Chromium Code Reviews Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 24 matching lines...) Expand all Loading... | |
| 35 #include "chrome/browser/data_usage/tab_id_annotator.h" | 35 #include "chrome/browser/data_usage/tab_id_annotator.h" |
| 36 #include "chrome/browser/net/async_dns_field_trial.h" | 36 #include "chrome/browser/net/async_dns_field_trial.h" |
| 37 #include "chrome/browser/net/chrome_network_delegate.h" | 37 #include "chrome/browser/net/chrome_network_delegate.h" |
| 38 #include "chrome/browser/net/connect_interceptor.h" | 38 #include "chrome/browser/net/connect_interceptor.h" |
| 39 #include "chrome/browser/net/dns_probe_service.h" | 39 #include "chrome/browser/net/dns_probe_service.h" |
| 40 #include "chrome/browser/net/proxy_service_factory.h" | 40 #include "chrome/browser/net/proxy_service_factory.h" |
| 41 #include "chrome/common/channel_info.h" | 41 #include "chrome/common/channel_info.h" |
| 42 #include "chrome/common/chrome_content_client.h" | 42 #include "chrome/common/chrome_content_client.h" |
| 43 #include "chrome/common/chrome_switches.h" | 43 #include "chrome/common/chrome_switches.h" |
| 44 #include "chrome/common/pref_names.h" | 44 #include "chrome/common/pref_names.h" |
| 45 #include "components/certificate_transparency/tree_state_tracker.h" | |
| 45 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_pref s.h" | 46 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_pref s.h" |
| 46 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_param s.h" | 47 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_param s.h" |
| 47 #include "components/data_usage/core/data_use_aggregator.h" | 48 #include "components/data_usage/core/data_use_aggregator.h" |
| 48 #include "components/data_usage/core/data_use_amortizer.h" | 49 #include "components/data_usage/core/data_use_amortizer.h" |
| 49 #include "components/data_usage/core/data_use_annotator.h" | 50 #include "components/data_usage/core/data_use_annotator.h" |
| 50 #include "components/metrics/metrics_service.h" | 51 #include "components/metrics/metrics_service.h" |
| 51 #include "components/net_log/chrome_net_log.h" | 52 #include "components/net_log/chrome_net_log.h" |
| 52 #include "components/policy/core/common/policy_service.h" | 53 #include "components/policy/core/common/policy_service.h" |
| 53 #include "components/prefs/pref_registry_simple.h" | 54 #include "components/prefs/pref_registry_simple.h" |
| 54 #include "components/prefs/pref_service.h" | 55 #include "components/prefs/pref_service.h" |
| 55 #include "components/proxy_config/pref_proxy_config_tracker.h" | 56 #include "components/proxy_config/pref_proxy_config_tracker.h" |
| 56 #include "components/variations/variations_associated_data.h" | 57 #include "components/variations/variations_associated_data.h" |
| 57 #include "components/version_info/version_info.h" | 58 #include "components/version_info/version_info.h" |
| 58 #include "content/public/browser/browser_thread.h" | 59 #include "content/public/browser/browser_thread.h" |
| 59 #include "content/public/browser/cookie_store_factory.h" | 60 #include "content/public/browser/cookie_store_factory.h" |
| 60 #include "content/public/common/content_features.h" | 61 #include "content/public/common/content_features.h" |
| 61 #include "content/public/common/content_switches.h" | 62 #include "content/public/common/content_switches.h" |
| 62 #include "content/public/common/user_agent.h" | 63 #include "content/public/common/user_agent.h" |
| 63 #include "net/base/external_estimate_provider.h" | 64 #include "net/base/external_estimate_provider.h" |
| 64 #include "net/base/host_mapping_rules.h" | 65 #include "net/base/host_mapping_rules.h" |
| 65 #include "net/base/network_quality_estimator.h" | 66 #include "net/base/network_quality_estimator.h" |
| 66 #include "net/base/sdch_manager.h" | 67 #include "net/base/sdch_manager.h" |
| 67 #include "net/cert/cert_verifier.h" | 68 #include "net/cert/cert_verifier.h" |
| 68 #include "net/cert/cert_verify_proc.h" | 69 #include "net/cert/cert_verify_proc.h" |
| 69 #include "net/cert/ct_known_logs.h" | 70 #include "net/cert/ct_known_logs.h" |
| 70 #include "net/cert/ct_known_logs_static.h" | 71 #include "net/cert/ct_known_logs_static.h" |
| 71 #include "net/cert/ct_log_verifier.h" | 72 #include "net/cert/ct_log_verifier.h" |
| 73 #include "net/cert/ct_observer.h" | |
| 72 #include "net/cert/ct_policy_enforcer.h" | 74 #include "net/cert/ct_policy_enforcer.h" |
| 73 #include "net/cert/ct_verifier.h" | 75 #include "net/cert/ct_verifier.h" |
| 74 #include "net/cert/multi_log_ct_verifier.h" | 76 #include "net/cert/multi_log_ct_verifier.h" |
| 75 #include "net/cert/multi_threaded_cert_verifier.h" | 77 #include "net/cert/multi_threaded_cert_verifier.h" |
| 78 #include "net/cert/sth_observer.h" | |
| 79 #include "net/cert/sth_reporter.h" | |
| 76 #include "net/cookies/cookie_store.h" | 80 #include "net/cookies/cookie_store.h" |
| 77 #include "net/dns/host_cache.h" | 81 #include "net/dns/host_cache.h" |
| 78 #include "net/dns/host_resolver.h" | 82 #include "net/dns/host_resolver.h" |
| 79 #include "net/dns/mapped_host_resolver.h" | 83 #include "net/dns/mapped_host_resolver.h" |
| 80 #include "net/ftp/ftp_network_layer.h" | 84 #include "net/ftp/ftp_network_layer.h" |
| 81 #include "net/http/http_auth_filter.h" | 85 #include "net/http/http_auth_filter.h" |
| 82 #include "net/http/http_auth_handler_factory.h" | 86 #include "net/http/http_auth_handler_factory.h" |
| 83 #include "net/http/http_auth_preferences.h" | 87 #include "net/http/http_auth_preferences.h" |
| 84 #include "net/http/http_network_layer.h" | 88 #include "net/http/http_network_layer.h" |
| 85 #include "net/http/http_server_properties_impl.h" | 89 #include "net/http/http_server_properties_impl.h" |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 422 policy::PolicyService* policy_service, | 426 policy::PolicyService* policy_service, |
| 423 net_log::ChromeNetLog* net_log, | 427 net_log::ChromeNetLog* net_log, |
| 424 extensions::EventRouterForwarder* extension_event_router_forwarder) | 428 extensions::EventRouterForwarder* extension_event_router_forwarder) |
| 425 : net_log_(net_log), | 429 : net_log_(net_log), |
| 426 #if defined(ENABLE_EXTENSIONS) | 430 #if defined(ENABLE_EXTENSIONS) |
| 427 extension_event_router_forwarder_(extension_event_router_forwarder), | 431 extension_event_router_forwarder_(extension_event_router_forwarder), |
| 428 #endif | 432 #endif |
| 429 globals_(NULL), | 433 globals_(NULL), |
| 430 is_spdy_allowed_by_policy_(true), | 434 is_spdy_allowed_by_policy_(true), |
| 431 is_quic_allowed_by_policy_(true), | 435 is_quic_allowed_by_policy_(true), |
| 436 sth_reporter_(nullptr), | |
| 432 creation_time_(base::TimeTicks::Now()), | 437 creation_time_(base::TimeTicks::Now()), |
| 433 weak_factory_(this) { | 438 weak_factory_(this) { |
