OLD | NEW |
---|---|
1 | |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 2 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 3 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 4 // found in the LICENSE file. |
4 | 5 |
5 // The rules for parsing content-types were borrowed from Firefox: | 6 // The rules for parsing content-types were borrowed from Firefox: |
6 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834 | 7 // http://lxr.mozilla.org/mozilla/source/netwerk/base/src/nsURLHelper.cpp#834 |
7 | 8 |
8 #include "net/http/http_util.h" | 9 #include "net/http/http_util.h" |
9 | 10 |
10 #include <algorithm> | 11 #include <algorithm> |
11 | 12 |
12 #include "base/basictypes.h" | 13 #include "base/basictypes.h" |
13 #include "base/logging.h" | 14 #include "base/logging.h" |
14 #include "base/strings/string_number_conversions.h" | 15 #include "base/strings/string_number_conversions.h" |
15 #include "base/strings/string_piece.h" | 16 #include "base/strings/string_piece.h" |
16 #include "base/strings/string_tokenizer.h" | 17 #include "base/strings/string_tokenizer.h" |
17 #include "base/strings/string_util.h" | 18 #include "base/strings/string_util.h" |
18 #include "base/strings/stringprintf.h" | 19 #include "base/strings/stringprintf.h" |
19 #include "base/time/time.h" | 20 #include "base/time/time.h" |
20 | 21 #include "net/cert/cert_verify_result.h" |
22 #include "net/cert/x509_certificate.h" | |
23 #include "net/http/transport_security_state.h" | |
24 #include "net/ssl/channel_id_service.h" | |
25 #include "net/ssl/ssl_info.h" | |
21 | 26 |
22 namespace net { | 27 namespace net { |
23 | 28 |
24 // Helpers -------------------------------------------------------------------- | 29 // Helpers -------------------------------------------------------------------- |
25 | 30 |
26 // Returns the index of the closing quote of the string, if any. |start| points | 31 // Returns the index of the closing quote of the string, if any. |start| points |
27 // at the opening quote. | 32 // at the opening quote. |
28 static size_t FindStringEnd(const std::string& line, size_t start, char delim) { | 33 static size_t FindStringEnd(const std::string& line, size_t start, char delim) { |
29 DCHECK_LT(start, line.length()); | 34 DCHECK_LT(start, line.length()); |
30 DCHECK_EQ(line[start], delim); | 35 DCHECK_EQ(line[start], delim); |
(...skipping 702 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
733 } | 738 } |
734 | 739 |
735 // static | 740 // static |
736 int HttpUtil::MapStatusCodeForHistogram(int code) { | 741 int HttpUtil::MapStatusCodeForHistogram(int code) { |
737 if (HISTOGRAM_MIN_HTTP_STATUS_CODE <= code && | 742 if (HISTOGRAM_MIN_HTTP_STATUS_CODE <= code && |
738 code <= HISTOGRAM_MAX_HTTP_STATUS_CODE) | 743 code <= HISTOGRAM_MAX_HTTP_STATUS_CODE) |
739 return code; | 744 return code; |
740 return 0; | 745 return 0; |
741 } | 746 } |
742 | 747 |
748 // static | |
749 bool HttpUtil::CanPool(TransportSecurityState* transport_security_state, | |
750 const SSLInfo& ssl_info, | |
751 const std::string& old_hostname, | |
752 const std::string& new_hostname) { | |
753 // Pooling is prohibited if the server cert is not valid for the new domain, | |
754 // and for connections on which client certs were sent. It is also prohibited | |
755 // when channel ID was sent if the hosts are from different eTLDs+1. | |
756 bool unused = false; | |
757 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) | |
758 return false; | |
Ryan Sleevi
2014/08/07 18:49:29
You should check this on 771
Ryan Hamilton
2014/08/08 19:27:43
Done. (But how come?)
Ryan Sleevi
2014/08/11 19:03:43
Forgot to answer this - verify the cert is trusted
Ryan Hamilton
2014/08/12 14:39:06
Oh! Good point.
| |
759 | |
760 if (IsCertStatusError(ssl_info.cert_status)) | |
761 return false; | |
762 | |
763 if (ssl_info.client_cert_sent) | |
764 return false; | |
765 | |
766 if (ssl_info.channel_id_sent && | |
767 ChannelIDService::GetDomainForHost(new_hostname) != | |
768 ChannelIDService::GetDomainForHost(old_hostname)) { | |
769 return false; | |
770 } | |
771 | |
772 if (!transport_security_state->VerifyPinning( | |
773 ssl_info.public_key_hashes, | |
774 ssl_info.is_issued_by_known_root, | |
775 /* sni_available= */ true, | |
776 new_hostname, | |
777 /* pinning_failure_log= */ NULL)) { | |
Ryan Sleevi
2014/08/07 18:49:29
1) git-cl-format this (you should be four *additio
Ryan Hamilton
2014/08/08 19:27:43
Done.
| |
778 return false; | |
779 } | |
780 | |
781 return true; | |
782 } | |
783 | |
743 // BNF from section 4.2 of RFC 2616: | 784 // BNF from section 4.2 of RFC 2616: |
744 // | 785 // |
745 // message-header = field-name ":" [ field-value ] | 786 // message-header = field-name ":" [ field-value ] |
746 // field-name = token | 787 // field-name = token |
747 // field-value = *( field-content | LWS ) | 788 // field-value = *( field-content | LWS ) |
748 // field-content = <the OCTETs making up the field-value | 789 // field-content = <the OCTETs making up the field-value |
749 // and consisting of either *TEXT or combinations | 790 // and consisting of either *TEXT or combinations |
750 // of token, separators, and quoted-string> | 791 // of token, separators, and quoted-string> |
751 // | 792 // |
752 | 793 |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
898 value_is_quoted_ = true; | 939 value_is_quoted_ = true; |
899 // Do not store iterators into this. See declaration of unquoted_value_. | 940 // Do not store iterators into this. See declaration of unquoted_value_. |
900 unquoted_value_ = HttpUtil::Unquote(value_begin_, value_end_); | 941 unquoted_value_ = HttpUtil::Unquote(value_begin_, value_end_); |
901 } | 942 } |
902 } | 943 } |
903 | 944 |
904 return true; | 945 return true; |
905 } | 946 } |
906 | 947 |
907 } // namespace net | 948 } // namespace net |
OLD | NEW |