OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 958 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
969 if (rv == OK) | 969 if (rv == OK) |
970 next_state_ = STATE_GET_TOKEN_BINDING_KEY; | 970 next_state_ = STATE_GET_TOKEN_BINDING_KEY; |
971 return rv; | 971 return rv; |
972 } | 972 } |
973 | 973 |
974 int HttpNetworkTransaction::DoGetTokenBindingKey() { | 974 int HttpNetworkTransaction::DoGetTokenBindingKey() { |
975 next_state_ = STATE_GET_TOKEN_BINDING_KEY_COMPLETE; | 975 next_state_ = STATE_GET_TOKEN_BINDING_KEY_COMPLETE; |
976 if (!IsTokenBindingEnabled()) | 976 if (!IsTokenBindingEnabled()) |
977 return OK; | 977 return OK; |
978 | 978 |
979 scoped_ptr<crypto::ECPrivateKey>* key = &provided_token_binding_key_; | |
980 std::string host = request_->url.host(); | |
981 if (provided_token_binding_key_) { | |
982 key = &referred_token_binding_key_; | |
983 host = request_->token_binding_referrer; | |
984 } | |
979 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY); | 985 net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY); |
980 ChannelIDService* channel_id_service = session_->params().channel_id_service; | 986 ChannelIDService* channel_id_service = session_->params().channel_id_service; |
981 return channel_id_service->GetOrCreateChannelID( | 987 return channel_id_service->GetOrCreateChannelID(host, key, io_callback_, |
982 request_->url.host(), &token_binding_key_, io_callback_, | 988 &token_binding_request_); |
983 &token_binding_request_); | |
984 } | 989 } |
985 | 990 |
986 int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) { | 991 int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) { |
davidben
2016/03/24 20:53:52
This might want to be done separately, but I think
nharper
2016/03/25 01:34:29
I've changed the call to IsTokenBindingEnabled to
| |
987 DCHECK_NE(ERR_IO_PENDING, rv); | 992 DCHECK_NE(ERR_IO_PENDING, rv); |
988 next_state_ = STATE_INIT_REQUEST_BODY; | 993 next_state_ = STATE_INIT_REQUEST_BODY; |
989 if (!IsTokenBindingEnabled()) | 994 if (!IsTokenBindingEnabled()) |
990 return OK; | 995 return OK; |
991 | 996 |
997 if (!request_->token_binding_referrer.empty() && | |
998 !referred_token_binding_key_ && rv == OK) { | |
999 next_state_ = STATE_GET_TOKEN_BINDING_KEY; | |
1000 } | |
992 net_log_.EndEventWithNetErrorCode( | 1001 net_log_.EndEventWithNetErrorCode( |
993 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv); | 1002 NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv); |
994 return rv; | 1003 return rv; |
995 } | 1004 } |
996 | 1005 |
997 int HttpNetworkTransaction::BuildRequestHeaders( | 1006 int HttpNetworkTransaction::BuildRequestHeaders( |
998 bool using_http_proxy_without_tunnel) { | 1007 bool using_http_proxy_without_tunnel) { |
999 request_headers_.SetHeader(HttpRequestHeaders::kHost, | 1008 request_headers_.SetHeader(HttpRequestHeaders::kHost, |
1000 GetHostAndOptionalPort(request_->url)); | 1009 GetHostAndOptionalPort(request_->url)); |
1001 | 1010 |
(...skipping 19 matching lines...) Expand all Loading... | |
1021 // An empty POST/PUT request still needs a content length. As for HEAD, | 1030 // An empty POST/PUT request still needs a content length. As for HEAD, |
1022 // IE and Safari also add a content length header. Presumably it is to | 1031 // IE and Safari also add a content length header. Presumably it is to |
1023 // support sending a HEAD request to an URL that only expects to be sent a | 1032 // support sending a HEAD request to an URL that only expects to be sent a |
1024 // POST or some other method that normally would have a message body. | 1033 // POST or some other method that normally would have a message body. |
1025 // Firefox (40.0) does not send the header, and RFC 7230 & 7231 | 1034 // Firefox (40.0) does not send the header, and RFC 7230 & 7231 |
1026 // specify that it should not be sent due to undefined behavior. | 1035 // specify that it should not be sent due to undefined behavior. |
1027 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0"); | 1036 request_headers_.SetHeader(HttpRequestHeaders::kContentLength, "0"); |
1028 } | 1037 } |
1029 | 1038 |
1030 RecordTokenBindingSupport(); | 1039 RecordTokenBindingSupport(); |
1031 if (token_binding_key_) { | 1040 if (provided_token_binding_key_) { |
1032 std::string token_binding_header; | 1041 std::string token_binding_header; |
1033 int rv = BuildTokenBindingHeader(&token_binding_header); | 1042 int rv = BuildTokenBindingHeader(&token_binding_header); |
1034 if (rv != OK) | 1043 if (rv != OK) |
1035 return rv; | 1044 return rv; |
1036 request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding, | 1045 request_headers_.SetHeader(HttpRequestHeaders::kTokenBinding, |
1037 token_binding_header); | 1046 token_binding_header); |
1038 } | 1047 } |
1039 | 1048 |
1040 // Honor load flags that impact proxy caches. | 1049 // Honor load flags that impact proxy caches. |
1041 if (request_->load_flags & LOAD_BYPASS_CACHE) { | 1050 if (request_->load_flags & LOAD_BYPASS_CACHE) { |
(...skipping 17 matching lines...) Expand all Loading... | |
1059 before_proxy_headers_sent_callback_.Run(proxy_info_, &request_headers_); | 1068 before_proxy_headers_sent_callback_.Run(proxy_info_, &request_headers_); |
1060 | 1069 |
1061 response_.did_use_http_auth = | 1070 response_.did_use_http_auth = |
