summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-20 22:42:29 +0000
committermattm@chromium.org <mattm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-03-20 22:42:29 +0000
commit9c4eff26e509149d2133268af7744a5cdb079dd1 (patch)
tree37f5ddc3dee1ed87d40a9e8ff6dce25778cfb1e0
parent4a210ecd52feb4f61969f329c5bd10b5746c6e2b (diff)
downloadchromium_src-9c4eff26e509149d2133268af7744a5cdb079dd1.zip
chromium_src-9c4eff26e509149d2133268af7744a5cdb079dd1.tar.gz
chromium_src-9c4eff26e509149d2133268af7744a5cdb079dd1.tar.bz2
Change Origin bound certs -> Domain bound certs.
BUG=115348 TEST=unit tests, manually checked 'Origin Bound Certs' contents after browsing TBR=jam@chromium.org,willchan@chromium.org Review URL: https://chromiumcodereview.appspot.com/9617039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127817 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--chrome/app/policy/policy_templates.json6
-rw-r--r--chrome/browser/browsing_data_remover.cc26
-rw-r--r--chrome/browser/browsing_data_remover.h16
-rw-r--r--chrome/browser/browsing_data_remover_unittest.cc76
-rw-r--r--chrome/browser/extensions/api/browsing_data/browsing_data_api.cc10
-rw-r--r--chrome/browser/extensions/api/browsing_data/browsing_data_api.h8
-rw-r--r--chrome/browser/extensions/api/browsing_data/browsing_data_test.cc4
-rw-r--r--chrome/browser/extensions/extension_function_registry.cc2
-rw-r--r--chrome/browser/io_thread.cc24
-rw-r--r--chrome/browser/io_thread.h6
-rw-r--r--chrome/browser/net/sqlite_origin_bound_cert_store.cc115
-rw-r--r--chrome/browser/net/sqlite_origin_bound_cert_store.h28
-rw-r--r--chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc100
-rw-r--r--chrome/browser/net/ssl_config_service_manager_pref.cc8
-rw-r--r--chrome/browser/profiles/off_the_record_profile_io_data.cc14
-rw-r--r--chrome/browser/profiles/profile_impl.cc8
-rw-r--r--chrome/browser/profiles/profile_impl_io_data.cc38
-rw-r--r--chrome/browser/profiles/profile_impl_io_data.h6
-rw-r--r--chrome/browser/profiles/profile_io_data.cc6
-rw-r--r--chrome/browser/profiles/profile_io_data.h12
-rw-r--r--chrome/common/extensions/api/browsingData.json4
-rw-r--r--chrome/common/extensions/docs/browsingData.html4
-rw-r--r--chrome/common/extensions/docs/examples/api/browsingData/basic.zipbin9263 -> 9263 bytes
-rw-r--r--chrome/common/extensions/docs/examples/api/browsingData/basic/popup.js2
-rw-r--r--chrome/common/extensions/docs/samples.json8
-rw-r--r--chrome/tools/chromeactions.txt2
-rw-r--r--content/public/common/content_switches.cc2
-rw-r--r--content/shell/shell_url_request_context_getter.cc6
-rw-r--r--jingle/notifier/base/proxy_resolving_client_socket.cc6
-rw-r--r--jingle/notifier/base/xmpp_client_socket_factory.cc6
-rw-r--r--net/base/default_origin_bound_cert_store.cc111
-rw-r--r--net/base/default_origin_bound_cert_store.h61
-rw-r--r--net/base/default_origin_bound_cert_store_unittest.cc150
-rw-r--r--net/base/net_error_list.h2
-rw-r--r--net/base/net_log_event_type_list.h4
-rw-r--r--net/base/origin_bound_cert_service.cc164
-rw-r--r--net/base/origin_bound_cert_service.h42
-rw-r--r--net/base/origin_bound_cert_service_unittest.cc116
-rw-r--r--net/base/origin_bound_cert_store.cc10
-rw-r--r--net/base/origin_bound_cert_store.h54
-rw-r--r--net/base/ssl_config_service.cc6
-rw-r--r--net/base/ssl_config_service.h2
-rw-r--r--net/base/x509_util.h17
-rw-r--r--net/base/x509_util_nss.cc64
-rw-r--r--net/base/x509_util_nss_unittest.cc18
-rw-r--r--net/base/x509_util_openssl.cc4
-rw-r--r--net/base/x509_util_openssl_unittest.cc10
-rw-r--r--net/http/http_cache.cc8
-rw-r--r--net/http/http_cache.h4
-rw-r--r--net/http/http_network_session.cc2
-rw-r--r--net/http/http_network_session.h6
-rw-r--r--net/http/http_proxy_client_socket_pool_spdy21_unittest.cc2
-rw-r--r--net/http/http_proxy_client_socket_pool_spdy2_unittest.cc2
-rw-r--r--net/http/http_proxy_client_socket_pool_spdy3_unittest.cc2
-rw-r--r--net/socket/client_socket_pool_manager_impl.cc12
-rw-r--r--net/socket/client_socket_pool_manager_impl.h8
-rw-r--r--net/socket/socket_test_util.cc22
-rw-r--r--net/socket/socket_test_util.h16
-rw-r--r--net/socket/ssl_client_socket.cc14
-rw-r--r--net/socket/ssl_client_socket.h34
-rw-r--r--net/socket/ssl_client_socket_mac.cc4
-rw-r--r--net/socket/ssl_client_socket_mac.h2
-rw-r--r--net/socket/ssl_client_socket_nss.cc102
-rw-r--r--net/socket/ssl_client_socket_nss.h40
-rw-r--r--net/socket/ssl_client_socket_openssl.cc6
-rw-r--r--net/socket/ssl_client_socket_openssl.h2
-rw-r--r--net/socket/ssl_client_socket_pool.cc4
-rw-r--r--net/socket/ssl_client_socket_pool.h2
-rw-r--r--net/socket/ssl_client_socket_pool_unittest.cc2
-rw-r--r--net/socket/ssl_client_socket_win.cc4
-rw-r--r--net/socket/ssl_client_socket_win.h2
-rw-r--r--net/socket/ssl_server_socket_unittest.cc2
-rw-r--r--net/socket_stream/socket_stream.cc8
-rw-r--r--net/socket_stream/socket_stream.h2
-rw-r--r--net/spdy/spdy_http_stream_spdy2_unittest.cc216
-rw-r--r--net/spdy/spdy_http_stream_spdy3_unittest.cc44
-rw-r--r--net/spdy/spdy_session.cc14
-rw-r--r--net/spdy/spdy_session.h12
-rw-r--r--net/spdy/spdy_session_spdy2_unittest.cc2
-rw-r--r--net/spdy/spdy_session_spdy3_unittest.cc4
-rw-r--r--net/spdy/spdy_stream.cc58
-rw-r--r--net/spdy/spdy_stream.h26
-rw-r--r--net/url_request/url_request_context.cc4
-rw-r--r--net/url_request/url_request_context.h16
-rw-r--r--net/url_request/url_request_context_storage.cc8
-rw-r--r--net/url_request/url_request_context_storage.h10
-rw-r--r--net/url_request/url_request_test_util.cc8
-rw-r--r--tools/valgrind/gtest_exclude/net_unittests.gtest-tsan.txt2
-rw-r--r--webkit/tools/test_shell/test_shell_request_context.cc6
89 files changed, 970 insertions, 1162 deletions
diff --git a/chrome/app/policy/policy_templates.json b/chrome/app/policy/policy_templates.json
index 657e0fa..fc4d10e 100644
--- a/chrome/app/policy/policy_templates.json
+++ b/chrome/app/policy/policy_templates.json
@@ -2221,10 +2221,10 @@
'future': True,
'example_value': True,
'id': 114,
- 'caption': '''Enable TLS origin-bound certificates extension''',
- 'desc': '''Specifies whether the TLS origin-bound certificates extension should be enabled.
+ 'caption': '''Enable TLS domain-bound certificates extension''',
+ 'desc': '''Specifies whether the TLS domain-bound certificates extension should be enabled.
- This setting is used to enable the TLS origin-bound certificates extension for testing. This experimental setting will be removed in the future.''',
+ This setting is used to enable the TLS domain-bound certificates extension for testing. This experimental setting will be removed in the future.''',
},
{
'name': 'EnableMemoryInfo',
diff --git a/chrome/browser/browsing_data_remover.cc b/chrome/browser/browsing_data_remover.cc
index baaf258..cc9b69c 100644
--- a/chrome/browser/browsing_data_remover.cc
+++ b/chrome/browser/browsing_data_remover.cc
@@ -104,7 +104,7 @@ BrowsingDataRemover::BrowsingDataRemover(Profile* profile,
waiting_for_clear_cookies_count_(0),
waiting_for_clear_history_(false),
waiting_for_clear_networking_history_(false),
- waiting_for_clear_origin_bound_certs_(false),
+ waiting_for_clear_server_bound_certs_(false),
waiting_for_clear_plugin_data_(false),
waiting_for_clear_quota_managed_data_(false),
remove_mask_(0),
@@ -129,7 +129,7 @@ BrowsingDataRemover::BrowsingDataRemover(Profile* profile,
waiting_for_clear_cookies_count_(0),
waiting_for_clear_history_(false),
waiting_for_clear_networking_history_(false),
- waiting_for_clear_origin_bound_certs_(false),
+ waiting_for_clear_server_bound_certs_(false),
waiting_for_clear_plugin_data_(false),
waiting_for_clear_quota_managed_data_(false),
remove_mask_(0),
@@ -288,16 +288,16 @@ void BrowsingDataRemover::RemoveImpl(int remove_mask,
#endif
}
- if (remove_mask & REMOVE_ORIGIN_BOUND_CERTS) {
+ if (remove_mask & REMOVE_SERVER_BOUND_CERTS) {
content::RecordAction(
- UserMetricsAction("ClearBrowsingData_OriginBoundCerts"));
+ UserMetricsAction("ClearBrowsingData_ServerBoundCerts"));
// Since we are running on the UI thread don't call GetURLRequestContext().
net::URLRequestContextGetter* rq_context = profile_->GetRequestContext();
if (rq_context) {
- waiting_for_clear_origin_bound_certs_ = true;
+ waiting_for_clear_server_bound_certs_ = true;
BrowserThread::PostTask(
BrowserThread::IO, FROM_HERE,
- base::Bind(&BrowsingDataRemover::ClearOriginBoundCertsOnIOThread,
+ base::Bind(&BrowsingDataRemover::ClearServerBoundCertsOnIOThread,
base::Unretained(this), base::Unretained(rq_context)));
}
}
@@ -692,21 +692,21 @@ void BrowsingDataRemover::ClearCookiesOnIOThread(
base::Unretained(this)));
}
-void BrowsingDataRemover::ClearOriginBoundCertsOnIOThread(
+void BrowsingDataRemover::ClearServerBoundCertsOnIOThread(
net::URLRequestContextGetter* rq_context) {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
- net::OriginBoundCertService* origin_bound_cert_service =
- rq_context->GetURLRequestContext()->origin_bound_cert_service();
- origin_bound_cert_service->GetCertStore()->DeleteAllCreatedBetween(
+ net::ServerBoundCertService* server_bound_cert_service =
+ rq_context->GetURLRequestContext()->server_bound_cert_service();
+ server_bound_cert_service->GetCertStore()->DeleteAllCreatedBetween(
delete_begin_, delete_end_);
BrowserThread::PostTask(
BrowserThread::UI, FROM_HERE,
- base::Bind(&BrowsingDataRemover::OnClearedOriginBoundCerts,
+ base::Bind(&BrowsingDataRemover::OnClearedServerBoundCerts,
base::Unretained(this)));
}
-void BrowsingDataRemover::OnClearedOriginBoundCerts() {
+void BrowsingDataRemover::OnClearedServerBoundCerts() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
- waiting_for_clear_origin_bound_certs_ = false;
+ waiting_for_clear_server_bound_certs_ = false;
NotifyAndDeleteIfDone();
}
diff --git a/chrome/browser/browsing_data_remover.h b/chrome/browser/browsing_data_remover.h
index d474624..c34db65 100644
--- a/chrome/browser/browsing_data_remover.h
+++ b/chrome/browser/browsing_data_remover.h
@@ -72,14 +72,14 @@ class BrowsingDataRemover : public content::NotificationObserver,
REMOVE_PLUGIN_DATA = 1 << 9,
REMOVE_PASSWORDS = 1 << 10,
REMOVE_WEBSQL = 1 << 11,
- REMOVE_ORIGIN_BOUND_CERTS = 1 << 12,
+ REMOVE_SERVER_BOUND_CERTS = 1 << 12,
// "Site data" includes cookies, appcache, file systems, indexedDBs, local
// storage, webSQL, and plugin data.
REMOVE_SITE_DATA = REMOVE_APPCACHE | REMOVE_COOKIES | REMOVE_FILE_SYSTEMS |
REMOVE_INDEXEDDB | REMOVE_LOCAL_STORAGE |
REMOVE_PLUGIN_DATA | REMOVE_WEBSQL |
- REMOVE_ORIGIN_BOUND_CERTS
+ REMOVE_SERVER_BOUND_CERTS
};
// When BrowsingDataRemover successfully removes data, a notification of type
@@ -235,13 +235,13 @@ class BrowsingDataRemover : public content::NotificationObserver,
// Invoked on the IO thread to delete cookies.
void ClearCookiesOnIOThread(net::URLRequestContextGetter* rq_context);
- // Invoked on the IO thread to delete origin bound certs.
- void ClearOriginBoundCertsOnIOThread(
+ // Invoked on the IO thread to delete server bound certs.
+ void ClearServerBoundCertsOnIOThread(
net::URLRequestContextGetter* rq_context);
- // Callback when origin bound certs have been deleted. Invokes
+ // Callback when server bound certs have been deleted. Invokes
// NotifyAndDeleteIfDone.
- void OnClearedOriginBoundCerts();
+ void OnClearedServerBoundCerts();
// Calculate the begin time for the deletion range specified by |time_period|.
base::Time CalculateBeginDeleteTime(TimePeriod time_period);
@@ -252,7 +252,7 @@ class BrowsingDataRemover : public content::NotificationObserver,
!waiting_for_clear_cookies_count_&&
!waiting_for_clear_history_ &&
!waiting_for_clear_networking_history_ &&
- !waiting_for_clear_origin_bound_certs_ &&
+ !waiting_for_clear_server_bound_certs_ &&
!waiting_for_clear_plugin_data_ &&
!waiting_for_clear_quota_managed_data_;
}
@@ -300,7 +300,7 @@ class BrowsingDataRemover : public content::NotificationObserver,
int waiting_for_clear_cookies_count_;
bool waiting_for_clear_history_;
bool waiting_for_clear_networking_history_;
- bool waiting_for_clear_origin_bound_certs_;
+ bool waiting_for_clear_server_bound_certs_;
bool waiting_for_clear_plugin_data_;
bool waiting_for_clear_quota_managed_data_;
diff --git a/chrome/browser/browsing_data_remover_unittest.cc b/chrome/browser/browsing_data_remover_unittest.cc
index 65269cc..f9f6495 100644
--- a/chrome/browser/browsing_data_remover_unittest.cc
+++ b/chrome/browser/browsing_data_remover_unittest.cc
@@ -196,49 +196,49 @@ class RemoveSafeBrowsingCookieTester : public RemoveCookieTester {
};
#endif
-class RemoveOriginBoundCertTester : public BrowsingDataRemoverTester {
+class RemoveServerBoundCertTester : public BrowsingDataRemoverTester {
public:
- explicit RemoveOriginBoundCertTester(TestingProfile* profile) {
+ explicit RemoveServerBoundCertTester(TestingProfile* profile) {
profile->CreateRequestContext();
- ob_cert_service_ = profile->GetRequestContext()->GetURLRequestContext()->
- origin_bound_cert_service();
+ server_bound_cert_service_ = profile->GetRequestContext()->
+ GetURLRequestContext()->server_bound_cert_service();
}
- int OriginBoundCertCount() {
- return ob_cert_service_->cert_count();
+ int ServerBoundCertCount() {
+ return server_bound_cert_service_->cert_count();
}
- // Add an origin bound cert for |origin| with specific creation and expiry
+ // Add a server bound cert for |server| with specific creation and expiry
// times. The cert and key data will be filled with dummy values.
- void AddOriginBoundCertWithTimes(const std::string& origin,
+ void AddServerBoundCertWithTimes(const std::string& server_identifier,
base::Time creation_time,
base::Time expiration_time) {
- GetCertStore()->SetOriginBoundCert(origin, net::CLIENT_CERT_RSA_SIGN,
- creation_time, expiration_time,
- "a", "b");
+ GetCertStore()->SetServerBoundCert(server_identifier,
+ net::CLIENT_CERT_RSA_SIGN, creation_time,
+ expiration_time, "a", "b");
}
- // Add an origin bound cert for |origin|, with the current time as the
+ // Add a server bound cert for |server|, with the current time as the
// creation time. The cert and key data will be filled with dummy values.
