OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_session.h" | 5 #include "net/spdy/spdy_session.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <map> | 8 #include <map> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include "base/strings/stringprintf.h" | 22 #include "base/strings/stringprintf.h" |
23 #include "base/strings/utf_string_conversions.h" | 23 #include "base/strings/utf_string_conversions.h" |
24 #include "base/time/time.h" | 24 #include "base/time/time.h" |
25 #include "base/values.h" | 25 #include "base/values.h" |
26 #include "crypto/ec_private_key.h" | 26 #include "crypto/ec_private_key.h" |
27 #include "crypto/ec_signature_creator.h" | 27 #include "crypto/ec_signature_creator.h" |
28 #include "net/base/connection_type_histograms.h" | 28 #include "net/base/connection_type_histograms.h" |
29 #include "net/base/net_log.h" | 29 #include "net/base/net_log.h" |
30 #include "net/base/net_util.h" | 30 #include "net/base/net_util.h" |
31 #include "net/cert/asn1_util.h" | 31 #include "net/cert/asn1_util.h" |
32 #include "net/cert/cert_verify_result.h" | |
33 #include "net/http/http_log_util.h" | 32 #include "net/http/http_log_util.h" |
34 #include "net/http/http_network_session.h" | 33 #include "net/http/http_network_session.h" |
35 #include "net/http/http_server_properties.h" | 34 #include "net/http/http_server_properties.h" |
36 #include "net/http/http_util.h" | 35 #include "net/http/http_util.h" |
37 #include "net/http/transport_security_state.h" | |
38 #include "net/spdy/spdy_buffer_producer.h" | 36 #include "net/spdy/spdy_buffer_producer.h" |
39 #include "net/spdy/spdy_frame_builder.h" | 37 #include "net/spdy/spdy_frame_builder.h" |
40 #include "net/spdy/spdy_http_utils.h" | 38 #include "net/spdy/spdy_http_utils.h" |
41 #include "net/spdy/spdy_protocol.h" | 39 #include "net/spdy/spdy_protocol.h" |
42 #include "net/spdy/spdy_session_pool.h" | 40 #include "net/spdy/spdy_session_pool.h" |
43 #include "net/spdy/spdy_stream.h" | 41 #include "net/spdy/spdy_stream.h" |
44 #include "net/ssl/channel_id_service.h" | 42 #include "net/ssl/channel_id_service.h" |
45 #include "net/ssl/ssl_cipher_suite_names.h" | 43 #include "net/ssl/ssl_cipher_suite_names.h" |
46 #include "net/ssl/ssl_connection_status_flags.h" | 44 #include "net/ssl/ssl_connection_status_flags.h" |
47 | 45 |
(...skipping 476 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
524 SpdySession::PushedStreamInfo::PushedStreamInfo() : stream_id(0) {} | 522 SpdySession::PushedStreamInfo::PushedStreamInfo() : stream_id(0) {} |
525 | 523 |
526 SpdySession::PushedStreamInfo::PushedStreamInfo( | 524 SpdySession::PushedStreamInfo::PushedStreamInfo( |
527 SpdyStreamId stream_id, | 525 SpdyStreamId stream_id, |
528 base::TimeTicks creation_time) | 526 base::TimeTicks creation_time) |
529 : stream_id(stream_id), | 527 : stream_id(stream_id), |
530 creation_time(creation_time) {} | 528 creation_time(creation_time) {} |
531 | 529 |
532 SpdySession::PushedStreamInfo::~PushedStreamInfo() {} | 530 SpdySession::PushedStreamInfo::~PushedStreamInfo() {} |
533 | 531 |
534 // static | |
535 bool SpdySession::CanPool(TransportSecurityState* transport_security_state, | |
536 const SSLInfo& ssl_info, | |
537 const std::string& old_hostname, | |
538 const std::string& new_hostname) { | |
539 // Pooling is prohibited if the server cert is not valid for the new domain, | |
540 // and for connections on which client certs were sent. It is also prohibited | |
541 // when channel ID was sent if the hosts are from different eTLDs+1. | |
542 if (IsCertStatusError(ssl_info.cert_status)) | |
543 return false; | |
544 | |
545 if (ssl_info.client_cert_sent) | |
546 return false; | |
547 | |
548 if (ssl_info.channel_id_sent && | |
549 ChannelIDService::GetDomainForHost(new_hostname) != | |
550 ChannelIDService::GetDomainForHost(old_hostname)) { | |
551 return false; | |
552 } | |
553 | |
554 bool unused = false; | |
555 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) | |
556 return false; | |
557 | |
558 std::string pinning_failure_log; | |
559 if (!transport_security_state->CheckPublicKeyPins( | |
560 new_hostname, | |
561 true, /* sni_available */ | |
562 ssl_info.is_issued_by_known_root, | |
563 ssl_info.public_key_hashes, | |
564 &pinning_failure_log)) { | |
565 return false; | |
566 } | |
567 | |
568 return true; | |
569 } | |
570 | |
571 SpdySession::SpdySession( | 532 SpdySession::SpdySession( |
