Chromium Code Reviews Chromium Code Reviews
Issue 2296953004:
Send certificates to devtools when it's open instead of using certId (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/web_url_loader_impl.h" | 5 #include "content/child/web_url_loader_impl.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 26 #include "content/child/ftp_directory_listing_response_delegate.h" | 26 #include "content/child/ftp_directory_listing_response_delegate.h" |
| 27 #include "content/child/request_extra_data.h" | 27 #include "content/child/request_extra_data.h" |
| 28 #include "content/child/request_info.h" | 28 #include "content/child/request_info.h" |
| 29 #include "content/child/resource_dispatcher.h" | 29 #include "content/child/resource_dispatcher.h" |
| 30 #include "content/child/shared_memory_data_consumer_handle.h" | 30 #include "content/child/shared_memory_data_consumer_handle.h" |
| 31 #include "content/child/sync_load_response.h" | 31 #include "content/child/sync_load_response.h" |
| 32 #include "content/child/web_url_request_util.h" | 32 #include "content/child/web_url_request_util.h" |
| 33 #include "content/child/weburlresponse_extradata_impl.h" | 33 #include "content/child/weburlresponse_extradata_impl.h" |
| 34 #include "content/common/resource_messages.h" | 34 #include "content/common/resource_messages.h" |
| 35 #include "content/common/resource_request_body_impl.h" | 35 #include "content/common/resource_request_body_impl.h" |
| 36 #include "content/common/security_style_util.h" | |
| 36 #include "content/common/service_worker/service_worker_types.h" | 37 #include "content/common/service_worker/service_worker_types.h" |
| 37 #include "content/common/ssl_status_serialization.h" | 38 #include "content/common/ssl_status_serialization.h" |
| 38 #include "content/common/url_loader.mojom.h" | 39 #include "content/common/url_loader.mojom.h" |
| 39 #include "content/public/child/fixed_received_data.h" | 40 #include "content/public/child/fixed_received_data.h" |
| 40 #include "content/public/child/request_peer.h" | 41 #include "content/public/child/request_peer.h" |
| 41 #include "content/public/common/browser_side_navigation_policy.h" | 42 #include "content/public/common/browser_side_navigation_policy.h" |
| 42 #include "content/public/common/ssl_status.h" | 43 #include "content/public/common/ssl_status.h" |
| 43 #include "net/base/data_url.h" | 44 #include "net/base/data_url.h" |
| 44 #include "net/base/filename_util.h" | 45 #include "net/base/filename_util.h" |
| 45 #include "net/base/net_errors.h" | 46 #include "net/base/net_errors.h" |
| 46 #include "net/cert/cert_status_flags.h" | 47 #include "net/cert/cert_status_flags.h" |
| 47 #include "net/cert/ct_sct_to_string.h" | 48 #include "net/cert/ct_sct_to_string.h" |
| 49 #include "net/cert/x509_certificate.h" | |
| 48 #include "net/http/http_response_headers.h" | 50 #include "net/http/http_response_headers.h" |
| 49 #include "net/http/http_util.h" | 51 #include "net/http/http_util.h" |
| 50 #include "net/ssl/ssl_cipher_suite_names.h" | 52 #include "net/ssl/ssl_cipher_suite_names.h" |
| 51 #include "net/ssl/ssl_connection_status_flags.h" | 53 #include "net/ssl/ssl_connection_status_flags.h" |
| 52 #include "net/url_request/url_request_data_job.h" | 54 #include "net/url_request/url_request_data_job.h" |
| 53 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" | 55 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" |
| 54 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" | 56 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" |
| 55 #include "third_party/WebKit/public/platform/WebTaskRunner.h" | 57 #include "third_party/WebKit/public/platform/WebTaskRunner.h" |
| 56 #include "third_party/WebKit/public/platform/WebURL.h" | 58 #include "third_party/WebKit/public/platform/WebURL.h" |
