Chromium Code Reviews Chromium Code Reviews
Issue 403933002:
Set SSL info when an HTTP auth dialog is triggered by direct navigation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/loader/resource_loader.h" | 5 #include "content/browser/loader/resource_loader.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/message_loop/message_loop.h" | 8 #include "base/message_loop/message_loop.h" |
| 9 #include "base/metrics/histogram.h" | 9 #include "base/metrics/histogram.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 56 response->head.socket_address = request->GetSocketAddress(); | 56 response->head.socket_address = request->GetSocketAddress(); |
| 57 AppCacheInterceptor::GetExtraResponseInfo( | 57 AppCacheInterceptor::GetExtraResponseInfo( |
| 58 request, | 58 request, |
| 59 &response->head.appcache_id, | 59 &response->head.appcache_id, |
| 60 &response->head.appcache_manifest_url); | 60 &response->head.appcache_manifest_url); |
| 61 // TODO(mmenke): Figure out if LOAD_ENABLE_LOAD_TIMING is safe to remove. | 61 // TODO(mmenke): Figure out if LOAD_ENABLE_LOAD_TIMING is safe to remove. |
| 62 if (request->load_flags() & net::LOAD_ENABLE_LOAD_TIMING) | 62 if (request->load_flags() & net::LOAD_ENABLE_LOAD_TIMING) |
| 63 request->GetLoadTimingInfo(&response->head.load_timing); | 63 request->GetLoadTimingInfo(&response->head.load_timing); |
| 64 } | 64 } |
| 65 | 65 |
| 66 // Stores the SignedCertificateTimestamps held in |sct_list| in the | |
| 67 // SignedCertificateTimestampStore singleton, associated with |process_id|. | |
| 68 // On return, |sct_ids| contains the assigned ID and verification status of | |
| 69 // each SignedCertificateTimestamp. | |
| 70 void StoreSignedCertificateTimestamps( | |
| 71 const net::SignedCertificateTimestampAndStatusList& sct_list, | |
| 72 int process_id, | |
| 73 SignedCertificateTimestampIDStatusList* sct_ids) { | |
| 74 SignedCertificateTimestampStore* sct_store( | |
| 75 SignedCertificateTimestampStore::GetInstance()); | |
| 76 | |
| 77 for (net::SignedCertificateTimestampAndStatusList::const_iterator iter = | |
| 78 sct_list.begin(); iter != sct_list.end(); ++iter) { | |
| 79 const int sct_id(sct_store->Store(iter->sct, process_id)); | |
| 80 sct_ids->push_back( | |
| 81 SignedCertificateTimestampIDAndStatus(sct_id, iter->status)); | |
| 82 } | |
| 83 } | |
| 84 | |
| 85 std::string StoreAndSerializeSecurityInfo( | |
| 86 const net::SSLInfo& ssl_info, | |
| 87 int process_id) { | |
| 88 DCHECK(ssl_info.cert.get()); | |
| 89 int cert_id = CertStore::GetInstance()->StoreCert( | |
| 90 ssl_info.cert.get(), process_id); | |
| 91 | |
| 92 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | |
| 93 StoreSignedCertificateTimestamps( | |
| 94 ssl_info.signed_certificate_timestamps, | |
| 95 process_id, | |
| 96 &signed_certificate_timestamp_ids); | |
| 97 | |
| 98 return SerializeSecurityInfo( | |
| 99 cert_id, | |
| 100 ssl_info.cert_status, | |
| 101 ssl_info.security_bits, | |
| 102 ssl_info.connection_status, | |
| 103 signed_certificate_timestamp_ids); | |
| 104 } | |
| 105 | |
| 66 } // namespace | 106 } // namespace |
| 67 | 107 |
| 68 ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request, | 108 ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request, |
| 69 scoped_ptr<ResourceHandler> handler, | 109 scoped_ptr<ResourceHandler> handler, |
| 70 ResourceLoaderDelegate* delegate) | 110 ResourceLoaderDelegate* delegate) |
| 71 : deferred_stage_(DEFERRED_NONE), | 111 : deferred_stage_(DEFERRED_NONE), |
| 72 request_(request.Pass()), | 112 request_(request.Pass()), |
| 73 handler_(handler.Pass()), | 113 handler_(handler.Pass()), |
| 74 delegate_(delegate), | 114 delegate_(delegate), |
| 75 last_upload_position_(0), | 115 last_upload_position_(0), |
| (...skipping 156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 232 | 272 |
| 233 void ResourceLoader::OnAuthRequired(net::URLRequest* unused, | 273 void ResourceLoader::OnAuthRequired(net::URLRequest* unused, |
| 234 net::AuthChallengeInfo* auth_info) { | 274 net::AuthChallengeInfo* auth_info) { |
| 235 DCHECK_EQ(request_.get(), unused); | 275 DCHECK_EQ(request_.get(), unused); |
| 236 | 276 |
| 237 if (request_->load_flags() & net::LOAD_DO_NOT_PROMPT_FOR_LOGIN) { | 277 if (request_->load_flags() & net::LOAD_DO_NOT_PROMPT_FOR_LOGIN) { |
| 238 request_->CancelAuth(); | 278 request_->CancelAuth(); |
| 239 return; | 279 return; |
| 240 } | 280 } |
| 241 | 281 |
| 282 // Update the SSL state before showing the auth prompt. | |
| 283 const net::SSLInfo& ssl_info = request_->response_info().ssl_info; | |
| 284 if (ssl_info.cert.get()) { | |
| 285 bool is_main_frame = (request_->load_flags() & net::LOAD_MAIN_FRAME) != 0; | |
| 286 ResourceRequestInfoImpl* info = GetRequestInfo(); | |
| 287 int render_process_id; | |
| 288 int render_frame_id; | |
| 289 if (!info->GetAssociatedRenderFrame(&render_process_id, &render_frame_id)) | |
| 290 NOTREACHED(); | |
|
Charlie Reis
2014/07/24 18:39:32
NOTREACHED is debug only. We'll need either a ret
meacer
2014/07/24 18:48:32
Done.
