 709 break; | 709 break; |
| 710 case STATE_GET_TOKEN_BINDING_KEY: | 710 case STATE_GET_PROVIDED_TOKEN_BINDING_KEY: |
| 711 DCHECK_EQ(OK, rv); | 711 DCHECK_EQ(OK, rv); |
| 712 rv = DoGetTokenBindingKey(); | 712 rv = DoGetProvidedTokenBindingKey(); |
| 713 break; | 713 break; |
| 714 case STATE_GET_TOKEN_BINDING_KEY_COMPLETE: | 714 case STATE_GET_PROVIDED_TOKEN_BINDING_KEY_COMPLETE: |
| 715 rv = DoGetTokenBindingKeyComplete(rv); | 715 rv = DoGetProvidedTokenBindingKeyComplete(rv); |
| 716 break; |
| 717 case STATE_GET_REFERRED_TOKEN_BINDING_KEY: |
| 718 DCHECK_EQ(OK, rv); |
| 719 rv = DoGetReferredTokenBindingKey(); |
| 720 break; |
| 721 case STATE_GET_REFERRED_TOKEN_BINDING_KEY_COMPLETE: |
| 722 rv = DoGetReferredTokenBindingKeyComplete(rv); |
| 716 break; | 723 break; |
| 717 case STATE_INIT_REQUEST_BODY: | 724 case STATE_INIT_REQUEST_BODY: |
| 718 DCHECK_EQ(OK, rv); | 725 DCHECK_EQ(OK, rv); |
| 719 rv = DoInitRequestBody(); | 726 rv = DoInitRequestBody(); |
| 720 break; | 727 break; |
| 721 case STATE_INIT_REQUEST_BODY_COMPLETE: | 728 case STATE_INIT_REQUEST_BODY_COMPLETE: |
| 722 rv = DoInitRequestBodyComplete(rv); | 729 rv = DoInitRequestBodyComplete(rv); |
| 723 break; | 730 break; |
| 724 case STATE_BUILD_REQUEST: | 731 case STATE_BUILD_REQUEST: |
| 725 DCHECK_EQ(OK, rv); | 732 DCHECK_EQ(OK, rv); |
| (...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 922 if (!ShouldApplyServerAuth()) | 929 if (!ShouldApplyServerAuth()) |
| 923 return OK; | 930 return OK; |
| 924 return auth_controllers_[target]->MaybeGenerateAuthToken(request_, | 931 return auth_controllers_[target]->MaybeGenerateAuthToken(request_, |
| 925 io_callback_, | 932 io_callback_, |
| 926 net_log_); | 933 net_log_); |
| 927 } | 934 } |
| 928 | 935 |
| 929 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) { | 936 int HttpNetworkTransaction::DoGenerateServerAuthTokenComplete(int rv) { |
| 930 DCHECK_NE(ERR_IO_PENDING, rv); | 937 DCHECK_NE(ERR_IO_PENDING, rv); |
| 931 if (rv == OK) | 938 if (rv == OK) |
| 932 next_state_ = STATE_GET_TOKEN_BINDING_KEY; | 939 next_state_ = STATE_GET_PROVIDED_TOKEN_BINDING_KEY; |
| 933 return rv; | 940 return rv; |
| 934 } | 941 } |
| 935 | 942 |
| 936 int HttpNetworkTransaction::DoGetTokenBindingKey() { | 943 int HttpNetworkTransaction::DoGetProvidedTokenBindingKey() { |
| 937 next_state_ = STATE_GET_TOKEN_BINDING_KEY_COMPLETE; | 944 next_state_ = STATE_GET_PROVIDED_TOKEN_BINDING_KEY_COMPLETE; |
| 938 if (!IsTokenBindingEnabled()) | 945 if (!IsTokenBindingEnabled()) |
| 939 return OK; | 946 return OK; |
| 940 | 947 |
| 941 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY); | 948 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY); |
| 942 ChannelIDService* channel_id_service = session_->params().channel_id_service; | 949 ChannelIDService* channel_id_service = session_->params().channel_id_service; |
| 943 return channel_id_service->GetOrCreateChannelID( | 950 return channel_id_service->GetOrCreateChannelID( |
| 944 request_->url.host(), &token_binding_key_, io_callback_, | 951 request_->url.host(), &provided_token_binding_key_, io_callback_, |
| 945 &token_binding_request_); | 952 &token_binding_request_); |
| 946 } | 953 } |
| 947 | 954 |
| 948 int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) { | 955 int HttpNetworkTransaction::DoGetProvidedTokenBindingKeyComplete(int rv) { |
| 949 DCHECK_NE(ERR_IO_PENDING, rv); | 956 DCHECK_NE(ERR_IO_PENDING, rv); |
| 950 next_state_ = STATE_INIT_REQUEST_BODY; | 957 if (IsTokenBindingEnabled()) { |
