net/socket/ssl_client_socket.cc - Issue 992733002: Remove //net (except for Android test stuff) and sdch

Side by Side Diff: net/socket/ssl_client_socket.cc

Issue 992733002: Remove //net (except for Android test stuff) and sdch (Closed) Base URL: git@github.com:domokit/mojo.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "net/socket/ssl_client_socket.h"

6

7 #include "base/metrics/histogram.h"

8 #include "base/metrics/sparse_histogram.h"

9 #include "base/strings/string_util.h"

10 #include "crypto/ec_private_key.h"

11 #include "net/base/connection_type_histograms.h"

12 #include "net/base/host_port_pair.h"

13 #include "net/ssl/channel_id_service.h"

14 #include "net/ssl/ssl_cipher_suite_names.h"

15 #include "net/ssl/ssl_config_service.h"

16 #include "net/ssl/ssl_connection_status_flags.h"

17

18 namespace net {

19

20 SSLClientSocket::SSLClientSocket()

21 : was_npn_negotiated_(false),

22 was_spdy_negotiated_(false),

23 protocol_negotiated_(kProtoUnknown),

24 channel_id_sent_(false),

25 signed_cert_timestamps_received_(false),

26 stapled_ocsp_response_received_(false),

27 negotiation_extension_(kExtensionUnknown) {

28 }

29

30 // static

31 NextProto SSLClientSocket::NextProtoFromString(

32 const std::string& proto_string) {

33 if (proto_string == "http1.1" \|\| proto_string == "http/1.1") {

34 return kProtoHTTP11;

35 } else if (proto_string == "spdy/2") {

36 return kProtoDeprecatedSPDY2;

37 } else if (proto_string == "spdy/3") {

38 return kProtoSPDY3;

39 } else if (proto_string == "spdy/3.1") {

40 return kProtoSPDY31;

41 } else if (proto_string == "h2-14") {

42 // For internal consistency, HTTP/2 is named SPDY4 within Chromium.

43 // This is the HTTP/2 draft-14 identifier.

44 return kProtoSPDY4_14;

45 } else if (proto_string == "h2-15") {

46 // This is the HTTP/2 draft-15 identifier.

47 return kProtoSPDY4_15;

48 } else if (proto_string == "quic/1+spdy/3") {

49 return kProtoQUIC1SPDY3;

50 } else {

51 return kProtoUnknown;

52 }

53 }

54

55 // static

56 const char* SSLClientSocket::NextProtoToString(NextProto next_proto) {

57 switch (next_proto) {

58 case kProtoHTTP11:

59 return "http/1.1";

60 case kProtoDeprecatedSPDY2:

61 return "spdy/2";

62 case kProtoSPDY3:

63 return "spdy/3";

64 case kProtoSPDY31:

65 return "spdy/3.1";

66 case kProtoSPDY4_14:

67 // For internal consistency, HTTP/2 is named SPDY4 within Chromium.

68 // This is the HTTP/2 draft-14 identifier.

69 return "h2-14";

70 case kProtoSPDY4_15:

71 // This is the HTTP/2 draft-15 identifier.

72 return "h2-15";

73 case kProtoQUIC1SPDY3:

74 return "quic/1+spdy/3";

75 case kProtoUnknown:

76 break;

77 }

78 return "unknown";

79 }

80

81 // static

82 const char* SSLClientSocket::NextProtoStatusToString(

83 const SSLClientSocket::NextProtoStatus status) {

84 switch (status) {

85 case kNextProtoUnsupported:

86 return "unsupported";

87 case kNextProtoNegotiated:

88 return "negotiated";

89 case kNextProtoNoOverlap:

90 return "no-overlap";

91 }

92 return NULL;

93 }

94

95 bool SSLClientSocket::WasNpnNegotiated() const {

96 return was_npn_negotiated_;

97 }

98

99 NextProto SSLClientSocket::GetNegotiatedProtocol() const {

100 return protocol_negotiated_;

101 }

102

103 bool SSLClientSocket::IgnoreCertError(int error, int load_flags) {

104 return error == OK \|\| (load_flags & LOAD_IGNORE_ALL_CERT_ERRORS);

105 }

106

107 bool SSLClientSocket::set_was_npn_negotiated(bool negotiated) {

108 return was_npn_negotiated_ = negotiated;

109 }

110

111 bool SSLClientSocket::was_spdy_negotiated() const {

112 return was_spdy_negotiated_;

113 }

114

115 bool SSLClientSocket::set_was_spdy_negotiated(bool negotiated) {

116 return was_spdy_negotiated_ = negotiated;

117 }

118

119 void SSLClientSocket::set_protocol_negotiated(NextProto protocol_negotiated) {

120 protocol_negotiated_ = protocol_negotiated;

121 }

122

123 void SSLClientSocket::set_negotiation_extension(

124 SSLNegotiationExtension negotiation_extension) {

125 negotiation_extension_ = negotiation_extension;

126 }

127

128 bool SSLClientSocket::WasChannelIDSent() const {

129 return channel_id_sent_;

130 }

131

132 void SSLClientSocket::set_channel_id_sent(bool channel_id_sent) {

133 channel_id_sent_ = channel_id_sent;

134 }

135

136 void SSLClientSocket::set_signed_cert_timestamps_received(

137 bool signed_cert_timestamps_received) {

138 signed_cert_timestamps_received_ = signed_cert_timestamps_received;

139 }

140

141 void SSLClientSocket::set_stapled_ocsp_response_received(

142 bool stapled_ocsp_response_received) {

143 stapled_ocsp_response_received_ = stapled_ocsp_response_received;

144 }

145

146 // static

147 void SSLClientSocket::RecordChannelIDSupport(

148 ChannelIDService* channel_id_service,

149 bool negotiated_channel_id,

150 bool channel_id_enabled,

151 bool supports_ecc) {

152 // Since this enum is used for a histogram, do not change or re-use values.

