| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" |
| 9 #include "base/bind.h" | 10 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
| 11 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 12 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
| 13 #include "base/debug/leak_tracker.h" | 14 #include "base/debug/leak_tracker.h" |
| 14 #include "base/debug/trace_event.h" | 15 #include "base/debug/trace_event.h" |
| 15 #include "base/logging.h" | 16 #include "base/logging.h" |
| 16 #include "base/metrics/field_trial.h" | 17 #include "base/metrics/field_trial.h" |
| 17 #include "base/prefs/pref_registry_simple.h" | 18 #include "base/prefs/pref_registry_simple.h" |
| 18 #include "base/prefs/pref_service.h" | 19 #include "base/prefs/pref_service.h" |
| (...skipping 24 matching lines...) Expand all Loading... |
| 43 #include "chrome/browser/policy/policy_service.h" | 44 #include "chrome/browser/policy/policy_service.h" |
| 44 #include "chrome/common/chrome_switches.h" | 45 #include "chrome/common/chrome_switches.h" |
| 45 #include "chrome/common/pref_names.h" | 46 #include "chrome/common/pref_names.h" |
| 46 #include "chrome/common/url_constants.h" | 47 #include "chrome/common/url_constants.h" |
| 47 #include "content/public/browser/browser_thread.h" | 48 #include "content/public/browser/browser_thread.h" |
| 48 #include "net/base/host_mapping_rules.h" | 49 #include "net/base/host_mapping_rules.h" |
| 49 #include "net/base/net_util.h" | 50 #include "net/base/net_util.h" |
| 50 #include "net/base/network_time_notifier.h" | 51 #include "net/base/network_time_notifier.h" |
| 51 #include "net/base/sdch_manager.h" | 52 #include "net/base/sdch_manager.h" |
| 52 #include "net/cert/cert_verifier.h" | 53 #include "net/cert/cert_verifier.h" |
| 54 #include "net/cert/ct_verifier.h" |
| 53 #include "net/cookies/cookie_monster.h" | 55 #include "net/cookies/cookie_monster.h" |
| 54 #include "net/dns/host_cache.h" | 56 #include "net/dns/host_cache.h" |
| 55 #include "net/dns/host_resolver.h" | 57 #include "net/dns/host_resolver.h" |
| 56 #include "net/dns/mapped_host_resolver.h" | 58 #include "net/dns/mapped_host_resolver.h" |
| 57 #include "net/ftp/ftp_network_layer.h" | 59 #include "net/ftp/ftp_network_layer.h" |
| 58 #include "net/http/http_auth_filter.h" | 60 #include "net/http/http_auth_filter.h" |
| 59 #include "net/http/http_auth_handler_factory.h" | 61 #include "net/http/http_auth_handler_factory.h" |
| 60 #include "net/http/http_network_layer.h" | 62 #include "net/http/http_network_layer.h" |
| 61 #include "net/http/http_server_properties_impl.h" | 63 #include "net/http/http_server_properties_impl.h" |
| 62 #include "net/proxy/proxy_config_service.h" | 64 #include "net/proxy/proxy_config_service.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 75 #include "net/websockets/websocket_job.h" | 77 #include "net/websockets/websocket_job.h" |
| 76 | 78 |
| 77 #if defined(OS_WIN) | 79 #if defined(OS_WIN) |
| 78 #include "win8/util/win8_util.h" | 80 #include "win8/util/win8_util.h" |
| 79 #endif | 81 #endif |
| 80 | 82 |
| 81 #if defined(ENABLE_CONFIGURATION_POLICY) | 83 #if defined(ENABLE_CONFIGURATION_POLICY) |
| 82 #include "policy/policy_constants.h" | 84 #include "policy/policy_constants.h" |
| 83 #endif | 85 #endif |
| 84 | 86 |
| 87 #if !defined(USE_OPENSSL) |
| 88 #include "net/cert/ct_log_verifier.h" |
| 89 #include "net/cert/single_log_ct_verifier.h" |
| 90 #else |
| 91 #error "This Chromium build will not support Certificate Transparency." |
| 92 #endif |
| 93 |
| 85 #if defined(USE_NSS) || defined(OS_IOS) | 94 #if defined(USE_NSS) || defined(OS_IOS) |
| 86 #include "net/ocsp/nss_ocsp.h" | 95 #include "net/ocsp/nss_ocsp.h" |
| 87 #endif | 96 #endif |
| 88 | 97 |
| 89 #if !defined(OS_IOS) && !defined(OS_ANDROID) | 98 #if !defined(OS_IOS) && !defined(OS_ANDROID) |
| 90 #include "net/proxy/proxy_resolver_v8.h" | 99 #include "net/proxy/proxy_resolver_v8.h" |
| 91 #endif | 100 #endif |
| 92 | 101 |
| 93 #if defined(OS_ANDROID) || defined(OS_IOS) | 102 #if defined(OS_ANDROID) || defined(OS_IOS) |
| 94 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" | 103 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 197 // See IOThread::Globals for details. | 206 // See IOThread::Globals for details. |
| 198 net::URLRequestContext* | 207 net::URLRequestContext* |
| 199 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, | 208 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, |
| 200 net::NetLog* net_log) { | 209 net::NetLog* net_log) { |
| 201 net::URLRequestContext* context = new net::URLRequestContext; | 210 net::URLRequestContext* context = new net::URLRequestContext; |