| 951 if (!IsTokenBindingEnabled()) | 958 net_log_.EndEventWithNetErrorCode( |
| 952 return OK; | 959 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv); |
| 960 } |
| 953 | 961 |
| 954 net_log_.EndEventWithNetErrorCode( | 962 if (rv == OK) |
| 955 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv); | 963 next_state_ = STATE_GET_REFERRED_TOKEN_BINDING_KEY; |
| 956 return rv; | 964 return rv; |
| 957 } | 965 } |
| 958 | 966 |
| 967 int HttpNetworkTransaction::DoGetReferredTokenBindingKey() { |
| 968 next_state_ = STATE_GET_REFERRED_TOKEN_BINDING_KEY_COMPLETE; |
| 969 if (!IsTokenBindingEnabled() || request_->token_binding_referrer.empty()) |
| 970 return OK; |
| 971 |
| 972 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY); |
| 973 ChannelIDService* channel_id_service = session_->params().channel_id_service; |
| 974 return channel_id_service->GetOrCreateChannelID( |
| 975 request_->token_binding_referrer, &referred_token_binding_key_, |
| 976 io_callback_, &token_binding_request_); |
| 977 } |
| 978 |
| 979 int HttpNetworkTransaction::DoGetReferredTokenBindingKeyComplete(int rv) { |
| 980 DCHECK_NE(ERR_IO_PENDING, rv); |
| 981 if (IsTokenBindingEnabled() && !request_->token_binding_referrer.empty()) { |
| 982 net_log_.EndEventWithNetErrorCode( |
| 983 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv); |
| 984 } |
| 985 if (rv == OK) |
| 986 next_state_ = STATE_INIT_REQUEST_BODY; |
| 987 return rv; |
| 988 } |
| 989 |
| 959 int HttpNetworkTransaction::BuildRequestHeaders( | 990 int HttpNetworkTransaction::BuildRequestHeaders( |
| 960 bool using_http_proxy_without_tunnel) { | 991 bool using_http_proxy_without_tunnel) { |
| 961 request_headers_.SetHeader(HttpRequestHeaders::kHost, | 992 request_headers_.SetHeader(HttpRequestHeaders::kHost, |
| 962 GetHostAndOptionalPort(request_->url)); | 993 GetHostAndOptionalPort(request_->url)); |
| 963 | 994 |
| 964 // For compat with HTTP/1.0 servers and proxies: | 995 // For compat with HTTP/1.0 servers and proxies: |
| 965 if (using_http_proxy_without_tunnel) { | 996 if (using_http_proxy_without_tunnel) { |
| 966 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection, | 997 request_headers_.SetHeader(HttpRequestHeaders::kProxyConnection, |
| 967 "keep-alive"); | 998 "keep-alive"); |
| 968 } else { | 999 } else { |
| (...skipping 14 matching lines...) Expand all Loading... |
| 983 // An empty POST/PUT request still needs a content length. As for HEAD, | 1014 // An empty POST/PUT request still needs a content length. As for HEAD, |
| 984 // IE and Safari also add a content length header. Presumably it is to | 1015 // IE and Safari also add a content length header. Presumably it is to |
| 985 // support sending a HEAD request to an URL that only expects to be sent a | 1016 // support sending a HEAD request to an URL that only expects to be sent a |
| 986 // POST or some other method that normally would have a message body. | 1017 // POST or some other method that normally would have a message body. |
| 987 // Firefox (40.0) does not send the header, and RFC 7230 & 7231 | 1018 // Firefox (40.0) does not send the header, and RFC 7230 & 7231 |
| 988 // specify that it should not be sent due to undefined behavior. | 1019 // specify that it should not be sent due to undefined behavior. |
| 989 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0"); | 1020 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0"); |
| 990 } | 1021 } |
| 991 | 1022 |