- void AddOriginBoundCert(const std::string& origin) {
+ void AddServerBoundCert(const std::string& server_identifier) {
base::Time now = base::Time::Now();
- AddOriginBoundCertWithTimes(origin,
+ AddServerBoundCertWithTimes(server_identifier,
now,
now + base::TimeDelta::FromDays(1));
}
- net::OriginBoundCertStore* GetCertStore() {
- return ob_cert_service_->GetCertStore();
+ net::ServerBoundCertStore* GetCertStore() {
+ return server_bound_cert_service_->GetCertStore();
}
private:
- net::OriginBoundCertService* ob_cert_service_;
+ net::ServerBoundCertService* server_bound_cert_service_;
net::SSLClientCertType type_;
std::string key_;
std::string cert_;
- DISALLOW_COPY_AND_ASSIGN(RemoveOriginBoundCertTester);
+ DISALLOW_COPY_AND_ASSIGN(RemoveServerBoundCertTester);
};
class RemoveHistoryTester : public BrowsingDataRemoverTester {
@@ -511,39 +511,39 @@ TEST_F(BrowsingDataRemoverTest, RemoveSafeBrowsingCookieLastHour) {
}
#endif
-TEST_F(BrowsingDataRemoverTest, RemoveOriginBoundCertForever) {
- scoped_ptr<RemoveOriginBoundCertTester> tester(
- new RemoveOriginBoundCertTester(GetProfile()));
+TEST_F(BrowsingDataRemoverTest, RemoveServerBoundCertForever) {
+ scoped_ptr<RemoveServerBoundCertTester> tester(
+ new RemoveServerBoundCertTester(GetProfile()));
- tester->AddOriginBoundCert(kTestkOrigin1);
- EXPECT_EQ(1, tester->OriginBoundCertCount());
+ tester->AddServerBoundCert(kTestkOrigin1);
+ EXPECT_EQ(1, tester->ServerBoundCertCount());
BlockUntilBrowsingDataRemoved(BrowsingDataRemover::EVERYTHING,
- BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, tester.get());
+ BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, tester.get());
- EXPECT_EQ(BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, GetRemovalMask());
- EXPECT_EQ(0, tester->OriginBoundCertCount());
+ EXPECT_EQ(BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, GetRemovalMask());
+ EXPECT_EQ(0, tester->ServerBoundCertCount());
}
-TEST_F(BrowsingDataRemoverTest, RemoveOriginBoundCertLastHour) {
- scoped_ptr<RemoveOriginBoundCertTester> tester(
- new RemoveOriginBoundCertTester(GetProfile()));
+TEST_F(BrowsingDataRemoverTest, RemoveServerBoundCertLastHour) {
+ scoped_ptr<RemoveServerBoundCertTester> tester(
+ new RemoveServerBoundCertTester(GetProfile()));
base::Time now = base::Time::Now();
- tester->AddOriginBoundCert(kTestkOrigin1);
- tester->AddOriginBoundCertWithTimes(kTestkOrigin2,
+ tester->AddServerBoundCert(kTestkOrigin1);
+ tester->AddServerBoundCertWithTimes(kTestkOrigin2,
now - base::TimeDelta::FromHours(2),
now);
- EXPECT_EQ(2, tester->OriginBoundCertCount());
+ EXPECT_EQ(2, tester->ServerBoundCertCount());
BlockUntilBrowsingDataRemoved(BrowsingDataRemover::LAST_HOUR,
- BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, tester.get());
+ BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, tester.get());
- EXPECT_EQ(BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS, GetRemovalMask());
- EXPECT_EQ(1, tester->OriginBoundCertCount());
- std::vector<net::OriginBoundCertStore::OriginBoundCert> certs;
- tester->GetCertStore()->GetAllOriginBoundCerts(&certs);
- EXPECT_EQ(kTestkOrigin2, certs[0].origin());
+ EXPECT_EQ(BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS, GetRemovalMask());
+ EXPECT_EQ(1, tester->ServerBoundCertCount());
+ std::vector<net::ServerBoundCertStore::ServerBoundCert> certs;
+ tester->GetCertStore()->GetAllServerBoundCerts(&certs);
+ EXPECT_EQ(kTestkOrigin2, certs[0].server_identifier());
}
TEST_F(BrowsingDataRemoverTest, RemoveHistoryForever) {
diff --git a/chrome/browser/extensions/api/browsing_data/browsing_data_api.cc b/chrome/browser/extensions/api/browsing_data/browsing_data_api.cc
index 6dd4d7b..b3f47c3 100644
--- a/chrome/browser/extensions/api/browsing_data/browsing_data_api.cc
+++ b/chrome/browser/extensions/api/browsing_data/browsing_data_api.cc
@@ -34,7 +34,7 @@ const char kFormDataKey[] = "formData";
const char kHistoryKey[] = "history";
const char kIndexedDBKey[] = "indexedDB";
const char kLocalStorageKey[] = "localStorage";
-const char kOriginBoundCertsKey[] = "originBoundCerts";
+const char kServerBoundCertsKey[] = "serverBoundCerts";
const char kPasswordsKey[] = "passwords";
const char kPluginDataKey[] = "pluginData";
const char kWebSQLKey[] = "webSQL";
@@ -89,8 +89,8 @@ int ParseRemovalMask(base::DictionaryValue* value) {
extension_browsing_data_api_constants::kLocalStorageKey))
GetRemovalMask |= BrowsingDataRemover::REMOVE_LOCAL_STORAGE;
if (RemoveType(value,
- extension_browsing_data_api_constants::kOriginBoundCertsKey))
- GetRemovalMask |= BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS;
+ extension_browsing_data_api_constants::kServerBoundCertsKey))
+ GetRemovalMask |= BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS;
if (RemoveType(value, extension_browsing_data_api_constants::kPasswordsKey))
GetRemovalMask |= BrowsingDataRemover::REMOVE_PASSWORDS;
if (RemoveType(value, extension_browsing_data_api_constants::kPluginDataKey))
@@ -224,8 +224,8 @@ int RemoveLocalStorageFunction::GetRemovalMask() const {
return BrowsingDataRemover::REMOVE_LOCAL_STORAGE;
}
-int RemoveOriginBoundCertsFunction::GetRemovalMask() const {
- return BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS;
+int RemoveServerBoundCertsFunction::GetRemovalMask() const {
+ return BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS;
}
int RemovePluginDataFunction::GetRemovalMask() const {
diff --git a/chrome/browser/extensions/api/browsing_data/browsing_data_api.h b/chrome/browser/extensions/api/browsing_data/browsing_data_api.h
index feaf1a7..eddc9a2 100644
--- a/chrome/browser/extensions/api/browsing_data/browsing_data_api.h
+++ b/chrome/browser/extensions/api/browsing_data/browsing_data_api.h
@@ -195,16 +195,16 @@ class RemoveLocalStorageFunction : public BrowsingDataExtensionFunction {
DECLARE_EXTENSION_FUNCTION_NAME("browsingData.removeLocalStorage")
};
-class RemoveOriginBoundCertsFunction : public BrowsingDataExtensionFunction {
+class RemoveServerBoundCertsFunction : public BrowsingDataExtensionFunction {
public:
- RemoveOriginBoundCertsFunction() {}
- virtual ~RemoveOriginBoundCertsFunction() {}
+ RemoveServerBoundCertsFunction() {}
+ virtual ~RemoveServerBoundCertsFunction() {}
protected:
// BrowsingDataTypeExtensionFunction interface method.
virtual int GetRemovalMask() const OVERRIDE;
- DECLARE_EXTENSION_FUNCTION_NAME("browsingData.removeOriginBoundCertificates")
+ DECLARE_EXTENSION_FUNCTION_NAME("browsingData.removeServerBoundCertificates")
};
class RemovePluginDataFunction : public BrowsingDataExtensionFunction {
diff --git a/chrome/browser/extensions/api/browsing_data/browsing_data_test.cc b/chrome/browser/extensions/api/browsing_data/browsing_data_test.cc
index c33c438..cd1259d 100644
--- a/chrome/browser/extensions/api/browsing_data/browsing_data_test.cc
+++ b/chrome/browser/extensions/api/browsing_data/browsing_data_test.cc
@@ -28,7 +28,7 @@ const char kRemoveEverythingArguments[] = "[{\"since\": 1000}, {"
"\"appcache\": true, \"cache\": true, \"cookies\": true, "
"\"downloads\": true, \"fileSystems\": true, \"formData\": true, "
"\"history\": true, \"indexedDB\": true, \"localStorage\": true, "
- "\"originBoundCerts\": true, \"passwords\": true, \"pluginData\": true, "
+ "\"serverBoundCerts\": true, \"passwords\": true, \"pluginData\": true, "
"\"webSQL\": true"
"}]";
@@ -131,7 +131,7 @@ IN_PROC_BROWSER_TEST_F(ExtensionBrowsingDataTest, RemoveBrowsingDataMask) {
RunRemoveBrowsingDataFunctionAndCompareMask(
"localStorage", BrowsingDataRemover::REMOVE_LOCAL_STORAGE);
RunRemoveBrowsingDataFunctionAndCompareMask(
- "originBoundCerts", BrowsingDataRemover::REMOVE_ORIGIN_BOUND_CERTS);
+ "serverBoundCerts", BrowsingDataRemover::REMOVE_SERVER_BOUND_CERTS);
RunRemoveBrowsingDataFunctionAndCompareMask(
"passwords", BrowsingDataRemover::REMOVE_PASSWORDS);
// We can't remove plugin data inside a test profile.
diff --git a/chrome/browser/extensions/extension_function_registry.cc b/chrome/browser/extensions/extension_function_registry.cc
index 99d525c..ffcbe04 100644
--- a/chrome/browser/extensions/extension_function_registry.cc
+++ b/chrome/browser/extensions/extension_function_registry.cc
@@ -141,7 +141,7 @@ void ExtensionFunctionRegistry::ResetFunctions() {
RegisterFunction<RemoveHistoryFunction>();
RegisterFunction<RemoveIndexedDBFunction>();
RegisterFunction<RemoveLocalStorageFunction>();
- RegisterFunction<RemoveOriginBoundCertsFunction>();
+ RegisterFunction<RemoveServerBoundCertsFunction>();
RegisterFunction<RemovePluginDataFunction>();
RegisterFunction<RemovePasswordsFunction>();
RegisterFunction<RemoveWebSQLFunction>();
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index c4d0da5..9d5dd5f 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -212,8 +212,8 @@ ConstructProxyScriptFetcherContext(IOThread::Globals* globals,
context->set_ftp_transaction_factory(
globals->proxy_script_fetcher_ftp_transaction_factory.get());
context->set_cookie_store(globals->system_cookie_store.get());
- context->set_origin_bound_cert_service(
- globals->system_origin_bound_cert_service.get());
+ context->set_server_bound_cert_service(
+ globals->system_server_bound_cert_service.get());
context->set_network_delegate(globals->system_network_delegate.get());
// TODO(rtenneti): We should probably use HttpServerPropertiesManager for the
// system URLRequestContext too. There's no reason this should be tied to a
@@ -239,8 +239,8 @@ ConstructSystemRequestContext(IOThread::Globals* globals,
context->set_ftp_transaction_factory(
globals->system_ftp_transaction_factory.get());
context->set_cookie_store(globals->system_cookie_store.get());
- context->set_origin_bound_cert_service(
- globals->system_origin_bound_cert_service.get());
+ context->set_server_bound_cert_service(
+ globals->system_server_bound_cert_service.get());
return context;
}
@@ -404,15 +404,15 @@ void IOThread::Init() {
net::ProxyService::CreateDirectWithNetLog(net_log_));
// In-memory cookie store.
globals_->system_cookie_store = new net::CookieMonster(NULL, NULL);
- // In-memory origin-bound cert store.
- globals_->system_origin_bound_cert_service.reset(
- new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(NULL)));
+ // In-memory server bound cert store.
+ globals_->system_server_bound_cert_service.reset(
+ new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(NULL)));
net::HttpNetworkSession::Params session_params;
session_params.host_resolver = globals_->host_resolver.get();
session_params.cert_verifier = globals_->cert_verifier.get();
- session_params.origin_bound_cert_service =
- globals_->system_origin_bound_cert_service.get();
+ session_params.server_bound_cert_service =
+ globals_->system_server_bound_cert_service.get();
session_params.transport_security_state =
globals_->transport_security_state.get();
session_params.proxy_service =
@@ -586,8 +586,8 @@ void IOThread::InitSystemRequestContextOnIOThread() {
net::HttpNetworkSession::Params system_params;
system_params.host_resolver = globals_->host_resolver.get();
system_params.cert_verifier = globals_->cert_verifier.get();
- system_params.origin_bound_cert_service =
- globals_->system_origin_bound_cert_service.get();
+ system_params.server_bound_cert_service =
+ globals_->system_server_bound_cert_service.get();
system_params.transport_security_state =
globals_->transport_security_state.get();
system_params.ssl_host_info_factory = NULL;
diff --git a/chrome/browser/io_thread.h b/chrome/browser/io_thread.h
index 3e3bbdd..d651faa 100644
--- a/chrome/browser/io_thread.h
+++ b/chrome/browser/io_thread.h
@@ -35,7 +35,7 @@ class HttpAuthHandlerFactory;
class HttpServerProperties;
class HttpTransactionFactory;
class NetworkDelegate;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyConfigService;
class ProxyService;
class SdchManager;
@@ -93,10 +93,10 @@ class IOThread : public content::BrowserThreadDelegate {
scoped_ptr<net::HttpTransactionFactory> system_http_transaction_factory;
scoped_ptr<net::FtpTransactionFactory> system_ftp_transaction_factory;
scoped_refptr<net::URLRequestContext> system_request_context;
- // |system_cookie_store| and |system_origin_bound_cert_service| are shared
+ // |system_cookie_store| and |system_server_bound_cert_service| are shared
// between |proxy_script_fetcher_context| and |system_request_context|.
scoped_refptr<net::CookieStore> system_cookie_store;
- scoped_ptr<net::OriginBoundCertService> system_origin_bound_cert_service;
+ scoped_ptr<net::ServerBoundCertService> system_server_bound_cert_service;
scoped_refptr<ExtensionEventRouterForwarder>
extension_event_router_forwarder;
};
diff --git a/chrome/browser/net/sqlite_origin_bound_cert_store.cc b/chrome/browser/net/sqlite_origin_bound_cert_store.cc
index 24e9f54..f5350e5 100644
--- a/chrome/browser/net/sqlite_origin_bound_cert_store.cc
+++ b/chrome/browser/net/sqlite_origin_bound_cert_store.cc
@@ -27,8 +27,8 @@ using content::BrowserThread;
// This class is designed to be shared between any calling threads and the
// database thread. It batches operations and commits them on a timer.
-class SQLiteOriginBoundCertStore::Backend
- : public base::RefCountedThreadSafe<SQLiteOriginBoundCertStore::Backend> {
+class SQLiteServerBoundCertStore::Backend
+ : public base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend> {
public:
explicit Backend(const FilePath& path)
: path_(path),
@@ -39,15 +39,15 @@ class SQLiteOriginBoundCertStore::Backend
// Creates or load the SQLite database.
bool Load(
- std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs);
+ std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs);
- // Batch an origin bound cert addition.
- void AddOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert);
+ // Batch a server bound cert addition.
+ void AddServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
- // Batch an origin bound cert deletion.
- void DeleteOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert);
+ // Batch a server bound cert deletion.
+ void DeleteServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
// Commit pending operations as soon as possible.
void Flush(const base::Closure& completion_task);
@@ -59,7 +59,7 @@ class SQLiteOriginBoundCertStore::Backend
void SetClearLocalStateOnExit(bool clear_local_state);
private:
- friend class base::RefCountedThreadSafe<SQLiteOriginBoundCertStore::Backend>;
+ friend class base::RefCountedThreadSafe<SQLiteServerBoundCertStore::Backend>;
// You should call Close() before destructing this object.
~Backend() {
@@ -79,24 +79,24 @@ class SQLiteOriginBoundCertStore::Backend
PendingOperation(
OperationType op,
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert)
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert)
: op_(op), cert_(cert) {}
OperationType op() const { return op_; }
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert() const {
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert() const {
return cert_;
}
private:
OperationType op_;
- net::DefaultOriginBoundCertStore::OriginBoundCert cert_;
+ net::DefaultServerBoundCertStore::ServerBoundCert cert_;
};
private:
- // Batch an origin bound cert operation (add or delete)
+ // Batch a server bound cert operation (add or delete)
void BatchOperation(
PendingOperation::OperationType op,
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert);
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert);
// Commit our pending operations to the database.
void Commit();
// Close() executed on the background thread.
@@ -125,6 +125,9 @@ namespace {
// Initializes the certs table, returning true on success.
bool InitTable(sql::Connection* db) {
+ // The table is named "origin_bound_certs" for backwards compatability before
+ // we renamed this class to SQLiteServerBoundCertStore. Likewise, the primary
+ // key is "origin", but now can be other things like a plain domain.
if (!db->DoesTableExist("origin_bound_certs")) {
if (!db->Execute("CREATE TABLE origin_bound_certs ("
"origin TEXT NOT NULL UNIQUE PRIMARY KEY,"
@@ -141,8 +144,8 @@ bool InitTable(sql::Connection* db) {
} // namespace
-bool SQLiteOriginBoundCertStore::Backend::Load(
- std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs) {
+bool SQLiteServerBoundCertStore::Backend::Load(
+ std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
// This function should be called only once per instance.
DCHECK(!db_.get());
@@ -185,8 +188,8 @@ bool SQLiteOriginBoundCertStore::Backend::Load(
std::string private_key_from_db, cert_from_db;
smt.ColumnBlobAsString(1, &private_key_from_db);
smt.ColumnBlobAsString(2, &cert_from_db);
- scoped_ptr<net::DefaultOriginBoundCertStore::OriginBoundCert> cert(
- new net::DefaultOriginBoundCertStore::OriginBoundCert(
+ scoped_ptr<net::DefaultServerBoundCertStore::ServerBoundCert> cert(
+ new net::DefaultServerBoundCertStore::ServerBoundCert(
smt.ColumnString(0), // origin
static_cast<net::SSLClientCertType>(smt.ColumnInt(3)),
base::Time::FromInternalValue(smt.ColumnInt64(5)),
@@ -199,7 +202,7 @@ bool SQLiteOriginBoundCertStore::Backend::Load(
return true;
}
-bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
+bool SQLiteServerBoundCertStore::Backend::EnsureDatabaseVersion() {
// Version check.
if (!meta_table_.Init(
db_.get(), kCurrentVersionNumber, kCompatibleVersionNumber)) {
@@ -207,7 +210,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
}
if (meta_table_.GetCompatibleVersionNumber() > kCurrentVersionNumber) {
- LOG(WARNING) << "Origin bound cert database is too new.";
+ LOG(WARNING) << "Server bound cert database is too new.";
return false;
}
@@ -218,13 +221,13 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
return false;
if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN cert_type "
"INTEGER")) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 2.";
return false;
}
// All certs in version 1 database are rsa_sign, which has a value of 1.
if (!db_->Execute("UPDATE origin_bound_certs SET cert_type = 1")) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 2.";
return false;
}
@@ -243,7 +246,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
if (cur_version == 2) {
if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
"expiration_time INTEGER")) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 4.";
return false;
}
@@ -251,7 +254,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
if (!db_->Execute("ALTER TABLE origin_bound_certs ADD COLUMN "
"creation_time INTEGER")) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 4.";
return false;
}
@@ -265,7 +268,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
if (!smt.is_valid() ||
!update_expires_smt.is_valid() ||
!update_creation_smt.is_valid()) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 4.";
return false;
}
@@ -285,7 +288,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
cert->valid_expiry().ToInternalValue());
update_expires_smt.BindString(1, origin);
if (!update_expires_smt.Run()) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 4.";
return false;
}
@@ -295,7 +298,7 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
update_creation_smt.BindInt64(0, cert->valid_start().ToInternalValue());
update_creation_smt.BindString(1, origin);
if (!update_creation_smt.Run()) {
- LOG(WARNING) << "Unable to update origin bound cert database to "
+ LOG(WARNING) << "Unable to update server bound cert database to "
<< "version 4.";
return false;
}
@@ -319,25 +322,25 @@ bool SQLiteOriginBoundCertStore::Backend::EnsureDatabaseVersion() {
// When the version is too old, we just try to continue anyway, there should
// not be a released product that makes a database too old for us to handle.