153 enum {

154 DISABLED = 0,

155 CLIENT_ONLY = 1,

156 CLIENT_AND_SERVER = 2,

157 CLIENT_NO_ECC = 3,

158 CLIENT_BAD_SYSTEM_TIME = 4,

159 CLIENT_NO_CHANNEL_ID_SERVICE = 5,

160 CHANNEL_ID_USAGE_MAX

161 } supported = DISABLED;

162 if (negotiated_channel_id) {

163 supported = CLIENT_AND_SERVER;

164 } else if (channel_id_enabled) {

165 if (!channel_id_service)

166 supported = CLIENT_NO_CHANNEL_ID_SERVICE;

167 else if (!supports_ecc)

168 supported = CLIENT_NO_ECC;

169 else if (!channel_id_service->IsSystemTimeValid())

170 supported = CLIENT_BAD_SYSTEM_TIME;

171 else

172 supported = CLIENT_ONLY;

173 }

174 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,

175 CHANNEL_ID_USAGE_MAX);

176 }

177

178 // static

179 void SSLClientSocket::RecordConnectionTypeMetrics(int ssl_version) {

180 UpdateConnectionTypeHistograms(CONNECTION_SSL);

181 switch (ssl_version) {

182 case SSL_CONNECTION_VERSION_SSL2:

183 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2);

184 break;

185 case SSL_CONNECTION_VERSION_SSL3:

186 UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL3);

187 break;

188 case SSL_CONNECTION_VERSION_TLS1:

189 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1);

190 break;

191 case SSL_CONNECTION_VERSION_TLS1_1:

192 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1);

193 break;

194 case SSL_CONNECTION_VERSION_TLS1_2:

195 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2);

196 break;

197 }

198 }

199

200 // static

201 bool SSLClientSocket::IsChannelIDEnabled(

202 const SSLConfig& ssl_config,

203 ChannelIDService* channel_id_service) {

204 if (!ssl_config.channel_id_enabled)

205 return false;

206 if (!channel_id_service) {

207 DVLOG(1) << "NULL channel_id_service_, not enabling channel ID.";

208 return false;

209 }

210 if (!crypto::ECPrivateKey::IsSupported()) {

211 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";

212 return false;

213 }

214 if (!channel_id_service->IsSystemTimeValid()) {

215 DVLOG(1) << "System time is not within the supported range for certificate "

216 "generation, not enabling channel ID.";

217 return false;

218 }

219 return true;

220 }

221

222 // static

223 bool SSLClientSocket::HasCipherAdequateForHTTP2(

224 const std::vector<uint16>& cipher_suites) {

225 for (uint16 cipher : cipher_suites) {

226 if (IsSecureTLSCipherSuite(cipher))

227 return true;

228 }

229 return false;

230 }

231

232 // static

233 bool SSLClientSocket::IsTLSVersionAdequateForHTTP2(

234 const SSLConfig& ssl_config) {

235 return ssl_config.version_max >= SSL_PROTOCOL_VERSION_TLS1_2;

236 }

237

238 // static

239 std::vector<uint8_t> SSLClientSocket::SerializeNextProtos(

240 const NextProtoVector& next_protos,

241 bool can_advertise_http2) {

242 std::vector<uint8_t> wire_protos;

243 for (const NextProto next_proto : next_protos) {

244 if (!can_advertise_http2 && kProtoSPDY4MinimumVersion <= next_proto &&

245 next_proto <= kProtoSPDY4MaximumVersion) {

246 continue;

247 }

248 const std::string proto = NextProtoToString(next_proto);

249 if (proto.size() > 255) {

250 LOG(WARNING) << "Ignoring overlong NPN/ALPN protocol: " << proto;

251 continue;

252 }

253 if (proto.size() == 0) {

254 LOG(WARNING) << "Ignoring empty NPN/ALPN protocol";

255 continue;

256 }

257 wire_protos.push_back(proto.size());

258 for (const char ch : proto) {

259 wire_protos.push_back(static_cast<uint8_t>(ch));

260 }

261 }

262

263 return wire_protos;

264 }

265

266 void SSLClientSocket::RecordNegotiationExtension() {

267 if (negotiation_extension_ == kExtensionUnknown)

268 return;

269 std::string proto;

270 SSLClientSocket::NextProtoStatus status = GetNextProto(&proto);

271 if (status == kNextProtoUnsupported)

272 return;

273 // Convert protocol into numerical value for histogram.

274 NextProto protocol_negotiated = SSLClientSocket::NextProtoFromString(proto);

275 base::HistogramBase::Sample sample =

276 static_cast<base::HistogramBase::Sample>(protocol_negotiated);

277 // In addition to the protocol negotiated, we want to record which TLS

278 // extension was used, and in case of NPN, whether there was overlap between

279 // server and client list of supported protocols.

280 if (negotiation_extension_ == kExtensionNPN) {

281 if (status == kNextProtoNoOverlap) {

282 sample += 1000;

283 } else {

284 sample += 500;

285 }

286 } else {

287 DCHECK_EQ(kExtensionALPN, negotiation_extension_);

288 }

289 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLProtocolNegotiation", sample);

290 }

291

292 } // namespace net

OLD	NEW

« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »