OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
| 9 #include "base/base64.h" |
9 #include "base/bind.h" | 10 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
11 #include "base/command_line.h" | 12 #include "base/command_line.h" |
12 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
13 #include "base/debug/leak_tracker.h" | 14 #include "base/debug/leak_tracker.h" |
14 #include "base/debug/trace_event.h" | 15 #include "base/debug/trace_event.h" |
15 #include "base/logging.h" | 16 #include "base/logging.h" |
16 #include "base/metrics/field_trial.h" | 17 #include "base/metrics/field_trial.h" |
17 #include "base/prefs/pref_registry_simple.h" | 18 #include "base/prefs/pref_registry_simple.h" |
18 #include "base/prefs/pref_service.h" | 19 #include "base/prefs/pref_service.h" |
(...skipping 24 matching lines...) Expand all Loading... |
43 #include "chrome/browser/policy/policy_service.h" | 44 #include "chrome/browser/policy/policy_service.h" |
44 #include "chrome/common/chrome_switches.h" | 45 #include "chrome/common/chrome_switches.h" |
45 #include "chrome/common/pref_names.h" | 46 #include "chrome/common/pref_names.h" |
46 #include "chrome/common/url_constants.h" | 47 #include "chrome/common/url_constants.h" |
47 #include "content/public/browser/browser_thread.h" | 48 #include "content/public/browser/browser_thread.h" |
48 #include "net/base/host_mapping_rules.h" | 49 #include "net/base/host_mapping_rules.h" |
49 #include "net/base/net_util.h" | 50 #include "net/base/net_util.h" |
50 #include "net/base/network_time_notifier.h" | 51 #include "net/base/network_time_notifier.h" |
51 #include "net/base/sdch_manager.h" | 52 #include "net/base/sdch_manager.h" |
52 #include "net/cert/cert_verifier.h" | 53 #include "net/cert/cert_verifier.h" |
| 54 #include "net/cert/ct_verifier.h" |
53 #include "net/cookies/cookie_monster.h" | 55 #include "net/cookies/cookie_monster.h" |
54 #include "net/dns/host_cache.h" | 56 #include "net/dns/host_cache.h" |
55 #include "net/dns/host_resolver.h" | 57 #include "net/dns/host_resolver.h" |
56 #include "net/dns/mapped_host_resolver.h" | 58 #include "net/dns/mapped_host_resolver.h" |
57 #include "net/ftp/ftp_network_layer.h" | 59 #include "net/ftp/ftp_network_layer.h" |
58 #include "net/http/http_auth_filter.h" | 60 #include "net/http/http_auth_filter.h" |
59 #include "net/http/http_auth_handler_factory.h" | 61 #include "net/http/http_auth_handler_factory.h" |
60 #include "net/http/http_network_layer.h" | 62 #include "net/http/http_network_layer.h" |
61 #include "net/http/http_server_properties_impl.h" | 63 #include "net/http/http_server_properties_impl.h" |
62 #include "net/proxy/proxy_config_service.h" | 64 #include "net/proxy/proxy_config_service.h" |
(...skipping 12 matching lines...) Expand all Loading... |
75 #include "net/websockets/websocket_job.h" | 77 #include "net/websockets/websocket_job.h" |
76 | 78 |
77 #if defined(OS_WIN) | 79 #if defined(OS_WIN) |
78 #include "win8/util/win8_util.h" | 80 #include "win8/util/win8_util.h" |
79 #endif | 81 #endif |
80 | 82 |
81 #if defined(ENABLE_CONFIGURATION_POLICY) | 83 #if defined(ENABLE_CONFIGURATION_POLICY) |
82 #include "policy/policy_constants.h" | 84 #include "policy/policy_constants.h" |
83 #endif | 85 #endif |
84 | 86 |
| 87 #if !defined(USE_OPENSSL) |
| 88 #include "net/cert/ct_log_verifier.h" |
| 89 #include "net/cert/single_log_ct_verifier.h" |
| 90 #else |
| 91 #error "This Chromium build will not support Certificate Transparency." |
| 92 #endif |
| 93 |
85 #if defined(USE_NSS) || defined(OS_IOS) | 94 #if defined(USE_NSS) || defined(OS_IOS) |
86 #include "net/ocsp/nss_ocsp.h" | 95 #include "net/ocsp/nss_ocsp.h" |
87 #endif | 96 #endif |
88 | 97 |
89 #if !defined(OS_IOS) && !defined(OS_ANDROID) | 98 #if !defined(OS_IOS) && !defined(OS_ANDROID) |
90 #include "net/proxy/proxy_resolver_v8.h" | 99 #include "net/proxy/proxy_resolver_v8.h" |
91 #endif | 100 #endif |
92 | 101 |
93 #if defined(OS_ANDROID) || defined(OS_IOS) | 102 #if defined(OS_ANDROID) || defined(OS_IOS) |
94 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" | 103 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
197 // See IOThread::Globals for details. | 206 // See IOThread::Globals for details. |
198 net::URLRequestContext* | 207 net::URLRequestContext* |
199 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, | 208 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, |
200 net::NetLog* net_log) { | 209 net::NetLog* net_log) { |
201 net::URLRequestContext* context = new net::URLRequestContext; | 210 net::URLRequestContext* context = new net::URLRequestContext; |
202 context->set_net_log(net_log); | 211 context->set_net_log(net_log); |
203 context->set_host_resolver(globals->host_resolver.get()); | 212 context->set_host_resolver(globals->host_resolver.get()); |
204 context->set_cert_verifier(globals->cert_verifier.get()); | 213 context->set_cert_verifier(globals->cert_verifier.get()); |
205 context->set_transport_security_state( | 214 context->set_transport_security_state( |
206 globals->transport_security_state.get()); | 215 globals->transport_security_state.get()); |
| 216 context->set_cert_transparency_verifier( |
| 217 globals->cert_transparency_verifier.get()); |
207 context->set_http_auth_handler_factory( | 218 context->set_http_auth_handler_factory( |
208 globals->http_auth_handler_factory.get()); | 219 globals->http_auth_handler_factory.get()); |
209 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); | 220 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); |
210 context->set_http_transaction_factory( | 221 context->set_http_transaction_factory( |
211 globals->proxy_script_fetcher_http_transaction_factory.get()); | 222 globals->proxy_script_fetcher_http_transaction_factory.get()); |
212 context->set_job_factory( | 223 context->set_job_factory( |
213 globals->proxy_script_fetcher_url_request_job_factory.get()); | 224 globals->proxy_script_fetcher_url_request_job_factory.get()); |
214 context->set_cookie_store(globals->system_cookie_store.get()); | 225 context->set_cookie_store(globals->system_cookie_store.get()); |
215 context->set_server_bound_cert_service( | 226 context->set_server_bound_cert_service( |
216 globals->system_server_bound_cert_service.get()); | 227 globals->system_server_bound_cert_service.get()); |
217 context->set_network_delegate(globals->system_network_delegate.get()); | 228 context->set_network_delegate(globals->system_network_delegate.get()); |
218 context->set_http_user_agent_settings( | 229 context->set_http_user_agent_settings( |
219 globals->http_user_agent_settings.get()); | 230 globals->http_user_agent_settings.get()); |
220 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 231 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
221 // system URLRequestContext too. There's no reason this should be tied to a | 232 // system URLRequestContext too. There's no reason this should be tied to a |
222 // profile. | 233 // profile. |
223 return context; | 234 return context; |
224 } | 235 } |
225 | 236 |
226 net::URLRequestContext* | 237 net::URLRequestContext* |
227 ConstructSystemRequestContext(IOThread::Globals* globals, | 238 ConstructSystemRequestContext(IOThread::Globals* globals, |
228 net::NetLog* net_log) { | 239 net::NetLog* net_log) { |
229 net::URLRequestContext* context = new SystemURLRequestContext; | 240 net::URLRequestContext* context = new SystemURLRequestContext; |
230 context->set_net_log(net_log); | 241 context->set_net_log(net_log); |
231 context->set_host_resolver(globals->host_resolver.get()); | 242 context->set_host_resolver(globals->host_resolver.get()); |
232 context->set_cert_verifier(globals->cert_verifier.get()); | 243 context->set_cert_verifier(globals->cert_verifier.get()); |
233 context->set_transport_security_state( | 244 context->set_transport_security_state( |
234 globals->transport_security_state.get()); | 245 globals->transport_security_state.get()); |
| 246 context->set_cert_transparency_verifier( |
| 247 globals->cert_transparency_verifier.get()); |
235 context->set_http_auth_handler_factory( | 248 context->set_http_auth_handler_factory( |
236 globals->http_auth_handler_factory.get()); | 249 globals->http_auth_handler_factory.get()); |
237 context->set_proxy_service(globals->system_proxy_service.get()); | 250 context->set_proxy_service(globals->system_proxy_service.get()); |
238 context->set_http_transaction_factory( | 251 context->set_http_transaction_factory( |
239 globals->system_http_transaction_factory.get()); | 252 globals->system_http_transaction_factory.get()); |
240 context->set_cookie_store(globals->system_cookie_store.get()); | 253 context->set_cookie_store(globals->system_cookie_store.get()); |
241 context->set_server_bound_cert_service( | 254 context->set_server_bound_cert_service( |
242 globals->system_server_bound_cert_service.get()); | 255 globals->system_server_bound_cert_service.get()); |