LOG_IF(WARNING, cur_version < kCurrentVersionNumber) <<
- "Origin bound cert database version " << cur_version <<
+ "Server bound cert database version " << cur_version <<
" is too old to handle.";
return true;
}
-void SQLiteOriginBoundCertStore::Backend::AddOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
+void SQLiteServerBoundCertStore::Backend::AddServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
BatchOperation(PendingOperation::CERT_ADD, cert);
}
-void SQLiteOriginBoundCertStore::Backend::DeleteOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
+void SQLiteServerBoundCertStore::Backend::DeleteServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
BatchOperation(PendingOperation::CERT_DELETE, cert);
}
-void SQLiteOriginBoundCertStore::Backend::BatchOperation(
+void SQLiteServerBoundCertStore::Backend::BatchOperation(
PendingOperation::OperationType op,
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
// Commit every 30 seconds.
static const int kCommitIntervalMs = 30 * 1000;
// Commit right away if we have more than 512 outstanding operations.
@@ -368,7 +371,7 @@ void SQLiteOriginBoundCertStore::Backend::BatchOperation(
}
}
-void SQLiteOriginBoundCertStore::Backend::Commit() {
+void SQLiteServerBoundCertStore::Backend::Commit() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
PendingOperationsList ops;
@@ -404,7 +407,7 @@ void SQLiteOriginBoundCertStore::Backend::Commit() {
switch (po->op()) {
case PendingOperation::CERT_ADD: {
add_smt.Reset();
- add_smt.BindString(0, po->cert().origin());
+ add_smt.BindString(0, po->cert().server_identifier());
const std::string& private_key = po->cert().private_key();
add_smt.BindBlob(1, private_key.data(), private_key.size());
const std::string& cert = po->cert().cert();
@@ -413,14 +416,14 @@ void SQLiteOriginBoundCertStore::Backend::Commit() {
add_smt.BindInt64(4, po->cert().expiration_time().ToInternalValue());
add_smt.BindInt64(5, po->cert().creation_time().ToInternalValue());
if (!add_smt.Run())
- NOTREACHED() << "Could not add an origin bound cert to the DB.";
+ NOTREACHED() << "Could not add a server bound cert to the DB.";
break;
}
case PendingOperation::CERT_DELETE:
del_smt.Reset();
- del_smt.BindString(0, po->cert().origin());
+ del_smt.BindString(0, po->cert().server_identifier());
if (!del_smt.Run())
- NOTREACHED() << "Could not delete an origin bound cert from the DB.";
+ NOTREACHED() << "Could not delete a server bound cert from the DB.";
break;
default:
@@ -431,7 +434,7 @@ void SQLiteOriginBoundCertStore::Backend::Commit() {
transaction.Commit();
}
-void SQLiteOriginBoundCertStore::Backend::Flush(
+void SQLiteServerBoundCertStore::Backend::Flush(
const base::Closure& completion_task) {
DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
BrowserThread::PostTask(
@@ -447,7 +450,7 @@ void SQLiteOriginBoundCertStore::Backend::Flush(
// Fire off a close message to the background thread. We could still have a
// pending commit timer that will be holding a reference on us, but if/when
// this fires we will already have been cleaned up and it will be ignored.
-void SQLiteOriginBoundCertStore::Backend::Close() {
+void SQLiteServerBoundCertStore::Backend::Close() {
DCHECK(!BrowserThread::CurrentlyOn(BrowserThread::DB));
// Must close the backend on the background thread.
BrowserThread::PostTask(
@@ -455,7 +458,7 @@ void SQLiteOriginBoundCertStore::Backend::Close() {
base::Bind(&Backend::InternalBackgroundClose, this));
}
-void SQLiteOriginBoundCertStore::Backend::InternalBackgroundClose() {
+void SQLiteServerBoundCertStore::Backend::InternalBackgroundClose() {
DCHECK(BrowserThread::CurrentlyOn(BrowserThread::DB));
// Commit any pending operations
Commit();
@@ -466,17 +469,17 @@ void SQLiteOriginBoundCertStore::Backend::InternalBackgroundClose() {
file_util::Delete(path_, false);
}
-void SQLiteOriginBoundCertStore::Backend::SetClearLocalStateOnExit(
+void SQLiteServerBoundCertStore::Backend::SetClearLocalStateOnExit(
bool clear_local_state) {
base::AutoLock locked(lock_);
clear_local_state_on_exit_ = clear_local_state;
}
-SQLiteOriginBoundCertStore::SQLiteOriginBoundCertStore(const FilePath& path)
+SQLiteServerBoundCertStore::SQLiteServerBoundCertStore(const FilePath& path)
: backend_(new Backend(path)) {
}
-SQLiteOriginBoundCertStore::~SQLiteOriginBoundCertStore() {
+SQLiteServerBoundCertStore::~SQLiteServerBoundCertStore() {
if (backend_.get()) {
backend_->Close();
// Release our reference, it will probably still have a reference if the
@@ -485,30 +488,30 @@ SQLiteOriginBoundCertStore::~SQLiteOriginBoundCertStore() {
}
}
-bool SQLiteOriginBoundCertStore::Load(
- std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs) {
+bool SQLiteServerBoundCertStore::Load(
+ std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
return backend_->Load(certs);
}
-void SQLiteOriginBoundCertStore::AddOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
+void SQLiteServerBoundCertStore::AddServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
if (backend_.get())
- backend_->AddOriginBoundCert(cert);
+ backend_->AddServerBoundCert(cert);
}
-void SQLiteOriginBoundCertStore::DeleteOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) {
+void SQLiteServerBoundCertStore::DeleteServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) {
if (backend_.get())
- backend_->DeleteOriginBoundCert(cert);
+ backend_->DeleteServerBoundCert(cert);
}
-void SQLiteOriginBoundCertStore::SetClearLocalStateOnExit(
+void SQLiteServerBoundCertStore::SetClearLocalStateOnExit(
bool clear_local_state) {
if (backend_.get())
backend_->SetClearLocalStateOnExit(clear_local_state);
}
-void SQLiteOriginBoundCertStore::Flush(const base::Closure& completion_task) {
+void SQLiteServerBoundCertStore::Flush(const base::Closure& completion_task) {
if (backend_.get())
backend_->Flush(completion_task);
else if (!completion_task.is_null())
diff --git a/chrome/browser/net/sqlite_origin_bound_cert_store.h b/chrome/browser/net/sqlite_origin_bound_cert_store.h
index 8ade51e..b013462 100644
--- a/chrome/browser/net/sqlite_origin_bound_cert_store.h
+++ b/chrome/browser/net/sqlite_origin_bound_cert_store.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -13,24 +13,24 @@
class FilePath;
-// Implements the net::DefaultOriginBoundCertStore::PersistentStore interface
+// Implements the net::DefaultServerBoundCertStore::PersistentStore interface
// in terms of a SQLite database. For documentation about the actual member
// functions consult the documentation of the parent class
-// |net::DefaultOriginBoundCertStore::PersistentCertStore|.
-class SQLiteOriginBoundCertStore
- : public net::DefaultOriginBoundCertStore::PersistentStore {
+// |net::DefaultServerBoundCertStore::PersistentCertStore|.
+class SQLiteServerBoundCertStore
+ : public net::DefaultServerBoundCertStore::PersistentStore {
public:
- explicit SQLiteOriginBoundCertStore(const FilePath& path);
- virtual ~SQLiteOriginBoundCertStore();
+ explicit SQLiteServerBoundCertStore(const FilePath& path);
+ virtual ~SQLiteServerBoundCertStore();
- // net::DefaultOriginBoundCertStore::PersistentStore implementation.
+ // net::DefaultServerBoundCertStore::PersistentStore implementation.
virtual bool Load(
- std::vector<net::DefaultOriginBoundCertStore::OriginBoundCert*>* certs)
+ std::vector<net::DefaultServerBoundCertStore::ServerBoundCert*>* certs)
OVERRIDE;
- virtual void AddOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) OVERRIDE;
- virtual void DeleteOriginBoundCert(
- const net::DefaultOriginBoundCertStore::OriginBoundCert& cert) OVERRIDE;
+ virtual void AddServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) OVERRIDE;
+ virtual void DeleteServerBoundCert(
+ const net::DefaultServerBoundCertStore::ServerBoundCert& cert) OVERRIDE;
virtual void SetClearLocalStateOnExit(bool clear_local_state) OVERRIDE;
virtual void Flush(const base::Closure& completion_task) OVERRIDE;
@@ -39,7 +39,7 @@ class SQLiteOriginBoundCertStore
scoped_refptr<Backend> backend_;
- DISALLOW_COPY_AND_ASSIGN(SQLiteOriginBoundCertStore);
+ DISALLOW_COPY_AND_ASSIGN(SQLiteServerBoundCertStore);
};
#endif // CHROME_BROWSER_NET_SQLITE_ORIGIN_BOUND_CERT_STORE_H_
diff --git a/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc b/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
index 208bef1..7391c55 100644
--- a/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
+++ b/chrome/browser/net/sqlite_origin_bound_cert_store_unittest.cc
@@ -19,9 +19,9 @@
using content::BrowserThread;
-class SQLiteOriginBoundCertStoreTest : public testing::Test {
+class SQLiteServerBoundCertStoreTest : public testing::Test {
public:
- SQLiteOriginBoundCertStoreTest()
+ SQLiteServerBoundCertStoreTest()
: db_thread_(BrowserThread::DB) {
}
@@ -60,15 +60,15 @@ class SQLiteOriginBoundCertStoreTest : public testing::Test {
virtual void SetUp() {
db_thread_.Start();
ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
- store_ = new SQLiteOriginBoundCertStore(
+ store_ = new SQLiteServerBoundCertStore(
temp_dir_.path().Append(chrome::kOBCertFilename));
- ScopedVector<net::DefaultOriginBoundCertStore::OriginBoundCert> certs;
+ ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
ASSERT_TRUE(store_->Load(&certs.get()));
ASSERT_EQ(0u, certs.size());
// Make sure the store gets written at least once.
- store_->AddOriginBoundCert(
- net::DefaultOriginBoundCertStore::OriginBoundCert(
- "https://encrypted.google.com:8443",
+ store_->AddServerBoundCert(
+ net::DefaultServerBoundCertStore::ServerBoundCert(
+ "google.com",
net::CLIENT_CERT_RSA_SIGN,
base::Time::FromInternalValue(1),
base::Time::FromInternalValue(2),
@@ -77,10 +77,10 @@ class SQLiteOriginBoundCertStoreTest : public testing::Test {
content::TestBrowserThread db_thread_;
ScopedTempDir temp_dir_;
- scoped_refptr<SQLiteOriginBoundCertStore> store_;
+ scoped_refptr<SQLiteServerBoundCertStore> store_;
};
-TEST_F(SQLiteOriginBoundCertStoreTest, KeepOnDestruction) {
+TEST_F(SQLiteServerBoundCertStoreTest, KeepOnDestruction) {
store_->SetClearLocalStateOnExit(false);
store_ = NULL;
// Make sure we wait until the destructor has run.
@@ -95,7 +95,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, KeepOnDestruction) {
temp_dir_.path().Append(chrome::kOBCertFilename), false));
}
-TEST_F(SQLiteOriginBoundCertStoreTest, RemoveOnDestruction) {
+TEST_F(SQLiteServerBoundCertStoreTest, RemoveOnDestruction) {
store_->SetClearLocalStateOnExit(true);
// Replace the store effectively destroying the current one and forcing it
// to write it's data to disk. Then we can see if after loading it again it
@@ -112,16 +112,16 @@ TEST_F(SQLiteOriginBoundCertStoreTest, RemoveOnDestruction) {
}
// Test if data is stored as expected in the SQLite database.
-TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
- store_->AddOriginBoundCert(
- net::DefaultOriginBoundCertStore::OriginBoundCert(
- "https://www.google.com/",
+TEST_F(SQLiteServerBoundCertStoreTest, TestPersistence) {
+ store_->AddServerBoundCert(
+ net::DefaultServerBoundCertStore::ServerBoundCert(
+ "foo.com",
net::CLIENT_CERT_ECDSA_SIGN,
base::Time::FromInternalValue(3),
base::Time::FromInternalValue(4),
"c", "d"));
- ScopedVector<net::DefaultOriginBoundCertStore::OriginBoundCert> certs;
+ ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
// Replace the store effectively destroying the current one and forcing it
// to write it's data to disk. Then we can see if after loading it again it
// is still there.
@@ -131,14 +131,14 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
BrowserThread::GetMessageLoopProxyForThread(BrowserThread::DB)));
// Make sure we wait until the destructor has run.
ASSERT_TRUE(helper->Run());
- store_ = new SQLiteOriginBoundCertStore(
+ store_ = new SQLiteServerBoundCertStore(
temp_dir_.path().Append(chrome::kOBCertFilename));
// Reload and test for persistence
ASSERT_TRUE(store_->Load(&certs.get()));
ASSERT_EQ(2U, certs.size());
- net::DefaultOriginBoundCertStore::OriginBoundCert* ec_cert;
- net::DefaultOriginBoundCertStore::OriginBoundCert* rsa_cert;
+ net::DefaultServerBoundCertStore::ServerBoundCert* ec_cert;
+ net::DefaultServerBoundCertStore::ServerBoundCert* rsa_cert;
if (net::CLIENT_CERT_RSA_SIGN == certs[0]->type()) {
rsa_cert = certs[0];
ec_cert = certs[1];
@@ -146,13 +146,13 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
rsa_cert = certs[1];
ec_cert = certs[0];
}
- ASSERT_STREQ("https://encrypted.google.com:8443", rsa_cert->origin().c_str());
+ ASSERT_STREQ("google.com", rsa_cert->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, rsa_cert->type());
ASSERT_STREQ("a", rsa_cert->private_key().c_str());
ASSERT_STREQ("b", rsa_cert->cert().c_str());
ASSERT_EQ(1, rsa_cert->creation_time().ToInternalValue());
ASSERT_EQ(2, rsa_cert->expiration_time().ToInternalValue());
- ASSERT_STREQ("https://www.google.com/", ec_cert->origin().c_str());
+ ASSERT_STREQ("foo.com", ec_cert->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_ECDSA_SIGN, ec_cert->type());
ASSERT_STREQ("c", ec_cert->private_key().c_str());
ASSERT_STREQ("d", ec_cert->cert().c_str());
@@ -160,13 +160,13 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
ASSERT_EQ(4, ec_cert->expiration_time().ToInternalValue());
// Now delete the cert and check persistence again.
- store_->DeleteOriginBoundCert(*certs[0]);
- store_->DeleteOriginBoundCert(*certs[1]);
+ store_->DeleteServerBoundCert(*certs[0]);
+ store_->DeleteServerBoundCert(*certs[1]);
store_ = NULL;
// Make sure we wait until the destructor has run.
ASSERT_TRUE(helper->Run());
certs.reset();
- store_ = new SQLiteOriginBoundCertStore(
+ store_ = new SQLiteServerBoundCertStore(
temp_dir_.path().Append(chrome::kOBCertFilename));
// Reload and check if the cert has been removed.
@@ -174,7 +174,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestPersistence) {
ASSERT_EQ(0U, certs.size());
}
-TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV1) {
+TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV1) {
// Reset the store. We'll be using a different database for this test.
store_ = NULL;
@@ -200,14 +200,14 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV1) {
sql::Statement add_smt(db.GetUniqueStatement(
"INSERT INTO origin_bound_certs (origin, private_key, cert) "
"VALUES (?,?,?)"));
- add_smt.BindString(0, "https://www.google.com:443");
+ add_smt.BindString(0, "google.com");
add_smt.BindBlob(1, key_data.data(), key_data.size());
add_smt.BindBlob(2, cert_data.data(), cert_data.size());
ASSERT_TRUE(add_smt.Run());
ASSERT_TRUE(db.Execute(
"INSERT INTO \"origin_bound_certs\" VALUES("
- "'https://foo.com',X'AA',X'BB');"
+ "'foo.com',X'AA',X'BB');"
));
}
@@ -217,21 +217,21 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV1) {
for (int i = 0; i < 2; ++i) {
SCOPED_TRACE(i);
- ScopedVector<net::DefaultOriginBoundCertStore::OriginBoundCert> certs;
- store_ = new SQLiteOriginBoundCertStore(v1_db_path);
+ ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
+ store_ = new SQLiteServerBoundCertStore(v1_db_path);
// Load the database and ensure the certs can be read and are marked as RSA.
ASSERT_TRUE(store_->Load(&certs.get()));
ASSERT_EQ(2U, certs.size());
- ASSERT_STREQ("https://www.google.com:443", certs[0]->origin().c_str());
+ ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
ASSERT_EQ(GetTestCertExpirationTime(),
certs[0]->expiration_time());
ASSERT_EQ(key_data, certs[0]->private_key());
ASSERT_EQ(cert_data, certs[0]->cert());
- ASSERT_STREQ("https://foo.com", certs[1]->origin().c_str());
+ ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[1]->type());
// Undecodable cert, expiration time will be uninitialized.
ASSERT_EQ(base::Time(), certs[1]->expiration_time());
@@ -258,7 +258,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV1) {
}
}
-TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV2) {
+TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV2) {
// Reset the store. We'll be using a different database for this test.
store_ = NULL;
@@ -287,7 +287,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV2) {
sql::Statement add_smt(db.GetUniqueStatement(
"INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type) "
"VALUES (?,?,?,?)"));
- add_smt.BindString(0, "https://www.google.com:443");
+ add_smt.BindString(0, "google.com");
add_smt.BindBlob(1, key_data.data(), key_data.size());
add_smt.BindBlob(2, cert_data.data(), cert_data.size());
add_smt.BindInt64(3, 1);
@@ -295,7 +295,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV2) {
ASSERT_TRUE(db.Execute(
"INSERT INTO \"origin_bound_certs\" VALUES("
- "'https://foo.com',X'AA',X'BB',64);"
+ "'foo.com',X'AA',X'BB',64);"
));
}
@@ -305,21 +305,21 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV2) {
for (int i = 0; i < 2; ++i) {
SCOPED_TRACE(i);
- ScopedVector<net::DefaultOriginBoundCertStore::OriginBoundCert> certs;
- store_ = new SQLiteOriginBoundCertStore(v2_db_path);
+ ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
+ store_ = new SQLiteServerBoundCertStore(v2_db_path);
// Load the database and ensure the certs can be read and are marked as RSA.
ASSERT_TRUE(store_->Load(&certs.get()));
ASSERT_EQ(2U, certs.size());
- ASSERT_STREQ("https://www.google.com:443", certs[0]->origin().c_str());
+ ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
ASSERT_EQ(GetTestCertExpirationTime(),
certs[0]->expiration_time());
ASSERT_EQ(key_data, certs[0]->private_key());
ASSERT_EQ(cert_data, certs[0]->cert());
- ASSERT_STREQ("https://foo.com", certs[1]->origin().c_str());
+ ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_ECDSA_SIGN, certs[1]->type());
// Undecodable cert, expiration time will be uninitialized.
