| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/base64.h" |
| 9 #include "base/bind.h" | 10 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 11 #include "base/bind_helpers.h" |
| 11 #include "base/command_line.h" | 12 #include "base/command_line.h" |
| 12 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
| 13 #include "base/debug/leak_tracker.h" | 14 #include "base/debug/leak_tracker.h" |
| 14 #include "base/debug/trace_event.h" | 15 #include "base/debug/trace_event.h" |
| 15 #include "base/logging.h" | 16 #include "base/logging.h" |
| 16 #include "base/metrics/field_trial.h" | 17 #include "base/metrics/field_trial.h" |
| 17 #include "base/prefs/pref_registry_simple.h" | 18 #include "base/prefs/pref_registry_simple.h" |
| 18 #include "base/prefs/pref_service.h" | 19 #include "base/prefs/pref_service.h" |
| (...skipping 24 matching lines...) Expand all Loading... |
| 43 #include "chrome/browser/policy/policy_service.h" | 44 #include "chrome/browser/policy/policy_service.h" |
| 44 #include "chrome/common/chrome_switches.h" | 45 #include "chrome/common/chrome_switches.h" |
| 45 #include "chrome/common/pref_names.h" | 46 #include "chrome/common/pref_names.h" |
| 46 #include "chrome/common/url_constants.h" | 47 #include "chrome/common/url_constants.h" |
| 47 #include "content/public/browser/browser_thread.h" | 48 #include "content/public/browser/browser_thread.h" |
| 48 #include "net/base/host_mapping_rules.h" | 49 #include "net/base/host_mapping_rules.h" |
| 49 #include "net/base/net_util.h" | 50 #include "net/base/net_util.h" |
| 50 #include "net/base/network_time_notifier.h" | 51 #include "net/base/network_time_notifier.h" |
| 51 #include "net/base/sdch_manager.h" | 52 #include "net/base/sdch_manager.h" |
| 52 #include "net/cert/cert_verifier.h" | 53 #include "net/cert/cert_verifier.h" |
| 54 #include "net/cert/ct_known_logs_data.h" |
| 55 #include "net/cert/ct_verifier.h" |
| 53 #include "net/cookies/cookie_monster.h" | 56 #include "net/cookies/cookie_monster.h" |
| 54 #include "net/dns/host_cache.h" | 57 #include "net/dns/host_cache.h" |
| 55 #include "net/dns/host_resolver.h" | 58 #include "net/dns/host_resolver.h" |
| 56 #include "net/dns/mapped_host_resolver.h" | 59 #include "net/dns/mapped_host_resolver.h" |
| 57 #include "net/ftp/ftp_network_layer.h" | 60 #include "net/ftp/ftp_network_layer.h" |
| 58 #include "net/http/http_auth_filter.h" | 61 #include "net/http/http_auth_filter.h" |
| 59 #include "net/http/http_auth_handler_factory.h" | 62 #include "net/http/http_auth_handler_factory.h" |
| 60 #include "net/http/http_network_layer.h" | 63 #include "net/http/http_network_layer.h" |
| 61 #include "net/http/http_server_properties_impl.h" | 64 #include "net/http/http_server_properties_impl.h" |
| 62 #include "net/proxy/proxy_config_service.h" | 65 #include "net/proxy/proxy_config_service.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 75 #include "net/websockets/websocket_job.h" | 78 #include "net/websockets/websocket_job.h" |
| 76 | 79 |
| 77 #if defined(OS_WIN) | 80 #if defined(OS_WIN) |
| 78 #include "win8/util/win8_util.h" | 81 #include "win8/util/win8_util.h" |
| 79 #endif | 82 #endif |
| 80 | 83 |
| 81 #if defined(ENABLE_CONFIGURATION_POLICY) | 84 #if defined(ENABLE_CONFIGURATION_POLICY) |
| 82 #include "policy/policy_constants.h" | 85 #include "policy/policy_constants.h" |
| 83 #endif | 86 #endif |
| 84 | 87 |
| 88 #if !defined(USE_OPENSSL) |
| 89 #include "net/cert/ct_log_verifier.h" |
| 90 #include "net/cert/multi_log_ct_verifier.h" |
| 91 #endif |
| 92 |
