Chromium Code Reviews Chromium Code Reviews
Issue 2014573002:
Certificate Transparency: Wire the TreeStateTracker up. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 #include "base/time/time.h" | 33 #include "base/time/time.h" |
| 34 #include "base/trace_event/trace_event.h" | 34 #include "base/trace_event/trace_event.h" |
| 35 #include "build/build_config.h" | 35 #include "build/build_config.h" |
| 36 #include "chrome/browser/browser_process.h" | 36 #include "chrome/browser/browser_process.h" |
| 37 #include "chrome/browser/data_usage/tab_id_annotator.h" | 37 #include "chrome/browser/data_usage/tab_id_annotator.h" |
| 38 #include "chrome/browser/net/async_dns_field_trial.h" | 38 #include "chrome/browser/net/async_dns_field_trial.h" |
| 39 #include "chrome/browser/net/chrome_network_delegate.h" | 39 #include "chrome/browser/net/chrome_network_delegate.h" |
| 40 #include "chrome/browser/net/connect_interceptor.h" | 40 #include "chrome/browser/net/connect_interceptor.h" |
| 41 #include "chrome/browser/net/dns_probe_service.h" | 41 #include "chrome/browser/net/dns_probe_service.h" |
| 42 #include "chrome/browser/net/proxy_service_factory.h" | 42 #include "chrome/browser/net/proxy_service_factory.h" |
| 43 #include "chrome/browser/net/sth_distributor_provider.h" | |
| 43 #include "chrome/common/channel_info.h" | 44 #include "chrome/common/channel_info.h" |
| 44 #include "chrome/common/chrome_content_client.h" | 45 #include "chrome/common/chrome_content_client.h" |
| 45 #include "chrome/common/chrome_switches.h" | 46 #include "chrome/common/chrome_switches.h" |
| 46 #include "chrome/common/pref_names.h" | 47 #include "chrome/common/pref_names.h" |
| 48 #include "components/certificate_transparency/tree_state_tracker.h" | |
| 47 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_pref s.h" | 49 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_pref s.h" |
| 48 #include "components/data_usage/core/data_use_aggregator.h" | 50 #include "components/data_usage/core/data_use_aggregator.h" |
| 49 #include "components/data_usage/core/data_use_amortizer.h" | 51 #include "components/data_usage/core/data_use_amortizer.h" |
| 50 #include "components/data_usage/core/data_use_annotator.h" | 52 #include "components/data_usage/core/data_use_annotator.h" |
| 51 #include "components/metrics/metrics_service.h" | 53 #include "components/metrics/metrics_service.h" |
| 52 #include "components/net_log/chrome_net_log.h" | 54 #include "components/net_log/chrome_net_log.h" |
| 53 #include "components/network_session_configurator/network_session_configurator.h " | 55 #include "components/network_session_configurator/network_session_configurator.h " |
| 54 #include "components/policy/core/common/policy_service.h" | 56 #include "components/policy/core/common/policy_service.h" |
| 55 #include "components/prefs/pref_registry_simple.h" | 57 #include "components/prefs/pref_registry_simple.h" |
| 56 #include "components/prefs/pref_service.h" | 58 #include "components/prefs/pref_service.h" |
| 57 #include "components/proxy_config/pref_proxy_config_tracker.h" | 59 #include "components/proxy_config/pref_proxy_config_tracker.h" |
| 58 #include "components/variations/variations_associated_data.h" | 60 #include "components/variations/variations_associated_data.h" |
| 59 #include "components/version_info/version_info.h" | 61 #include "components/version_info/version_info.h" |
| 60 #include "content/public/browser/browser_thread.h" | 62 #include "content/public/browser/browser_thread.h" |
| 61 #include "content/public/browser/cookie_store_factory.h" | 63 #include "content/public/browser/cookie_store_factory.h" |
| 62 #include "content/public/common/content_features.h" | 64 #include "content/public/common/content_features.h" |
| 63 #include "content/public/common/content_switches.h" | 65 #include "content/public/common/content_switches.h" |
| 64 #include "content/public/common/user_agent.h" | 66 #include "content/public/common/user_agent.h" |
| 65 #include "net/base/host_mapping_rules.h" | 67 #include "net/base/host_mapping_rules.h" |