ASSERT_EQ(base::Time(), certs[1]->expiration_time());
@@ -346,7 +346,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV2) {
}
}
-TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV3) {
+TEST_F(SQLiteServerBoundCertStoreTest, TestUpgradeV3) {
// Reset the store. We'll be using a different database for this test.
store_ = NULL;
@@ -376,7 +376,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV3) {
sql::Statement add_smt(db.GetUniqueStatement(
"INSERT INTO origin_bound_certs (origin, private_key, cert, cert_type, "
"expiration_time) VALUES (?,?,?,?,?)"));
- add_smt.BindString(0, "https://www.google.com:443");
+ add_smt.BindString(0, "google.com");
add_smt.BindBlob(1, key_data.data(), key_data.size());
add_smt.BindBlob(2, cert_data.data(), cert_data.size());
add_smt.BindInt64(3, 1);
@@ -385,7 +385,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV3) {
ASSERT_TRUE(db.Execute(
"INSERT INTO \"origin_bound_certs\" VALUES("
- "'https://foo.com',X'AA',X'BB',64,2000);"
+ "'foo.com',X'AA',X'BB',64,2000);"
));
}
@@ -395,14 +395,14 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV3) {
for (int i = 0; i < 2; ++i) {
SCOPED_TRACE(i);
- ScopedVector<net::DefaultOriginBoundCertStore::OriginBoundCert> certs;
- store_ = new SQLiteOriginBoundCertStore(v3_db_path);
+ ScopedVector<net::DefaultServerBoundCertStore::ServerBoundCert> certs;
+ store_ = new SQLiteServerBoundCertStore(v3_db_path);
// Load the database and ensure the certs can be read and are marked as RSA.
ASSERT_TRUE(store_->Load(&certs.get()));
ASSERT_EQ(2U, certs.size());
- ASSERT_STREQ("https://www.google.com:443", certs[0]->origin().c_str());
+ ASSERT_STREQ("google.com", certs[0]->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_RSA_SIGN, certs[0]->type());
ASSERT_EQ(1000, certs[0]->expiration_time().ToInternalValue());
ASSERT_EQ(GetTestCertCreationTime(),
@@ -410,7 +410,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV3) {
ASSERT_EQ(key_data, certs[0]->private_key());
ASSERT_EQ(cert_data, certs[0]->cert());
- ASSERT_STREQ("https://foo.com", certs[1]->origin().c_str());
+ ASSERT_STREQ("foo.com", certs[1]->server_identifier().c_str());
ASSERT_EQ(net::CLIENT_CERT_ECDSA_SIGN, certs[1]->type());
ASSERT_EQ(2000, certs[1]->expiration_time().ToInternalValue());
// Undecodable cert, creation time will be uninitialized.
@@ -439,7 +439,7 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestUpgradeV3) {
}
// Test that we can force the database to be written by calling Flush().
-TEST_F(SQLiteOriginBoundCertStoreTest, TestFlush) {
+TEST_F(SQLiteServerBoundCertStoreTest, TestFlush) {
// File timestamps don't work well on all platforms, so we'll determine
// whether the DB file has been modified by checking its size.
FilePath path = temp_dir_.path().Append(chrome::kOBCertFilename);
@@ -449,12 +449,12 @@ TEST_F(SQLiteOriginBoundCertStoreTest, TestFlush) {
// Write some certs, so the DB will have to expand by several KB.
for (char c = 'a'; c < 'z'; ++c) {
- std::string origin(1, c);
+ std::string server_identifier(1, c);
std::string private_key(1000, c);
std::string cert(1000, c);
- store_->AddOriginBoundCert(
- net::DefaultOriginBoundCertStore::OriginBoundCert(
- origin,
+ store_->AddServerBoundCert(
+ net::DefaultServerBoundCertStore::ServerBoundCert(
+ server_identifier,
net::CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
@@ -493,7 +493,7 @@ class CallbackCounter : public base::RefCountedThreadSafe<CallbackCounter> {
};
// Test that we can get a completion callback after a Flush().
-TEST_F(SQLiteOriginBoundCertStoreTest, TestFlushCompletionCallback) {
+TEST_F(SQLiteServerBoundCertStoreTest, TestFlushCompletionCallback) {
scoped_refptr<CallbackCounter> counter(new CallbackCounter());
// Callback shouldn't be invoked until we call Flush().
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index 883d7cb..7386d49 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -139,7 +139,7 @@ class SSLConfigServiceManagerPref
BooleanPrefMember rev_checking_enabled_;
BooleanPrefMember ssl3_enabled_;
BooleanPrefMember tls1_enabled_;
- BooleanPrefMember origin_bound_certs_enabled_;
+ BooleanPrefMember domain_bound_certs_enabled_;
BooleanPrefMember ssl_record_splitting_disabled_;
// The cached list of disabled SSL cipher suites.
@@ -159,7 +159,7 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
local_state, this);
ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this);
tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this);
- origin_bound_certs_enabled_.Init(prefs::kEnableOriginBoundCerts,
+ domain_bound_certs_enabled_.Init(prefs::kEnableOriginBoundCerts,
local_state, this);
ssl_record_splitting_disabled_.Init(prefs::kDisableSSLRecordSplitting,
local_state, this);
@@ -182,7 +182,7 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) {
prefs->RegisterBooleanPref(prefs::kTLS1Enabled,
default_config.tls1_enabled);
prefs->RegisterBooleanPref(prefs::kEnableOriginBoundCerts,
- default_config.origin_bound_certs_enabled);
+ default_config.domain_bound_certs_enabled);
prefs->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
!default_config.false_start_enabled);
prefs->RegisterListPref(prefs::kCipherSuiteBlacklist);
@@ -230,7 +230,7 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
config->ssl3_enabled = ssl3_enabled_.GetValue();
config->tls1_enabled = tls1_enabled_.GetValue();
config->disabled_cipher_suites = disabled_cipher_suites_;
- config->origin_bound_certs_enabled = origin_bound_certs_enabled_.GetValue();
+ config->domain_bound_certs_enabled = domain_bound_certs_enabled_.GetValue();
// disabling False Start also happens to disable record splitting.
config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
SSLConfigServicePref::SetSSLConfigFlags(config);
diff --git a/chrome/browser/profiles/off_the_record_profile_io_data.cc b/chrome/browser/profiles/off_the_record_profile_io_data.cc
index c21cb73..8950182 100644
--- a/chrome/browser/profiles/off_the_record_profile_io_data.cc
+++ b/chrome/browser/profiles/off_the_record_profile_io_data.cc
@@ -194,12 +194,12 @@ void OffTheRecordProfileIOData::LazyInitializeInternal(
http_server_properties_.reset(new net::HttpServerPropertiesImpl);
main_context->set_http_server_properties(http_server_properties_.get());
- // For incognito, we use a non-persistent origin bound cert store.
- net::OriginBoundCertService* origin_bound_cert_service =
- new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(NULL));
- set_origin_bound_cert_service(origin_bound_cert_service);
- main_context->set_origin_bound_cert_service(origin_bound_cert_service);
+ // For incognito, we use a non-persistent server bound cert store.
+ net::ServerBoundCertService* server_bound_cert_service =
+ new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(NULL));
+ set_server_bound_cert_service(server_bound_cert_service);
+ main_context->set_server_bound_cert_service(server_bound_cert_service);
main_context->set_cookie_store(
new net::CookieMonster(NULL, profile_params->cookie_monster_delegate));
@@ -219,7 +219,7 @@ void OffTheRecordProfileIOData::LazyInitializeInternal(
net::HttpCache* cache =
new net::HttpCache(main_context->host_resolver(),
main_context->cert_verifier(),
- main_context->origin_bound_cert_service(),
+ main_context->server_bound_cert_service(),
main_context->transport_security_state(),
main_context->proxy_service(),
GetSSLSessionCacheShard(),
diff --git a/chrome/browser/profiles/profile_impl.cc b/chrome/browser/profiles/profile_impl.cc
index 980264d..1a9e0a6 100644
--- a/chrome/browser/profiles/profile_impl.cc
+++ b/chrome/browser/profiles/profile_impl.cc
@@ -357,9 +357,9 @@ void ProfileImpl::DoFinalInit(bool is_new_profile) {
FilePath cookie_path = GetPath();
cookie_path = cookie_path.Append(chrome::kCookieFilename);
- FilePath origin_bound_cert_path = GetPath();
- origin_bound_cert_path =
- origin_bound_cert_path.Append(chrome::kOBCertFilename);
+ FilePath server_bound_cert_path = GetPath();
+ server_bound_cert_path =
+ server_bound_cert_path.Append(chrome::kOBCertFilename);
FilePath cache_path = base_cache_path_;
int cache_max_size;
GetCacheParameters(false, &cache_path, &cache_max_size);
@@ -389,7 +389,7 @@ void ProfileImpl::DoFinalInit(bool is_new_profile) {
// Make sure we initialize the ProfileIOData after everything else has been
// initialized that we might be reading from the IO thread.
- io_data_.Init(cookie_path, origin_bound_cert_path, cache_path,
+ io_data_.Init(cookie_path, server_bound_cert_path, cache_path,
cache_max_size, media_cache_path, media_cache_max_size,
extensions_cookie_path, app_path, predictor_,
g_browser_process->local_state(),
diff --git a/chrome/browser/profiles/profile_impl_io_data.cc b/chrome/browser/profiles/profile_impl_io_data.cc
index d16a193..9385308 100644
--- a/chrome/browser/profiles/profile_impl_io_data.cc
+++ b/chrome/browser/profiles/profile_impl_io_data.cc
@@ -82,7 +82,7 @@ ProfileImplIOData::Handle::~Handle() {
void ProfileImplIOData::Handle::Init(
const FilePath& cookie_path,
- const FilePath& origin_bound_cert_path,
+ const FilePath& server_bound_cert_path,
const FilePath& cache_path,
int cache_max_size,
const FilePath& media_cache_path,
@@ -100,7 +100,7 @@ void ProfileImplIOData::Handle::Init(
LazyParams* lazy_params = new LazyParams;
lazy_params->cookie_path = cookie_path;
- lazy_params->origin_bound_cert_path = origin_bound_cert_path;
+ lazy_params->server_bound_cert_path = server_bound_cert_path;
lazy_params->cache_path = cache_path;
lazy_params->cache_max_size = cache_max_size;
lazy_params->media_cache_path = media_cache_path;
@@ -319,14 +319,14 @@ void ProfileImplIOData::LazyInitializeInternal(
media_request_context_->set_proxy_service(proxy_service());
scoped_refptr<net::CookieStore> cookie_store = NULL;
- net::OriginBoundCertService* origin_bound_cert_service = NULL;
+ net::ServerBoundCertService* server_bound_cert_service = NULL;
if (record_mode || playback_mode) {
// Don't use existing cookies and use an in-memory store.
cookie_store = new net::CookieMonster(
NULL, profile_params->cookie_monster_delegate);
- // Don't use existing origin-bound certs and use an in-memory store.
- origin_bound_cert_service = new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(NULL));
+ // Don't use existing server-bound certs and use an in-memory store.
+ server_bound_cert_service = new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(NULL));
}
// setup cookie store
@@ -360,22 +360,22 @@ void ProfileImplIOData::LazyInitializeInternal(
media_request_context_->set_cookie_store(cookie_store);
extensions_context->set_cookie_store(extensions_cookie_store);
- // Setup origin bound cert service.
- if (!origin_bound_cert_service) {
- DCHECK(!lazy_params_->origin_bound_cert_path.empty());
+ // Setup server bound cert service.
+ if (!server_bound_cert_service) {
+ DCHECK(!lazy_params_->server_bound_cert_path.empty());
- scoped_refptr<SQLiteOriginBoundCertStore> origin_bound_cert_db =
- new SQLiteOriginBoundCertStore(lazy_params_->origin_bound_cert_path);
- origin_bound_cert_db->SetClearLocalStateOnExit(
+ scoped_refptr<SQLiteServerBoundCertStore> server_bound_cert_db =
+ new SQLiteServerBoundCertStore(lazy_params_->server_bound_cert_path);
+ server_bound_cert_db->SetClearLocalStateOnExit(
profile_params->clear_local_state_on_exit);
- origin_bound_cert_service = new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(origin_bound_cert_db.get()));
+ server_bound_cert_service = new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(server_bound_cert_db.get()));
}
- set_origin_bound_cert_service(origin_bound_cert_service);
- main_context->set_origin_bound_cert_service(origin_bound_cert_service);
- media_request_context_->set_origin_bound_cert_service(
- origin_bound_cert_service);
+ set_server_bound_cert_service(server_bound_cert_service);
+ main_context->set_server_bound_cert_service(server_bound_cert_service);
+ media_request_context_->set_server_bound_cert_service(
+ server_bound_cert_service);
net::HttpCache::DefaultBackend* main_backend =
new net::HttpCache::DefaultBackend(
@@ -386,7 +386,7 @@ void ProfileImplIOData::LazyInitializeInternal(
net::HttpCache* main_cache = new net::HttpCache(
main_context->host_resolver(),
main_context->cert_verifier(),
- main_context->origin_bound_cert_service(),
+ main_context->server_bound_cert_service(),
main_context->transport_security_state(),
main_context->proxy_service(),
"", // pass empty ssl_session_cache_shard to share the SSL session cache
diff --git a/chrome/browser/profiles/profile_impl_io_data.h b/chrome/browser/profiles/profile_impl_io_data.h
index 9b1aa7f..6a78e5f 100644
--- a/chrome/browser/profiles/profile_impl_io_data.h
+++ b/chrome/browser/profiles/profile_impl_io_data.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -36,7 +36,7 @@ class ProfileImplIOData : public ProfileIOData {
// Init() must be called before ~Handle(). It records all the necessary
// parameters needed to construct a ChromeURLRequestContextGetter.
void Init(const FilePath& cookie_path,
- const FilePath& origin_bound_cert_path,
+ const FilePath& server_bound_cert_path,
const FilePath& cache_path,
int cache_max_size,
const FilePath& media_cache_path,
@@ -111,7 +111,7 @@ class ProfileImplIOData : public ProfileIOData {
// All of these parameters are intended to be read on the IO thread.
FilePath cookie_path;
- FilePath origin_bound_cert_path;
+ FilePath server_bound_cert_path;
FilePath cache_path;
int cache_max_size;
FilePath media_cache_path;
diff --git a/chrome/browser/profiles/profile_io_data.cc b/chrome/browser/profiles/profile_io_data.cc
index 1e416a0..3224f13 100644
--- a/chrome/browser/profiles/profile_io_data.cc
+++ b/chrome/browser/profiles/profile_io_data.cc
@@ -565,7 +565,7 @@ void ProfileIOData::ShutdownOnUIThread() {
delete this;
}
-void ProfileIOData::set_origin_bound_cert_service(
- net::OriginBoundCertService* origin_bound_cert_service) const {
- origin_bound_cert_service_.reset(origin_bound_cert_service);
+void ProfileIOData::set_server_bound_cert_service(
+ net::ServerBoundCertService* server_bound_cert_service) const {
+ server_bound_cert_service_.reset(server_bound_cert_service);
}
diff --git a/chrome/browser/profiles/profile_io_data.h b/chrome/browser/profiles/profile_io_data.h
index 006419b..c8e2c55 100644
--- a/chrome/browser/profiles/profile_io_data.h
+++ b/chrome/browser/profiles/profile_io_data.h
@@ -33,7 +33,7 @@ namespace net {
class CookieStore;
class FraudulentCertificateReporter;
class HttpTransactionFactory;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyConfigService;
class ProxyService;
class SSLConfigService;
@@ -178,12 +178,12 @@ class ProfileIOData {
return chrome_url_data_manager_backend_.get();
}
- // An OriginBoundCertService object is created by a derived class of
+ // A ServerBoundCertService object is created by a derived class of
// ProfileIOData, and the derived class calls this method to set the
- // origin_bound_cert_service_ member and transfers ownership to the base
+ // server_bound_cert_service_ member and transfers ownership to the base
// class.
- void set_origin_bound_cert_service(
- net::OriginBoundCertService* origin_bound_cert_service) const;
+ void set_server_bound_cert_service(
+ net::ServerBoundCertService* server_bound_cert_service) const;
net::NetworkDelegate* network_delegate() const {
return network_delegate_.get();
@@ -273,7 +273,7 @@ class ProfileIOData {
// Pointed to by URLRequestContext.
mutable scoped_ptr<ChromeURLDataManagerBackend>
chrome_url_data_manager_backend_;
- mutable scoped_ptr<net::OriginBoundCertService> origin_bound_cert_service_;
+ mutable scoped_ptr<net::ServerBoundCertService> server_bound_cert_service_;
mutable scoped_ptr<net::NetworkDelegate> network_delegate_;
mutable scoped_ptr<net::FraudulentCertificateReporter>
fraudulent_certificate_reporter_;
diff --git a/chrome/common/extensions/api/browsingData.json b/chrome/common/extensions/api/browsingData.json
index 8848f6e..7ba52cc 100644
--- a/chrome/common/extensions/api/browsingData.json
+++ b/chrome/common/extensions/api/browsingData.json
@@ -79,10 +79,10 @@
"optional": true,
"description": "Should websites' local storage data be cleared?"
},
- "originBoundCertificates": {
+ "serverBoundCertificates": {
"type": "boolean",
"optional": true,
- "description": "Should origin-bound certificates be removed?"
+ "description": "Should server-bound certificates be removed?"
