OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/base64.h" | |
9 #include "base/bind.h" | 10 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
11 #include "base/command_line.h" | 12 #include "base/command_line.h" |
12 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
13 #include "base/debug/leak_tracker.h" | 14 #include "base/debug/leak_tracker.h" |
14 #include "base/debug/trace_event.h" | 15 #include "base/debug/trace_event.h" |
15 #include "base/logging.h" | 16 #include "base/logging.h" |
16 #include "base/metrics/field_trial.h" | 17 #include "base/metrics/field_trial.h" |
17 #include "base/prefs/pref_registry_simple.h" | 18 #include "base/prefs/pref_registry_simple.h" |
18 #include "base/prefs/pref_service.h" | 19 #include "base/prefs/pref_service.h" |
(...skipping 24 matching lines...) Expand all Loading... | |
43 #include "chrome/browser/policy/policy_service.h" | 44 #include "chrome/browser/policy/policy_service.h" |
44 #include "chrome/common/chrome_switches.h" | 45 #include "chrome/common/chrome_switches.h" |
45 #include "chrome/common/pref_names.h" | 46 #include "chrome/common/pref_names.h" |
46 #include "chrome/common/url_constants.h" | 47 #include "chrome/common/url_constants.h" |
47 #include "content/public/browser/browser_thread.h" | 48 #include "content/public/browser/browser_thread.h" |
48 #include "net/base/host_mapping_rules.h" | 49 #include "net/base/host_mapping_rules.h" |
49 #include "net/base/net_util.h" | 50 #include "net/base/net_util.h" |
50 #include "net/base/network_time_notifier.h" | 51 #include "net/base/network_time_notifier.h" |
51 #include "net/base/sdch_manager.h" | 52 #include "net/base/sdch_manager.h" |
52 #include "net/cert/cert_verifier.h" | 53 #include "net/cert/cert_verifier.h" |
54 #include "net/cert/ct_known_logs_keys.h" | |
55 #include "net/cert/ct_verifier.h" | |
53 #include "net/cookies/cookie_monster.h" | 56 #include "net/cookies/cookie_monster.h" |
54 #include "net/dns/host_cache.h" | 57 #include "net/dns/host_cache.h" |
55 #include "net/dns/host_resolver.h" | 58 #include "net/dns/host_resolver.h" |
56 #include "net/dns/mapped_host_resolver.h" | 59 #include "net/dns/mapped_host_resolver.h" |
57 #include "net/ftp/ftp_network_layer.h" | 60 #include "net/ftp/ftp_network_layer.h" |
58 #include "net/http/http_auth_filter.h" | 61 #include "net/http/http_auth_filter.h" |
59 #include "net/http/http_auth_handler_factory.h" | 62 #include "net/http/http_auth_handler_factory.h" |
60 #include "net/http/http_network_layer.h" | 63 #include "net/http/http_network_layer.h" |
61 #include "net/http/http_server_properties_impl.h" | 64 #include "net/http/http_server_properties_impl.h" |
62 #include "net/proxy/proxy_config_service.h" | 65 #include "net/proxy/proxy_config_service.h" |
(...skipping 12 matching lines...) Expand all Loading... | |
75 #include "net/websockets/websocket_job.h" | 78 #include "net/websockets/websocket_job.h" |
76 | 79 |
77 #if defined(OS_WIN) | 80 #if defined(OS_WIN) |
78 #include "win8/util/win8_util.h" | 81 #include "win8/util/win8_util.h" |
79 #endif | 82 #endif |
80 | 83 |
81 #if defined(ENABLE_CONFIGURATION_POLICY) | 84 #if defined(ENABLE_CONFIGURATION_POLICY) |
82 #include "policy/policy_constants.h" | 85 #include "policy/policy_constants.h" |
83 #endif | 86 #endif |
84 | 87 |
88 #if !defined(USE_OPENSSL) | |
89 #include "net/cert/ct_log_verifier.h" | |
90 #include "net/cert/multi_log_ct_verifier.h" | |
91 #endif | |
92 | |
85 #if defined(USE_NSS) || defined(OS_IOS) | 93 #if defined(USE_NSS) || defined(OS_IOS) |
86 #include "net/ocsp/nss_ocsp.h" | 94 #include "net/ocsp/nss_ocsp.h" |
87 #endif | 95 #endif |
88 | 96 |
89 #if !defined(OS_IOS) && !defined(OS_ANDROID) | 97 #if !defined(OS_IOS) && !defined(OS_ANDROID) |
90 #include "net/proxy/proxy_resolver_v8.h" | 98 #include "net/proxy/proxy_resolver_v8.h" |
91 #endif | 99 #endif |
92 | 100 |
93 #if defined(OS_ANDROID) || defined(OS_IOS) | 101 #if defined(OS_ANDROID) || defined(OS_IOS) |
94 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" | 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
197 // See IOThread::Globals for details. | 205 // See IOThread::Globals for details. |