| |
| 291 std::string security_info = | |
| 292 StoreAndSerializeSecurityInfo(ssl_info, info->GetChildID()); | |
| 293 SSLManager::OnAuthDialog( | |
| 294 render_process_id, render_frame_id, security_info, is_main_frame); | |
| 295 } else { | |
| 296 // We should not have any SSL state. | |
| 297 DCHECK(!ssl_info.cert_status && | |
| 298 ssl_info.security_bits == -1 && | |
| 299 !ssl_info.connection_status); | |
| 300 } | |
| 301 | |
| 242 // Create a login dialog on the UI thread to get authentication data, or pull | 302 // Create a login dialog on the UI thread to get authentication data, or pull |
| 243 // from cache and continue on the IO thread. | 303 // from cache and continue on the IO thread. |
| 244 | |
| 245 DCHECK(!login_delegate_.get()) | 304 DCHECK(!login_delegate_.get()) |
| 246 << "OnAuthRequired called with login_delegate pending"; | 305 << "OnAuthRequired called with login_delegate pending"; |
| 247 login_delegate_ = delegate_->CreateLoginDelegate(this, auth_info); | 306 login_delegate_ = delegate_->CreateLoginDelegate(this, auth_info); |
| 248 if (!login_delegate_.get()) | 307 if (!login_delegate_.get()) |
| 249 request_->CancelAuth(); | 308 request_->CancelAuth(); |
| 250 } | 309 } |
| 251 | 310 |
| 252 void ResourceLoader::OnCertificateRequested( | 311 void ResourceLoader::OnCertificateRequested( |
| 253 net::URLRequest* unused, | 312 net::URLRequest* unused, |
| 254 net::SSLCertRequestInfo* cert_info) { | 313 net::SSLCertRequestInfo* cert_info) { |
| (...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 494 // If the request isn't in flight, then we won't get an asynchronous | 553 // If the request isn't in flight, then we won't get an asynchronous |
| 495 // notification from the request, so we have to signal ourselves to finish | 554 // notification from the request, so we have to signal ourselves to finish |
| 496 // this request. | 555 // this request. |
| 497 base::MessageLoop::current()->PostTask( | 556 base::MessageLoop::current()->PostTask( |
| 498 FROM_HERE, | 557 FROM_HERE, |
| 499 base::Bind(&ResourceLoader::ResponseCompleted, | 558 base::Bind(&ResourceLoader::ResponseCompleted, |
| 500 weak_ptr_factory_.GetWeakPtr())); | 559 weak_ptr_factory_.GetWeakPtr())); |
| 501 } | 560 } |
| 502 } | 561 } |
| 503 | 562 |
| 504 void ResourceLoader::StoreSignedCertificateTimestamps( | |
| 505 const net::SignedCertificateTimestampAndStatusList& sct_list, | |
| 506 int process_id, | |
| 507 SignedCertificateTimestampIDStatusList* sct_ids) { | |
| 508 SignedCertificateTimestampStore* sct_store( | |
| 509 SignedCertificateTimestampStore::GetInstance()); | |
| 510 | |
| 511 for (net::SignedCertificateTimestampAndStatusList::const_iterator iter = | |
| 512 sct_list.begin(); iter != sct_list.end(); ++iter) { | |
| 513 const int sct_id(sct_store->Store(iter->sct, process_id)); | |
| 514 sct_ids->push_back( | |
| 515 SignedCertificateTimestampIDAndStatus(sct_id, iter->status)); | |
| 516 } | |
| 517 } | |
| 518 | |
| 519 void ResourceLoader::CompleteResponseStarted() { | 563 void ResourceLoader::CompleteResponseStarted() { |
| 520 ResourceRequestInfoImpl* info = GetRequestInfo(); | 564 ResourceRequestInfoImpl* info = GetRequestInfo(); |
| 521 | 565 |
| 522 scoped_refptr<ResourceResponse> response(new ResourceResponse()); | 566 scoped_refptr<ResourceResponse> response(new ResourceResponse()); |
| 523 PopulateResourceResponse(request_.get(), response.get()); | 567 PopulateResourceResponse(request_.get(), response.get()); |
| 524 | 568 |
| 525 if (request_->ssl_info().cert.get()) { | 569 if (request_->ssl_info().cert.get()) { |
| 526 int cert_id = CertStore::GetInstance()->StoreCert( | 570 response->head.security_info = |
| 527 request_->ssl_info().cert.get(), info->GetChildID()); | 571 StoreAndSerializeSecurityInfo(request_->ssl_info(), info->GetChildID()); |
| 528 | |