},
"pluginData": {
"type": "boolean",
diff --git a/chrome/common/extensions/docs/browsingData.html b/chrome/common/extensions/docs/browsingData.html
index 27a3c6a..51ae013 100644
--- a/chrome/common/extensions/docs/browsingData.html
+++ b/chrome/common/extensions/docs/browsingData.html
@@ -627,7 +627,7 @@ chrome.browsingData.removeCookies({
</div><div>
<div>
<dt>
- <var>originBoundCertificates</var>
+ <var>serverBoundCertificates</var>
<em>
<!-- TYPE -->
<div style="display:inline">
@@ -642,7 +642,7 @@ chrome.browsingData.removeCookies({
</div>
</em>
</dt>
- <dd>Should origin-bound certificates be removed?</dd>
+ <dd>Should server-bound certificates be removed?</dd>
<!-- OBJECT PROPERTIES -->
<!-- OBJECT METHODS -->
<!-- OBJECT EVENT FIELDS -->
diff --git a/chrome/common/extensions/docs/examples/api/browsingData/basic.zip b/chrome/common/extensions/docs/examples/api/browsingData/basic.zip
index 98d0f365..d508afc 100644
--- a/chrome/common/extensions/docs/examples/api/browsingData/basic.zip
+++ b/chrome/common/extensions/docs/examples/api/browsingData/basic.zip
Binary files differ
diff --git a/chrome/common/extensions/docs/examples/api/browsingData/basic/popup.js b/chrome/common/extensions/docs/examples/api/browsingData/basic/popup.js
index a86d6ac..1b46ea9 100644
--- a/chrome/common/extensions/docs/examples/api/browsingData/basic/popup.js
+++ b/chrome/common/extensions/docs/examples/api/browsingData/basic/popup.js
@@ -119,7 +119,7 @@ PopupController.prototype = {
"history": true,
"indexedDB": true,
"localStorage": true,
- "originBoundCertificates": true,
+ "serverBoundCertificates": true,
"pluginData": true,
"passwords": true,
"webSQL": true
diff --git a/chrome/common/extensions/docs/samples.json b/chrome/common/extensions/docs/samples.json
index ed13eba..4edf90b 100644
--- a/chrome/common/extensions/docs/samples.json
+++ b/chrome/common/extensions/docs/samples.json
@@ -18,6 +18,10 @@
"chrome.bookmarks.removeTree": "bookmarks.html#method-removeTree",
"chrome.bookmarks.search": "bookmarks.html#method-search",
"chrome.bookmarks.update": "bookmarks.html#method-update",
+ "chrome.browserAction.getBadgeBackgroundColor": "browserAction.html#method-getBadgeBackgroundColor",
+ "chrome.browserAction.getBadgeText": "browserAction.html#method-getBadgeText",
+ "chrome.browserAction.getPopup": "browserAction.html#method-getPopup",
+ "chrome.browserAction.getTitle": "browserAction.html#method-getTitle",
"chrome.browserAction.onClicked": "browserAction.html#event-onClicked",
"chrome.browserAction.setBadgeBackgroundColor": "browserAction.html#method-setBadgeBackgroundColor",
"chrome.browserAction.setBadgeText": "browserAction.html#method-setBadgeText",
@@ -142,6 +146,8 @@
"chrome.omnibox.onInputEntered": "omnibox.html#event-onInputEntered",
"chrome.omnibox.onInputStarted": "omnibox.html#event-onInputStarted",
"chrome.omnibox.setDefaultSuggestion": "omnibox.html#method-setDefaultSuggestion",
+ "chrome.pageAction.getPopup": "pageAction.html#method-getPopup",
+ "chrome.pageAction.getTitle": "pageAction.html#method-getTitle",
"chrome.pageAction.hide": "pageAction.html#method-hide",
"chrome.pageAction.onClicked": "pageAction.html#event-onClicked",
"chrome.pageAction.setIcon": "pageAction.html#method-setIcon",
@@ -524,7 +530,7 @@
"popup.html",
"popup.js"
],
- "source_hash": "d03a62493eb36bf3da3472f15df777137e159171",
+ "source_hash": "6e227746c25a1b9765dbd27e3eb0e7403dee2c65",
"zip_path": "examples\/api\/browsingData\/basic.zip"
},
{
diff --git a/chrome/tools/chromeactions.txt b/chrome/tools/chromeactions.txt
index 3fb362f..7a66678 100644
--- a/chrome/tools/chromeactions.txt
+++ b/chrome/tools/chromeactions.txt
@@ -183,7 +183,7 @@
0xea9b835bf0310f85 ClearBrowsingData_Downloads
0xe3c9686626019346 ClearBrowsingData_History
0x86678d0ede469c46 ClearBrowsingData_LSOData
-0x82601d6a3aca0eb1 ClearBrowsingData_OriginBoundCerts
+0x82601d6a3aca0eb1 ClearBrowsingData_ServerBoundCerts
0x511e8366cdda3890 ClearBrowsingData_Passwords
0x6d69a061f7adf595 ClearBrowsingData_ShowDlg
0x9fd631c62234969a ClearSelection
diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc
index 07198b1..ac88386 100644
--- a/content/public/common/content_switches.cc
+++ b/content/public/common/content_switches.cc
@@ -274,7 +274,7 @@ const char kEnableMediaStream[] = "enable-media-stream";
// assumed to be sRGB.
const char kEnableMonitorProfile[] = "enable-monitor-profile";
-// Enables TLS origin bound certificate extension.
+// Enables TLS domain bound certificate extension.
const char kEnableOriginBoundCerts[] = "enable-origin-bound-certs";
// Enables partial swaps in the WK compositor on platforms that support it.
diff --git a/content/shell/shell_url_request_context_getter.cc b/content/shell/shell_url_request_context_getter.cc
index f18be2b..9a35da8 100644
--- a/content/shell/shell_url_request_context_getter.cc
+++ b/content/shell/shell_url_request_context_getter.cc
@@ -52,8 +52,8 @@ net::URLRequestContext* ShellURLRequestContextGetter::GetURLRequestContext() {
storage_.reset(new net::URLRequestContextStorage(url_request_context_));
storage_->set_cookie_store(new net::CookieMonster(NULL, NULL));
- storage_->set_origin_bound_cert_service(new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(NULL)));
+ storage_->set_server_bound_cert_service(new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(NULL)));
url_request_context_->set_accept_language("en-us,en");
url_request_context_->set_accept_charset("iso-8859-1,*,utf-8");
@@ -86,7 +86,7 @@ net::URLRequestContext* ShellURLRequestContextGetter::GetURLRequestContext() {
net::HttpCache* main_cache = new net::HttpCache(
url_request_context_->host_resolver(),
url_request_context_->cert_verifier(),
- url_request_context_->origin_bound_cert_service(),
+ url_request_context_->server_bound_cert_service(),
NULL, // tranport_security_state
url_request_context_->proxy_service(),
"", // ssl_session_cache_shard
diff --git a/jingle/notifier/base/proxy_resolving_client_socket.cc b/jingle/notifier/base/proxy_resolving_client_socket.cc
index ab0b679..5130100 100644
--- a/jingle/notifier/base/proxy_resolving_client_socket.cc
+++ b/jingle/notifier/base/proxy_resolving_client_socket.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -48,8 +48,8 @@ ProxyResolvingClientSocket::ProxyResolvingClientSocket(
session_params.client_socket_factory = socket_factory;
session_params.host_resolver = request_context->host_resolver();
session_params.cert_verifier = request_context->cert_verifier();
- // TODO(rkn): This is NULL because OriginBoundCertService is not thread safe.
- session_params.origin_bound_cert_service = NULL;
+ // TODO(rkn): This is NULL because ServerBoundCertService is not thread safe.
+ session_params.server_bound_cert_service = NULL;
// transport_security_state is NULL because it's not thread safe.
session_params.transport_security_state = NULL;
session_params.proxy_service = request_context->proxy_service();
diff --git a/jingle/notifier/base/xmpp_client_socket_factory.cc b/jingle/notifier/base/xmpp_client_socket_factory.cc
index c08de39..87b439d 100644
--- a/jingle/notifier/base/xmpp_client_socket_factory.cc
+++ b/jingle/notifier/base/xmpp_client_socket_factory.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -45,8 +45,8 @@ net::SSLClientSocket* XmppClientSocketFactory::CreateSSLClientSocket(
net::SSLClientSocketContext context;
context.cert_verifier =
request_context_getter_->GetURLRequestContext()->cert_verifier();
- // TODO(rkn): context.origin_bound_cert_service is NULL because the
- // OriginBoundCertService class is not thread safe.
+ // TODO(rkn): context.server_bound_cert_service is NULL because the
+ // ServerBoundCertService class is not thread safe.
return client_socket_factory_->CreateSSLClientSocket(
transport_socket, host_and_port, ssl_config_, NULL, context);
}
diff --git a/net/base/default_origin_bound_cert_store.cc b/net/base/default_origin_bound_cert_store.cc
index 8e721ae..3fd8c34 100644
--- a/net/base/default_origin_bound_cert_store.cc
+++ b/net/base/default_origin_bound_cert_store.cc
@@ -10,14 +10,14 @@
namespace net {
// static
-const size_t DefaultOriginBoundCertStore::kMaxCerts = 3300;
+const size_t DefaultServerBoundCertStore::kMaxCerts = 3300;
-DefaultOriginBoundCertStore::DefaultOriginBoundCertStore(
+DefaultServerBoundCertStore::DefaultServerBoundCertStore(
PersistentStore* store)
: initialized_(false),
store_(store) {}
-void DefaultOriginBoundCertStore::FlushStore(
+void DefaultServerBoundCertStore::FlushStore(
const base::Closure& completion_task) {
base::AutoLock autolock(lock_);
@@ -27,8 +27,8 @@ void DefaultOriginBoundCertStore::FlushStore(
MessageLoop::current()->PostTask(FROM_HERE, completion_task);
}
-bool DefaultOriginBoundCertStore::GetOriginBoundCert(
- const std::string& origin,
+bool DefaultServerBoundCertStore::GetServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType* type,
base::Time* creation_time,
base::Time* expiration_time,
@@ -37,12 +37,12 @@ bool DefaultOriginBoundCertStore::GetOriginBoundCert(
base::AutoLock autolock(lock_);
InitIfNecessary();
- OriginBoundCertMap::iterator it = origin_bound_certs_.find(origin);
+ ServerBoundCertMap::iterator it = server_bound_certs_.find(server_identifier);
- if (it == origin_bound_certs_.end())
+ if (it == server_bound_certs_.end())
return false;
- OriginBoundCert* cert = it->second;
+ ServerBoundCert* cert = it->second;
*type = cert->type();
*creation_time = cert->creation_time();
*expiration_time = cert->expiration_time();
@@ -52,8 +52,8 @@ bool DefaultOriginBoundCertStore::GetOriginBoundCert(
return true;
}
-void DefaultOriginBoundCertStore::SetOriginBoundCert(
- const std::string& origin,
+void DefaultServerBoundCertStore::SetServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType type,
base::Time creation_time,
base::Time expiration_time,
@@ -62,118 +62,119 @@ void DefaultOriginBoundCertStore::SetOriginBoundCert(
base::AutoLock autolock(lock_);
InitIfNecessary();
- InternalDeleteOriginBoundCert(origin);
- InternalInsertOriginBoundCert(
- origin,
- new OriginBoundCert(
- origin, type, creation_time, expiration_time, private_key, cert));
+ InternalDeleteServerBoundCert(server_identifier);
+ InternalInsertServerBoundCert(
+ server_identifier,
+ new ServerBoundCert(
+ server_identifier, type, creation_time, expiration_time, private_key,
+ cert));
}
-void DefaultOriginBoundCertStore::DeleteOriginBoundCert(
- const std::string& origin) {
+void DefaultServerBoundCertStore::DeleteServerBoundCert(
+ const std::string& server_identifier) {
base::AutoLock autolock(lock_);
InitIfNecessary();
- InternalDeleteOriginBoundCert(origin);
+ InternalDeleteServerBoundCert(server_identifier);
}
-void DefaultOriginBoundCertStore::DeleteAllCreatedBetween(
+void DefaultServerBoundCertStore::DeleteAllCreatedBetween(
base::Time delete_begin,
base::Time delete_end) {
base::AutoLock autolock(lock_);
InitIfNecessary();
- for (OriginBoundCertMap::iterator it = origin_bound_certs_.begin();
- it != origin_bound_certs_.end();) {
- OriginBoundCertMap::iterator cur = it;
+ for (ServerBoundCertMap::iterator it = server_bound_certs_.begin();
+ it != server_bound_certs_.end();) {
+ ServerBoundCertMap::iterator cur = it;
++it;
- OriginBoundCert* cert = cur->second;
+ ServerBoundCert* cert = cur->second;
if ((delete_begin.is_null() || cert->creation_time() >= delete_begin) &&
(delete_end.is_null() || cert->creation_time() < delete_end)) {
if (store_)
- store_->DeleteOriginBoundCert(*cert);
+ store_->DeleteServerBoundCert(*cert);
delete cert;
- origin_bound_certs_.erase(cur);
+ server_bound_certs_.erase(cur);
}
}
}
-void DefaultOriginBoundCertStore::DeleteAll() {
+void DefaultServerBoundCertStore::DeleteAll() {
DeleteAllCreatedBetween(base::Time(), base::Time());
}
-void DefaultOriginBoundCertStore::GetAllOriginBoundCerts(
- std::vector<OriginBoundCert>* origin_bound_certs) {
+void DefaultServerBoundCertStore::GetAllServerBoundCerts(
+ std::vector<ServerBoundCert>* server_bound_certs) {
base::AutoLock autolock(lock_);
InitIfNecessary();
- for (OriginBoundCertMap::iterator it = origin_bound_certs_.begin();
- it != origin_bound_certs_.end(); ++it) {
- origin_bound_certs->push_back(*it->second);
+ for (ServerBoundCertMap::iterator it = server_bound_certs_.begin();
+ it != server_bound_certs_.end(); ++it) {
+ server_bound_certs->push_back(*it->second);
}
}
-int DefaultOriginBoundCertStore::GetCertCount() {
+int DefaultServerBoundCertStore::GetCertCount() {
base::AutoLock autolock(lock_);
InitIfNecessary();
- return origin_bound_certs_.size();
+ return server_bound_certs_.size();
}
-DefaultOriginBoundCertStore::~DefaultOriginBoundCertStore() {
+DefaultServerBoundCertStore::~DefaultServerBoundCertStore() {
DeleteAllInMemory();
}
-void DefaultOriginBoundCertStore::DeleteAllInMemory() {
+void DefaultServerBoundCertStore::DeleteAllInMemory() {
base::AutoLock autolock(lock_);
- for (OriginBoundCertMap::iterator it = origin_bound_certs_.begin();
- it != origin_bound_certs_.end(); ++it) {
+ for (ServerBoundCertMap::iterator it = server_bound_certs_.begin();
+ it != server_bound_certs_.end(); ++it) {
delete it->second;
}
- origin_bound_certs_.clear();
+ server_bound_certs_.clear();
}
-void DefaultOriginBoundCertStore::InitStore() {
+void DefaultServerBoundCertStore::InitStore() {
lock_.AssertAcquired();
DCHECK(store_) << "Store must exist to initialize";
// Initialize the store and sync in any saved persistent certs.
- std::vector<OriginBoundCert*> certs;
+ std::vector<ServerBoundCert*> certs;
// Reserve space for the maximum amount of certs a database should have.
// This prevents multiple vector growth / copies as we append certs.
certs.reserve(kMaxCerts);
store_->Load(&certs);
- for (std::vector<OriginBoundCert*>::const_iterator it = certs.begin();
+ for (std::vector<ServerBoundCert*>::const_iterator it = certs.begin();
it != certs.end(); ++it) {
- origin_bound_certs_[(*it)->origin()] = *it;
+ server_bound_certs_[(*it)->server_identifier()] = *it;
}
}
-void DefaultOriginBoundCertStore::InternalDeleteOriginBoundCert(
- const std::string& origin) {
+void DefaultServerBoundCertStore::InternalDeleteServerBoundCert(
+ const std::string& server_identifier) {
lock_.AssertAcquired();
- OriginBoundCertMap::iterator it = origin_bound_certs_.find(origin);
- if (it == origin_bound_certs_.end())
+ ServerBoundCertMap::iterator it = server_bound_certs_.find(server_identifier);
+ if (it == server_bound_certs_.end())
return; // There is nothing to delete.
- OriginBoundCert* cert = it->second;
+ ServerBoundCert* cert = it->second;
if (store_)
- store_->DeleteOriginBoundCert(*cert);
- origin_bound_certs_.erase(it);
+ store_->DeleteServerBoundCert(*cert);
+ server_bound_certs_.erase(it);
delete cert;
}
-void DefaultOriginBoundCertStore::InternalInsertOriginBoundCert(
- const std::string& origin,
- OriginBoundCert* cert) {
+void DefaultServerBoundCertStore::InternalInsertServerBoundCert(
+ const std::string& server_identifier,
+ ServerBoundCert* cert) {
lock_.AssertAcquired();
if (store_)
- store_->AddOriginBoundCert(*cert);
- origin_bound_certs_[origin] = cert;
+ store_->AddServerBoundCert(*cert);
+ server_bound_certs_[server_identifier] = cert;
}
-DefaultOriginBoundCertStore::PersistentStore::PersistentStore() {}
+DefaultServerBoundCertStore::PersistentStore::PersistentStore() {}
} // namespace net
diff --git a/net/base/default_origin_bound_cert_store.h b/net/base/default_origin_bound_cert_store.h
index e717d38..81a6f05 100644
--- a/net/base/default_origin_bound_cert_store.h
+++ b/net/base/default_origin_bound_cert_store.h
@@ -21,30 +21,30 @@ class Task;
namespace net {
-// This class is the system for storing and retrieving origin bound certs.
+// This class is the system for storing and retrieving server bound certs.
// Modeled after the CookieMonster class, it has an in-memory cert store,
-// and synchronizes origin bound certs to an optional permanent storage that
+// and synchronizes server bound certs to an optional permanent storage that
// implements the PersistentStore interface. The use case is described in
// http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html
//
// This class can be accessed by multiple threads. For example, it can be used
-// by IO and origin bound cert management UI.
-class NET_EXPORT DefaultOriginBoundCertStore : public OriginBoundCertStore {
+// by IO and server bound cert management UI.
+class NET_EXPORT DefaultServerBoundCertStore : public ServerBoundCertStore {
public:
class PersistentStore;
- // The key for each OriginBoundCert* in OriginBoundCertMap is the
- // corresponding origin.
- typedef std::map<std::string, OriginBoundCert*> OriginBoundCertMap;
+ // The key for each ServerBoundCert* in ServerBoundCertMap is the
+ // corresponding server.
+ typedef std::map<std::string, ServerBoundCert*> ServerBoundCertMap;
// The store passed in should not have had Init() called on it yet. This
// class will take care of initializing it. The backing store is NOT owned by
// this class, but it must remain valid for the duration of the
- // DefaultOriginBoundCertStore's existence. If |store| is NULL, then no
+ // DefaultServerBoundCertStore's existence. If |store| is NULL, then no
// backing store will be updated.
- explicit DefaultOriginBoundCertStore(PersistentStore* store);
+ explicit DefaultServerBoundCertStore(PersistentStore* store);
- virtual ~DefaultOriginBoundCertStore();
+ virtual ~DefaultServerBoundCertStore();
// Flush the backing store (if any) to disk and post the given task when done.
// WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE.
@@ -53,27 +53,28 @@ class NET_EXPORT DefaultOriginBoundCertStore : public OriginBoundCertStore {
// to the thread you actually want to be notified on.
void FlushStore(const base::Closure& completion_task);
- // OriginBoundCertStore implementation.
- virtual bool GetOriginBoundCert(
- const std::string& origin,
+ // ServerBoundCertStore implementation.