| 57 #include "third_party/WebKit/public/platform/WebURLError.h" | 59 #include "third_party/WebKit/public/platform/WebURLError.h" |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 232 | 234 |
| 233 SSLStatus ssl_status; | 235 SSLStatus ssl_status; |
| 234 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { | 236 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { |
| 235 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 237 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 236 DLOG(ERROR) | 238 DLOG(ERROR) |
| 237 << "DeserializeSecurityInfo() failed for an authenticated request."; | 239 << "DeserializeSecurityInfo() failed for an authenticated request."; |
| 238 return; | 240 return; |
| 239 } | 241 } |
| 240 | 242 |
| 241 int ssl_version = | 243 int ssl_version = |
| 242 net::SSLConnectionStatusToVersion(ssl_status.connection_status); | 244 net::SSLConnectionStatusToVersion(info.ssl_connection_status); |
| 243 const char* protocol; | 245 const char* protocol; |
| 244 net::SSLVersionToString(&protocol, ssl_version); | 246 net::SSLVersionToString(&protocol, ssl_version); |
| 245 | 247 |
| 246 const char* key_exchange; | 248 const char* key_exchange; |
| 247 const char* cipher; | 249 const char* cipher; |
| 248 const char* mac; | 250 const char* mac; |
| 249 bool is_aead; | 251 bool is_aead; |
| 250 uint16_t cipher_suite = | 252 uint16_t cipher_suite = |
| 251 net::SSLConnectionStatusToCipherSuite(ssl_status.connection_status); | 253 net::SSLConnectionStatusToCipherSuite(info.ssl_connection_status); |
| 252 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, | 254 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, |
| 253 cipher_suite); | 255 cipher_suite); |
| 254 if (mac == NULL) { | 256 if (mac == NULL) { |
| 255 DCHECK(is_aead); | 257 DCHECK(is_aead); |
| 256 mac = ""; | 258 mac = ""; |
| 257 } | 259 } |
| 258 | 260 |
| 259 blink::WebURLResponse::SecurityStyle securityStyle = | 261 SecurityStyle security_style = GetSecurityStyleForResource( |
|
estark
2016/09/01 00:20:03
Could you instead attach a security style to Resou
jam
2016/09/01 01:14:02
The motivation for the network-service part of thi
| |
| 262 url, !info.certificate.empty(), info.cert_status); | |
| 263 | |
| 264 blink::WebURLResponse::SecurityStyle security_style_blink = | |
| 260 WebURLResponse::SecurityStyleUnknown; | 265 WebURLResponse::SecurityStyleUnknown; |
| 261 switch (ssl_status.security_style) { | 266 switch (security_style) { |
| 262 case SECURITY_STYLE_UNKNOWN: | 267 case SECURITY_STYLE_UNKNOWN: |
| 263 securityStyle = WebURLResponse::SecurityStyleUnknown; | 268 security_style_blink = WebURLResponse::SecurityStyleUnknown; |
| 264 break; | 269 break; |
| 265 case SECURITY_STYLE_UNAUTHENTICATED: | 270 case SECURITY_STYLE_UNAUTHENTICATED: |
| 266 securityStyle = WebURLResponse::SecurityStyleUnauthenticated; | 271 security_style_blink = WebURLResponse::SecurityStyleUnauthenticated; |
| 267 break; | 272 break; |
| 268 case SECURITY_STYLE_AUTHENTICATION_BROKEN: | 273 case SECURITY_STYLE_AUTHENTICATION_BROKEN: |
| 269 securityStyle = WebURLResponse::SecurityStyleAuthenticationBroken; | 274 security_style_blink = WebURLResponse::SecurityStyleAuthenticationBroken; |
| 270 break; | 275 break; |
| 271 case SECURITY_STYLE_WARNING: | 276 case SECURITY_STYLE_WARNING: |
| 272 securityStyle = WebURLResponse::SecurityStyleWarning; | 277 security_style_blink = WebURLResponse::SecurityStyleWarning; |
| 273 break; | 278 break; |
| 274 case SECURITY_STYLE_AUTHENTICATED: | 279 case SECURITY_STYLE_AUTHENTICATED: |
| 275 securityStyle = WebURLResponse::SecurityStyleAuthenticated; | 280 security_style_blink = WebURLResponse::SecurityStyleAuthenticated; |
| 276 break; | 281 break; |
| 277 } | 282 } |
| 278 | 283 |