| 66 #include "net/base/logging_network_change_observer.h" | 68 #include "net/base/logging_network_change_observer.h" |
| 67 #include "net/base/sdch_manager.h" | 69 #include "net/base/sdch_manager.h" |
| 68 #include "net/cert/cert_verifier.h" | 70 #include "net/cert/cert_verifier.h" |
| 69 #include "net/cert/cert_verify_proc.h" | 71 #include "net/cert/cert_verify_proc.h" |
| 70 #include "net/cert/ct_known_logs.h" | 72 #include "net/cert/ct_known_logs.h" |
| 71 #include "net/cert/ct_log_verifier.h" | 73 #include "net/cert/ct_log_verifier.h" |
| 72 #include "net/cert/ct_policy_enforcer.h" | 74 #include "net/cert/ct_policy_enforcer.h" |
| 73 #include "net/cert/ct_verifier.h" | 75 #include "net/cert/ct_verifier.h" |
| 74 #include "net/cert/multi_log_ct_verifier.h" | 76 #include "net/cert/multi_log_ct_verifier.h" |
| 75 #include "net/cert/multi_threaded_cert_verifier.h" | 77 #include "net/cert/multi_threaded_cert_verifier.h" |
| 78 #include "net/cert/sth_distributor.h" | |
| 79 #include "net/cert/sth_observer.h" | |
| 76 #include "net/cookies/cookie_store.h" | 80 #include "net/cookies/cookie_store.h" |
| 77 #include "net/dns/host_cache.h" | 81 #include "net/dns/host_cache.h" |
| 78 #include "net/dns/host_resolver.h" | 82 #include "net/dns/host_resolver.h" |
| 79 #include "net/dns/mapped_host_resolver.h" | 83 #include "net/dns/mapped_host_resolver.h" |
| 80 #include "net/ftp/ftp_network_layer.h" | 84 #include "net/ftp/ftp_network_layer.h" |
| 81 #include "net/http/http_auth_filter.h" | 85 #include "net/http/http_auth_filter.h" |
| 82 #include "net/http/http_auth_handler_factory.h" | 86 #include "net/http/http_auth_handler_factory.h" |
| 83 #include "net/http/http_auth_preferences.h" | 87 #include "net/http/http_auth_preferences.h" |
| 84 #include "net/http/http_network_layer.h" | 88 #include "net/http/http_network_layer.h" |
| 85 #include "net/http/http_server_properties_impl.h" | 89 #include "net/http/http_server_properties_impl.h" |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 386 value->GetAsBoolean(&is_quic_allowed_by_policy_); | 390 value->GetAsBoolean(&is_quic_allowed_by_policy_); |
| 387 | 391 |
| 388 // Some unit tests use IOThread but do not initialize MetricsService. In that | 392 // Some unit tests use IOThread but do not initialize MetricsService. In that |
| 389 // case it is fine not to have |metrics_data_use_forwarder_|. | 393 // case it is fine not to have |metrics_data_use_forwarder_|. |
| 390 if (g_browser_process->metrics_service()) { | 394 if (g_browser_process->metrics_service()) { |
| 391 // Callback for updating data use prefs should be obtained on UI thread. | 395 // Callback for updating data use prefs should be obtained on UI thread. |
| 392 metrics_data_use_forwarder_ = | 396 metrics_data_use_forwarder_ = |
| 393 g_browser_process->metrics_service()->GetDataUseForwardingCallback(); | 397 g_browser_process->metrics_service()->GetDataUseForwardingCallback(); |
| 394 } | 398 } |
| 395 | 399 |
| 400 chrome_browser_net::SetGlobalSTHDistributor( | |
| 401 std::unique_ptr<net::ct::STHDistributor>(new net::ct::STHDistributor())); | |
| 402 | |
| 396 BrowserThread::SetDelegate(BrowserThread::IO, this); | 403 BrowserThread::SetDelegate(BrowserThread::IO, this); |
| 397 } | 404 } |
| 398 | 405 |
| 399 IOThread::~IOThread() { | 406 IOThread::~IOThread() { |
| 400 // This isn't needed for production code, but in tests, IOThread may | 407 // This isn't needed for production code, but in tests, IOThread may |
| 401 // be multiply constructed. | 408 // be multiply constructed. |
| 402 BrowserThread::SetDelegate(BrowserThread::IO, NULL); | 409 BrowserThread::SetDelegate(BrowserThread::IO, NULL); |
| 403 | 410 |
| 404 pref_proxy_config_tracker_->DetachFromPrefService(); | 411 pref_proxy_config_tracker_->DetachFromPrefService(); |
| 405 DCHECK(!globals_); | 412 DCHECK(!globals_); |
| 413 | |
| 414 // Destroy the old distributor to check that the observers list it holds is | |
| 415 // empty. | |
|
Sorin Jianu
2016/05/25 17:54:45
As a casual code reader, I wonder how does the cod
Eran Messeri
2016/05/26 09:51:21
My bad, this was broken off to https://codereview.