+ virtual bool GetServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType* type,
base::Time* creation_time,
base::Time* expiration_time,
std::string* private_key_result,
std::string* cert_result) OVERRIDE;
- virtual void SetOriginBoundCert(
- const std::string& origin,
+ virtual void SetServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType type,
base::Time creation_time,
base::Time expiration_time,
const std::string& private_key,
const std::string& cert) OVERRIDE;
- virtual void DeleteOriginBoundCert(const std::string& origin) OVERRIDE;
+ virtual void DeleteServerBoundCert(const std::string& server_identifier)
+ OVERRIDE;
virtual void DeleteAllCreatedBetween(base::Time delete_begin,
base::Time delete_end) OVERRIDE;
virtual void DeleteAll() OVERRIDE;
- virtual void GetAllOriginBoundCerts(
- std::vector<OriginBoundCert>* origin_bound_certs) OVERRIDE;
+ virtual void GetAllServerBoundCerts(
+ std::vector<ServerBoundCert>* server_bound_certs) OVERRIDE;
virtual int GetCertCount() OVERRIDE;
private:
@@ -98,15 +99,15 @@ class NET_EXPORT DefaultOriginBoundCertStore : public OriginBoundCertStore {
// Should only be called by InitIfNecessary().
void InitStore();
- // Deletes the cert for the specified origin, if such a cert exists, from the
+ // Deletes the cert for the specified server, if such a cert exists, from the
// in-memory store. Deletes it from |store_| if |store_| is not NULL.
- void InternalDeleteOriginBoundCert(const std::string& origin);
+ void InternalDeleteServerBoundCert(const std::string& server);
// Takes ownership of *cert.
- // Adds the cert for the specified origin to the in-memory store. Deletes it
+ // Adds the cert for the specified server to the in-memory store. Deletes it
// from |store_| if |store_| is not NULL.
- void InternalInsertOriginBoundCert(const std::string& origin,
- OriginBoundCert* cert);
+ void InternalInsertServerBoundCert(const std::string& server_identifier,
+ ServerBoundCert* cert);
// Indicates whether the cert store has been initialized. This happens
// Lazily in InitStoreIfNecessary().
@@ -114,18 +115,18 @@ class NET_EXPORT DefaultOriginBoundCertStore : public OriginBoundCertStore {
scoped_refptr<PersistentStore> store_;
- OriginBoundCertMap origin_bound_certs_;
+ ServerBoundCertMap server_bound_certs_;
// Lock for thread-safety
base::Lock lock_;
- DISALLOW_COPY_AND_ASSIGN(DefaultOriginBoundCertStore);
+ DISALLOW_COPY_AND_ASSIGN(DefaultServerBoundCertStore);
};
-typedef base::RefCountedThreadSafe<DefaultOriginBoundCertStore::PersistentStore>
+typedef base::RefCountedThreadSafe<DefaultServerBoundCertStore::PersistentStore>
RefcountedPersistentStore;
-class NET_EXPORT DefaultOriginBoundCertStore::PersistentStore
+class NET_EXPORT DefaultServerBoundCertStore::PersistentStore
: public RefcountedPersistentStore {
public:
virtual ~PersistentStore() {}
@@ -134,11 +135,11 @@ class NET_EXPORT DefaultOriginBoundCertStore::PersistentStore
// called only once at startup. Note that the certs are individually allocated
// and that ownership is transferred to the caller upon return.
virtual bool Load(
- std::vector<OriginBoundCert*>* certs) = 0;
+ std::vector<ServerBoundCert*>* certs) = 0;
- virtual void AddOriginBoundCert(const OriginBoundCert& cert) = 0;
+ virtual void AddServerBoundCert(const ServerBoundCert& cert) = 0;
- virtual void DeleteOriginBoundCert(const OriginBoundCert& cert) = 0;
+ virtual void DeleteServerBoundCert(const ServerBoundCert& cert) = 0;
// Sets the value of the user preference whether the persistent storage
// must be deleted upon destruction.
diff --git a/net/base/default_origin_bound_cert_store_unittest.cc b/net/base/default_origin_bound_cert_store_unittest.cc
index ec55716..4e8628f 100644
--- a/net/base/default_origin_bound_cert_store_unittest.cc
+++ b/net/base/default_origin_bound_cert_store_unittest.cc
@@ -17,27 +17,27 @@
namespace net {
class MockPersistentStore
- : public DefaultOriginBoundCertStore::PersistentStore {
+ : public DefaultServerBoundCertStore::PersistentStore {
public:
MockPersistentStore();
virtual ~MockPersistentStore();
- // DefaultOriginBoundCertStore::PersistentStore implementation.
+ // DefaultServerBoundCertStore::PersistentStore implementation.
virtual bool Load(
- std::vector<DefaultOriginBoundCertStore::OriginBoundCert*>* certs)
+ std::vector<DefaultServerBoundCertStore::ServerBoundCert*>* certs)
OVERRIDE;
- virtual void AddOriginBoundCert(
- const DefaultOriginBoundCertStore::OriginBoundCert& cert) OVERRIDE;
- virtual void DeleteOriginBoundCert(
- const DefaultOriginBoundCertStore::OriginBoundCert& cert) OVERRIDE;
+ virtual void AddServerBoundCert(
+ const DefaultServerBoundCertStore::ServerBoundCert& cert) OVERRIDE;
+ virtual void DeleteServerBoundCert(
+ const DefaultServerBoundCertStore::ServerBoundCert& cert) OVERRIDE;
virtual void SetClearLocalStateOnExit(bool clear_local_state) OVERRIDE;
virtual void Flush(const base::Closure& completion_task) OVERRIDE;
private:
- typedef std::map<std::string, DefaultOriginBoundCertStore::OriginBoundCert>
- OriginBoundCertMap;
+ typedef std::map<std::string, DefaultServerBoundCertStore::ServerBoundCert>
+ ServerBoundCertMap;
- OriginBoundCertMap origin_certs_;
+ ServerBoundCertMap origin_certs_;
};
MockPersistentStore::MockPersistentStore() {}
@@ -45,25 +45,25 @@ MockPersistentStore::MockPersistentStore() {}
MockPersistentStore::~MockPersistentStore() {}
bool MockPersistentStore::Load(
- std::vector<DefaultOriginBoundCertStore::OriginBoundCert*>* certs) {
- OriginBoundCertMap::iterator it;
+ std::vector<DefaultServerBoundCertStore::ServerBoundCert*>* certs) {
+ ServerBoundCertMap::iterator it;
for (it = origin_certs_.begin(); it != origin_certs_.end(); ++it) {
certs->push_back(
- new DefaultOriginBoundCertStore::OriginBoundCert(it->second));
+ new DefaultServerBoundCertStore::ServerBoundCert(it->second));
}
return true;
}
-void MockPersistentStore::AddOriginBoundCert(
- const DefaultOriginBoundCertStore::OriginBoundCert& cert) {
- origin_certs_[cert.origin()] = cert;
+void MockPersistentStore::AddServerBoundCert(
+ const DefaultServerBoundCertStore::ServerBoundCert& cert) {
+ origin_certs_[cert.server_identifier()] = cert;
}
-void MockPersistentStore::DeleteOriginBoundCert(
- const DefaultOriginBoundCertStore::OriginBoundCert& cert) {
- origin_certs_.erase(cert.origin());
+void MockPersistentStore::DeleteServerBoundCert(
+ const DefaultServerBoundCertStore::ServerBoundCert& cert) {
+ origin_certs_.erase(cert.server_identifier());
}
void MockPersistentStore::SetClearLocalStateOnExit(bool clear_local_state) {}
@@ -72,36 +72,36 @@ void MockPersistentStore::Flush(const base::Closure& completion_task) {
NOTREACHED();
}
-TEST(DefaultOriginBoundCertStoreTest, TestLoading) {
+TEST(DefaultServerBoundCertStoreTest, TestLoading) {
scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
- persistent_store->AddOriginBoundCert(
- DefaultOriginBoundCertStore::OriginBoundCert(
- "https://encrypted.google.com/",
+ persistent_store->AddServerBoundCert(
+ DefaultServerBoundCertStore::ServerBoundCert(
+ "google.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"a", "b"));
- persistent_store->AddOriginBoundCert(
- DefaultOriginBoundCertStore::OriginBoundCert(
- "https://www.verisign.com/",
+ persistent_store->AddServerBoundCert(
+ DefaultServerBoundCertStore::ServerBoundCert(
+ "verisign.com",
CLIENT_CERT_ECDSA_SIGN,
base::Time(),
base::Time(),
"c", "d"));
// Make sure certs load properly.
- DefaultOriginBoundCertStore store(persistent_store.get());
+ DefaultServerBoundCertStore store(persistent_store.get());
EXPECT_EQ(2, store.GetCertCount());
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"e", "f");
EXPECT_EQ(2, store.GetCertCount());
- store.SetOriginBoundCert(
- "https://www.twitter.com/",
+ store.SetServerBoundCert(
+ "twitter.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
@@ -109,14 +109,14 @@ TEST(DefaultOriginBoundCertStoreTest, TestLoading) {
EXPECT_EQ(3, store.GetCertCount());
}
-TEST(DefaultOriginBoundCertStoreTest, TestSettingAndGetting) {
- DefaultOriginBoundCertStore store(NULL);
+TEST(DefaultServerBoundCertStoreTest, TestSettingAndGetting) {
+ DefaultServerBoundCertStore store(NULL);
SSLClientCertType type;
base::Time creation_time;
base::Time expiration_time;
std::string private_key, cert;
EXPECT_EQ(0, store.GetCertCount());
- EXPECT_FALSE(store.GetOriginBoundCert("https://www.verisign.com/",
+ EXPECT_FALSE(store.GetServerBoundCert("verisign.com",
&type,
&creation_time,
&expiration_time,
@@ -124,13 +124,13 @@ TEST(DefaultOriginBoundCertStoreTest, TestSettingAndGetting) {
&cert));
EXPECT_TRUE(private_key.empty());
EXPECT_TRUE(cert.empty());
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_RSA_SIGN,
base::Time::FromInternalValue(123),
base::Time::FromInternalValue(456),
"i", "j");
- EXPECT_TRUE(store.GetOriginBoundCert("https://www.verisign.com/",
+ EXPECT_TRUE(store.GetServerBoundCert("verisign.com",
&type,
&creation_time,
&expiration_time,
@@ -143,30 +143,30 @@ TEST(DefaultOriginBoundCertStoreTest, TestSettingAndGetting) {
EXPECT_EQ("j", cert);
}
-TEST(DefaultOriginBoundCertStoreTest, TestDuplicateCerts) {
+TEST(DefaultServerBoundCertStoreTest, TestDuplicateCerts) {
scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
- DefaultOriginBoundCertStore store(persistent_store.get());
+ DefaultServerBoundCertStore store(persistent_store.get());
SSLClientCertType type;
base::Time creation_time;
base::Time expiration_time;
std::string private_key, cert;
EXPECT_EQ(0, store.GetCertCount());
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_RSA_SIGN,
base::Time::FromInternalValue(123),
base::Time::FromInternalValue(1234),
"a", "b");
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_ECDSA_SIGN,
base::Time::FromInternalValue(456),
base::Time::FromInternalValue(4567),
"c", "d");
EXPECT_EQ(1, store.GetCertCount());
- EXPECT_TRUE(store.GetOriginBoundCert("https://www.verisign.com/",
+ EXPECT_TRUE(store.GetServerBoundCert("verisign.com",
&type,
&creation_time,
&expiration_time,
@@ -179,25 +179,25 @@ TEST(DefaultOriginBoundCertStoreTest, TestDuplicateCerts) {
EXPECT_EQ("d", cert);
}
-TEST(DefaultOriginBoundCertStoreTest, TestDeleteAll) {
+TEST(DefaultServerBoundCertStoreTest, TestDeleteAll) {
scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
- DefaultOriginBoundCertStore store(persistent_store.get());
+ DefaultServerBoundCertStore store(persistent_store.get());
EXPECT_EQ(0, store.GetCertCount());
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"a", "b");
- store.SetOriginBoundCert(
- "https://www.google.com/",
+ store.SetServerBoundCert(
+ "google.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"c", "d");
- store.SetOriginBoundCert(
- "https://www.harvard.com/",
+ store.SetServerBoundCert(
+ "harvard.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
@@ -208,46 +208,46 @@ TEST(DefaultOriginBoundCertStoreTest, TestDeleteAll) {
EXPECT_EQ(0, store.GetCertCount());
}
-TEST(DefaultOriginBoundCertStoreTest, TestDelete) {
+TEST(DefaultServerBoundCertStoreTest, TestDelete) {
scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
- DefaultOriginBoundCertStore store(persistent_store.get());
+ DefaultServerBoundCertStore store(persistent_store.get());
SSLClientCertType type;
base::Time creation_time;
base::Time expiration_time;
std::string private_key, cert;
EXPECT_EQ(0, store.GetCertCount());
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"a", "b");
- store.SetOriginBoundCert(
- "https://www.google.com/",
+ store.SetServerBoundCert(
+ "google.com",
CLIENT_CERT_ECDSA_SIGN,
base::Time(),
base::Time(),
"c", "d");
EXPECT_EQ(2, store.GetCertCount());
- store.DeleteOriginBoundCert("https://www.verisign.com/");
+ store.DeleteServerBoundCert("verisign.com");
EXPECT_EQ(1, store.GetCertCount());
- EXPECT_FALSE(store.GetOriginBoundCert("https://www.verisign.com/",
+ EXPECT_FALSE(store.GetServerBoundCert("verisign.com",
&type,
&creation_time,
&expiration_time,
&private_key,
&cert));
- EXPECT_TRUE(store.GetOriginBoundCert("https://www.google.com/",
+ EXPECT_TRUE(store.GetServerBoundCert("google.com",
&type,
&creation_time,
&expiration_time,
&private_key,
&cert));
- store.DeleteOriginBoundCert("https://www.google.com/");
+ store.DeleteServerBoundCert("google.com");
EXPECT_EQ(0, store.GetCertCount());
- EXPECT_FALSE(store.GetOriginBoundCert("https://www.google.com/",
+ EXPECT_FALSE(store.GetServerBoundCert("google.com",
&type,
&creation_time,
&expiration_time,
@@ -255,39 +255,39 @@ TEST(DefaultOriginBoundCertStoreTest, TestDelete) {
&cert));
}
-TEST(DefaultOriginBoundCertStoreTest, TestGetAll) {
+TEST(DefaultServerBoundCertStoreTest, TestGetAll) {
scoped_refptr<MockPersistentStore> persistent_store(new MockPersistentStore);
- DefaultOriginBoundCertStore store(persistent_store.get());
+ DefaultServerBoundCertStore store(persistent_store.get());
EXPECT_EQ(0, store.GetCertCount());
- store.SetOriginBoundCert(
- "https://www.verisign.com/",
+ store.SetServerBoundCert(
+ "verisign.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"a", "b");
- store.SetOriginBoundCert(
- "https://www.google.com/",
+ store.SetServerBoundCert(
+ "google.com",
CLIENT_CERT_ECDSA_SIGN,
base::Time(),
base::Time(),
"c", "d");
- store.SetOriginBoundCert(
- "https://www.harvard.com/",
+ store.SetServerBoundCert(
+ "harvard.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"e", "f");
- store.SetOriginBoundCert(
- "https://www.mit.com/",
+ store.SetServerBoundCert(
+ "mit.com",
CLIENT_CERT_RSA_SIGN,
base::Time(),
base::Time(),
"g", "h");
EXPECT_EQ(4, store.GetCertCount());
- std::vector<OriginBoundCertStore::OriginBoundCert> certs;
- store.GetAllOriginBoundCerts(&certs);
+ std::vector<ServerBoundCertStore::ServerBoundCert> certs;
+ store.GetAllServerBoundCerts(&certs);
EXPECT_EQ(4u, certs.size());
}
diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index 750f9ad..d308a6f 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -618,7 +618,7 @@ NET_ERROR(PKCS12_IMPORT_UNSUPPORTED, -709)
// Key generation failed.
NET_ERROR(KEY_GENERATION_FAILED, -710)
-// Origin-bound certificate generation failed.
+// Server-bound certificate generation failed.
NET_ERROR(ORIGIN_BOUND_CERT_GENERATION_FAILED, -711)
// Failure to export private key.
diff --git a/net/base/net_log_event_type_list.h b/net/base/net_log_event_type_list.h
index 55b1dd0..0654be1 100644
--- a/net/base/net_log_event_type_list.h
+++ b/net/base/net_log_event_type_list.h
@@ -457,14 +457,14 @@ EVENT_TYPE(SSL_SERVER_HANDSHAKE)
// The SSL server requested a client certificate.
EVENT_TYPE(SSL_CLIENT_CERT_REQUESTED)
-// The start/end of getting an origin-bound certificate and private key.
+// The start/end of getting a domain-bound certificate and private key.
//
// The END event will contain the following parameters on failure:
//
// {
// "net_error": <Net integer error code>,
// }
-EVENT_TYPE(SSL_GET_ORIGIN_BOUND_CERT)
+EVENT_TYPE(SSL_GET_DOMAIN_BOUND_CERT)
// A client certificate (or none) was provided to the SSL library to be sent
// to the SSL server.
diff --git a/net/base/origin_bound_cert_service.cc b/net/base/origin_bound_cert_service.cc
index 8901e26..b380645 100644
--- a/net/base/origin_bound_cert_service.cc
+++ b/net/base/origin_bound_cert_service.cc
@@ -19,6 +19,7 @@
#include "base/stl_util.h"
#include "base/threading/worker_pool.h"
#include "crypto/ec_private_key.h"
+#include "googleurl/src/gurl.h"
#include "net/base/net_errors.h"
#include "net/base/origin_bound_cert_store.h"
#include "net/base/registry_controlled_domain.h"
@@ -48,9 +49,9 @@ bool IsSupportedCertType(uint8 type) {
} // namespace
// Represents the output and result callback of a request.
-class OriginBoundCertServiceRequest {
+class ServerBoundCertServiceRequest {
public:
- OriginBoundCertServiceRequest(const CompletionCallback& callback,
+ ServerBoundCertServiceRequest(const CompletionCallback& callback,
SSLClientCertType* type,
std::string* private_key,
std::string* cert)
@@ -92,20 +93,20 @@ class OriginBoundCertServiceRequest {
std::string* cert_;
};
-// OriginBoundCertServiceWorker runs on a worker thread and takes care of the
+// ServerBoundCertServiceWorker runs on a worker thread and takes care of the
// blocking process of performing key generation. Deletes itself eventually
// if Start() succeeds.
-class OriginBoundCertServiceWorker {
+class ServerBoundCertServiceWorker {
public:
- OriginBoundCertServiceWorker(
- const std::string& origin,
+ ServerBoundCertServiceWorker(
+ const std::string& server_identifier,
SSLClientCertType type,
- OriginBoundCertService* origin_bound_cert_service)
- : origin_(origin),
+ ServerBoundCertService* server_bound_cert_service)
+ : server_identifier_(server_identifier),
type_(type),
serial_number_(base::RandInt(0, std::numeric_limits<int>::max())),
origin_loop_(MessageLoop::current()),
- origin_bound_cert_service_(origin_bound_cert_service),
+ server_bound_cert_service_(server_bound_cert_service),
canceled_(false),
error_(ERR_FAILED) {
}
@@ -115,11 +116,11 @@ class OriginBoundCertServiceWorker {
return base::WorkerPool::PostTask(
FROM_HERE,
- base::Bind(&OriginBoundCertServiceWorker::Run, base::Unretained(this)),
+ base::Bind(&ServerBoundCertServiceWorker::Run, base::Unretained(this)),
true /* task is slow */);
}
- // Cancel is called from the origin loop when the OriginBoundCertService is
+ // Cancel is called from the origin loop when the ServerBoundCertService is
// getting deleted.
void Cancel() {
DCHECK_EQ(MessageLoop::current(), origin_loop_);
@@ -130,7 +131,7 @@ class OriginBoundCertServiceWorker {
private:
void Run() {
// Runs on a worker thread.
