Chromium Code Reviews Chromium Code Reviews
Issue 1957483003:
Removal of SignedCertificateTimestampStore (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/web_url_loader_impl.h" | 5 #include "content/child/web_url_loader_impl.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 20 matching lines...) Expand all Loading... | |
| 31 #include "content/child/sync_load_response.h" | 31 #include "content/child/sync_load_response.h" |
| 32 #include "content/child/web_url_request_util.h" | 32 #include "content/child/web_url_request_util.h" |
| 33 #include "content/child/weburlresponse_extradata_impl.h" | 33 #include "content/child/weburlresponse_extradata_impl.h" |
| 34 #include "content/common/resource_messages.h" | 34 #include "content/common/resource_messages.h" |
| 35 #include "content/common/resource_request_body.h" | 35 #include "content/common/resource_request_body.h" |
| 36 #include "content/common/service_worker/service_worker_types.h" | 36 #include "content/common/service_worker/service_worker_types.h" |
| 37 #include "content/common/ssl_status_serialization.h" | 37 #include "content/common/ssl_status_serialization.h" |
| 38 #include "content/public/child/fixed_received_data.h" | 38 #include "content/public/child/fixed_received_data.h" |
| 39 #include "content/public/child/request_peer.h" | 39 #include "content/public/child/request_peer.h" |
| 40 #include "content/public/common/browser_side_navigation_policy.h" | 40 #include "content/public/common/browser_side_navigation_policy.h" |
| 41 #include "content/public/common/signed_certificate_timestamp_id_and_status.h" | |
| 42 #include "content/public/common/ssl_status.h" | 41 #include "content/public/common/ssl_status.h" |
| 43 #include "net/base/data_url.h" | 42 #include "net/base/data_url.h" |
| 44 #include "net/base/filename_util.h" | 43 #include "net/base/filename_util.h" |
| 45 #include "net/base/net_errors.h" | 44 #include "net/base/net_errors.h" |
| 46 #include "net/cert/cert_status_flags.h" | 45 #include "net/cert/cert_status_flags.h" |
| 47 #include "net/cert/sct_status_flags.h" | 46 #include "net/cert/sct_status_flags.h" |
| 48 #include "net/http/http_response_headers.h" | 47 #include "net/http/http_response_headers.h" |
| 49 #include "net/http/http_util.h" | 48 #include "net/http/http_util.h" |
| 50 #include "net/ssl/ssl_cipher_suite_names.h" | 49 #include "net/ssl/ssl_cipher_suite_names.h" |
| 51 #include "net/ssl/ssl_connection_status_flags.h" | 50 #include "net/ssl/ssl_connection_status_flags.h" |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 182 info->mime_type.swap(mime_type); | 181 info->mime_type.swap(mime_type); |
| 183 info->charset.swap(charset); | 182 info->charset.swap(charset); |
| 184 info->security_info.clear(); | 183 info->security_info.clear(); |
| 185 info->content_length = data->length(); | 184 info->content_length = data->length(); |
| 186 info->encoded_data_length = 0; | 185 info->encoded_data_length = 0; |
| 187 | 186 |
| 188 return net::OK; | 187 return net::OK; |
| 189 } | 188 } |
| 190 | 189 |
| 191 void SetSecurityStyleAndDetails(const GURL& url, | 190 void SetSecurityStyleAndDetails(const GURL& url, |
| 192 const std::string& security_info, | 191 const ResourceResponseInfo& info, |
|
Eran Messeri
2016/05/06 09:01:48
Question: Why is the input parameter type change?
dwaxweiler
2016/05/06 12:45:37
Acknowledged.
| |
| 193 WebURLResponse* response, | 192 WebURLResponse* response, |
| 194 bool report_security_info) { | 193 bool report_security_info) { |
| 195 if (!report_security_info) { | 194 if (!report_security_info) { |
| 196 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 195 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 197 return; | 196 return; |
| 198 } | 197 } |
| 199 if (!url.SchemeIsCryptographic()) { | 198 if (!url.SchemeIsCryptographic()) { |
| 200 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); | 199 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); |
| 201 return; | 200 return; |
| 202 } | 201 } |
| 203 | 202 |
| 204 // There are cases where an HTTPS request can come in without security | 203 // There are cases where an HTTPS request can come in without security |
| 205 // info attached (such as a redirect response). | 204 // info attached (such as a redirect response). |
| 205 const std::string& security_info = info.security_info; | |
| 206 if (security_info.empty()) { | 206 if (security_info.empty()) { |
| 207 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 207 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 208 return; | 208 return; |
| 209 } | 209 } |
| 210 | 210 |
| 211 SSLStatus ssl_status; | 211 SSLStatus ssl_status; |
| 212 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { | 212 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { |
| 213 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 213 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 214 DLOG(ERROR) | 214 DLOG(ERROR) |
| 215 << "DeserializeSecurityInfo() failed for an authenticated request."; | 215 << "DeserializeSecurityInfo() failed for an authenticated request."; |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 249 case SECURITY_STYLE_WARNING: | 249 case SECURITY_STYLE_WARNING: |
| 250 securityStyle = WebURLResponse::SecurityStyleWarning; | 250 securityStyle = WebURLResponse::SecurityStyleWarning; |
