| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/web_url_loader_impl.h" | 5 #include "content/child/web_url_loader_impl.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 #include "content/child/ftp_directory_listing_response_delegate.h" | 26 #include "content/child/ftp_directory_listing_response_delegate.h" |
| 27 #include "content/child/request_extra_data.h" | 27 #include "content/child/request_extra_data.h" |
| 28 #include "content/child/request_info.h" | 28 #include "content/child/request_info.h" |
| 29 #include "content/child/resource_dispatcher.h" | 29 #include "content/child/resource_dispatcher.h" |
| 30 #include "content/child/shared_memory_data_consumer_handle.h" | 30 #include "content/child/shared_memory_data_consumer_handle.h" |
| 31 #include "content/child/sync_load_response.h" | 31 #include "content/child/sync_load_response.h" |
| 32 #include "content/child/web_url_request_util.h" | 32 #include "content/child/web_url_request_util.h" |
| 33 #include "content/child/weburlresponse_extradata_impl.h" | 33 #include "content/child/weburlresponse_extradata_impl.h" |
| 34 #include "content/common/resource_messages.h" | 34 #include "content/common/resource_messages.h" |
| 35 #include "content/common/resource_request_body_impl.h" | 35 #include "content/common/resource_request_body_impl.h" |
| 36 #include "content/common/security_style_util.h" |
| 36 #include "content/common/service_worker/service_worker_types.h" | 37 #include "content/common/service_worker/service_worker_types.h" |
| 37 #include "content/common/ssl_status_serialization.h" | |
| 38 #include "content/common/url_loader.mojom.h" | 38 #include "content/common/url_loader.mojom.h" |
| 39 #include "content/public/child/fixed_received_data.h" | 39 #include "content/public/child/fixed_received_data.h" |
| 40 #include "content/public/child/request_peer.h" | 40 #include "content/public/child/request_peer.h" |
| 41 #include "content/public/common/browser_side_navigation_policy.h" | 41 #include "content/public/common/browser_side_navigation_policy.h" |
| 42 #include "content/public/common/ssl_status.h" | 42 #include "content/public/common/ssl_status.h" |
| 43 #include "net/base/data_url.h" | 43 #include "net/base/data_url.h" |
| 44 #include "net/base/filename_util.h" | 44 #include "net/base/filename_util.h" |
| 45 #include "net/base/net_errors.h" | 45 #include "net/base/net_errors.h" |
| 46 #include "net/cert/cert_status_flags.h" | 46 #include "net/cert/cert_status_flags.h" |
| 47 #include "net/cert/ct_sct_to_string.h" | 47 #include "net/cert/ct_sct_to_string.h" |
| 48 #include "net/cert/x509_util.h" |
| 48 #include "net/http/http_response_headers.h" | 49 #include "net/http/http_response_headers.h" |
| 49 #include "net/http/http_util.h" | 50 #include "net/http/http_util.h" |
| 50 #include "net/ssl/ssl_cipher_suite_names.h" | 51 #include "net/ssl/ssl_cipher_suite_names.h" |
| 51 #include "net/ssl/ssl_connection_status_flags.h" | 52 #include "net/ssl/ssl_connection_status_flags.h" |
| 52 #include "net/url_request/url_request_data_job.h" | 53 #include "net/url_request/url_request_data_job.h" |
| 53 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" | 54 #include "third_party/WebKit/public/platform/WebHTTPLoadInfo.h" |
| 54 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" | 55 #include "third_party/WebKit/public/platform/WebSecurityOrigin.h" |
| 55 #include "third_party/WebKit/public/platform/WebTaskRunner.h" | 56 #include "third_party/WebKit/public/platform/WebTaskRunner.h" |
| 56 #include "third_party/WebKit/public/platform/WebURL.h" | 57 #include "third_party/WebKit/public/platform/WebURL.h" |
| 57 #include "third_party/WebKit/public/platform/WebURLError.h" | 58 #include "third_party/WebKit/public/platform/WebURLError.h" |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 217 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 218 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 218 return; | 219 return; |