- error_ = OriginBoundCertService::GenerateCert(origin_,
+ error_ = ServerBoundCertService::GenerateCert(server_identifier_,
type_,
serial_number_,
&creation_time_,
@@ -160,8 +161,8 @@ class OriginBoundCertServiceWorker {
// memory leaks or worse errors.
base::AutoLock locked(lock_);
if (!canceled_) {
- origin_bound_cert_service_->HandleResult(
- origin_, error_, type_, creation_time_, expiration_time_,
+ server_bound_cert_service_->HandleResult(
+ server_identifier_, error_, type_, creation_time_, expiration_time_,
private_key_, cert_);
}
}
@@ -170,11 +171,11 @@ class OriginBoundCertServiceWorker {
void Finish() {
// Runs on the worker thread.
- // We assume that the origin loop outlives the OriginBoundCertService. If
- // the OriginBoundCertService is deleted, it will call Cancel on us. If it
+ // We assume that the origin loop outlives the ServerBoundCertService. If
+ // the ServerBoundCertService is deleted, it will call Cancel on us. If it
// does so before the Acquire, we'll delete ourselves and return. If it's
// trying to do so concurrently, then it'll block on the lock and we'll
- // call PostTask while the OriginBoundCertService (and therefore the
+ // call PostTask while the ServerBoundCertService (and therefore the
// MessageLoop) is still alive. If it does so after this function, we
// assume that the MessageLoop will process pending tasks. In which case
// we'll notice the |canceled_| flag in DoReply.
@@ -185,7 +186,7 @@ class OriginBoundCertServiceWorker {
canceled = canceled_;
if (!canceled) {
origin_loop_->PostTask(
- FROM_HERE, base::Bind(&OriginBoundCertServiceWorker::DoReply,
+ FROM_HERE, base::Bind(&ServerBoundCertServiceWorker::DoReply,
base::Unretained(this)));
}
}
@@ -193,20 +194,20 @@ class OriginBoundCertServiceWorker {
delete this;
}
- const std::string origin_;
+ const std::string server_identifier_;
const SSLClientCertType type_;
// Note that serial_number_ must be initialized on a non-worker thread
- // (see documentation for OriginBoundCertService::GenerateCert).
+ // (see documentation for ServerBoundCertService::GenerateCert).
uint32 serial_number_;
MessageLoop* const origin_loop_;
- OriginBoundCertService* const origin_bound_cert_service_;
+ ServerBoundCertService* const server_bound_cert_service_;
// lock_ protects canceled_.
base::Lock lock_;
// If canceled_ is true,
// * origin_loop_ cannot be accessed by the worker thread,
- // * origin_bound_cert_service_ cannot be accessed by any thread.
+ // * server_bound_cert_service_ cannot be accessed by any thread.
bool canceled_;
int error_;
@@ -215,20 +216,20 @@ class OriginBoundCertServiceWorker {
std::string private_key_;
std::string cert_;
- DISALLOW_COPY_AND_ASSIGN(OriginBoundCertServiceWorker);
+ DISALLOW_COPY_AND_ASSIGN(ServerBoundCertServiceWorker);
};
-// An OriginBoundCertServiceJob is a one-to-one counterpart of an
-// OriginBoundCertServiceWorker. It lives only on the OriginBoundCertService's
+// A ServerBoundCertServiceJob is a one-to-one counterpart of an
+// ServerBoundCertServiceWorker. It lives only on the ServerBoundCertService's
// origin message loop.
-class OriginBoundCertServiceJob {
+class ServerBoundCertServiceJob {
public:
- OriginBoundCertServiceJob(OriginBoundCertServiceWorker* worker,
+ ServerBoundCertServiceJob(ServerBoundCertServiceWorker* worker,
SSLClientCertType type)
: worker_(worker), type_(type) {
}
- ~OriginBoundCertServiceJob() {
+ ~ServerBoundCertServiceJob() {
if (worker_) {
worker_->Cancel();
DeleteAllCanceled();
@@ -237,7 +238,7 @@ class OriginBoundCertServiceJob {
SSLClientCertType type() const { return type_; }
- void AddRequest(OriginBoundCertServiceRequest* request) {
+ void AddRequest(ServerBoundCertServiceRequest* request) {
requests_.push_back(request);
}
@@ -254,48 +255,48 @@ class OriginBoundCertServiceJob {
SSLClientCertType type,
const std::string& private_key,
const std::string& cert) {
- std::vector<OriginBoundCertServiceRequest*> requests;
+ std::vector<ServerBoundCertServiceRequest*> requests;
requests_.swap(requests);
- for (std::vector<OriginBoundCertServiceRequest*>::iterator
+ for (std::vector<ServerBoundCertServiceRequest*>::iterator
i = requests.begin(); i != requests.end(); i++) {
(*i)->Post(error, type, private_key, cert);
- // Post() causes the OriginBoundCertServiceRequest to delete itself.
+ // Post() causes the ServerBoundCertServiceRequest to delete itself.
}
}
void DeleteAllCanceled() {
- for (std::vector<OriginBoundCertServiceRequest*>::iterator
+ for (std::vector<ServerBoundCertServiceRequest*>::iterator
i = requests_.begin(); i != requests_.end(); i++) {
if ((*i)->canceled()) {
delete *i;
} else {
- LOG(DFATAL) << "OriginBoundCertServiceRequest leaked!";
+ LOG(DFATAL) << "ServerBoundCertServiceRequest leaked!";
}
}
}
- std::vector<OriginBoundCertServiceRequest*> requests_;
- OriginBoundCertServiceWorker* worker_;
+ std::vector<ServerBoundCertServiceRequest*> requests_;
+ ServerBoundCertServiceWorker* worker_;
SSLClientCertType type_;
};
// static
-const char OriginBoundCertService::kEPKIPassword[] = "";
+const char ServerBoundCertService::kEPKIPassword[] = "";
-OriginBoundCertService::OriginBoundCertService(
- OriginBoundCertStore* origin_bound_cert_store)
- : origin_bound_cert_store_(origin_bound_cert_store),
+ServerBoundCertService::ServerBoundCertService(
+ ServerBoundCertStore* server_bound_cert_store)
+ : server_bound_cert_store_(server_bound_cert_store),
requests_(0),
cert_store_hits_(0),
inflight_joins_(0) {}
-OriginBoundCertService::~OriginBoundCertService() {
+ServerBoundCertService::~ServerBoundCertService() {
STLDeleteValues(&inflight_);
}
//static
-std::string OriginBoundCertService::GetDomainForHost(const std::string& host) {
+std::string ServerBoundCertService::GetDomainForHost(const std::string& host) {
std::string domain =
RegistryControlledDomainService::GetDomainAndRegistry(host);
if (domain.empty())
@@ -303,7 +304,7 @@ std::string OriginBoundCertService::GetDomainForHost(const std::string& host) {
return domain;
}
-int OriginBoundCertService::GetOriginBoundCert(
+int ServerBoundCertService::GetDomainBoundCert(
const std::string& origin,
const std::vector<uint8>& requested_types,
SSLClientCertType* type,
@@ -320,6 +321,10 @@ int OriginBoundCertService::GetOriginBoundCert(
return ERR_INVALID_ARGUMENT;
}
+ std::string domain = GetDomainForHost(GURL(origin).host());
+ if (domain.empty())
+ return ERR_INVALID_ARGUMENT;
+
SSLClientCertType preferred_type = CLIENT_CERT_INVALID_TYPE;
for (size_t i = 0; i < requested_types.size(); ++i) {
if (IsSupportedCertType(requested_types[i])) {
@@ -334,35 +339,35 @@ int OriginBoundCertService::GetOriginBoundCert(
requests_++;
- // Check if an origin bound cert of an acceptable type already exists for this
- // origin, and that it has not expired.
+ // Check if a domain bound cert of an acceptable type already exists for this
+ // domain, and that it has not expired.
base::Time now = base::Time::Now();
base::Time creation_time;
base::Time expiration_time;
- if (origin_bound_cert_store_->GetOriginBoundCert(origin,
+ if (server_bound_cert_store_->GetServerBoundCert(domain,
type,
&creation_time,
&expiration_time,
private_key,
cert)) {
if (expiration_time < now) {
- DVLOG(1) << "Cert store had expired cert for " << origin;
+ DVLOG(1) << "Cert store had expired cert for " << domain;
} else if (!IsSupportedCertType(*type) ||
std::find(requested_types.begin(), requested_types.end(),
*type) == requested_types.end()) {
DVLOG(1) << "Cert store had cert of wrong type " << *type << " for "
- << origin;
+ << domain;
} else {
cert_store_hits_++;
return OK;
}
}
- // |origin_bound_cert_store_| has no cert for this origin. See if an
+ // |server_bound_cert_store_| has no cert for this domain. See if an
// identical request is currently in flight.
- OriginBoundCertServiceJob* job = NULL;
- std::map<std::string, OriginBoundCertServiceJob*>::const_iterator j;
- j = inflight_.find(origin);
+ ServerBoundCertServiceJob* job = NULL;
+ std::map<std::string, ServerBoundCertServiceJob*>::const_iterator j;
+ j = inflight_.find(domain);
if (j != inflight_.end()) {
// An identical request is in flight already. We'll just attach our
// callback.
@@ -371,10 +376,10 @@ int OriginBoundCertService::GetOriginBoundCert(
if (std::find(requested_types.begin(), requested_types.end(), job->type())
== requested_types.end()) {
DVLOG(1) << "Found inflight job of wrong type " << job->type()
- << " for " << origin;
+ << " for " << domain;
// If we get here, the server is asking for different types of certs in
// short succession. This probably means the server is broken or
- // misconfigured. Since we only store one type of cert per origin, we
+ // misconfigured. Since we only store one type of cert per domain, we
// are unable to handle this well. Just return an error and let the first
// job finish.
return ERR_ORIGIN_BOUND_CERT_GENERATION_TYPE_MISMATCH;
@@ -382,34 +387,34 @@ int OriginBoundCertService::GetOriginBoundCert(
inflight_joins_++;
} else {
// Need to make a new request.
- OriginBoundCertServiceWorker* worker = new OriginBoundCertServiceWorker(
- origin,
+ ServerBoundCertServiceWorker* worker = new ServerBoundCertServiceWorker(
+ domain,
preferred_type,
this);
- job = new OriginBoundCertServiceJob(worker, preferred_type);
+ job = new ServerBoundCertServiceJob(worker, preferred_type);
if (!worker->Start()) {
delete job;
delete worker;
// TODO(rkn): Log to the NetLog.
- LOG(ERROR) << "OriginBoundCertServiceWorker couldn't be started.";
+ LOG(ERROR) << "ServerBoundCertServiceWorker couldn't be started.";
return ERR_INSUFFICIENT_RESOURCES; // Just a guess.
}
- inflight_[origin] = job;
+ inflight_[domain] = job;
}
- OriginBoundCertServiceRequest* request =
- new OriginBoundCertServiceRequest(callback, type, private_key, cert);
+ ServerBoundCertServiceRequest* request =
+ new ServerBoundCertServiceRequest(callback, type, private_key, cert);
job->AddRequest(request);
*out_req = request;
return ERR_IO_PENDING;
}
-OriginBoundCertStore* OriginBoundCertService::GetCertStore() {
- return origin_bound_cert_store_.get();
+ServerBoundCertStore* ServerBoundCertService::GetCertStore() {
+ return server_bound_cert_store_.get();
}
// static
-int OriginBoundCertService::GenerateCert(const std::string& origin,
+int ServerBoundCertService::GenerateCert(const std::string& server_identifier,
SSLClientCertType type,
uint32 serial_number,
base::Time* creation_time,
@@ -428,9 +433,9 @@ int OriginBoundCertService::GenerateCert(const std::string& origin,
DLOG(ERROR) << "Unable to create key pair for client";
return ERR_KEY_GENERATION_FAILED;
}
- if (!x509_util::CreateOriginBoundCertEC(
+ if (!x509_util::CreateDomainBoundCertEC(
key.get(),
- origin,
+ server_identifier,
serial_number,
now,
not_valid_after,
@@ -462,16 +467,16 @@ int OriginBoundCertService::GenerateCert(const std::string& origin,
return OK;
}
-void OriginBoundCertService::CancelRequest(RequestHandle req) {
+void ServerBoundCertService::CancelRequest(RequestHandle req) {
DCHECK(CalledOnValidThread());
- OriginBoundCertServiceRequest* request =
- reinterpret_cast<OriginBoundCertServiceRequest*>(req);
+ ServerBoundCertServiceRequest* request =
+ reinterpret_cast<ServerBoundCertServiceRequest*>(req);
request->Cancel();
}
-// HandleResult is called by OriginBoundCertServiceWorker on the origin message
-// loop. It deletes OriginBoundCertServiceJob.
-void OriginBoundCertService::HandleResult(const std::string& origin,
+// HandleResult is called by ServerBoundCertServiceWorker on the origin message
+// loop. It deletes ServerBoundCertServiceJob.
+void ServerBoundCertService::HandleResult(const std::string& server_identifier,
int error,
SSLClientCertType type,
base::Time creation_time,
@@ -480,24 +485,25 @@ void OriginBoundCertService::HandleResult(const std::string& origin,
const std::string& cert) {
DCHECK(CalledOnValidThread());
- origin_bound_cert_store_->SetOriginBoundCert(
- origin, type, creation_time, expiration_time, private_key, cert);
+ server_bound_cert_store_->SetServerBoundCert(
+ server_identifier, type, creation_time, expiration_time, private_key,
+ cert);
- std::map<std::string, OriginBoundCertServiceJob*>::iterator j;
- j = inflight_.find(origin);
+ std::map<std::string, ServerBoundCertServiceJob*>::iterator j;
+ j = inflight_.find(server_identifier);
if (j == inflight_.end()) {
NOTREACHED();
return;
}
- OriginBoundCertServiceJob* job = j->second;
+ ServerBoundCertServiceJob* job = j->second;
inflight_.erase(j);
job->HandleResult(error, type, private_key, cert);
delete job;
}
-int OriginBoundCertService::cert_count() {
- return origin_bound_cert_store_->GetCertCount();
+int ServerBoundCertService::cert_count() {
+ return server_bound_cert_store_->GetCertCount();
}
} // namespace net
diff --git a/net/base/origin_bound_cert_service.h b/net/base/origin_bound_cert_service.h
index d9096df..355379f 100644
--- a/net/base/origin_bound_cert_service.h
+++ b/net/base/origin_bound_cert_service.h
@@ -20,14 +20,14 @@
namespace net {
-class OriginBoundCertServiceJob;
-class OriginBoundCertServiceWorker;
-class OriginBoundCertStore;
+class ServerBoundCertServiceJob;
+class ServerBoundCertServiceWorker;
+class ServerBoundCertStore;
-// A class for creating and fetching origin bound certs.
+// A class for creating and fetching server bound certs.
// Inherits from NonThreadSafe in order to use the function
// |CalledOnValidThread|.
-class NET_EXPORT OriginBoundCertService
+class NET_EXPORT ServerBoundCertService
: NON_EXPORTED_BASE(public base::NonThreadSafe) {
public:
// Opaque type used to cancel a request.
@@ -38,18 +38,18 @@ class NET_EXPORT OriginBoundCertService
// being unable to import unencrypted PrivateKeyInfo for EC keys.)
static const char kEPKIPassword[];
- // This object owns origin_bound_cert_store.
- explicit OriginBoundCertService(
- OriginBoundCertStore* origin_bound_cert_store);
+ // This object owns server_bound_cert_store.
+ explicit ServerBoundCertService(
+ ServerBoundCertStore* server_bound_cert_store);
- ~OriginBoundCertService();
+ ~ServerBoundCertService();
// Returns the domain to be used for |host|. The domain is the
// "registry controlled domain", or the "ETLD + 1" where one exists, or
// the origin otherwise.
static std::string GetDomainForHost(const std::string& host);
- // Fetches the origin bound cert for the specified origin of the specified
+ // Fetches the domain bound cert for the specified origin of the specified
// type if one exists and creates one otherwise. Returns OK if successful or
// an error code upon failure.
//
@@ -67,7 +67,7 @@ class NET_EXPORT OriginBoundCertService
//
// |*out_req| will be filled with a handle to the async request. This handle
// is not valid after the request has completed.
- int GetOriginBoundCert(
+ int GetDomainBoundCert(
const std::string& origin,
const std::vector<uint8>& requested_types,
SSLClientCertType* type,
@@ -77,12 +77,12 @@ class NET_EXPORT OriginBoundCertService
RequestHandle* out_req);
// Cancels the specified request. |req| is the handle returned by
- // GetOriginBoundCert(). After a request is canceled, its completion
+ // GetDomainBoundCert(). After a request is canceled, its completion
// callback will not be called.
void CancelRequest(RequestHandle req);
- // Returns the backing OriginBoundCertStore.
- OriginBoundCertStore* GetCertStore();
+ // Returns the backing ServerBoundCertStore.
+ ServerBoundCertStore* GetCertStore();
// Public only for unit testing.
int cert_count();
@@ -91,7 +91,7 @@ class NET_EXPORT OriginBoundCertService
uint64 inflight_joins() const { return inflight_joins_; }
private:
- friend class OriginBoundCertServiceWorker; // Calls HandleResult.
+ friend class ServerBoundCertServiceWorker; // Calls HandleResult.
// On success, |private_key| stores a DER-encoded PrivateKeyInfo
// struct, |cert| stores a DER-encoded certificate, |creation_time| stores the
@@ -101,7 +101,7 @@ class NET_EXPORT OriginBoundCertService
// |serial_number| is passed in because it is created with the function
// base::RandInt, which opens the file /dev/urandom. /dev/urandom is opened
// with a LazyInstance, which is not allowed on a worker thread.
- static int GenerateCert(const std::string& origin,
+ static int GenerateCert(const std::string& server_identifier,
SSLClientCertType type,
uint32 serial_number,
base::Time* creation_time,
@@ -109,7 +109,7 @@ class NET_EXPORT OriginBoundCertService
std::string* private_key,
std::string* cert);
- void HandleResult(const std::string& origin,
+ void HandleResult(const std::string& server_identifier,
int error,
SSLClientCertType type,
base::Time creation_time,
@@ -117,17 +117,17 @@ class NET_EXPORT OriginBoundCertService
const std::string& private_key,
const std::string& cert);
- scoped_ptr<OriginBoundCertStore> origin_bound_cert_store_;
+ scoped_ptr<ServerBoundCertStore> server_bound_cert_store_;
- // inflight_ maps from an origin to an active generation which is taking
+ // inflight_ maps from a server to an active generation which is taking
// place.