| 279 response->setSecurityStyle(securityStyle); | 284 response->setSecurityStyle(security_style_blink); |
| 285 | |
| 286 base::Pickle pickle(info.certificate.data(), info.certificate.size()); | |
| 287 base::PickleIterator iterator(pickle); | |
| 288 scoped_refptr<net::X509Certificate> certificate = | |
| 289 net::X509Certificate::CreateFromPickle( | |
| 290 &iterator, | |
| 291 net::X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN_V3); | |
| 292 DCHECK(certificate); | |
| 280 | 293 |
| 281 blink::WebURLResponse::SignedCertificateTimestampList sct_list( | 294 blink::WebURLResponse::SignedCertificateTimestampList sct_list( |
| 282 info.signed_certificate_timestamps.size()); | 295 info.signed_certificate_timestamps.size()); |
| 283 | 296 |
| 284 for (size_t i = 0; i < sct_list.size(); ++i) | 297 for (size_t i = 0; i < sct_list.size(); ++i) |
| 285 sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]); | 298 sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]); |
| 286 | 299 |
| 300 std::vector<std::string> san, ip_addrs; | |
| 301 certificate->GetSubjectAltName(&san, &ip_addrs); | |
| 302 | |
| 303 // IP addresses are in raw network bytes and must be converted to string form | |
| 304 for (const std::string& ip : ip_addrs) { | |
| 305 net::IPAddress ip_addr(reinterpret_cast<const uint8_t*>(ip.c_str()), | |
| 306 ip.length()); | |
| 307 san.push_back(ip_addr.ToString()); | |
| 308 } | |
| 309 | |
| 310 blink::WebVector<blink::WebString> web_san(san.size()); | |
| 311 std::transform( | |
| 312 san.begin(), | |
| 313 san.end(), web_san.begin(), | |
| 314 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); | |
| 315 | |
| 287 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( | 316 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( |
| 288 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), | 317 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), |
| 289 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id, | 318 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), |
| 319 WebString::fromUTF8(certificate->subject().GetDisplayName()), | |
| 320 web_san, | |
| 321 WebString::fromUTF8(certificate->issuer().GetDisplayName()), | |
| 322 certificate->valid_start().ToDoubleT(), | |
| 323 certificate->valid_expiry().ToDoubleT(), | |
| 324 WebString::fromLatin1(info.certificate), | |
| 290 sct_list); | 325 sct_list); |
| 291 | 326 |
| 292 response->setSecurityDetails(webSecurityDetails); | 327 response->setSecurityDetails(webSecurityDetails); |
| 293 } | 328 } |
| 294 | 329 |
| 295 } // namespace | 330 } // namespace |
| 296 | 331 |
| 297 // This inner class exists since the WebURLLoader may be deleted while inside a | 332 // This inner class exists since the WebURLLoader may be deleted while inside a |
| 298 // call to WebURLLoaderClient. Refcounting is to keep the context from being | 333 // call to WebURLLoaderClient. Refcounting is to keep the context from being |
| 299 // deleted if it may have work to do after calling into the client. | 334 // deleted if it may have work to do after calling into the client. |
| (...skipping 913 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1213 response->clearHTTPHeaderField(webStringName); | 1248 response->clearHTTPHeaderField(webStringName); |
| 1214 while (response_headers->EnumerateHeader(&iterator, name, &value)) { | 1249 while (response_headers->EnumerateHeader(&iterator, name, &value)) { |
| 1215 response->addHTTPHeaderField(webStringName, | 1250 response->addHTTPHeaderField(webStringName, |
| 1216 WebString::fromLatin1(value)); | 1251 WebString::fromLatin1(value)); |
| 1217 } | 1252 } |
| 1218 } | 1253 } |
| 1219 return true; | 1254 return true; |
| 1220 } | 1255 } |
| 1221 | 1256 |
| 1222 } // namespace content | 1257 } // namespace content |
| OLD | NEW |
