diff --git a/net/base/transport_info.cc b/net/base/transport_info.cc index 73c70f075ee7cd..8ed94797c1a0e8 100644 --- a/net/base/transport_info.cc +++ b/net/base/transport_info.cc @@ -36,10 +36,12 @@ TransportInfo::TransportInfo() = default; TransportInfo::TransportInfo(TransportType type_arg, IPEndPoint endpoint_arg, - std::string accept_ch_frame_arg) + std::string accept_ch_frame_arg, + bool cert_is_issued_by_known_root) : type(type_arg), endpoint(std::move(endpoint_arg)), - accept_ch_frame(std::move(accept_ch_frame_arg)) { + accept_ch_frame(std::move(accept_ch_frame_arg)), + cert_is_issued_by_known_root(cert_is_issued_by_known_root) { switch (type) { case TransportType::kCached: case TransportType::kCachedFromProxy: @@ -58,14 +60,7 @@ TransportInfo::TransportInfo(const TransportInfo&) = default; TransportInfo::~TransportInfo() = default; -bool TransportInfo::operator==(const TransportInfo& other) const { - return type == other.type && endpoint == other.endpoint && - accept_ch_frame == other.accept_ch_frame; -} - -bool TransportInfo::operator!=(const TransportInfo& other) const { - return !(*this == other); -} +bool TransportInfo::operator==(const TransportInfo& other) const = default; std::string TransportInfo::ToString() const { return base::StrCat({ @@ -75,6 +70,8 @@ std::string TransportInfo::ToString() const { endpoint.ToString(), ", accept_ch_frame = ", accept_ch_frame, + ", cert_is_issued_by_known_root = ", + cert_is_issued_by_known_root ? "true" : "false", " }", }); } diff --git a/net/base/transport_info.h b/net/base/transport_info.h index dcc2e80a5b66ba..3608a177d20095 100644 --- a/net/base/transport_info.h +++ b/net/base/transport_info.h @@ -35,13 +35,13 @@ struct NET_EXPORT TransportInfo { TransportInfo(); TransportInfo(TransportType type_arg, IPEndPoint endpoint_arg, - std::string accept_ch_frame_arg); + std::string accept_ch_frame_arg, + bool cert_is_issued_by_known_root); TransportInfo(const TransportInfo&); ~TransportInfo(); // Instances of this type are comparable for equality. bool operator==(const TransportInfo& other) const; - bool operator!=(const TransportInfo& other) const; // Returns a string representation of this struct, suitable for debugging. std::string ToString() const; @@ -62,6 +62,13 @@ struct NET_EXPORT TransportInfo { // Invariant: if `type` is `kCached` or `kCachedFromProxy`, then this is // empty. std::string accept_ch_frame; + + // True if the transport layer was secure and the certificate was rooted at a + // standard CA root. (As opposed to a user-installed root.) + // + // Invariant: if `type` is `kCached` or `kCachedFromProxy`, then this is + // always false. + bool cert_is_issued_by_known_root = false; }; // Instances of these types are streamable for easier debugging. diff --git a/net/http/http_basic_stream.cc b/net/http/http_basic_stream.cc index 429c89e09096b7..a124097338736d 100644 --- a/net/http/http_basic_stream.cc +++ b/net/http/http_basic_stream.cc @@ -163,11 +163,10 @@ bool HttpBasicStream::GetAlternativeService( } void HttpBasicStream::GetSSLInfo(SSLInfo* ssl_info) { - if (!state_.connection()->socket()) { + if (!state_.connection()->socket() || + !state_.connection()->socket()->GetSSLInfo(ssl_info)) { ssl_info->Reset(); - return; } - parser()->GetSSLInfo(ssl_info); } void HttpBasicStream::GetSSLCertRequestInfo( diff --git a/net/http/http_cache_transaction.cc b/net/http/http_cache_transaction.cc index 8b5581c1c43bb6..2dc6a81eaf8df7 100644 --- a/net/http/http_cache_transaction.cc +++ b/net/http/http_cache_transaction.cc @@ -3218,7 +3218,9 @@ int HttpCache::Transaction::DoConnectedCallback() { auto type = response_.was_fetched_via_proxy ? TransportType::kCachedFromProxy : TransportType::kCached; return connected_callback_.Run( - TransportInfo(type, response_.remote_endpoint, ""), io_callback_); + TransportInfo(type, response_.remote_endpoint, /*accept_ch_frame_arg=*/"", + /*cert_is_issued_by_known_root=*/false), + io_callback_); } int HttpCache::Transaction::DoConnectedCallbackComplete(int result) { diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index 8c8dddf70568ee..53de7c257bd12d 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -981,9 +981,19 @@ int HttpNetworkTransaction::DoConnectedCallback() { if (!proxy_info_.is_direct()) { type = TransportType::kProxied; } + + bool is_issued_by_known_root = false; + if (IsSecureRequest()) { + SSLInfo ssl_info; + CHECK(stream_); + stream_->GetSSLInfo(&ssl_info); + is_issued_by_known_root = ssl_info.is_issued_by_known_root; + } + return connected_callback_.Run( TransportInfo(type, remote_endpoint_, - std::string{stream_->GetAcceptChViaAlps()}), + std::string{stream_->GetAcceptChViaAlps()}, + is_issued_by_known_root), base::BindOnce(&HttpNetworkTransaction::ResumeAfterConnected, base::Unretained(this))); } diff --git a/net/http/http_stream_parser.cc b/net/http/http_stream_parser.cc index bbb365d0db46a9..380216aac1c620 100644 --- a/net/http/http_stream_parser.cc +++ b/net/http/http_stream_parser.cc @@ -1137,13 +1137,6 @@ void HttpStreamParser::OnConnectionClose() { stream_socket_ = nullptr; } -void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) { - if (!request_->url.SchemeIsCryptographic() || - !stream_socket_->GetSSLInfo(ssl_info)) { - ssl_info->Reset(); - } -} - void HttpStreamParser::GetSSLCertRequestInfo( SSLCertRequestInfo* cert_request_info) { cert_request_info->Reset(); diff --git a/net/http/http_stream_parser.h b/net/http/http_stream_parser.h index f5965ac933ded6..c8e56124048219 100644 --- a/net/http/http_stream_parser.h +++ b/net/http/http_stream_parser.h @@ -34,7 +34,6 @@ class HttpRequestHeaders; class HttpResponseInfo; class IOBuffer; class SSLCertRequestInfo; -class SSLInfo; class StreamSocket; class UploadDataStream; @@ -110,8 +109,6 @@ class NET_EXPORT_PRIVATE HttpStreamParser { } base::TimeTicks first_early_hints_time() { return first_early_hints_time_; } - void GetSSLInfo(SSLInfo* ssl_info); - void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); // Encodes the given |payload| in the chunked format to |output|. diff --git a/net/http/http_transaction_test_util.cc b/net/http/http_transaction_test_util.cc index 4a4eceac804c59..eb07ea5daeeb16 100644 --- a/net/http/http_transaction_test_util.cc +++ b/net/http/http_transaction_test_util.cc @@ -45,7 +45,9 @@ static MockTransactionMap mock_transactions; TransportInfo DefaultTransportInfo() { return TransportInfo(TransportType::kDirect, - IPEndPoint(IPAddress::IPv4Localhost(), 80), ""); + IPEndPoint(IPAddress::IPv4Localhost(), 80), + /*accept_ch_frame_arg=*/"", + /*cert_is_issued_by_known_root=*/false); } //----------------------------------------------------------------------------- diff --git a/net/websockets/websocket_basic_handshake_stream.cc b/net/websockets/websocket_basic_handshake_stream.cc index ad014d8f3dadc3..d8c018bd2fa07b 100644 --- a/net/websockets/websocket_basic_handshake_stream.cc +++ b/net/websockets/websocket_basic_handshake_stream.cc @@ -352,11 +352,10 @@ bool WebSocketBasicHandshakeStream::GetLoadTimingInfo( } void WebSocketBasicHandshakeStream::GetSSLInfo(SSLInfo* ssl_info) { - if (!state_.connection()->socket()) { + if (!state_.connection()->socket() || + !state_.connection()->socket()->GetSSLInfo(ssl_info)) { ssl_info->Reset(); - return; } - parser()->GetSSLInfo(ssl_info); } void WebSocketBasicHandshakeStream::GetSSLCertRequestInfo( diff --git a/services/network/private_network_access_checker_unittest.cc b/services/network/private_network_access_checker_unittest.cc index 09d3263433f2f1..122c504cc6451e 100644 --- a/services/network/private_network_access_checker_unittest.cc +++ b/services/network/private_network_access_checker_unittest.cc @@ -55,22 +55,26 @@ net::IPEndPoint PublicEndpoint() { net::TransportInfo DirectTransport(const net::IPEndPoint& endpoint) { return net::TransportInfo(net::TransportType::kDirect, endpoint, - kNoAcceptChFrame); + kNoAcceptChFrame, + /*cert_is_issued_by_known_root=*/false); } net::TransportInfo ProxiedTransport(const net::IPEndPoint& endpoint) { return net::TransportInfo(net::TransportType::kProxied, endpoint, - kNoAcceptChFrame); + kNoAcceptChFrame, + /*cert_is_issued_by_known_root=*/false); } net::TransportInfo CachedTransport(const net::IPEndPoint& endpoint) { return net::TransportInfo(net::TransportType::kCached, endpoint, - kNoAcceptChFrame); + kNoAcceptChFrame, + /*cert_is_issued_by_known_root=*/false); } net::TransportInfo MakeTransport(net::TransportType type, const net::IPEndPoint& endpoint) { - return net::TransportInfo(type, endpoint, kNoAcceptChFrame); + return net::TransportInfo(type, endpoint, kNoAcceptChFrame, + /*cert_is_issued_by_known_root=*/false); } TEST(PrivateNetworkAccessCheckerTest, ClientSecurityStateNull) { diff --git a/services/network/url_loader_unittest.cc b/services/network/url_loader_unittest.cc index b3d92149fb3c68..8444d0cb214a25 100644 --- a/services/network/url_loader_unittest.cc +++ b/services/network/url_loader_unittest.cc @@ -2182,7 +2182,9 @@ class URLLoaderFakeTransportInfoTest static net::TransportInfo FakeTransportInfo( const URLLoaderFakeTransportInfoTestParams& params) { return net::TransportInfo(params.transport_type, - FakeEndpoint(params.endpoint_address_space), ""); + FakeEndpoint(params.endpoint_address_space), + /*accept_ch_frame_arg=*/"", + /*cert_is_issued_by_known_root=*/false); } };