198 net::URLRequestContext* | 206 net::URLRequestContext* |
199 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, | 207 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, |
200 net::NetLog* net_log) { | 208 net::NetLog* net_log) { |
201 net::URLRequestContext* context = new net::URLRequestContext; | 209 net::URLRequestContext* context = new net::URLRequestContext; |
202 context->set_net_log(net_log); | 210 context->set_net_log(net_log); |
203 context->set_host_resolver(globals->host_resolver.get()); | 211 context->set_host_resolver(globals->host_resolver.get()); |
204 context->set_cert_verifier(globals->cert_verifier.get()); | 212 context->set_cert_verifier(globals->cert_verifier.get()); |
205 context->set_transport_security_state( | 213 context->set_transport_security_state( |
206 globals->transport_security_state.get()); | 214 globals->transport_security_state.get()); |
215 context->set_cert_transparency_verifier( | |
216 globals->cert_transparency_verifier.get()); | |
207 context->set_http_auth_handler_factory( | 217 context->set_http_auth_handler_factory( |
208 globals->http_auth_handler_factory.get()); | 218 globals->http_auth_handler_factory.get()); |
209 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); | 219 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); |
210 context->set_http_transaction_factory( | 220 context->set_http_transaction_factory( |
211 globals->proxy_script_fetcher_http_transaction_factory.get()); | 221 globals->proxy_script_fetcher_http_transaction_factory.get()); |
212 context->set_job_factory( | 222 context->set_job_factory( |
213 globals->proxy_script_fetcher_url_request_job_factory.get()); | 223 globals->proxy_script_fetcher_url_request_job_factory.get()); |
214 context->set_cookie_store(globals->system_cookie_store.get()); | 224 context->set_cookie_store(globals->system_cookie_store.get()); |
215 context->set_server_bound_cert_service( | 225 context->set_server_bound_cert_service( |
216 globals->system_server_bound_cert_service.get()); | 226 globals->system_server_bound_cert_service.get()); |
217 context->set_network_delegate(globals->system_network_delegate.get()); | 227 context->set_network_delegate(globals->system_network_delegate.get()); |
218 context->set_http_user_agent_settings( | 228 context->set_http_user_agent_settings( |
219 globals->http_user_agent_settings.get()); | 229 globals->http_user_agent_settings.get()); |
220 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 230 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
221 // system URLRequestContext too. There's no reason this should be tied to a | 231 // system URLRequestContext too. There's no reason this should be tied to a |
222 // profile. | 232 // profile. |
223 return context; | 233 return context; |
224 } | 234 } |
225 | 235 |
226 net::URLRequestContext* | 236 net::URLRequestContext* |
227 ConstructSystemRequestContext(IOThread::Globals* globals, | 237 ConstructSystemRequestContext(IOThread::Globals* globals, |
228 net::NetLog* net_log) { | 238 net::NetLog* net_log) { |
229 net::URLRequestContext* context = new SystemURLRequestContext; | 239 net::URLRequestContext* context = new SystemURLRequestContext; |
230 context->set_net_log(net_log); | 240 context->set_net_log(net_log); |
231 context->set_host_resolver(globals->host_resolver.get()); | 241 context->set_host_resolver(globals->host_resolver.get()); |
232 context->set_cert_verifier(globals->cert_verifier.get()); | 242 context->set_cert_verifier(globals->cert_verifier.get()); |
233 context->set_transport_security_state( | 243 context->set_transport_security_state( |
234 globals->transport_security_state.get()); | 244 globals->transport_security_state.get()); |
245 context->set_cert_transparency_verifier( | |
246 globals->cert_transparency_verifier.get()); | |
235 context->set_http_auth_handler_factory( | 247 context->set_http_auth_handler_factory( |
236 globals->http_auth_handler_factory.get()); | 248 globals->http_auth_handler_factory.get()); |
237 context->set_proxy_service(globals->system_proxy_service.get()); | 249 context->set_proxy_service(globals->system_proxy_service.get()); |
238 context->set_http_transaction_factory( | 250 context->set_http_transaction_factory( |
