Skip to content

Commit

Permalink
net: Plumb DnsCertProvenanceChecker around.
Browse files Browse the repository at this point in the history 
(Reland of r66623, reverted in r66687 due to Chrome Frame linking issues.)

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66970 0039d316-1c4b-4281-b951-d872f2087c98
  • Loading branch information
agl@chromium.org committed Nov 22, 2010
1 parent 9563e80 commit 62426e7
Show file tree
Hide file tree
Showing 49 changed files with 541 additions and 324 deletions.
51 changes: 51 additions & 0 deletions chrome/browser/net/chrome_url_request_context.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
#include "net/proxy/proxy_config_service_fixed.h"
#include "net/proxy/proxy_script_fetcher.h"
#include "net/proxy/proxy_service.h"
#include "net/socket/dns_cert_provenance_checker.h"
#include "net/url_request/url_request.h"
#include "webkit/glue/webkit_glue.h"

Expand Down Expand Up @@ -222,6 +223,47 @@ class ChromeCookieMonsterDelegate : public net::CookieMonster::Delegate {
scoped_refptr<ProfileGetter> profile_getter_;
};

// ----------------------------------------------------------------------------
// Implementation of DnsCertProvenanceChecker
// ----------------------------------------------------------------------------

// WARNING: do not use this with anything other than the main
// ChromeURLRequestContext. Eventually we'll want to have the other contexts
// point to the main ChromeURLRequestContext, which then causes lifetime
// ordering issues wrt ChromeURLRequestContexts, since we're using a raw
// pointer, and we'll get shutdown ordering problems.

class ChromeDnsCertProvenanceChecker :
public net::DnsCertProvenanceChecker,
public net::DnsCertProvenanceChecker::Delegate {
public:
ChromeDnsCertProvenanceChecker(
net::DnsRRResolver* dnsrr_resolver,
ChromeURLRequestContext* url_req_context)
: dnsrr_resolver_(dnsrr_resolver),
url_req_context_(url_req_context) {
}

// DnsCertProvenanceChecker interface
virtual void DoAsyncVerification(
const std::string& hostname,
const std::vector<base::StringPiece>& der_certs) {
net::DnsCertProvenanceChecker::DoAsyncLookup(hostname, der_certs,
dnsrr_resolver_, this);
}

// DnsCertProvenanceChecker::Delegate interface
virtual void OnDnsCertLookupFailed(
const std::string& hostname,
const std::vector<std::string>& der_certs) {
// Currently unimplemented.
}

private:
net::DnsRRResolver* const dnsrr_resolver_;
ChromeURLRequestContext* const url_req_context_;
};

// ----------------------------------------------------------------------------
// Helper factories
// ----------------------------------------------------------------------------
Expand Down Expand Up @@ -265,6 +307,12 @@ ChromeURLRequestContext* FactoryForOriginal::Create() {
context->set_http_auth_handler_factory(
io_thread_globals->http_auth_handler_factory.get());

/* Disabled for now due to Chrome Frame linking issues on Windows.
context->set_dns_cert_checker(
new ChromeDnsCertProvenanceChecker(
io_thread_globals->dnsrr_resolver.get(),
context)); */

const CommandLine& command_line = *CommandLine::ForCurrentProcess();

context->set_proxy_service(
Expand All @@ -280,6 +328,7 @@ ChromeURLRequestContext* FactoryForOriginal::Create() {
net::HttpCache* cache =
new net::HttpCache(context->host_resolver(),
context->dnsrr_resolver(),
context->dns_cert_checker(),
context->proxy_service(),
context->ssl_config_service(),
context->http_auth_handler_factory(),
Expand Down Expand Up @@ -406,6 +455,7 @@ ChromeURLRequestContext* FactoryForOffTheRecord::Create() {
net::HttpCache* cache =
new net::HttpCache(context->host_resolver(),
context->dnsrr_resolver(),
NULL /* dns_cert_checker */,
context->proxy_service(),
context->ssl_config_service(),
context->http_auth_handler_factory(),
Expand Down Expand Up @@ -498,6 +548,7 @@ ChromeURLRequestContext* FactoryForMedia::Create() {
// new set of network stack.
cache = new net::HttpCache(main_context->host_resolver(),
main_context->dnsrr_resolver(),
NULL /* dns_cert_checker */,
main_context->proxy_service(),
main_context->ssl_config_service(),
main_context->http_auth_handler_factory(),
Expand Down
4 changes: 4 additions & 0 deletions chrome/browser/net/chrome_url_request_context.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ class PrefService;
class Profile;

