Chromium Code Reviews Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/browser/io_thread.cc |
| diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc |
| index cd55393e46928721bd87a1c147a7ef2452f55e8e..164d67835200de072e48020ab8604bf29a6217c9 100644 |
| --- a/chrome/browser/io_thread.cc |
| +++ b/chrome/browser/io_thread.cc |
| @@ -42,6 +42,7 @@ |
| #include "chrome/common/chrome_content_client.h" |
| #include "chrome/common/chrome_switches.h" |
| #include "chrome/common/pref_names.h" |
| +#include "components/certificate_transparency/tree_state_tracker.h" |
| #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_prefs.h" |
| #include "components/data_reduction_proxy/core/common/data_reduction_proxy_params.h" |
| #include "components/data_usage/core/data_use_aggregator.h" |
| @@ -69,10 +70,13 @@ |
| #include "net/cert/ct_known_logs.h" |
| #include "net/cert/ct_known_logs_static.h" |
| #include "net/cert/ct_log_verifier.h" |
| +#include "net/cert/ct_observer.h" |
| #include "net/cert/ct_policy_enforcer.h" |
| #include "net/cert/ct_verifier.h" |
| #include "net/cert/multi_log_ct_verifier.h" |
| #include "net/cert/multi_threaded_cert_verifier.h" |
| +#include "net/cert/sth_observer.h" |
| +#include "net/cert/sth_reporter.h" |
| #include "net/cookies/cookie_store.h" |
| #include "net/dns/host_cache.h" |
| #include "net/dns/host_resolver.h" |
| @@ -429,6 +433,7 @@ IOThread::IOThread( |
| globals_(NULL), |
| is_spdy_allowed_by_policy_(true), |
| is_quic_allowed_by_policy_(true), |
| + sth_reporter_(nullptr), |
| creation_time_(base::TimeTicks::Now()), |
| weak_factory_(this) { |
| scoped_refptr<base::SingleThreadTaskRunner> io_thread_proxy = |
| @@ -521,6 +526,7 @@ IOThread::~IOThread() { |
| BrowserThread::SetDelegate(BrowserThread::IO, NULL); |
| pref_proxy_config_tracker_->DetachFromPrefService(); |
| + DCHECK(sth_observers_.empty()); |
| DCHECK(!globals_); |
| } |
| @@ -869,8 +875,18 @@ void IOThread::CleanUp() { |
| system_url_request_context_getter_ = NULL; |
| - // Release objects that the net::URLRequestContext could have been pointing |
| - // to. |
| + // Since the cert_transparency_observer will be deleted first, unlink |
| + // it from the cert_transparency_verifier by nullifying the observer. |
| + globals()->cert_transparency_verifier->SetObserver(nullptr); |
| + |
| + if (sth_reporter_) { |
| + for (auto observer : sth_observers_) { |
|
Ryan Sleevi
2016/04/21 14:05:15
const auto& observer
See https://chromium-cpp.app
Eran Messeri
2016/04/25 14:50:59
Done.
|
| + sth_reporter_->UnregisterObserver(observer); |
| + } |
| + // Make sure no registration happens after CleanUp |
| + sth_reporter_ = nullptr; |
| + } |
| + sth_observers_.clear(); |
| // Shutdown the HistogramWatcher on the IO thread. |
| net::NetworkChangeNotifier::ShutdownHistogramWatcher(); |
| @@ -1214,6 +1230,15 @@ void IOThread::InitSystemRequestContextOnIOThread() { |
| globals_->system_request_context.reset( |
| ConstructSystemRequestContext(globals_, params_, net_log_)); |
| + |
| + globals_->cert_transparency_observer.reset( |
| + new certificate_transparency::TreeStateTracker(globals_->ct_logs)); |
| + RegisterSTHObserver(globals_->cert_transparency_observer.get()); |
| + // The |cert_transparency_verifier| is the same one held by |
| + // the |proxy_script_fetcher_context| and |system_request_context|, |
| + // so no need to set the observer in their cert_transparency_verifiers. |
| + globals_->cert_transparency_verifier->SetObserver( |
| + globals_->cert_transparency_observer.get()); |
| } |
| void IOThread::UpdateDnsClientEnabled() { |
| @@ -1387,6 +1412,36 @@ bool IOThread::NetworkSessionConfigurator::ShouldEnableQuicPortSelection( |
| return false; // Default to disabling port selection on all channels. |
| } |
| +void IOThread::RegisterSTHReporter(net::ct::STHReporter* reporter) { |
| + DCHECK(globals()); |
| + // A sanity check to make sure the observer was created by now. |
| + DCHECK(globals()->cert_transparency_observer.get()); |
| + |
| + sth_reporter_ = reporter; |
| + // Register all observers that were created before the reporter was. |
| + for (auto observer : sth_observers_) { |
|
Ryan Sleevi
2016/04/21 14:05:16
const auto&
Eran Messeri
2016/04/25 14:50:59
Done.
|
| + sth_reporter_->RegisterObserver(observer); |
| + } |
| +} |
| + |
| +void IOThread::RegisterSTHObserver(net::ct::STHObserver* observer) { |
| + sth_observers_.insert(observer); |
| + // If a reporter was set, also register this observer with it. |
| + // Otherwise it will be registered in RegisterSTHReporter with all |
| + // other pending observers. |
| + if (sth_reporter_) { |
| + sth_reporter_->RegisterObserver(observer); |
| + } |
| +} |
| + |
| +void IOThread::UnregisterSTHObserver(net::ct::STHObserver* observer) { |
| + DCHECK_NE(sth_observers_.count(observer), 0u); |
| + sth_observers_.erase(observer); |
| + if (sth_reporter_) { |
| + sth_reporter_->UnregisterObserver(observer); |
| + } |
| +} |
| + |
| // static |
| net::QuicTagVector |
| IOThread::NetworkSessionConfigurator::GetQuicConnectionOptions( |