| 85 #if defined(USE_NSS) || defined(OS_IOS) | 93 #if defined(USE_NSS) || defined(OS_IOS) |
| 86 #include "net/ocsp/nss_ocsp.h" | 94 #include "net/ocsp/nss_ocsp.h" |
| 87 #endif | 95 #endif |
| 88 | 96 |
| 89 #if !defined(OS_IOS) && !defined(OS_ANDROID) | 97 #if !defined(OS_IOS) && !defined(OS_ANDROID) |
| 90 #include "net/proxy/proxy_resolver_v8.h" | 98 #include "net/proxy/proxy_resolver_v8.h" |
| 91 #endif | 99 #endif |
| 92 | 100 |
| 93 #if defined(OS_ANDROID) || defined(OS_IOS) | 101 #if defined(OS_ANDROID) || defined(OS_IOS) |
| 94 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" | 102 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h" |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 198 // See IOThread::Globals for details. | 206 // See IOThread::Globals for details. |
| 199 net::URLRequestContext* | 207 net::URLRequestContext* |
| 200 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, | 208 ConstructProxyScriptFetcherContext(IOThread::Globals* globals, |
| 201 net::NetLog* net_log) { | 209 net::NetLog* net_log) { |
| 202 net::URLRequestContext* context = new net::URLRequestContext; | 210 net::URLRequestContext* context = new net::URLRequestContext; |
| 203 context->set_net_log(net_log); | 211 context->set_net_log(net_log); |
| 204 context->set_host_resolver(globals->host_resolver.get()); | 212 context->set_host_resolver(globals->host_resolver.get()); |
| 205 context->set_cert_verifier(globals->cert_verifier.get()); | 213 context->set_cert_verifier(globals->cert_verifier.get()); |
| 206 context->set_transport_security_state( | 214 context->set_transport_security_state( |
| 207 globals->transport_security_state.get()); | 215 globals->transport_security_state.get()); |
| 216 context->set_cert_transparency_verifier( |
| 217 globals->cert_transparency_verifier.get()); |
| 208 context->set_http_auth_handler_factory( | 218 context->set_http_auth_handler_factory( |
| 209 globals->http_auth_handler_factory.get()); | 219 globals->http_auth_handler_factory.get()); |
| 210 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); | 220 context->set_proxy_service(globals->proxy_script_fetcher_proxy_service.get()); |
| 211 context->set_http_transaction_factory( | 221 context->set_http_transaction_factory( |
| 212 globals->proxy_script_fetcher_http_transaction_factory.get()); | 222 globals->proxy_script_fetcher_http_transaction_factory.get()); |
| 213 context->set_job_factory( | 223 context->set_job_factory( |
| 214 globals->proxy_script_fetcher_url_request_job_factory.get()); | 224 globals->proxy_script_fetcher_url_request_job_factory.get()); |
| 215 context->set_cookie_store(globals->system_cookie_store.get()); | 225 context->set_cookie_store(globals->system_cookie_store.get()); |
| 216 context->set_server_bound_cert_service( | 226 context->set_server_bound_cert_service( |
| 217 globals->system_server_bound_cert_service.get()); | 227 globals->system_server_bound_cert_service.get()); |
| 218 context->set_network_delegate(globals->system_network_delegate.get()); | 228 context->set_network_delegate(globals->system_network_delegate.get()); |
| 219 context->set_http_user_agent_settings( | 229 context->set_http_user_agent_settings( |
| 220 globals->http_user_agent_settings.get()); | 230 globals->http_user_agent_settings.get()); |
| 221 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 231 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
| 222 // system URLRequestContext too. There's no reason this should be tied to a | 232 // system URLRequestContext too. There's no reason this should be tied to a |
| 223 // profile. | 233 // profile. |