| 434 scoped_refptr<base::SingleThreadTaskRunner> io_thread_proxy = | 439 scoped_refptr<base::SingleThreadTaskRunner> io_thread_proxy = |
| 435 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); | 440 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO); |
| 436 auth_schemes_ = local_state->GetString(prefs::kAuthSchemes); | 441 auth_schemes_ = local_state->GetString(prefs::kAuthSchemes); |
| 437 negotiate_disable_cname_lookup_.Init( | 442 negotiate_disable_cname_lookup_.Init( |
| 438 prefs::kDisableAuthNegotiateCnameLookup, local_state, | 443 prefs::kDisableAuthNegotiateCnameLookup, local_state, |
| 439 base::Bind(&IOThread::UpdateNegotiateDisableCnameLookup, | 444 base::Bind(&IOThread::UpdateNegotiateDisableCnameLookup, |
| 440 base::Unretained(this))); | 445 base::Unretained(this))); |
| 441 negotiate_disable_cname_lookup_.MoveToThread(io_thread_proxy); | 446 negotiate_disable_cname_lookup_.MoveToThread(io_thread_proxy); |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 514 | 519 |
| 515 BrowserThread::SetDelegate(BrowserThread::IO, this); | 520 BrowserThread::SetDelegate(BrowserThread::IO, this); |
| 516 } | 521 } |
| 517 | 522 |
| 518 IOThread::~IOThread() { | 523 IOThread::~IOThread() { |
| 519 // This isn't needed for production code, but in tests, IOThread may | 524 // This isn't needed for production code, but in tests, IOThread may |
| 520 // be multiply constructed. | 525 // be multiply constructed. |
| 521 BrowserThread::SetDelegate(BrowserThread::IO, NULL); | 526 BrowserThread::SetDelegate(BrowserThread::IO, NULL); |
| 522 | 527 |
| 523 pref_proxy_config_tracker_->DetachFromPrefService(); | 528 pref_proxy_config_tracker_->DetachFromPrefService(); |
| 529 DCHECK(sth_observers_.empty()); | |
| 524 DCHECK(!globals_); | 530 DCHECK(!globals_); |
| 525 } | 531 } |
| 526 | 532 |
| 527 IOThread::Globals* IOThread::globals() { | 533 IOThread::Globals* IOThread::globals() { |
| 528 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 534 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 529 return globals_; | 535 return globals_; |
| 530 } | 536 } |
| 531 | 537 |
| 532 void IOThread::SetGlobalsForTesting(Globals* globals) { | 538 void IOThread::SetGlobalsForTesting(Globals* globals) { |
| 533 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 539 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| (...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 862 | 868 |
| 863 void IOThread::CleanUp() { | 869 void IOThread::CleanUp() { |
| 864 base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); | 870 base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); |
| 865 | 871 |
| 866 #if defined(USE_NSS_CERTS) | 872 #if defined(USE_NSS_CERTS) |
| 867 net::ShutdownNSSHttpIO(); | 873 net::ShutdownNSSHttpIO(); |
| 868 #endif | 874 #endif |
| 869 | 875 |
| 870 system_url_request_context_getter_ = NULL; | 876 system_url_request_context_getter_ = NULL; |
| 871 | 877 |
| 872 // Release objects that the net::URLRequestContext could have been pointing | 878 // Since the cert_transparency_observer will be deleted first, unlink |
| 873 // to. | 879 // it from the cert_transparency_verifier by nullifying the observer. |
| 880 globals()->cert_transparency_verifier->SetObserver(nullptr); | |
| 881 | |
| 882 if (sth_reporter_) { | |
| 883 for (auto observer : sth_observers_) { | |
|
Ryan Sleevi
2016/04/21 14:05:15
const auto& observer
See https://chromium-cpp.app
Eran Messeri
2016/04/25 14:50:59
Done.