243 context->set_throttler_manager(globals->throttler_manager.get()); | 256 context->set_throttler_manager(globals->throttler_manager.get()); |
244 context->set_network_delegate(globals->system_network_delegate.get()); | 257 context->set_network_delegate(globals->system_network_delegate.get()); |
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
527 UpdateDnsClientEnabled(); | 540 UpdateDnsClientEnabled(); |
528 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); | 541 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); |
529 globals_->transport_security_state.reset(new net::TransportSecurityState()); | 542 globals_->transport_security_state.reset(new net::TransportSecurityState()); |
530 globals_->ssl_config_service = GetSSLConfigService(); | 543 globals_->ssl_config_service = GetSSLConfigService(); |
531 #if defined(OS_ANDROID) || defined(OS_IOS) | 544 #if defined(OS_ANDROID) || defined(OS_IOS) |
532 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { | 545 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { |
533 spdyproxy_auth_origins_ = | 546 spdyproxy_auth_origins_ = |
534 DataReductionProxySettings::GetDataReductionProxies(); | 547 DataReductionProxySettings::GetDataReductionProxies(); |
535 } | 548 } |
536 #endif // defined(OS_ANDROID) || defined(OS_IOS) | 549 #endif // defined(OS_ANDROID) || defined(OS_IOS) |
| 550 #if !defined(USE_OPENSSL) |
| 551 if (command_line.HasSwitch(switches::kEnableCertificateTransparency)) { |
| 552 std::string switch_value = command_line.GetSwitchValueASCII( |
| 553 switches::kEnableCertificateTransparency); |
| 554 size_t delim_pos = switch_value.find(":"); |
| 555 if (delim_pos == std::string::npos) { |
| 556 LOG(DFATAL) << "CT log description not provided (switch format" << |
| 557 " is 'description:base64_key')"; |
| 558 } |
| 559 std::string log_description(switch_value.substr(0, delim_pos)); |
| 560 std::string ct_public_key_data; |
| 561 LOG(INFO) << "Log's public key supplied."; |
| 562 if (!base::Base64Decode(switch_value.substr(delim_pos + 1), |
| 563 &ct_public_key_data)) { |
| 564 LOG(DFATAL) << "Unable to decode CT public key."; |
| 565 } else { |
| 566 LOG(INFO) << "Log's public key decoded."; |
| 567 scoped_ptr<net::CTLogVerifier> google_log_verifier( |
| 568 net::CTLogVerifier::Create(ct_public_key_data, log_description)); |
| 569 if (!google_log_verifier) { |
| 570 LOG(DFATAL) << "Unable to parse CT public key."; |
| 571 } else { |
| 572 LOG(INFO) << "Log's public key parsed."; |
| 573 globals_->cert_transparency_verifier.reset( |
| 574 new net::SingleLogCTVerifier(google_log_verifier.Pass())); |
| 575 } |
| 576 } |
| 577 } |
| 578 #endif |
537 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( | 579 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( |
538 globals_->host_resolver.get())); | 580 globals_->host_resolver.get())); |
539 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 581 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
540 // For the ProxyScriptFetcher, we use a direct ProxyService. | 582 // For the ProxyScriptFetcher, we use a direct ProxyService. |
541 globals_->proxy_script_fetcher_proxy_service.reset( | 583 globals_->proxy_script_fetcher_proxy_service.reset( |
542 net::ProxyService::CreateDirectWithNetLog(net_log_)); | 584 net::ProxyService::CreateDirectWithNetLog(net_log_)); |
543 // In-memory cookie store. | 585 // In-memory cookie store. |
544 globals_->system_cookie_store = new net::CookieMonster(NULL, NULL); | 586 globals_->system_cookie_store = new net::CookieMonster(NULL, NULL); |
545 // In-memory server bound cert store. | 587 // In-memory server bound cert store. |
546 globals_->system_server_bound_cert_service.reset( | 588 globals_->system_server_bound_cert_service.reset( |
(...skipping 484 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1031 if (command_line.HasSwitch(switches::kDisableQuicHttps)) | 1073 if (command_line.HasSwitch(switches::kDisableQuicHttps)) |
1032 return false; | 1074 return false; |
1033 | 1075 |
1034 if (command_line.HasSwitch(switches::kEnableQuicHttps)) | 1076 if (command_line.HasSwitch(switches::kEnableQuicHttps)) |
1035 return true; | 1077 return true; |
1036 | 1078 |
1037 // HTTPS over QUIC should only be enabled if we are in the https | 1079 // HTTPS over QUIC should only be enabled if we are in the https |
1038 // field trial group. | 1080 // field trial group. |
1039 return quic_trial_group == kQuicFieldTrialHttpsEnabledGroupName; | 1081 return quic_trial_group == kQuicFieldTrialHttpsEnabledGroupName; |
1040 } | 1082 } |
OLD | NEW |