| 219 } | 220 } |
| 220 if (!url.SchemeIsCryptographic()) { | 221 if (!url.SchemeIsCryptographic()) { |
| 221 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); | 222 response->setSecurityStyle(WebURLResponse::SecurityStyleUnauthenticated); |
| 222 return; | 223 return; |
| 223 } | 224 } |
| 224 | 225 |
| 225 // There are cases where an HTTPS request can come in without security | 226 // There are cases where an HTTPS request can come in without security |
| 226 // info attached (such as a redirect response). | 227 // info attached (such as a redirect response). |
| 227 const std::string& security_info = info.security_info; | 228 if (info.certificate.empty()) { |
| 228 if (security_info.empty()) { | |
| 229 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | 229 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 230 return; | 230 return; |
| 231 } | 231 } |
| 232 | 232 |
| 233 SSLStatus ssl_status; | |
| 234 if (!DeserializeSecurityInfo(security_info, &ssl_status)) { | |
| 235 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); | |
| 236 DLOG(ERROR) | |
| 237 << "DeserializeSecurityInfo() failed for an authenticated request."; | |
| 238 return; | |
| 239 } | |
| 240 | |
| 241 int ssl_version = | 233 int ssl_version = |
| 242 net::SSLConnectionStatusToVersion(ssl_status.connection_status); | 234 net::SSLConnectionStatusToVersion(info.ssl_connection_status); |
| 243 const char* protocol; | 235 const char* protocol; |
| 244 net::SSLVersionToString(&protocol, ssl_version); | 236 net::SSLVersionToString(&protocol, ssl_version); |
| 245 | 237 |
| 246 const char* key_exchange; | 238 const char* key_exchange; |
| 247 const char* cipher; | 239 const char* cipher; |
| 248 const char* mac; | 240 const char* mac; |
| 249 bool is_aead; | 241 bool is_aead; |
| 250 uint16_t cipher_suite = | 242 uint16_t cipher_suite = |
| 251 net::SSLConnectionStatusToCipherSuite(ssl_status.connection_status); | 243 net::SSLConnectionStatusToCipherSuite(info.ssl_connection_status); |
| 252 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, | 244 net::SSLCipherSuiteToStrings(&key_exchange, &cipher, &mac, &is_aead, |
| 253 cipher_suite); | 245 cipher_suite); |
| 254 if (mac == NULL) { | 246 if (mac == NULL) { |
| 255 DCHECK(is_aead); | 247 DCHECK(is_aead); |
| 256 mac = ""; | 248 mac = ""; |
| 257 } | 249 } |
| 258 | 250 |
| 259 blink::WebURLResponse::SecurityStyle securityStyle = | 251 SecurityStyle security_style = GetSecurityStyleForResource( |
| 252 url, true, info.cert_status); |
| 253 |
| 254 blink::WebURLResponse::SecurityStyle security_style_blink = |
| 260 WebURLResponse::SecurityStyleUnknown; | 255 WebURLResponse::SecurityStyleUnknown; |
| 261 switch (ssl_status.security_style) { | 256 switch (security_style) { |
| 262 case SECURITY_STYLE_UNKNOWN: | 257 case SECURITY_STYLE_UNKNOWN: |
| 263 securityStyle = WebURLResponse::SecurityStyleUnknown; | 258 security_style_blink = WebURLResponse::SecurityStyleUnknown; |
| 264 break; | 259 break; |
| 265 case SECURITY_STYLE_UNAUTHENTICATED: | 260 case SECURITY_STYLE_UNAUTHENTICATED: |
| 266 securityStyle = WebURLResponse::SecurityStyleUnauthenticated; | 261 security_style_blink = WebURLResponse::SecurityStyleUnauthenticated; |
| 267 break; | 262 break; |
| 268 case SECURITY_STYLE_AUTHENTICATION_BROKEN: | 263 case SECURITY_STYLE_AUTHENTICATION_BROKEN: |
| 269 securityStyle = WebURLResponse::SecurityStyleAuthenticationBroken; | 264 security_style_blink = WebURLResponse::SecurityStyleAuthenticationBroken; |
| 270 break; | 265 break; |
| 271 case SECURITY_STYLE_WARNING: | 266 case SECURITY_STYLE_WARNING: |
| 272 securityStyle = WebURLResponse::SecurityStyleWarning; | 267 security_style_blink = WebURLResponse::SecurityStyleWarning; |
| 273 break; | 268 break; |
| 274 case SECURITY_STYLE_AUTHENTICATED: | 269 case SECURITY_STYLE_AUTHENTICATED: |