| |
| 416 chrome_browser_net::SetGlobalSTHDistributor(nullptr); | |
| 406 } | 417 } |
| 407 | 418 |
| 408 IOThread::Globals* IOThread::globals() { | 419 IOThread::Globals* IOThread::globals() { |
| 409 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 420 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 410 return globals_; | 421 return globals_; |
| 411 } | 422 } |
| 412 | 423 |
| 413 void IOThread::SetGlobalsForTesting(Globals* globals) { | 424 void IOThread::SetGlobalsForTesting(Globals* globals) { |
| 414 DCHECK_CURRENTLY_ON(BrowserThread::IO); | 425 DCHECK_CURRENTLY_ON(BrowserThread::IO); |
| 415 DCHECK(!globals || !globals_); | 426 DCHECK(!globals || !globals_); |
| (...skipping 184 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 600 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 611 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 601 // is fixed. | 612 // is fixed. |
| 602 tracked_objects::ScopedTracker tracking_profile7( | 613 tracked_objects::ScopedTracker tracking_profile7( |
| 603 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 614 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 604 "466432 IOThread::InitAsync::CreateMultiLogVerifier")); | 615 "466432 IOThread::InitAsync::CreateMultiLogVerifier")); |
| 605 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); | 616 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); |
| 606 globals_->cert_transparency_verifier.reset(ct_verifier); | 617 globals_->cert_transparency_verifier.reset(ct_verifier); |
| 607 // Add built-in logs | 618 // Add built-in logs |
| 608 ct_verifier->AddLogs(globals_->ct_logs); | 619 ct_verifier->AddLogs(globals_->ct_logs); |
| 609 | 620 |
| 621 ct_tree_tracker_.reset( | |
| 622 new certificate_transparency::TreeStateTracker(globals_->ct_logs)); | |
| 623 // Register the ct_tree_tracker_ as observer for new STHs. | |
| 624 RegisterSTHObserver(ct_tree_tracker_.get()); | |
| 625 // Register the ct_tree_tracker_ as observer for verified SCTs. | |
| 626 globals_->cert_transparency_verifier->SetObserver(ct_tree_tracker_.get()); | |
| 627 | |
| 610 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 | 628 // TODO(erikchen): Remove ScopedTracker below once http://crbug.com/466432 |
| 611 // is fixed. | 629 // is fixed. |
| 612 tracked_objects::ScopedTracker tracking_profile10( | 630 tracked_objects::ScopedTracker tracking_profile10( |
| 613 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 631 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 614 "466432 IOThread::InitAsync::CTPolicyEnforcer")); | 632 "466432 IOThread::InitAsync::CTPolicyEnforcer")); |
| 615 globals_->ct_policy_enforcer.reset(new net::CTPolicyEnforcer()); | 633 globals_->ct_policy_enforcer.reset(new net::CTPolicyEnforcer()); |
| 616 params_.ct_policy_enforcer = globals_->ct_policy_enforcer.get(); | 634 params_.ct_policy_enforcer = globals_->ct_policy_enforcer.get(); |
| 617 | 635 |
| 618 globals_->ssl_config_service = GetSSLConfigService(); | 636 globals_->ssl_config_service = GetSSLConfigService(); |
| 619 | 637 |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 759 | 777 |
| 760 void IOThread::CleanUp() { | 778 void IOThread::CleanUp() { |
| 761 base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); | 779 base::debug::LeakTracker<SafeBrowsingURLRequestContext>::CheckForLeaks(); |
| 762 | 780 |
| 763 #if defined(USE_NSS_CERTS) | 781 #if defined(USE_NSS_CERTS) |
| 764 net::ShutdownNSSHttpIO(); | 782 net::ShutdownNSSHttpIO(); |
| 765 #endif | 783 #endif |
| 766 | 784 |
| 767 system_url_request_context_getter_ = NULL; | 785 system_url_request_context_getter_ = NULL; |
| 768 | 786 |
| 787 // Unlink the ct_tree_tracker_ from the global cert_transparency_verifier | |
| 788 // and unregister it from new STH notifications so it will take no actions | |