239 globals->system_http_transaction_factory.get()); | 251 globals->system_http_transaction_factory.get()); |
240 context->set_cookie_store(globals->system_cookie_store.get()); | 252 context->set_cookie_store(globals->system_cookie_store.get()); |
241 context->set_server_bound_cert_service( | 253 context->set_server_bound_cert_service( |
242 globals->system_server_bound_cert_service.get()); | 254 globals->system_server_bound_cert_service.get()); |
243 context->set_throttler_manager(globals->throttler_manager.get()); | 255 context->set_throttler_manager(globals->throttler_manager.get()); |
244 context->set_network_delegate(globals->system_network_delegate.get()); | 256 context->set_network_delegate(globals->system_network_delegate.get()); |
(...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
520 &system_enable_referrers_); | 532 &system_enable_referrers_); |
521 if (command_line.HasSwitch(switches::kEnableClientHints)) | 533 if (command_line.HasSwitch(switches::kEnableClientHints)) |
522 network_delegate->SetEnableClientHints(); | 534 network_delegate->SetEnableClientHints(); |
523 if (command_line.HasSwitch(switches::kDisableExtensionsHttpThrottling)) | 535 if (command_line.HasSwitch(switches::kDisableExtensionsHttpThrottling)) |
524 network_delegate->NeverThrottleRequests(); | 536 network_delegate->NeverThrottleRequests(); |
525 globals_->system_network_delegate.reset(network_delegate); | 537 globals_->system_network_delegate.reset(network_delegate); |
526 globals_->host_resolver = CreateGlobalHostResolver(net_log_); | 538 globals_->host_resolver = CreateGlobalHostResolver(net_log_); |
527 UpdateDnsClientEnabled(); | 539 UpdateDnsClientEnabled(); |
528 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); | 540 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); |
529 globals_->transport_security_state.reset(new net::TransportSecurityState()); | 541 globals_->transport_security_state.reset(new net::TransportSecurityState()); |
542 #if !defined(USE_OPENSSL) | |
543 // For now, Certificate Transparency is only implemented for platforms | |
544 // that use NSS. | |
545 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); | |
546 globals_->cert_transparency_verifier.reset(ct_verifier); | |
547 // Add built-in logs | |
548 base::StringPiece google_pilot_log_key( | |
549 net::kGooglePilotLogKey, net::kGooglePilotLogKeyLength); | |
550 scoped_ptr<net::CTLogVerifier> google_pilot_log( | |
551 net::CTLogVerifier::Create( | |
552 google_pilot_log_key, net::kGooglePilotLogName)); | |
553 ct_verifier->AddLog(google_pilot_log.Pass()); | |
554 | |
555 base::StringPiece google_test_log_key( | |
556 net::kGoogleTestLogKey, net::kGoogleTestLogKeyLength); | |
557 scoped_ptr<net::CTLogVerifier> google_test_log( | |
558 net::CTLogVerifier::Create( | |
559 google_test_log_key, net::kGoogleTestLogName)); | |
560 ct_verifier->AddLog(google_test_log.Pass()); | |
561 #endif | |
530 globals_->ssl_config_service = GetSSLConfigService(); | 562 globals_->ssl_config_service = GetSSLConfigService(); |
531 #if defined(OS_ANDROID) || defined(OS_IOS) | 563 #if defined(OS_ANDROID) || defined(OS_IOS) |
532 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { | 564 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { |
533 spdyproxy_auth_origins_ = | 565 spdyproxy_auth_origins_ = |
534 DataReductionProxySettings::GetDataReductionProxies(); | 566 DataReductionProxySettings::GetDataReductionProxies(); |
535 } | 567 } |
536 #endif // defined(OS_ANDROID) || defined(OS_IOS) | 568 #endif // defined(OS_ANDROID) || defined(OS_IOS) |
569 #if !defined(USE_OPENSSL) | |
570 if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) { | |
571 std::string switch_value = command_line.GetSwitchValueASCII( | |
572 switches::kCertificateTransparencyLog); | |
573 size_t delim_pos = switch_value.find(":"); | |
574 if (delim_pos == std::string::npos) { | |
575 LOG(DFATAL) << "CT log description not provided (switch format" << | |
576 " is 'description:base64_key')"; | |
Ryan Sleevi
2013/11/25 06:49:31
The DFATAL seems inappropriate here. The people mo
Eran M. (Google)
2013/11/25 17:18:33
I thought DFATAL crashes?