1062 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) || | 1071 request_headers_.HasHeader(HttpRequestHeaders::kAuthorization) || |
1063 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization); | 1072 request_headers_.HasHeader(HttpRequestHeaders::kProxyAuthorization); |
1064 return OK; | 1073 return OK; |
1065 } | 1074 } |
1066 | 1075 |
1067 int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) { | 1076 int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) { |
1068 std::vector<uint8_t> signed_ekm; | 1077 std::vector<uint8_t> signed_ekm; |
1069 int rv = stream_->GetSignedEKMForTokenBinding(token_binding_key_.get(), | 1078 int rv = stream_->GetSignedEKMForTokenBinding( |
1070 &signed_ekm); | 1079 provided_token_binding_key_.get(), &signed_ekm); |
1071 if (rv != OK) | 1080 if (rv != OK) |
1072 return rv; | 1081 return rv; |
1073 std::string provided_token_binding; | 1082 std::string provided_token_binding; |
1074 rv = BuildProvidedTokenBinding(token_binding_key_.get(), signed_ekm, | 1083 rv = BuildTokenBinding(TB_TYPE_PROVIDED, provided_token_binding_key_.get(), |
1075 &provided_token_binding); | 1084 signed_ekm, &provided_token_binding); |
1076 if (rv != OK) | 1085 if (rv != OK) |
1077 return rv; | 1086 return rv; |
1087 | |
1078 std::vector<base::StringPiece> token_bindings; | 1088 std::vector<base::StringPiece> token_bindings; |
1079 token_bindings.push_back(provided_token_binding); | 1089 token_bindings.push_back(provided_token_binding); |
1090 | |
1091 std::string referred_token_binding; | |
1092 if (referred_token_binding_key_) { | |
1093 std::vector<uint8_t> referred_signed_ekm; | |
1094 int rv = stream_->GetSignedEKMForTokenBinding( | |
1095 referred_token_binding_key_.get(), &referred_signed_ekm); | |
1096 if (rv != OK) | |
1097 return rv; | |
1098 rv = BuildTokenBinding(TB_TYPE_REFERRED, referred_token_binding_key_.get(), | |
1099 referred_signed_ekm, &referred_token_binding); | |
1100 if (rv != OK) | |
1101 return rv; | |
1102 token_bindings.push_back(referred_token_binding); | |
1103 } | |
1080 std::string header; | 1104 std::string header; |
1081 rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header); | 1105 rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header); |
1082 if (rv != OK) | 1106 if (rv != OK) |
1083 return rv; | 1107 return rv; |
1084 base::Base64UrlEncode(header, base::Base64UrlEncodePolicy::INCLUDE_PADDING, | 1108 base::Base64UrlEncode(header, base::Base64UrlEncodePolicy::INCLUDE_PADDING, |
1085 out); | 1109 out); |
1086 return OK; | 1110 return OK; |
1087 } | 1111 } |
1088 | 1112 |
1089 int HttpNetworkTransaction::DoInitRequestBody() { | 1113 int HttpNetworkTransaction::DoInitRequestBody() { |
(...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1556 pending_auth_target_ = HttpAuth::AUTH_NONE; | 1580 pending_auth_target_ = HttpAuth::AUTH_NONE; |
1557 read_buf_ = NULL; | 1581 read_buf_ = NULL; |
1558 read_buf_len_ = 0; | 1582 read_buf_len_ = 0; |
1559 headers_valid_ = false; | 1583 headers_valid_ = false; |
1560 request_headers_.Clear(); | 1584 request_headers_.Clear(); |
1561 response_ = HttpResponseInfo(); | 1585 response_ = HttpResponseInfo(); |
1562 establishing_tunnel_ = false; | 1586 establishing_tunnel_ = false; |
1563 remote_endpoint_ = IPEndPoint(); | 1587 remote_endpoint_ = IPEndPoint(); |
1564 net_error_details_.quic_broken = false; | 1588 net_error_details_.quic_broken = false; |
1565 net_error_details_.quic_connection_error = QUIC_NO_ERROR; | 1589 net_error_details_.quic_connection_error = QUIC_NO_ERROR; |
1566 token_binding_key_.reset(); | 1590 provided_token_binding_key_.reset(); |
1591 referred_token_binding_key_.reset(); | |
1567 } | 1592 } |
1568 | 1593 |
1569 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() { | 1594 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() { |
1570 if (stream_) | 1595 if (stream_) |
1571 stream_->PopulateNetErrorDetails(&net_error_details_); | 1596 stream_->PopulateNetErrorDetails(&net_error_details_); |
1572 stream_.reset(); | 1597 stream_.reset(); |
1573 } | 1598 } |
1574 | 1599 |
1575 void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) { | 1600 void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) { |
1576 if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK) | 1601 if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK) |
(...skipping 210 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1787 DCHECK(stream_request_); | 1812 DCHECK(stream_request_); |
1788 | 1813 |
1789 // Since the transaction can restart with auth credentials, it may create a | 1814 // Since the transaction can restart with auth credentials, it may create a |
1790 // stream more than once. Accumulate all of the connection attempts across | 1815 // stream more than once. Accumulate all of the connection attempts across |
1791 // those streams by appending them to the vector: | 1816 // those streams by appending them to the vector: |
1792 for (const auto& attempt : stream_request_->connection_attempts()) | 1817 for (const auto& attempt : stream_request_->connection_attempts()) |
1793 connection_attempts_.push_back(attempt); | 1818 connection_attempts_.push_back(attempt); |
1794 } | 1819 } |
1795 | 1820 |
1796 } // namespace net | 1821 } // namespace net |
OLD | NEW |