| 789 // on anything observed during CleanUp process. | |
| 790 globals()->cert_transparency_verifier->SetObserver(nullptr); | |
| 791 UnregisterSTHObserver(ct_tree_tracker_.get()); | |
| 792 | |
| 793 ct_tree_tracker_.reset(); | |
| 794 | |
| 769 // Release objects that the net::URLRequestContext could have been pointing | 795 // Release objects that the net::URLRequestContext could have been pointing |
| 770 // to. | 796 // to. |
| 771 | 797 |
| 772 // Shutdown the HistogramWatcher on the IO thread. | 798 // Shutdown the HistogramWatcher on the IO thread. |
| 773 net::NetworkChangeNotifier::ShutdownHistogramWatcher(); | 799 net::NetworkChangeNotifier::ShutdownHistogramWatcher(); |
| 774 | 800 |
| 775 // This must be reset before the ChromeNetLog is destroyed. | 801 // This must be reset before the ChromeNetLog is destroyed. |
| 776 network_change_observer_.reset(); | 802 network_change_observer_.reset(); |
| 777 | 803 |
| 778 system_proxy_config_service_.reset(); | 804 system_proxy_config_service_.reset(); |
| (...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 910 quick_check_enabled_.GetValue()); | 936 quick_check_enabled_.GetValue()); |
| 911 | 937 |
| 912 globals_->system_request_context.reset( | 938 globals_->system_request_context.reset( |
| 913 ConstructSystemRequestContext(globals_, params_, net_log_)); | 939 ConstructSystemRequestContext(globals_, params_, net_log_)); |
| 914 } | 940 } |
| 915 | 941 |
| 916 void IOThread::UpdateDnsClientEnabled() { | 942 void IOThread::UpdateDnsClientEnabled() { |
| 917 globals()->host_resolver->SetDnsClientEnabled(*dns_client_enabled_); | 943 globals()->host_resolver->SetDnsClientEnabled(*dns_client_enabled_); |
| 918 } | 944 } |
| 919 | 945 |
| 946 void IOThread::RegisterSTHObserver(net::ct::STHObserver* observer) { | |
| 947 chrome_browser_net::GetGlobalSTHDistributor()->RegisterObserver(observer); | |
| 948 } | |
| 949 | |
| 950 void IOThread::UnregisterSTHObserver(net::ct::STHObserver* observer) { | |
| 951 chrome_browser_net::GetGlobalSTHDistributor()->UnregisterObserver(observer); | |
| 952 } | |
| 953 | |
| 920 // static | 954 // static |
| 921 net::URLRequestContext* IOThread::ConstructSystemRequestContext( | 955 net::URLRequestContext* IOThread::ConstructSystemRequestContext( |
| 922 IOThread::Globals* globals, | 956 IOThread::Globals* globals, |
| 923 const net::HttpNetworkSession::Params& params, | 957 const net::HttpNetworkSession::Params& params, |
| 924 net::NetLog* net_log) { | 958 net::NetLog* net_log) { |
| 925 net::URLRequestContext* context = new SystemURLRequestContext; | 959 net::URLRequestContext* context = new SystemURLRequestContext; |
| 926 context->set_net_log(net_log); | 960 context->set_net_log(net_log); |
| 927 context->set_host_resolver(globals->host_resolver.get()); | 961 context->set_host_resolver(globals->host_resolver.get()); |
| 928 context->set_cert_verifier(globals->cert_verifier.get()); | 962 context->set_cert_verifier(globals->cert_verifier.get()); |
| 929 context->set_transport_security_state( | 963 context->set_transport_security_state( |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1055 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 1089 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
| 1056 // system URLRequestContext too. There's no reason this should be tied to a | 1090 // system URLRequestContext too. There's no reason this should be tied to a |
| 1057 // profile. | 1091 // profile. |
| 1058 return context; | 1092 return context; |
| 1059 } | 1093 } |
| 1060 | 1094 |
| 1061 const metrics::UpdateUsagePrefCallbackType& | 1095 const metrics::UpdateUsagePrefCallbackType& |
| 1062 IOThread::GetMetricsDataUseForwarder() { | 1096 IOThread::GetMetricsDataUseForwarder() { |
| 1063 return metrics_data_use_forwarder_; | 1097 return metrics_data_use_forwarder_; |
| 1064 } | 1098 } |
| OLD | NEW |