namespace net {
class DnsCertProvenanceChecker;
class NetworkDelegate;
class ProxyConfig;
}
Expand Down Expand Up @@ -130,6 +131,9 @@ class ChromeURLRequestContext : public URLRequestContext {
void set_dnsrr_resolver(net::DnsRRResolver* dnsrr_resolver) {
dnsrr_resolver_ = dnsrr_resolver;
}
void set_dns_cert_checker(net::DnsCertProvenanceChecker* ctx) {
dns_cert_checker_.reset(ctx);
}
void set_http_transaction_factory(net::HttpTransactionFactory* factory) {
http_transaction_factory_ = factory;
}
Expand Down
1 change: 1 addition & 0 deletions chrome/browser/net/connection_tester.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ class ExperimentURLRequestContext : public URLRequestContext {
host_resolver_);
http_transaction_factory_ = new net::HttpCache(
net::HttpNetworkLayer::CreateFactory(host_resolver_, dnsrr_resolver_,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */, proxy_service_,
ssl_config_service_, http_auth_handler_factory_, NULL, NULL),
net::HttpCache::DefaultBackend::InMemory(0));
Expand Down
1 change: 1 addition & 0 deletions chrome/service/net/service_url_request_context.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ ServiceURLRequestContext::ServiceURLRequestContext(
http_transaction_factory_ = new net::HttpCache(
net::HttpNetworkLayer::CreateFactory(host_resolver_,
dnsrr_resolver_,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
proxy_service_,
ssl_config_service_,
Expand Down
1 change: 1 addition & 0 deletions chrome/test/plugin/plugin_test.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@ class PluginInstallerDownloadTest
http_transaction_factory_ = new net::HttpCache(
net::HttpNetworkLayer::CreateFactory(host_resolver_,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
proxy_service_,
ssl_config_service_,
Expand Down
1 change: 1 addition & 0 deletions chrome_frame/metrics_service.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,7 @@ class ChromeFrameUploadRequestContext : public URLRequestContext {
http_transaction_factory_ = new net::HttpCache(
net::HttpNetworkLayer::CreateFactory(host_resolver_,
NULL /* dnsrr_resovler */,
NULL /* dns_cert_checker*/,
NULL /* ssl_host_info */,
proxy_service_,
ssl_config_service_,
Expand Down
12 changes: 9 additions & 3 deletions chrome_frame/test/test_server_test.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,15 @@ class URLRequestTestContext : public URLRequestContext {
host_resolver_);
http_transaction_factory_ = new net::HttpCache(
net::HttpNetworkLayer::CreateFactory(
host_resolver_, NULL /* dnsrr_resolver */,
NULL /* ssl_host_info_factory */, proxy_service_,
ssl_config_service_, http_auth_handler_factory_, NULL, NULL),
host_resolver_,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
proxy_service_,
ssl_config_service_,
http_auth_handler_factory_,
NULL /* network_delegate */,
NULL /* net_log */),
net::HttpCache::DefaultBackend::InMemory(0));
// In-memory cookie store.
cookie_store_ = new net::CookieMonster(NULL, NULL);
Expand Down
4 changes: 2 additions & 2 deletions jingle/notifier/base/xmpp_client_socket_factory.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,10 @@ net::SSLClientSocket* XmppClientSocketFactory::CreateSSLClientSocket(
const net::HostPortPair& host_and_port,
const net::SSLConfig& ssl_config,
net::SSLHostInfo* ssl_host_info,
net::DnsRRResolver* dnsrr_resolver) {
net::DnsCertProvenanceChecker* dns_cert_checker) {
return client_socket_factory_->CreateSSLClientSocket(
transport_socket, host_and_port, ssl_config, ssl_host_info,
dnsrr_resolver);
dns_cert_checker);
}

} // namespace
5 changes: 3 additions & 2 deletions jingle/notifier/base/xmpp_client_socket_factory.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
#include "net/socket/client_socket_factory.h"

namespace net {
class DnsRRResolver;
class DnsCertProvenanceChecker;
class HostPortPair;
class SSLHostInfo;
}
Expand All @@ -33,7 +33,8 @@ class XmppClientSocketFactory : public net::ClientSocketFactory {
virtual net::SSLClientSocket* CreateSSLClientSocket(
net::ClientSocketHandle* transport_socket,
const net::HostPortPair& host_and_port, const net::SSLConfig& ssl_config,
net::SSLHostInfo* ssl_host_info, net::DnsRRResolver* dnsrr_resolver);
net::SSLHostInfo* ssl_host_info,
net::DnsCertProvenanceChecker* dns_cert_checker);

private:
net::ClientSocketFactory* const client_socket_factory_;
Expand Down
4 changes: 3 additions & 1 deletion net/http/http_cache.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,7 @@ class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory {

HttpCache::HttpCache(HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker_,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
HttpAuthHandlerFactory* http_auth_handler_factory,
Expand All @@ -292,7 +293,8 @@ HttpCache::HttpCache(HostResolver* host_resolver,
ssl_host_info_factory_(new SSLHostInfoFactoryAdaptor(
ALLOW_THIS_IN_INITIALIZER_LIST(this))),
network_layer_(HttpNetworkLayer::CreateFactory(host_resolver,
dnsrr_resolver, ssl_host_info_factory_.get(),
dnsrr_resolver, dns_cert_checker_,
ssl_host_info_factory_.get(),
proxy_service, ssl_config_service,
http_auth_handler_factory, network_delegate, net_log)),
ALLOW_THIS_IN_INITIALIZER_LIST(task_factory_(this)),
Expand Down
2 changes: 2 additions & 0 deletions net/http/http_cache.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ class Entry;

namespace net {

class DnsCertProvenanceChecker;
class DnsRRResolver;
class HostResolver;
class HttpAuthHandlerFactory;
Expand Down Expand Up @@ -117,6 +118,7 @@ class HttpCache : public HttpTransactionFactory,
// The HttpCache takes ownership of the |backend_factory|.
HttpCache(HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
HttpAuthHandlerFactory* http_auth_handler_factory,
Expand Down
9 changes: 9 additions & 0 deletions net/http/http_network_layer.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ namespace net {
HttpTransactionFactory* HttpNetworkLayer::CreateFactory(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
Expand All @@ -32,6 +33,7 @@ HttpTransactionFactory* HttpNetworkLayer::CreateFactory(

return new HttpNetworkLayer(ClientSocketFactory::GetDefaultFactory(),
host_resolver, dnsrr_resolver,
dns_cert_checker,
ssl_host_info_factory, proxy_service,
ssl_config_service, http_auth_handler_factory,
network_delegate,
Expand All @@ -51,6 +53,7 @@ HttpNetworkLayer::HttpNetworkLayer(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
Expand All @@ -60,6 +63,7 @@ HttpNetworkLayer::HttpNetworkLayer(
: socket_factory_(socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
Expand All @@ -77,6 +81,7 @@ HttpNetworkLayer::HttpNetworkLayer(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
Expand All @@ -87,6 +92,7 @@ HttpNetworkLayer::HttpNetworkLayer(
: socket_factory_(socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
Expand All @@ -103,6 +109,7 @@ HttpNetworkLayer::HttpNetworkLayer(
HttpNetworkLayer::HttpNetworkLayer(HttpNetworkSession* session)
: socket_factory_(ClientSocketFactory::GetDefaultFactory()),
dnsrr_resolver_(NULL),
dns_cert_checker_(NULL),
ssl_host_info_factory_(NULL),
ssl_config_service_(NULL),
session_(session),
Expand Down Expand Up @@ -144,6 +151,7 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() {
session_ = new HttpNetworkSession(
host_resolver_,
dnsrr_resolver_,
dns_cert_checker_,
ssl_host_info_factory_,
proxy_service_,
socket_factory_,
Expand All @@ -155,6 +163,7 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() {
// These were just temps for lazy-initializing HttpNetworkSession.
host_resolver_ = NULL;
dnsrr_resolver_ = NULL;
dns_cert_checker_ = NULL;
ssl_host_info_factory_ = NULL;
proxy_service_ = NULL;
socket_factory_ = NULL;
Expand Down
5 changes: 5 additions & 0 deletions net/http/http_network_layer.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
namespace net {

class ClientSocketFactory;
class DnsCertProvenanceChecker;
class DnsRRResolver;
class HostResolver;
class HttpAuthHandlerFactory;
Expand All @@ -34,6 +35,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
HttpNetworkLayer(ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
Expand All @@ -46,6 +48,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
Expand All @@ -62,6 +65,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
static HttpTransactionFactory* CreateFactory(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
Expand Down Expand Up @@ -100,6 +104,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
// creating |session_|.
HostResolver* host_resolver_;
DnsRRResolver* dnsrr_resolver_;
DnsCertProvenanceChecker* dns_cert_checker_;
SSLHostInfoFactory* ssl_host_info_factory_;
scoped_refptr<ProxyService> proxy_service_;

Expand Down
3 changes: 3 additions & 0 deletions net/http/http_network_layer_unittest.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ TEST_F(HttpNetworkLayerTest, CreateAndDestroy) {
NULL,
&host_resolver,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
net::ProxyService::CreateDirect(),
new net::SSLConfigServiceDefaults,
Expand All @@ -44,6 +45,7 @@ TEST_F(HttpNetworkLayerTest, Suspend) {
NULL,
&host_resolver,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
net::ProxyService::CreateDirect(),
new net::SSLConfigServiceDefaults,
Expand Down Expand Up @@ -92,6 +94,7 @@ TEST_F(HttpNetworkLayerTest, GET) {
&mock_socket_factory,
&host_resolver,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
net::ProxyService::CreateDirect(),
new net::SSLConfigServiceDefaults,
Expand Down
3 changes: 3 additions & 0 deletions net/http/http_network_session.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ namespace net {
HttpNetworkSession::HttpNetworkSession(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
ClientSocketFactory* client_socket_factory,
Expand All @@ -32,12 +33,14 @@ HttpNetworkSession::HttpNetworkSession(
: socket_factory_(client_socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
dns_cert_checker_(dns_cert_checker),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
socket_pool_manager_(net_log,
client_socket_factory,
host_resolver,
dnsrr_resolver,
dns_cert_checker,
ssl_host_info_factory,
proxy_service,
ssl_config_service),
Expand Down
Loading

0 comments on commit 62426e7

Please sign in to comment.