572 const SpdySessionKey& spdy_session_key, | 533 const SpdySessionKey& spdy_session_key, |
573 const base::WeakPtr<HttpServerProperties>& http_server_properties, | 534 const base::WeakPtr<HttpServerProperties>& http_server_properties, |
574 TransportSecurityState* transport_security_state, | |
575 bool verify_domain_authentication, | 535 bool verify_domain_authentication, |
576 bool enable_sending_initial_data, | 536 bool enable_sending_initial_data, |
577 bool enable_compression, | 537 bool enable_compression, |
578 bool enable_ping_based_connection_checking, | 538 bool enable_ping_based_connection_checking, |
579 NextProto default_protocol, | 539 NextProto default_protocol, |
580 size_t stream_initial_recv_window_size, | 540 size_t stream_initial_recv_window_size, |
581 size_t initial_max_concurrent_streams, | 541 size_t initial_max_concurrent_streams, |
582 size_t max_concurrent_streams_limit, | 542 size_t max_concurrent_streams_limit, |
583 TimeFunc time_func, | 543 TimeFunc time_func, |
584 const HostPortPair& trusted_spdy_proxy, | 544 const HostPortPair& trusted_spdy_proxy, |
585 NetLog* net_log) | 545 NetLog* net_log) |
586 : in_io_loop_(false), | 546 : in_io_loop_(false), |
587 spdy_session_key_(spdy_session_key), | 547 spdy_session_key_(spdy_session_key), |
588 pool_(NULL), | 548 pool_(NULL), |
589 http_server_properties_(http_server_properties), | 549 http_server_properties_(http_server_properties), |
590 transport_security_state_(transport_security_state), | |
591 read_buffer_(new IOBuffer(kReadBufferSize)), | 550 read_buffer_(new IOBuffer(kReadBufferSize)), |
592 stream_hi_water_mark_(kFirstStreamId), | 551 stream_hi_water_mark_(kFirstStreamId), |
593 num_pushed_streams_(0u), | 552 num_pushed_streams_(0u), |
594 num_active_pushed_streams_(0u), | 553 num_active_pushed_streams_(0u), |
595 in_flight_write_frame_type_(DATA), | 554 in_flight_write_frame_type_(DATA), |
596 in_flight_write_frame_size_(0), | 555 in_flight_write_frame_size_(0), |
597 is_secure_(false), | 556 is_secure_(false), |
598 certificate_error_code_(OK), | 557 certificate_error_code_(OK), |
599 availability_state_(STATE_AVAILABLE), | 558 availability_state_(STATE_AVAILABLE), |
600 read_state_(READ_STATE_DO_READ), | 559 read_state_(READ_STATE_DO_READ), |
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
748 | 707 |
749 if (availability_state_ == STATE_DRAINING) | 708 if (availability_state_ == STATE_DRAINING) |
750 return false; | 709 return false; |
751 | 710 |
752 SSLInfo ssl_info; | 711 SSLInfo ssl_info; |
753 bool was_npn_negotiated; | 712 bool was_npn_negotiated; |
754 NextProto protocol_negotiated = kProtoUnknown; | 713 NextProto protocol_negotiated = kProtoUnknown; |
755 if (!GetSSLInfo(&ssl_info, &was_npn_negotiated, &protocol_negotiated)) | 714 if (!GetSSLInfo(&ssl_info, &was_npn_negotiated, &protocol_negotiated)) |
756 return true; // This is not a secure session, so all domains are okay. | 715 return true; // This is not a secure session, so all domains are okay. |
757 | 716 |
758 return CanPool(transport_security_state_, ssl_info, | 717 // Disable pooling for secure sessions. |
759 host_port_pair().host(), domain); | 718 // TODO(rch): re-enable this. |
| 719 return false; |
| 720 #if 0 |
| 721 bool unused = false; |
| 722 return |
| 723 !ssl_info.client_cert_sent && |
| 724 (!ssl_info.channel_id_sent || |
| 725 (ChannelIDService::GetDomainForHost(domain) == |
| 726 ChannelIDService::GetDomainForHost(host_port_pair().host()))) && |
| 727 ssl_info.cert->VerifyNameMatch(domain, &unused); |
| 728 #endif |
760 } | 729 } |
761 | 730 |
762 int SpdySession::GetPushStream( | 731 int SpdySession::GetPushStream( |
763 const GURL& url, | 732 const GURL& url, |
764 base::WeakPtr<SpdyStream>* stream, | 733 base::WeakPtr<SpdyStream>* stream, |
765 const BoundNetLog& stream_net_log) { | 734 const BoundNetLog& stream_net_log) { |
766 CHECK(!in_io_loop_); | 735 CHECK(!in_io_loop_); |
767 | 736 |
768 stream->reset(); | 737 stream->reset(); |
769 | 738 |
(...skipping 2425 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3195 if (!queue->empty()) { | 3164 if (!queue->empty()) { |
3196 SpdyStreamId stream_id = queue->front(); | 3165 SpdyStreamId stream_id = queue->front(); |
3197 queue->pop_front(); | 3166 queue->pop_front(); |
3198 return stream_id; | 3167 return stream_id; |
3199 } | 3168 } |
3200 } | 3169 } |
3201 return 0; | 3170 return 0; |
3202 } | 3171 } |
3203 | 3172 |
3204 } // namespace net | 3173 } // namespace net |
OLD | NEW |