| |
| 884 sth_reporter_->UnregisterObserver(observer); | |
| 885 } | |
| 886 // Make sure no registration happens after CleanUp | |
| 887 sth_reporter_ = nullptr; | |
| 888 } | |
| 889 sth_observers_.clear(); | |
| 874 | 890 |
| 875 // Shutdown the HistogramWatcher on the IO thread. | 891 // Shutdown the HistogramWatcher on the IO thread. |
| 876 net::NetworkChangeNotifier::ShutdownHistogramWatcher(); | 892 net::NetworkChangeNotifier::ShutdownHistogramWatcher(); |
| 877 | 893 |
| 878 // This must be reset before the ChromeNetLog is destroyed. | 894 // This must be reset before the ChromeNetLog is destroyed. |
| 879 network_change_observer_.reset(); | 895 network_change_observer_.reset(); |
| 880 | 896 |
| 881 system_proxy_config_service_.reset(); | 897 system_proxy_config_service_.reset(); |
| 882 delete globals_; | 898 delete globals_; |
| 883 globals_ = NULL; | 899 globals_ = NULL; |
| (...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1207 const base::CommandLine& command_line = | 1223 const base::CommandLine& command_line = |
| 1208 *base::CommandLine::ForCurrentProcess(); | 1224 *base::CommandLine::ForCurrentProcess(); |
| 1209 globals_->system_proxy_service = ProxyServiceFactory::CreateProxyService( | 1225 globals_->system_proxy_service = ProxyServiceFactory::CreateProxyService( |
| 1210 net_log_, globals_->proxy_script_fetcher_context.get(), | 1226 net_log_, globals_->proxy_script_fetcher_context.get(), |
| 1211 globals_->system_network_delegate.get(), | 1227 globals_->system_network_delegate.get(), |
| 1212 std::move(system_proxy_config_service_), command_line, | 1228 std::move(system_proxy_config_service_), command_line, |
| 1213 quick_check_enabled_.GetValue()); | 1229 quick_check_enabled_.GetValue()); |
| 1214 | 1230 |
| 1215 globals_->system_request_context.reset( | 1231 globals_->system_request_context.reset( |
| 1216 ConstructSystemRequestContext(globals_, params_, net_log_)); | 1232 ConstructSystemRequestContext(globals_, params_, net_log_)); |
| 1233 | |
| 1234 globals_->cert_transparency_observer.reset( | |
| 1235 new certificate_transparency::TreeStateTracker(globals_->ct_logs)); | |
| 1236 RegisterSTHObserver(globals_->cert_transparency_observer.get()); | |
| 1237 // The |cert_transparency_verifier| is the same one held by | |
| 1238 // the |proxy_script_fetcher_context| and |system_request_context|, | |
| 1239 // so no need to set the observer in their cert_transparency_verifiers. | |
| 1240 globals_->cert_transparency_verifier->SetObserver( | |
| 1241 globals_->cert_transparency_observer.get()); | |
| 1217 } | 1242 } |
| 1218 | 1243 |
| 1219 void IOThread::UpdateDnsClientEnabled() { | 1244 void IOThread::UpdateDnsClientEnabled() { |
| 1220 globals()->host_resolver->SetDnsClientEnabled(*dns_client_enabled_); | 1245 globals()->host_resolver->SetDnsClientEnabled(*dns_client_enabled_); |
| 1221 } | 1246 } |
| 1222 | 1247 |
| 1223 // static | 1248 // static |
| 1224 void IOThread::NetworkSessionConfigurator::ConfigureQuicParams( | 1249 void IOThread::NetworkSessionConfigurator::ConfigureQuicParams( |
| 1225 const base::CommandLine& command_line, | 1250 const base::CommandLine& command_line, |
| 1226 base::StringPiece quic_trial_group, | 1251 base::StringPiece quic_trial_group, |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1380 const base::CommandLine& command_line) { | 1405 const base::CommandLine& command_line) { |
| 1381 if (command_line.HasSwitch(switches::kDisableQuicPortSelection)) | 1406 if (command_line.HasSwitch(switches::kDisableQuicPortSelection)) |
| 1382 return false; | 1407 return false; |
| 1383 | 1408 |
| 1384 if (command_line.HasSwitch(switches::kEnableQuicPortSelection)) | 1409 if (command_line.HasSwitch(switches::kEnableQuicPortSelection)) |
| 1385 return true; | 1410 return true; |
| 1386 | 1411 |
| 1387 return false; // Default to disabling port selection on all channels. | 1412 return false; // Default to disabling port selection on all channels. |
| 1388 } | 1413 } |
| 1389 | 1414 |
| 1415 void IOThread::RegisterSTHReporter(net::ct::STHReporter* reporter) { | |
| 1416 DCHECK(globals()); | |
| 1417 // A sanity check to make sure the observer was created by now. | |
| 1418 DCHECK(globals()->cert_transparency_observer.get()); | |
| 1419 | |
| 1420 sth_reporter_ = reporter; | |
| 1421 // Register all observers that were created before the reporter was. | |
| 1422 for (auto observer : sth_observers_) { | |
|
Ryan Sleevi
2016/04/21 14:05:16
const auto&
Eran Messeri
2016/04/25 14:50:59
Done.