| 992 RecordTokenBindingSupport(); | 1023 RecordTokenBindingSupport(); |
| 993 if (token_binding_key_) { | 1024 if (provided_token_binding_key_) { |
| 994 std::string token_binding_header; | 1025 std::string token_binding_header; |
| 995 int rv = BuildTokenBindingHeader(&token_binding_header); | 1026 int rv = BuildTokenBindingHeader(&token_binding_header); |
| 996 if (rv != OK) | 1027 if (rv != OK) |
| 997 return rv; | 1028 return rv; |
| 998 request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding, | 1029 request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding, |
| 999 token_binding_header); | 1030 token_binding_header); |
| 1000 } | 1031 } |
| 1001 | 1032 |
| 1002 // Honor load flags that impact proxy caches. | 1033 // Honor load flags that impact proxy caches. |
| 1003 if (request_->load_flags & LOAD_BYPASS_CACHE) { | 1034 if (request_->load_flags & LOAD_BYPASS_CACHE) { |
| (...skipping 18 matching lines...) Expand all Loading... |
| 1022 | 1053 |
| 1023 response_.did_use_http_auth = | 1054 response_.did_use_http_auth = |
| 1024 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) || | 1055 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) || |
| 1025 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization); | 1056 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization); |
| 1026 return OK; | 1057 return OK; |
| 1027 } | 1058 } |
| 1028 | 1059 |
| 1029 int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) { | 1060 int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) { |
| 1030 base::TimeTicks start = base::TimeTicks::Now(); | 1061 base::TimeTicks start = base::TimeTicks::Now(); |
| 1031 std::vector<uint8_t> signed_ekm; | 1062 std::vector<uint8_t> signed_ekm; |
| 1032 int rv = stream_->GetSignedEKMForTokenBinding(token_binding_key_.get(), | 1063 int rv = stream_->GetSignedEKMForTokenBinding( |
| 1033 &signed_ekm); | 1064 provided_token_binding_key_.get(), &signed_ekm); |
| 1034 if (rv != OK) | 1065 if (rv != OK) |
| 1035 return rv; | 1066 return rv; |
| 1036 std::string provided_token_binding; | 1067 std::string provided_token_binding; |
| 1037 rv = BuildProvidedTokenBinding(token_binding_key_.get(), signed_ekm, | 1068 rv = BuildTokenBinding(TokenBindingType::PROVIDED, |
| 1038 &provided_token_binding); | 1069 provided_token_binding_key_.get(), signed_ekm, |
| 1070 &provided_token_binding); |
| 1039 if (rv != OK) | 1071 if (rv != OK) |
| 1040 return rv; | 1072 return rv; |
| 1073 |
| 1041 std::vector<base::StringPiece> token_bindings; | 1074 std::vector<base::StringPiece> token_bindings; |
| 1042 token_bindings.push_back(provided_token_binding); | 1075 token_bindings.push_back(provided_token_binding); |
| 1076 |
| 1077 std::string referred_token_binding; |
| 1078 if (referred_token_binding_key_) { |
| 1079 std::vector<uint8_t> referred_signed_ekm; |
| 1080 int rv = stream_->GetSignedEKMForTokenBinding( |
| 1081 referred_token_binding_key_.get(), &referred_signed_ekm); |
| 1082 if (rv != OK) |
| 1083 return rv; |
| 1084 rv = BuildTokenBinding(TokenBindingType::REFERRED, |
| 1085 referred_token_binding_key_.get(), |
| 1086 referred_signed_ekm, &referred_token_binding); |
| 1087 if (rv != OK) |
| 1088 return rv; |
| 1089 token_bindings.push_back(referred_token_binding); |
| 1090 } |
| 1043 std::string header; | 1091 std::string header; |
| 1044 rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header); | 1092 rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header); |