| 202 context->set_net_log(net_log); | 211 context->set_net_log(net_log); |
| 203 context->set_host_resolver(globals->host_resolver.get()); | 212 context->set_host_resolver(globals->host_resolver.get()); |
| 204 context->set_cert_verifier(globals->cert_verifier.get()); | 213 context->set_cert_verifier(globals->cert_verifier.get()); |
| 205 context->set_transport_security_state( | 214 context->set_transport_security_state( |
| 206 globals->transport_security_state.get()); | 215 globals->transport_security_state.get()); |
| 216 context->set_cert_transparency_verifier( |
| 217 globals->cert_transparency_verifier.get()); |
| 207 context->set_http_auth_handler_factory( | 218 context->set_http_auth_handler_factory( |
| 208 globals->http_auth_handler_factory.get()); | 219 globals->http_auth_handler_factory.get()); |
| 209 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); | 220 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); |
| 210 context->set_http_transaction_factory( | 221 context->set_http_transaction_factory( |
| 211 globals->proxy_script_fetcher_http_transaction_factory.get()); | 222 globals->proxy_script_fetcher_http_transaction_factory.get()); |
| 212 context->set_job_factory( | 223 context->set_job_factory( |
| 213 globals->proxy_script_fetcher_url_request_job_factory.get()); | 224 globals->proxy_script_fetcher_url_request_job_factory.get()); |
| 214 context->set_cookie_store(globals->system_cookie_store.get()); | 225 context->set_cookie_store(globals->system_cookie_store.get()); |
| 215 context->set_server_bound_cert_service( | 226 context->set_server_bound_cert_service( |
| 216 globals->system_server_bound_cert_service.get()); | 227 globals->system_server_bound_cert_service.get()); |
| 217 context->set_network_delegate(globals->system_network_delegate.get()); | 228 context->set_network_delegate(globals->system_network_delegate.get()); |
| 218 context->set_http_user_agent_settings( | 229 context->set_http_user_agent_settings( |
| 219 globals->http_user_agent_settings.get()); | 230 globals->http_user_agent_settings.get()); |
| 220 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 231 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
| 221 // system URLRequestContext too. There's no reason this should be tied to a | 232 // system URLRequestContext too. There's no reason this should be tied to a |
| 222 // profile. | 233 // profile. |
| 223 return context; | 234 return context; |
| 224 } | 235 } |
| 225 | 236 |
| 226 net::URLRequestContext* | 237 net::URLRequestContext* |
| 227 ConstructSystemRequestContext(IOThread::Globals* globals, | 238 ConstructSystemRequestContext(IOThread::Globals* globals, |
| 228 net::NetLog* net_log) { | 239 net::NetLog* net_log) { |
| 229 net::URLRequestContext* context = new SystemURLRequestContext; | 240 net::URLRequestContext* context = new SystemURLRequestContext; |
| 230 context->set_net_log(net_log); | 241 context->set_net_log(net_log); |
| 231 context->set_host_resolver(globals->host_resolver.get()); | 242 context->set_host_resolver(globals->host_resolver.get()); |
| 232 context->set_cert_verifier(globals->cert_verifier.get()); | 243 context->set_cert_verifier(globals->cert_verifier.get()); |
| 233 context->set_transport_security_state( | 244 context->set_transport_security_state( |
| 234 globals->transport_security_state.get()); | 245 globals->transport_security_state.get()); |
| 246 context->set_cert_transparency_verifier( |
| 247 globals->cert_transparency_verifier.get()); |
| 235 context->set_http_auth_handler_factory( | 248 context->set_http_auth_handler_factory( |
| 236 globals->http_auth_handler_factory.get()); | 249 globals->http_auth_handler_factory.get()); |
| 237 context->set_proxy_service(globals->system_proxy_service.get()); | 250 context->set_proxy_service(globals->system_proxy_service.get()); |
| 238 context->set_http_transaction_factory( | 251 context->set_http_transaction_factory( |
| 239 globals->system_http_transaction_factory.get()); | 252 globals->system_http_transaction_factory.get()); |
| 240 context->set_cookie_store(globals->system_cookie_store.get()); | 253 context->set_cookie_store(globals->system_cookie_store.get()); |
| 241 context->set_server_bound_cert_service( | 254 context->set_server_bound_cert_service( |
| 242 globals->system_server_bound_cert_service.get()); | 255 globals->system_server_bound_cert_service.get()); |
| 243 context->set_throttler_manager(globals->throttler_manager.get()); | 256 context->set_throttler_manager(globals->throttler_manager.get()); |