| 224 return context; | 234 return context; |
| 225 } | 235 } |
| 226 | 236 |
| 227 net::URLRequestContext* | 237 net::URLRequestContext* |
| 228 ConstructSystemRequestContext(IOThread::Globals* globals, | 238 ConstructSystemRequestContext(IOThread::Globals* globals, |
| 229 net::NetLog* net_log) { | 239 net::NetLog* net_log) { |
| 230 net::URLRequestContext* context = new SystemURLRequestContext; | 240 net::URLRequestContext* context = new SystemURLRequestContext; |
| 231 context->set_net_log(net_log); | 241 context->set_net_log(net_log); |
| 232 context->set_host_resolver(globals->host_resolver.get()); | 242 context->set_host_resolver(globals->host_resolver.get()); |
| 233 context->set_cert_verifier(globals->cert_verifier.get()); | 243 context->set_cert_verifier(globals->cert_verifier.get()); |
| 234 context->set_transport_security_state( | 244 context->set_transport_security_state( |
| 235 globals->transport_security_state.get()); | 245 globals->transport_security_state.get()); |
| 246 context->set_cert_transparency_verifier( |
| 247 globals->cert_transparency_verifier.get()); |
| 236 context->set_http_auth_handler_factory( | 248 context->set_http_auth_handler_factory( |
| 237 globals->http_auth_handler_factory.get()); | 249 globals->http_auth_handler_factory.get()); |
| 238 context->set_proxy_service(globals->system_proxy_service.get()); | 250 context->set_proxy_service(globals->system_proxy_service.get()); |
| 239 context->set_http_transaction_factory( | 251 context->set_http_transaction_factory( |
| 240 globals->system_http_transaction_factory.get()); | 252 globals->system_http_transaction_factory.get()); |
| 241 context->set_cookie_store(globals->system_cookie_store.get()); | 253 context->set_cookie_store(globals->system_cookie_store.get()); |
| 242 context->set_server_bound_cert_service( | 254 context->set_server_bound_cert_service( |
| 243 globals->system_server_bound_cert_service.get()); | 255 globals->system_server_bound_cert_service.get()); |
| 244 context->set_throttler_manager(globals->throttler_manager.get()); | 256 context->set_throttler_manager(globals->throttler_manager.get()); |
| 245 context->set_network_delegate(globals->system_network_delegate.get()); | 257 context->set_network_delegate(globals->system_network_delegate.get()); |
| (...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 521 &system_enable_referrers_); | 533 &system_enable_referrers_); |
| 522 if (command_line.HasSwitch(switches::kEnableClientHints)) | 534 if (command_line.HasSwitch(switches::kEnableClientHints)) |
| 523 network_delegate->SetEnableClientHints(); | 535 network_delegate->SetEnableClientHints(); |
| 524 if (command_line.HasSwitch(switches::kDisableExtensionsHttpThrottling)) | 536 if (command_line.HasSwitch(switches::kDisableExtensionsHttpThrottling)) |
| 525 network_delegate->NeverThrottleRequests(); | 537 network_delegate->NeverThrottleRequests(); |
| 526 globals_->system_network_delegate.reset(network_delegate); | 538 globals_->system_network_delegate.reset(network_delegate); |
| 527 globals_->host_resolver = CreateGlobalHostResolver(net_log_); | 539 globals_->host_resolver = CreateGlobalHostResolver(net_log_); |
| 528 UpdateDnsClientEnabled(); | 540 UpdateDnsClientEnabled(); |
| 529 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); | 541 globals_->cert_verifier.reset(net::CertVerifier::CreateDefault()); |
| 530 globals_->transport_security_state.reset(new net::TransportSecurityState()); | 542 globals_->transport_security_state.reset(new net::TransportSecurityState()); |
| 543 #if !defined(USE_OPENSSL) |