| 529 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | |
| 530 StoreSignedCertificateTimestamps( | |
| 531 request_->ssl_info().signed_certificate_timestamps, | |
| 532 info->GetChildID(), | |
| 533 &signed_certificate_timestamp_ids); | |
| 534 | |
| 535 response->head.security_info = SerializeSecurityInfo( | |
| 536 cert_id, | |
| 537 request_->ssl_info().cert_status, | |
| 538 request_->ssl_info().security_bits, | |
| 539 request_->ssl_info().connection_status, | |
| 540 signed_certificate_timestamp_ids); | |
| 541 } else { | 572 } else { |
| 542 // We should not have any SSL state. | 573 // We should not have any SSL state. |
| 543 DCHECK(!request_->ssl_info().cert_status && | 574 DCHECK(!request_->ssl_info().cert_status && |
| 544 request_->ssl_info().security_bits == -1 && | 575 request_->ssl_info().security_bits == -1 && |
| 545 !request_->ssl_info().connection_status); | 576 !request_->ssl_info().connection_status); |
| 546 } | 577 } |
| 547 | 578 |
| 548 delegate_->DidReceiveResponse(this); | 579 delegate_->DidReceiveResponse(this); |
| 549 | 580 |
| 550 bool defer = false; | 581 bool defer = false; |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 633 // instance.) | 664 // instance.) |
| 634 } | 665 } |
| 635 | 666 |
| 636 void ResourceLoader::ResponseCompleted() { | 667 void ResourceLoader::ResponseCompleted() { |
| 637 VLOG(1) << "ResponseCompleted: " << request_->url().spec(); | 668 VLOG(1) << "ResponseCompleted: " << request_->url().spec(); |
| 638 RecordHistograms(); | 669 RecordHistograms(); |
| 639 ResourceRequestInfoImpl* info = GetRequestInfo(); | 670 ResourceRequestInfoImpl* info = GetRequestInfo(); |
| 640 | 671 |
| 641 std::string security_info; | 672 std::string security_info; |
| 642 const net::SSLInfo& ssl_info = request_->ssl_info(); | 673 const net::SSLInfo& ssl_info = request_->ssl_info(); |
| 643 if (ssl_info.cert.get() != NULL) { | 674 if (ssl_info.cert.get() != NULL) |
| 644 int cert_id = CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), | 675 security_info = StoreAndSerializeSecurityInfo(ssl_info, info->GetChildID()); |
| 645 info->GetChildID()); | |
| 646 SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids; | |
| 647 StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps, | |
| 648 info->GetChildID(), | |
| 649 &signed_certificate_timestamp_ids); | |
| 650 | |
| 651 security_info = SerializeSecurityInfo( | |
| 652 cert_id, ssl_info.cert_status, ssl_info.security_bits, | |
| 653 ssl_info.connection_status, signed_certificate_timestamp_ids); | |
| 654 } | |
| 655 | 676 |
| 656 bool defer = false; | 677 bool defer = false; |
| 657 handler_->OnResponseCompleted(request_->status(), security_info, &defer); | 678 handler_->OnResponseCompleted(request_->status(), security_info, &defer); |
| 658 if (defer) { | 679 if (defer) { |
| 659 // The handler is not ready to die yet. We will call DidFinishLoading when | 680 // The handler is not ready to die yet. We will call DidFinishLoading when |
| 660 // we resume. | 681 // we resume. |
| 661 deferred_stage_ = DEFERRED_FINISH; | 682 deferred_stage_ = DEFERRED_FINISH; |
| 662 } else { | 683 } else { |
| 663 // This will result in our destruction. | 684 // This will result in our destruction. |
| 664 CallDidFinishLoading(); | 685 CallDidFinishLoading(); |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 696 case net::URLRequestStatus::FAILED: | 717 case net::URLRequestStatus::FAILED: |
| 697 status = STATUS_UNDEFINED; | 718 status = STATUS_UNDEFINED; |
| 698 break; | 719 break; |
| 699 } | 720 } |
| 700 | 721 |
| 701 UMA_HISTOGRAM_ENUMERATION("Net.Prefetch.Pattern", status, STATUS_MAX); | 722 UMA_HISTOGRAM_ENUMERATION("Net.Prefetch.Pattern", status, STATUS_MAX); |
| 702 } | 723 } |
| 703 } | 724 } |
| 704 | 725 |
| 705 } // namespace content | 726 } // namespace content |
| OLD | NEW |