| 1045 if (rv != OK) | 1093 if (rv != OK) |
| 1046 return rv; | 1094 return rv; |
| 1047 base::Base64UrlEncode(header, base::Base64UrlEncodePolicy::INCLUDE_PADDING, | 1095 base::Base64UrlEncode(header, base::Base64UrlEncodePolicy::INCLUDE_PADDING, |
| 1048 out); | 1096 out); |
| 1049 base::TimeDelta header_creation_time = base::TimeTicks::Now() - start; | 1097 base::TimeDelta header_creation_time = base::TimeTicks::Now() - start; |
| 1050 UMA_HISTOGRAM_CUSTOM_TIMES("Net.TokenBinding.HeaderCreationTime", | 1098 UMA_HISTOGRAM_CUSTOM_TIMES("Net.TokenBinding.HeaderCreationTime", |
| 1051 header_creation_time, | 1099 header_creation_time, |
| 1052 base::TimeDelta::FromMilliseconds(1), | 1100 base::TimeDelta::FromMilliseconds(1), |
| (...skipping 471 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1524 pending_auth_target_ = HttpAuth::AUTH_NONE; | 1572 pending_auth_target_ = HttpAuth::AUTH_NONE; |
| 1525 read_buf_ = NULL; | 1573 read_buf_ = NULL; |
| 1526 read_buf_len_ = 0; | 1574 read_buf_len_ = 0; |
| 1527 headers_valid_ = false; | 1575 headers_valid_ = false; |
| 1528 request_headers_.Clear(); | 1576 request_headers_.Clear(); |
| 1529 response_ = HttpResponseInfo(); | 1577 response_ = HttpResponseInfo(); |
| 1530 establishing_tunnel_ = false; | 1578 establishing_tunnel_ = false; |
| 1531 remote_endpoint_ = IPEndPoint(); | 1579 remote_endpoint_ = IPEndPoint(); |
| 1532 net_error_details_.quic_broken = false; | 1580 net_error_details_.quic_broken = false; |
| 1533 net_error_details_.quic_connection_error = QUIC_NO_ERROR; | 1581 net_error_details_.quic_connection_error = QUIC_NO_ERROR; |
| 1534 token_binding_key_.reset(); | 1582 provided_token_binding_key_.reset(); |
| 1583 referred_token_binding_key_.reset(); |
| 1535 } | 1584 } |
| 1536 | 1585 |
| 1537 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() { | 1586 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() { |
| 1538 if (stream_) | 1587 if (stream_) |
| 1539 stream_->PopulateNetErrorDetails(&net_error_details_); | 1588 stream_->PopulateNetErrorDetails(&net_error_details_); |
| 1540 stream_.reset(); | 1589 stream_.reset(); |
| 1541 } | 1590 } |
| 1542 | 1591 |
| 1543 void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) { | 1592 void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) { |
| 1544 if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK) | 1593 if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK) |
| (...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1756 DCHECK(stream_request_); | 1805 DCHECK(stream_request_); |
| 1757 | 1806 |
| 1758 // Since the transaction can restart with auth credentials, it may create a | 1807 // Since the transaction can restart with auth credentials, it may create a |
| 1759 // stream more than once. Accumulate all of the connection attempts across | 1808 // stream more than once. Accumulate all of the connection attempts across |
| 1760 // those streams by appending them to the vector: | 1809 // those streams by appending them to the vector: |
| 1761 for (const auto& attempt : stream_request_->connection_attempts()) | 1810 for (const auto& attempt : stream_request_->connection_attempts()) |
| 1762 connection_attempts_.push_back(attempt); | 1811 connection_attempts_.push_back(attempt); |
| 1763 } | 1812 } |
| 1764 | 1813 |
| 1765 } // namespace net | 1814 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1781003003:
Implement referred Token Bindings (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master