| 251 break; | 251 break; |
| 252 case SECURITY_STYLE_AUTHENTICATED: | 252 case SECURITY_STYLE_AUTHENTICATED: |
| 253 securityStyle = WebURLResponse::SecurityStyleAuthenticated; | 253 securityStyle = WebURLResponse::SecurityStyleAuthenticated; |
| 254 break; | 254 break; |
| 255 } | 255 } |
| 256 | 256 |
| 257 response->setSecurityStyle(securityStyle); | 257 response->setSecurityStyle(securityStyle); |
| 258 | 258 |
| 259 SignedCertificateTimestampIDStatusList sct_list = | 259 int num_unknown_scts = ssl_status.num_unknown_scts; |
| 260 ssl_status.signed_certificate_timestamp_ids; | 260 int num_invalid_scts = ssl_status.num_invalid_scts; |
| 261 | 261 int num_valid_scts = ssl_status.num_valid_scts; |
| 262 size_t num_unknown_scts = 0; | |
| 263 size_t num_invalid_scts = 0; | |
| 264 size_t num_valid_scts = 0; | |
| 265 | |
| 266 SignedCertificateTimestampIDStatusList::iterator iter; | |
| 267 for (iter = sct_list.begin(); iter < sct_list.end(); ++iter) { | |
| 268 switch (iter->status) { | |
| 269 case net::ct::SCT_STATUS_LOG_UNKNOWN: | |
| 270 num_unknown_scts++; | |
| 271 break; | |
| 272 case net::ct::SCT_STATUS_INVALID: | |
| 273 num_invalid_scts++; | |
| 274 break; | |
| 275 case net::ct::SCT_STATUS_OK: | |
| 276 num_valid_scts++; | |
| 277 break; | |
| 278 case net::ct::SCT_STATUS_NONE: | |
| 279 case net::ct::SCT_STATUS_MAX: | |
| 280 // These enum values do not represent SCTs that are taken into account | |
| 281 // for CT compliance calculations, so we ignore them. | |
| 282 break; | |
| 283 } | |
| 284 } | |
| 285 | 262 |
| 286 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( | 263 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( |
| 287 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), | 264 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), |
| 288 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), | 265 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), |
| 289 ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts); | 266 ssl_status.cert_id, num_unknown_scts, num_invalid_scts, num_valid_scts); |
| 290 | 267 |
| 291 response->setSecurityDetails(webSecurityDetails); | 268 response->setSecurityDetails(webSecurityDetails); |
| 292 } | 269 } |
| 293 | 270 |
| 294 } // namespace | 271 } // namespace |
| (...skipping 678 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 973 response->setWasFallbackRequiredByServiceWorker( | 950 response->setWasFallbackRequiredByServiceWorker( |
| 974 info.was_fallback_required_by_service_worker); | 951 info.was_fallback_required_by_service_worker); |
| 975 response->setServiceWorkerResponseType(info.response_type_via_service_worker); | 952 response->setServiceWorkerResponseType(info.response_type_via_service_worker); |
| 976 response->setOriginalURLViaServiceWorker( | 953 response->setOriginalURLViaServiceWorker( |
| 977 info.original_url_via_service_worker); | 954 info.original_url_via_service_worker); |
| 978 response->setCacheStorageCacheName( | 955 response->setCacheStorageCacheName( |
| 979 info.is_in_cache_storage | 956 info.is_in_cache_storage |
| 980 ? blink::WebString::fromUTF8(info.cache_storage_cache_name) | 957 ? blink::WebString::fromUTF8(info.cache_storage_cache_name) |
| 981 : blink::WebString()); | 958 : blink::WebString()); |
| 982 | 959 |
| 983 SetSecurityStyleAndDetails(url, info.security_info, response, | 960 SetSecurityStyleAndDetails(url, info, response, report_security_info); |
| 984 report_security_info); | |
| 985 | 961 |
| 986 WebURLResponseExtraDataImpl* extra_data = | 962 WebURLResponseExtraDataImpl* extra_data = |
| 987 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol); | 963 new WebURLResponseExtraDataImpl(info.npn_negotiated_protocol); |
| 988 response->setExtraData(extra_data); | 964 response->setExtraData(extra_data); |
| 989 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy); | 965 extra_data->set_was_fetched_via_spdy(info.was_fetched_via_spdy); |
| 990 extra_data->set_was_npn_negotiated(info.was_npn_negotiated); | 966 extra_data->set_was_npn_negotiated(info.was_npn_negotiated); |
| 991 extra_data->set_was_alternate_protocol_available( | 967 extra_data->set_was_alternate_protocol_available( |
| 992 info.was_alternate_protocol_available); | 968 info.was_alternate_protocol_available); |
| 993 extra_data->set_connection_info(info.connection_info); | 969 extra_data->set_connection_info(info.connection_info); |
| 994 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy); | 970 extra_data->set_was_fetched_via_proxy(info.was_fetched_via_proxy); |
| (...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1212 response->clearHTTPHeaderField(webStringName); | 1188 response->clearHTTPHeaderField(webStringName); |
| 1213 while (response_headers->EnumerateHeader(&iterator, name, &value)) { | 1189 while (response_headers->EnumerateHeader(&iterator, name, &value)) { |
| 1214 response->addHTTPHeaderField(webStringName, | 1190 response->addHTTPHeaderField(webStringName, |
| 1215 WebString::fromLatin1(value)); | 1191 WebString::fromLatin1(value)); |
| 1216 } | 1192 } |
| 1217 } | 1193 } |
| 1218 return true; | 1194 return true; |
| 1219 } | 1195 } |
| 1220 | 1196 |
| 1221 } // namespace content | 1197 } // namespace content |
| OLD | NEW |