| 275 securityStyle = WebURLResponse::SecurityStyleAuthenticated; | 270 security_style_blink = WebURLResponse::SecurityStyleAuthenticated; |
| 276 break; | 271 break; |
| 277 } | 272 } |
| 278 | 273 |
| 279 response->setSecurityStyle(securityStyle); | 274 response->setSecurityStyle(security_style_blink); |
| 280 | 275 |
| 281 blink::WebURLResponse::SignedCertificateTimestampList sct_list( | 276 blink::WebURLResponse::SignedCertificateTimestampList sct_list( |
| 282 info.signed_certificate_timestamps.size()); | 277 info.signed_certificate_timestamps.size()); |
| 283 | 278 |
| 284 for (size_t i = 0; i < sct_list.size(); ++i) | 279 for (size_t i = 0; i < sct_list.size(); ++i) |
| 285 sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]); | 280 sct_list[i] = NetSCTToBlinkSCT(info.signed_certificate_timestamps[i]); |
| 286 | 281 |
| 282 std::string subject, issuer; |
| 283 base::Time valid_start, valid_expiry; |
| 284 std::vector<std::string> san; |
| 285 bool rv = net::x509_util::ParseCertificateSandboxed( |
| 286 info.certificate[0], &subject, &issuer, &valid_start, &valid_expiry, &san, |
| 287 &san); |
| 288 if (!rv) { |
| 289 NOTREACHED(); |
| 290 response->setSecurityStyle(WebURLResponse::SecurityStyleUnknown); |
| 291 return; |
| 292 } |
| 293 |
| 294 blink::WebVector<blink::WebString> web_san(san.size()); |
| 295 std::transform( |
| 296 san.begin(), |
| 297 san.end(), web_san.begin(), |
| 298 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); |
| 299 |
| 300 blink::WebVector<blink::WebString> web_cert(info.certificate.size()); |
| 301 std::transform( |
| 302 info.certificate.begin(), |
| 303 info.certificate.end(), web_cert.begin(), |
| 304 [](const std::string& h) { return blink::WebString::fromLatin1(h); }); |
| 305 |
| 287 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( | 306 blink::WebURLResponse::WebSecurityDetails webSecurityDetails( |
| 288 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), | 307 WebString::fromUTF8(protocol), WebString::fromUTF8(key_exchange), |
| 289 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), ssl_status.cert_id, | 308 WebString::fromUTF8(cipher), WebString::fromUTF8(mac), |
| 309 WebString::fromUTF8(subject), |
| 310 web_san, |
| 311 WebString::fromUTF8(issuer), |
| 312 valid_start.ToDoubleT(), |
| 313 valid_expiry.ToDoubleT(), |
| 314 web_cert, |
| 290 sct_list); | 315 sct_list); |
| 291 | 316 |
| 292 response->setSecurityDetails(webSecurityDetails); | 317 response->setSecurityDetails(webSecurityDetails); |
| 293 } | 318 } |
| 294 | 319 |
| 295 } // namespace | 320 } // namespace |
| 296 | 321 |
| 297 // This inner class exists since the WebURLLoader may be deleted while inside a | 322 // This inner class exists since the WebURLLoader may be deleted while inside a |
| 298 // call to WebURLLoaderClient. Refcounting is to keep the context from being | 323 // call to WebURLLoaderClient. Refcounting is to keep the context from being |
| 299 // deleted if it may have work to do after calling into the client. | 324 // deleted if it may have work to do after calling into the client. |
| (...skipping 913 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1213 response->clearHTTPHeaderField(webStringName); | 1238 response->clearHTTPHeaderField(webStringName); |
| 1214 while (response_headers->EnumerateHeader(&iterator, name, &value)) { | 1239 while (response_headers->EnumerateHeader(&iterator, name, &value)) { |
| 1215 response->addHTTPHeaderField(webStringName, | 1240 response->addHTTPHeaderField(webStringName, |
| 1216 WebString::fromLatin1(value)); | 1241 WebString::fromLatin1(value)); |
| 1217 } | 1242 } |
| 1218 } | 1243 } |
| 1219 return true; | 1244 return true; |
| 1220 } | 1245 } |
| 1221 | 1246 |
| 1222 } // namespace content | 1247 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2296953004:
Send certificates to devtools when it's open instead of using certId (Closed)