| 244 context->set_network_delegate(globals->system_network_delegate.get()); | 257 context->set_network_delegate(globals->system_network_delegate.get()); |
| (...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 527 UpdateDnsClientEnabled(); | 540 UpdateDnsClientEnabled(); |
| 528 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); | 541 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); |
| 529 globals_->transport_security_state.reset(new net::TransportSecurityState()); | 542 globals_->transport_security_state.reset(new net::TransportSecurityState()); |
| 530 globals_->ssl_config_service = GetSSLConfigService(); | 543 globals_->ssl_config_service = GetSSLConfigService(); |
| 531 #if defined(OS_ANDROID) || defined(OS_IOS) | 544 #if defined(OS_ANDROID) || defined(OS_IOS) |
| 532 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { | 545 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { |
| 533 spdyproxy_auth_origins_ = | 546 spdyproxy_auth_origins_ = |
| 534 DataReductionProxySettings::GetDataReductionProxies(); | 547 DataReductionProxySettings::GetDataReductionProxies(); |
| 535 } | 548 } |
| 536 #endif // defined(OS_ANDROID) || defined(OS_IOS) | 549 #endif // defined(OS_ANDROID) || defined(OS_IOS) |
| 550 #if !defined(USE_OPENSSL) |
| 551 if (command_line.HasSwitch(switches::kEnableCertificateTransparency)) { |
| 552 std::string switch_value = command_line.GetSwitchValueASCII( |
| 553 switches::kEnableCertificateTransparency); |
| 554 size_t delim_pos = switch_value.find(":"); |
| 555 if (delim_pos == std::string::npos) { |
| 556 LOG(DFATAL) << "CT log description not provided (switch format" << |
| 557 " is 'description:base64_key')"; |
| 558 } |
| 559 std::string log_description(switch_value.substr(0, delim_pos)); |
| 560 std::string ct_public_key_data; |
| 561 LOG(INFO) << "Log's public key supplied."; |
| 562 if (!base::Base64Decode(switch_value.substr(delim_pos + 1), |
| 563 &ct_public_key_data)) { |
| 564 LOG(DFATAL) << "Unable to decode CT public key."; |
| 565 } else { |
| 566 LOG(INFO) << "Log's public key decoded."; |
| 567 scoped_ptr<net::CTLogVerifier> google_log_verifier( |
| 568 net::CTLogVerifier::Create(ct_public_key_data, log_description)); |
| 569 if (!google_log_verifier) { |
| 570 LOG(DFATAL) << "Unable to parse CT public key."; |
| 571 } else { |
| 572 LOG(INFO) << "Log's public key parsed."; |
| 573 globals_->cert_transparency_verifier.reset( |
| 574 new net::SingleLogCTVerifier(google_log_verifier.Pass())); |
| 575 } |
| 576 } |
| 577 } |
| 578 #endif |
| 537 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( | 579 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( |
| 538 globals_->host_resolver.get())); | 580 globals_->host_resolver.get())); |
| 539 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 581 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
| 540 // For the ProxyScriptFetcher, we use a direct ProxyService. | 582 // For the ProxyScriptFetcher, we use a direct ProxyService. |
| 541 globals_->proxy_script_fetcher_proxy_service.reset( | 583 globals_->proxy_script_fetcher_proxy_service.reset( |
| 542 net::ProxyService::CreateDirectWithNetLog(net_log_)); | 584 net::ProxyService::CreateDirectWithNetLog(net_log_)); |
| 543 // In-memory cookie store. | 585 // In-memory cookie store. |
| 544 globals_->system_cookie_store = new net::CookieMonster(NULL, NULL); | 586 globals_->system_cookie_store = new net::CookieMonster(NULL, NULL); |
| 545 // In-memory server bound cert store. | 587 // In-memory server bound cert store. |
| 546 globals_->system_server_bound_cert_service.reset( | 588 globals_->system_server_bound_cert_service.reset( |
| (...skipping 484 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1031 if (command_line.HasSwitch(switches::kDisableQuicHttps)) | 1073 if (command_line.HasSwitch(switches::kDisableQuicHttps)) |
| 1032 return false; | 1074 return false; |
| 1033 | 1075 |
| 1034 if (command_line.HasSwitch(switches::kEnableQuicHttps)) | 1076 if (command_line.HasSwitch(switches::kEnableQuicHttps)) |
| 1035 return true; | 1077 return true; |
| 1036 | 1078 |
| 1037 // HTTPS over QUIC should only be enabled if we are in the https | 1079 // HTTPS over QUIC should only be enabled if we are in the https |
| 1038 // field trial group. | 1080 // field trial group. |
| 1039 return quic_trial_group == kQuicFieldTrialHttpsEnabledGroupName; | 1081 return quic_trial_group == kQuicFieldTrialHttpsEnabledGroupName; |
| 1040 } | 1082 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27026002:
CT: Adding preliminary Certificate Transparency support to Chromium.
Base URL: svn://svn.chromium.org/chrome/trunk/src