| 544 // For now, Certificate Transparency is only implemented for platforms |
| 545 // that use NSS. |
| 546 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); |
| 547 globals_->cert_transparency_verifier.reset(ct_verifier); |
| 548 |
| 549 // Add built-in logs |
| 550 ct_verifier->AddLog(net::ct::CreateGooglePilotLogVerifier().Pass()); |
| 551 ct_verifier->AddLog(net::ct::CreateGoogleAviatorLogVerifier().Pass()); |
| 552 ct_verifier->AddLog(net::ct::CreateGoogleRocketeerLogVerifier().Pass()); |
| 553 |
| 554 // Add logs from command line |
| 555 if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) { |
| 556 std::string switch_value = command_line.GetSwitchValueASCII( |
| 557 switches::kCertificateTransparencyLog); |
| 558 size_t delim_pos = switch_value.find(":"); |
| 559 CHECK(delim_pos != std::string::npos) |
| 560 << "CT log description not provided (switch format" |
| 561 " is 'description:base64_key')"; |
| 562 std::string log_description(switch_value.substr(0, delim_pos)); |
| 563 std::string ct_public_key_data; |
| 564 CHECK(base::Base64Decode( |
| 565 switch_value.substr(delim_pos + 1), |
| 566 &ct_public_key_data)) << "Unable to decode CT public key."; |
| 567 scoped_ptr<net::CTLogVerifier> external_log_verifier( |
| 568 net::CTLogVerifier::Create(ct_public_key_data, log_description)); |
| 569 CHECK(external_log_verifier) << "Unable to parse CT public key."; |
| 570 ct_verifier->AddLog(external_log_verifier.Pass()); |
| 571 } |
| 572 #else |
| 573 if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) { |
| 574 LOG(DFATAL) << "Certificate Transparency is not yet supported in Chrome " |
| 575 "builds using OpenSSL."; |
| 576 } |
| 577 #endif |
| 531 globals_->ssl_config_service = GetSSLConfigService(); | 578 globals_->ssl_config_service = GetSSLConfigService(); |
| 532 #if defined(OS_ANDROID) || defined(OS_IOS) | 579 #if defined(OS_ANDROID) || defined(OS_IOS) |
| 533 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { | 580 if (DataReductionProxySettings::IsDataReductionProxyAllowed()) { |
| 534 spdyproxy_auth_origins_ = | 581 spdyproxy_auth_origins_ = |
| 535 DataReductionProxySettings::GetDataReductionProxies(); | 582 DataReductionProxySettings::GetDataReductionProxies(); |
| 536 } | 583 } |
| 537 #endif // defined(OS_ANDROID) || defined(OS_IOS) | 584 #endif // defined(OS_ANDROID) || defined(OS_IOS) |
| 538 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( | 585 globals_->http_auth_handler_factory.reset(CreateDefaultAuthHandlerFactory( |
| 539 globals_->host_resolver.get())); | 586 globals_->host_resolver.get())); |
| 540 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); | 587 globals_->http_server_properties.reset(new net::HttpServerPropertiesImpl()); |
| (...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1069 if (!length_str.ends_with(kQuicFieldTrialPacketLengthSuffix)) { | 1116 if (!length_str.ends_with(kQuicFieldTrialPacketLengthSuffix)) { |
| 1070 return 0; | 1117 return 0; |
| 1071 } | 1118 } |
| 1072 length_str.remove_suffix(strlen(kQuicFieldTrialPacketLengthSuffix)); | 1119 length_str.remove_suffix(strlen(kQuicFieldTrialPacketLengthSuffix)); |
| 1073 unsigned value; | 1120 unsigned value; |
| 1074 if (!base::StringToUint(length_str, &value)) { | 1121 if (!base::StringToUint(length_str, &value)) { |
| 1075 return 0; | 1122 return 0; |
| 1076 } | 1123 } |
| 1077 return value; | 1124 return value; |
| 1078 } | 1125 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 76443006:
Certificate Transparency: Threading the CT verifier into the SSL client socket. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src