| |
577 } | |
578 std::string log_description(switch_value.substr(0, delim_pos)); | |
579 std::string ct_public_key_data; | |
580 if (!base::Base64Decode(switch_value.substr(delim_pos + 1), | |
581 &ct_public_key_data)) { | |
582 LOG(DFATAL) << "Unable to decode CT public key."; | |
583 } else { | |
584 scoped_ptr<net::CTLogVerifier> external_log_verifier( | |
585 net::CTLogVerifier::Create(ct_public_key_data, log_description)); | |
586 if (!external_log_verifier) { | |
587 LOG(DFATAL) << "Unable to parse CT public key."; | |
588 } else { | |
589 LOG(INFO) << "Using Certificate Transparency log: " << log_description; | |
Ryan Sleevi
2013/11/25 06:49:31
There's a push against LOG(INFO) in Chrome code, a
Eran M. (Google)
2013/11/25 17:18:33
Done.
| |
590 ct_verifier->AddLog(external_log_verifier.Pass()); | |
591 } | |
592 } | |
593 } | |
594 #else | |
595 if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) { | |
596 LOG(DFATAL) << "Certificate Transparency is not yet supported in Chrome " | |
597 << "builds using OpenSSL". | |
598 } | |
599 #endif | |
537 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( | 600 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( |
538 globals_->host_resolver.get())); | 601 globals_->host_resolver.get())); |
539 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 602 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
540 // For the ProxyScriptFetcher, we use a direct ProxyService. | 603 // For the ProxyScriptFetcher, we use a direct ProxyService. |
541 globals_->proxy_script_fetcher_proxy_service.reset( | 604 globals_->proxy_script_fetcher_proxy_service.reset( |
542 net::ProxyService::CreateDirectWithNetLog(net_log_)); | 605 net::ProxyService::CreateDirectWithNetLog(net_log_)); |
543 // In-memory cookie store. | 606 // In-memory cookie store. |
544 globals_->system_cookie_store = new net::CookieMonster(NULL, NULL); | 607 globals_->system_cookie_store = new net::CookieMonster(NULL, NULL); |
545 // In-memory server bound cert store. | 608 // In-memory server bound cert store. |
546 globals_->system_server_bound_cert_service.reset( | 609 globals_->system_server_bound_cert_service.reset( |
(...skipping 481 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1028 if (command_line.HasSwitch(switches::kDisableQuicHttps)) | 1091 if (command_line.HasSwitch(switches::kDisableQuicHttps)) |
1029 return false; | 1092 return false; |
1030 | 1093 |
1031 if (command_line.HasSwitch(switches::kEnableQuicHttps)) | 1094 if (command_line.HasSwitch(switches::kEnableQuicHttps)) |
1032 return true; | 1095 return true; |
1033 | 1096 |
1034 // HTTPS over QUIC should only be enabled if we are in the https | 1097 // HTTPS over QUIC should only be enabled if we are in the https |
1035 // field trial group. | 1098 // field trial group. |
1036 return quic_trial_group == kQuicFieldTrialHttpsEnabledGroupName; | 1099 return quic_trial_group == kQuicFieldTrialHttpsEnabledGroupName; |
1037 } | 1100 } |
OLD | NEW |