| |
| 1423 sth_reporter_->RegisterObserver(observer); | |
| 1424 } | |
| 1425 } | |
| 1426 | |
| 1427 void IOThread::RegisterSTHObserver(net::ct::STHObserver* observer) { | |
| 1428 sth_observers_.insert(observer); | |
| 1429 // If a reporter was set, also register this observer with it. | |
| 1430 // Otherwise it will be registered in RegisterSTHReporter with all | |
| 1431 // other pending observers. | |
| 1432 if (sth_reporter_) { | |
| 1433 sth_reporter_->RegisterObserver(observer); | |
| 1434 } | |
| 1435 } | |
| 1436 | |
| 1437 void IOThread::UnregisterSTHObserver(net::ct::STHObserver* observer) { | |
| 1438 DCHECK_NE(sth_observers_.count(observer), 0u); | |
| 1439 sth_observers_.erase(observer); | |
| 1440 if (sth_reporter_) { | |
| 1441 sth_reporter_->UnregisterObserver(observer); | |
| 1442 } | |
| 1443 } | |
| 1444 | |
| 1390 // static | 1445 // static |
| 1391 net::QuicTagVector | 1446 net::QuicTagVector |
| 1392 IOThread::NetworkSessionConfigurator::GetQuicConnectionOptions( | 1447 IOThread::NetworkSessionConfigurator::GetQuicConnectionOptions( |
| 1393 const base::CommandLine& command_line, | 1448 const base::CommandLine& command_line, |
| 1394 const VariationParameters& quic_trial_params) { | 1449 const VariationParameters& quic_trial_params) { |
| 1395 if (command_line.HasSwitch(switches::kQuicConnectionOptions)) { | 1450 if (command_line.HasSwitch(switches::kQuicConnectionOptions)) { |
| 1396 return net::QuicUtils::ParseQuicConnectionOptions( | 1451 return net::QuicUtils::ParseQuicConnectionOptions( |
| 1397 command_line.GetSwitchValueASCII(switches::kQuicConnectionOptions)); | 1452 command_line.GetSwitchValueASCII(switches::kQuicConnectionOptions)); |
| 1398 } | 1453 } |
| 1399 | 1454 |
| (...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1775 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 1830 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
| 1776 // system URLRequestContext too. There's no reason this should be tied to a | 1831 // system URLRequestContext too. There's no reason this should be tied to a |
| 1777 // profile. | 1832 // profile. |
| 1778 return context; | 1833 return context; |
| 1779 } | 1834 } |
| 1780 | 1835 |
| 1781 const metrics::UpdateUsagePrefCallbackType& | 1836 const metrics::UpdateUsagePrefCallbackType& |
| 1782 IOThread::GetMetricsDataUseForwarder() { | 1837 IOThread::GetMetricsDataUseForwarder() { |
| 1783 return metrics_data_use_forwarder_; | 1838 return metrics_data_use_forwarder_; |
| 1784 } | 1839 } |
| OLD | NEW |
