Index: net/http/http_network_transaction.cc |
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc |
index 94361dac063db5f2152086d21095825635f0b6bf..a6ab6069315d13031c87b69a554f2bb1df99e7cc 100644 |
--- a/net/http/http_network_transaction.cc |
+++ b/net/http/http_network_transaction.cc |
@@ -976,11 +976,16 @@ int HttpNetworkTransaction::DoGetTokenBindingKey() { |
if (!IsTokenBindingEnabled()) |
return OK; |
+ scoped_ptr<crypto::ECPrivateKey>* key = &provided_token_binding_key_; |
+ std::string host = request_->url.host(); |
+ if (provided_token_binding_key_) { |
+ key = &referred_token_binding_key_; |
+ host = request_->token_binding_referrer; |
+ } |
net_log_.BeginEvent(NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY); |
ChannelIDService* channel_id_service = session_->params().channel_id_service; |
- return channel_id_service->GetOrCreateChannelID( |
- request_->url.host(), &token_binding_key_, io_callback_, |
- &token_binding_request_); |
+ return channel_id_service->GetOrCreateChannelID(host, key, io_callback_, |
+ &token_binding_request_); |
} |
int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) { |
davidben
2016/03/24 20:53:52
This might want to be done separately, but I think
nharper
2016/03/25 01:34:29
I've changed the call to IsTokenBindingEnabled to
|
@@ -989,6 +994,10 @@ int HttpNetworkTransaction::DoGetTokenBindingKeyComplete(int rv) { |
if (!IsTokenBindingEnabled()) |
return OK; |
+ if (!request_->token_binding_referrer.empty() && |
+ !referred_token_binding_key_ && rv == OK) { |
+ next_state_ = STATE_GET_TOKEN_BINDING_KEY; |
+ } |
net_log_.EndEventWithNetErrorCode( |
NetLog::TYPE_HTTP_TRANSACTION_GET_TOKEN_BINDING_KEY, rv); |
return rv; |
@@ -1028,7 +1037,7 @@ int HttpNetworkTransaction::BuildRequestHeaders( |
} |
RecordTokenBindingSupport(); |
- if (token_binding_key_) { |
+ if (provided_token_binding_key_) { |
std::string token_binding_header; |
int rv = BuildTokenBindingHeader(&token_binding_header); |
if (rv != OK) |
@@ -1066,17 +1075,32 @@ int HttpNetworkTransaction::BuildRequestHeaders( |
int HttpNetworkTransaction::BuildTokenBindingHeader(std::string* out) { |
std::vector<uint8_t> signed_ekm; |
- int rv = stream_->GetSignedEKMForTokenBinding(token_binding_key_.get(), |
- &signed_ekm); |
+ int rv = stream_->GetSignedEKMForTokenBinding( |
+ provided_token_binding_key_.get(), &signed_ekm); |
if (rv != OK) |
return rv; |
std::string provided_token_binding; |
- rv = BuildProvidedTokenBinding(token_binding_key_.get(), signed_ekm, |
- &provided_token_binding); |
+ rv = BuildTokenBinding(TB_TYPE_PROVIDED, provided_token_binding_key_.get(), |
+ signed_ekm, &provided_token_binding); |
if (rv != OK) |
return rv; |
+ |
std::vector<base::StringPiece> token_bindings; |
token_bindings.push_back(provided_token_binding); |
+ |
+ std::string referred_token_binding; |
+ if (referred_token_binding_key_) { |
+ std::vector<uint8_t> referred_signed_ekm; |
+ int rv = stream_->GetSignedEKMForTokenBinding( |
+ referred_token_binding_key_.get(), &referred_signed_ekm); |
+ if (rv != OK) |
+ return rv; |
+ rv = BuildTokenBinding(TB_TYPE_REFERRED, referred_token_binding_key_.get(), |
+ referred_signed_ekm, &referred_token_binding); |
+ if (rv != OK) |
+ return rv; |
+ token_bindings.push_back(referred_token_binding); |
+ } |
std::string header; |
rv = BuildTokenBindingMessageFromTokenBindings(token_bindings, &header); |
if (rv != OK) |
@@ -1563,7 +1587,8 @@ void HttpNetworkTransaction::ResetStateForAuthRestart() { |
remote_endpoint_ = IPEndPoint(); |
net_error_details_.quic_broken = false; |
net_error_details_.quic_connection_error = QUIC_NO_ERROR; |
- token_binding_key_.reset(); |
+ provided_token_binding_key_.reset(); |
+ referred_token_binding_key_.reset(); |
} |
void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() { |