- std::map<std::string, OriginBoundCertServiceJob*> inflight_;
+ std::map<std::string, ServerBoundCertServiceJob*> inflight_;
uint64 requests_;
uint64 cert_store_hits_;
uint64 inflight_joins_;
- DISALLOW_COPY_AND_ASSIGN(OriginBoundCertService);
+ DISALLOW_COPY_AND_ASSIGN(ServerBoundCertService);
};
} // namespace net
diff --git a/net/base/origin_bound_cert_service_unittest.cc b/net/base/origin_bound_cert_service_unittest.cc
index f658659..64dd010 100644
--- a/net/base/origin_bound_cert_service_unittest.cc
+++ b/net/base/origin_bound_cert_service_unittest.cc
@@ -25,43 +25,43 @@ void FailTest(int /* result */) {
FAIL();
}
-TEST(OriginBoundCertServiceTest, GetDomainForHost) {
+TEST(ServerBoundCertServiceTest, GetDomainForHost) {
EXPECT_EQ("google.com",
- OriginBoundCertService::GetDomainForHost("google.com"));
+ ServerBoundCertService::GetDomainForHost("google.com"));
EXPECT_EQ("google.com",
- OriginBoundCertService::GetDomainForHost("www.google.com"));
+ ServerBoundCertService::GetDomainForHost("www.google.com"));
// NOTE(rch): we would like to segregate cookies and certificates for
// *.appspot.com, but currently we can not do that becaues we want to
// allow direct navigation to appspot.com.
EXPECT_EQ("appspot.com",
- OriginBoundCertService::GetDomainForHost("foo.appspot.com"));
+ ServerBoundCertService::GetDomainForHost("foo.appspot.com"));
EXPECT_EQ("google.com",
- OriginBoundCertService::GetDomainForHost("www.mail.google.com"));
+ ServerBoundCertService::GetDomainForHost("www.mail.google.com"));
EXPECT_EQ("goto",
- OriginBoundCertService::GetDomainForHost("goto"));
+ ServerBoundCertService::GetDomainForHost("goto"));
EXPECT_EQ("127.0.0.1",
- OriginBoundCertService::GetDomainForHost("127.0.0.1"));
+ ServerBoundCertService::GetDomainForHost("127.0.0.1"));
}
// See http://crbug.com/91512 - implement OpenSSL version of CreateSelfSigned.
#if !defined(USE_OPENSSL)
-TEST(OriginBoundCertServiceTest, CacheHit) {
- scoped_ptr<OriginBoundCertService> service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+TEST(ServerBoundCertServiceTest, CacheHit) {
+ scoped_ptr<ServerBoundCertService> service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
std::string origin("https://encrypted.google.com:443");
int error;
std::vector<uint8> types;
types.push_back(CLIENT_CERT_ECDSA_SIGN);
TestCompletionCallback callback;
- OriginBoundCertService::RequestHandle request_handle;
+ ServerBoundCertService::RequestHandle request_handle;
// Asynchronous completion.
SSLClientCertType type1;
std::string private_key_info1, der_cert1;
EXPECT_EQ(0, service->cert_count());
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -76,7 +76,7 @@ TEST(OriginBoundCertServiceTest, CacheHit) {
// Synchronous completion.
SSLClientCertType type2;
std::string private_key_info2, der_cert2;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_TRUE(request_handle == NULL);
@@ -91,20 +91,20 @@ TEST(OriginBoundCertServiceTest, CacheHit) {
EXPECT_EQ(0u, service->inflight_joins());
}
-TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
- scoped_ptr<OriginBoundCertService> service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+TEST(ServerBoundCertServiceTest, UnsupportedTypes) {
+ scoped_ptr<ServerBoundCertService> service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
std::string origin("https://encrypted.google.com:443");
int error;
std::vector<uint8> types;
TestCompletionCallback callback;
- OriginBoundCertService::RequestHandle request_handle;
+ ServerBoundCertService::RequestHandle request_handle;
// Empty requested_types.
SSLClientCertType type1;
std::string private_key_info1, der_cert1;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_INVALID_ARGUMENT, error);
@@ -114,7 +114,7 @@ TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
types.push_back(CLIENT_CERT_RSA_SIGN);
types.push_back(2);
types.push_back(3);
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error);
@@ -124,7 +124,7 @@ TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
types.push_back(CLIENT_CERT_ECDSA_SIGN);
// Asynchronous completion.
EXPECT_EQ(0, service->cert_count());
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -142,7 +142,7 @@ TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
types.clear();
SSLClientCertType type2;
std::string private_key_info2, der_cert2;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_INVALID_ARGUMENT, error);
@@ -152,7 +152,7 @@ TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
types.push_back(CLIENT_CERT_RSA_SIGN);
types.push_back(2);
types.push_back(3);
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_CLIENT_AUTH_CERT_TYPE_UNSUPPORTED, error);
@@ -160,7 +160,7 @@ TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
// If we request EC, the cert we created before should still be there.
types.push_back(CLIENT_CERT_ECDSA_SIGN);
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_TRUE(request_handle == NULL);
@@ -171,20 +171,20 @@ TEST(OriginBoundCertServiceTest, UnsupportedTypes) {
EXPECT_EQ(der_cert1, der_cert2);
}
-TEST(OriginBoundCertServiceTest, StoreCerts) {
- scoped_ptr<OriginBoundCertService> service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+TEST(ServerBoundCertServiceTest, StoreCerts) {
+ scoped_ptr<ServerBoundCertService> service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
int error;
std::vector<uint8> types;
types.push_back(CLIENT_CERT_ECDSA_SIGN);
TestCompletionCallback callback;
- OriginBoundCertService::RequestHandle request_handle;
+ ServerBoundCertService::RequestHandle request_handle;
std::string origin1("https://encrypted.google.com:443");
SSLClientCertType type1;
std::string private_key_info1, der_cert1;
EXPECT_EQ(0, service->cert_count());
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin1, types, &type1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -196,7 +196,7 @@ TEST(OriginBoundCertServiceTest, StoreCerts) {
std::string origin2("https://www.verisign.com:443");
SSLClientCertType type2;
std::string private_key_info2, der_cert2;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin2, types, &type2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -208,7 +208,7 @@ TEST(OriginBoundCertServiceTest, StoreCerts) {
std::string origin3("https://www.twitter.com:443");
SSLClientCertType type3;
std::string private_key_info3, der_cert3;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin3, types, &type3, &private_key_info3, &der_cert3,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -229,9 +229,9 @@ TEST(OriginBoundCertServiceTest, StoreCerts) {
}
// Tests an inflight join.
-TEST(OriginBoundCertServiceTest, InflightJoin) {
- scoped_ptr<OriginBoundCertService> service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+TEST(ServerBoundCertServiceTest, InflightJoin) {
+ scoped_ptr<ServerBoundCertService> service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
std::string origin("https://encrypted.google.com:443");
int error;
std::vector<uint8> types;
@@ -240,14 +240,14 @@ TEST(OriginBoundCertServiceTest, InflightJoin) {
SSLClientCertType type1;
std::string private_key_info1, der_cert1;
TestCompletionCallback callback1;
- OriginBoundCertService::RequestHandle request_handle1;
+ ServerBoundCertService::RequestHandle request_handle1;
SSLClientCertType type2;
std::string private_key_info2, der_cert2;
TestCompletionCallback callback2;
- OriginBoundCertService::RequestHandle request_handle2;
+ ServerBoundCertService::RequestHandle request_handle2;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type1, &private_key_info1, &der_cert1,
callback1.callback(), &request_handle1);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -255,7 +255,7 @@ TEST(OriginBoundCertServiceTest, InflightJoin) {
// If we request RSA and EC in the 2nd request, should still join with the
// original request.
types.insert(types.begin(), CLIENT_CERT_RSA_SIGN);
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type2, &private_key_info2, &der_cert2,
callback2.callback(), &request_handle2);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -273,9 +273,9 @@ TEST(OriginBoundCertServiceTest, InflightJoin) {
EXPECT_EQ(1u, service->inflight_joins());
}
-TEST(OriginBoundCertServiceTest, ExtractValuesFromBytesEC) {
- scoped_ptr<OriginBoundCertService> service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+TEST(ServerBoundCertServiceTest, ExtractValuesFromBytesEC) {
+ scoped_ptr<ServerBoundCertService> service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
std::string origin("https://encrypted.google.com:443");
SSLClientCertType type;
std::string private_key_info, der_cert;
@@ -283,9 +283,9 @@ TEST(OriginBoundCertServiceTest, ExtractValuesFromBytesEC) {
std::vector<uint8> types;
types.push_back(CLIENT_CERT_ECDSA_SIGN);
TestCompletionCallback callback;
- OriginBoundCertService::RequestHandle request_handle;
+ ServerBoundCertService::RequestHandle request_handle;
- error = service->GetOriginBoundCert(
+ error = service->GetDomainBoundCert(
origin, types, &type, &private_key_info, &der_cert, callback.callback(),
&request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
@@ -303,7 +303,7 @@ TEST(OriginBoundCertServiceTest, ExtractValuesFromBytesEC) {
std::vector<uint8> key_vec(private_key_info.begin(), private_key_info.end());
scoped_ptr<crypto::ECPrivateKey> private_key(
crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
- OriginBoundCertService::kEPKIPassword, key_vec, spki));
+ ServerBoundCertService::kEPKIPassword, key_vec, spki));
EXPECT_TRUE(private_key != NULL);
// Check that we can retrieve the cert from the bytes.
@@ -313,18 +313,18 @@ TEST(OriginBoundCertServiceTest, ExtractValuesFromBytesEC) {
}
// Tests that the callback of a canceled request is never made.
-TEST(OriginBoundCertServiceTest, CancelRequest) {
- scoped_ptr<OriginBoundCertService> service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+TEST(ServerBoundCertServiceTest, CancelRequest) {
+ scoped_ptr<ServerBoundCertService> service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
std::string origin("https://encrypted.google.com:443");
SSLClientCertType type;
std::string private_key_info, der_cert;
int error;
std::vector<uint8> types;
types.push_back(CLIENT_CERT_ECDSA_SIGN);
- OriginBoundCertService::RequestHandle request_handle;
+ ServerBoundCertService::RequestHandle request_handle;
- error = service->GetOriginBoundCert(origin,
+ error = service->GetDomainBoundCert(origin,
types,
&type,
&private_key_info,
@@ -340,8 +340,8 @@ TEST(OriginBoundCertServiceTest, CancelRequest) {
// worker thread) is likely to complete by the end of this test.
TestCompletionCallback callback;
for (int i = 0; i < 5; ++i) {
- error = service->GetOriginBoundCert(
- "https://encrypted.google.com:" + std::string(1, (char) ('1' + i)),
+ error = service->GetDomainBoundCert(
+ "https://foo" + std::string(1, (char) ('1' + i)),
types,
&type,
&private_key_info,
@@ -358,34 +358,34 @@ TEST(OriginBoundCertServiceTest, CancelRequest) {
EXPECT_EQ(6, service->cert_count());
}
-TEST(OriginBoundCertServiceTest, Expiration) {
- OriginBoundCertStore* store = new DefaultOriginBoundCertStore(NULL);
+TEST(ServerBoundCertServiceTest, Expiration) {
+ ServerBoundCertStore* store = new DefaultServerBoundCertStore(NULL);
base::Time now = base::Time::Now();
- store->SetOriginBoundCert("https://good",
+ store->SetServerBoundCert("good",
CLIENT_CERT_ECDSA_SIGN,
now,
now + base::TimeDelta::FromDays(1),
"a",
"b");
- store->SetOriginBoundCert("https://expired",
+ store->SetServerBoundCert("expired",
CLIENT_CERT_ECDSA_SIGN,
now - base::TimeDelta::FromDays(2),
now - base::TimeDelta::FromDays(1),
"c",
"d");
- OriginBoundCertService service(store);
+ ServerBoundCertService service(store);
EXPECT_EQ(2, service.cert_count());
int error;
std::vector<uint8> types;
types.push_back(CLIENT_CERT_ECDSA_SIGN);
TestCompletionCallback callback;
- OriginBoundCertService::RequestHandle request_handle;
+ ServerBoundCertService::RequestHandle request_handle;
// Cert still valid - synchronous completion.
SSLClientCertType type1;
std::string private_key_info1, der_cert1;
- error = service.GetOriginBoundCert(
+ error = service.GetDomainBoundCert(
"https://good", types, &type1, &private_key_info1, &der_cert1,
callback.callback(), &request_handle);
EXPECT_EQ(OK, error);
@@ -398,7 +398,7 @@ TEST(OriginBoundCertServiceTest, Expiration) {
// Cert expired - New cert will be generated, asynchronous completion.
SSLClientCertType type2;
std::string private_key_info2, der_cert2;
- error = service.GetOriginBoundCert(
+ error = service.GetDomainBoundCert(
"https://expired", types, &type2, &private_key_info2, &der_cert2,
callback.callback(), &request_handle);
EXPECT_EQ(ERR_IO_PENDING, error);
diff --git a/net/base/origin_bound_cert_store.cc b/net/base/origin_bound_cert_store.cc
index af2acce..cd4264a 100644
--- a/net/base/origin_bound_cert_store.cc
+++ b/net/base/origin_bound_cert_store.cc
@@ -6,24 +6,24 @@
namespace net {
-OriginBoundCertStore::OriginBoundCert::OriginBoundCert()
+ServerBoundCertStore::ServerBoundCert::ServerBoundCert()
: type_(CLIENT_CERT_INVALID_TYPE) {
}
-OriginBoundCertStore::OriginBoundCert::OriginBoundCert(
- const std::string& origin,
+ServerBoundCertStore::ServerBoundCert::ServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType type,
base::Time creation_time,
base::Time expiration_time,
const std::string& private_key,
const std::string& cert)
- : origin_(origin),
+ : server_identifier_(server_identifier),
type_(type),
creation_time_(creation_time),
expiration_time_(expiration_time),
private_key_(private_key),
cert_(cert) {}
-OriginBoundCertStore::OriginBoundCert::~OriginBoundCert() {}
+ServerBoundCertStore::ServerBoundCert::~ServerBoundCert() {}
} // namespace net
diff --git a/net/base/origin_bound_cert_store.h b/net/base/origin_bound_cert_store.h
index 1101a01..2ae22c5 100644
--- a/net/base/origin_bound_cert_store.h
+++ b/net/base/origin_bound_cert_store.h
@@ -15,30 +15,30 @@
namespace net {
-// An interface for storing and retrieving origin bound certs. Origin bound
+// An interface for storing and retrieving server bound certs.
+// There isn't a domain bound certs spec yet, but the old origin bound
// certificates are specified in
-// http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-00.html.
+// http://balfanz.github.com/tls-obc-spec/draft-balfanz-tls-obc-01.html.
-// Owned only by a single OriginBoundCertService object, which is responsible
+// Owned only by a single ServerBoundCertService object, which is responsible
// for deleting it.
-
-class NET_EXPORT OriginBoundCertStore {
+class NET_EXPORT ServerBoundCertStore {
public:
- // The OriginBoundCert class contains a private key in addition to the origin
+ // The ServerBoundCert class contains a private key in addition to the server
// cert, and cert type.
- class NET_EXPORT OriginBoundCert {
+ class NET_EXPORT ServerBoundCert {
public:
- OriginBoundCert();
- OriginBoundCert(const std::string& origin,
+ ServerBoundCert();
+ ServerBoundCert(const std::string& server_identifier,
SSLClientCertType type,
base::Time creation_time,
base::Time expiration_time,
const std::string& private_key,
const std::string& cert);
- ~OriginBoundCert();
+ ~ServerBoundCert();
- // Origin, for instance "https://www.verisign.com:443"
- const std::string& origin() const { return origin_; }
+ // Server identifier. For domain bound certs, for instance "verisign.com".
+ const std::string& server_identifier() const { return server_identifier_; }
// TLS ClientCertificateType.
SSLClientCertType type() const { return type_; }
// The time the certificate was created, also the start of the certificate
@@ -54,7 +54,7 @@ class NET_EXPORT OriginBoundCertStore {
const std::string& cert() const { return cert_; }
private:
- std::string origin_;
+ std::string server_identifier_;
SSLClientCertType type_;
base::Time creation_time_;
base::Time expiration_time_;
@@ -62,7 +62,7 @@ class NET_EXPORT OriginBoundCertStore {
std::string cert_;
};
- virtual ~OriginBoundCertStore() {}
+ virtual ~ServerBoundCertStore() {}
// TODO(rkn): File I/O may be required, so this should have an asynchronous
// interface.
@@ -71,41 +71,41 @@ class NET_EXPORT OriginBoundCertStore {
// |type| is the ClientCertificateType of the returned certificate,
// |creation_time| stores the start of the validity period of the certificate
// and |expiration_time| is the expiration time of the certificate.
- // Returns false if no origin bound cert exists for the specified origin.
- virtual bool GetOriginBoundCert(
- const std::string& origin,
+ // Returns false if no server bound cert exists for the specified server.
+ virtual bool GetServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType* type,
base::Time* creation_time,
base::Time* expiration_time,
std::string* private_key_result,
std::string* cert_result) = 0;
- // Adds an origin bound cert and the corresponding private key to the store.
- virtual void SetOriginBoundCert(
- const std::string& origin,
+ // Adds a server bound cert and the corresponding private key to the store.
+ virtual void SetServerBoundCert(
+ const std::string& server_identifier,
SSLClientCertType type,
base::Time creation_time,
base::Time expiration_time,
const std::string& private_key,
const std::string& cert) = 0;
- // Removes an origin bound cert and the corresponding private key from the
+ // Removes a server bound cert and the corresponding private key from the
// store.
- virtual void DeleteOriginBoundCert(const std::string& origin) = 0;
+ virtual void DeleteServerBoundCert(const std::string& server_identifier) = 0;
- // Deletes all of the origin bound certs that have a creation_date greater
+ // Deletes all of the server bound certs that have a creation_date greater
// than or equal to |delete_begin| and less than |delete_end|. If a
// base::Time value is_null, that side of the comparison is unbounded.
virtual void DeleteAllCreatedBetween(base::Time delete_begin,
base::Time delete_end) = 0;
- // Removes all origin bound certs and the corresponding private keys from
+ // Removes all server bound certs and the corresponding private keys from
// the store.
virtual void DeleteAll() = 0;
- // Returns all origin bound certs and the corresponding private keys.
- virtual void GetAllOriginBoundCerts(
- std::vector<OriginBoundCert>* origin_bound_certs) = 0;
+ // Returns all server bound certs and the corresponding private keys.
+ virtual void GetAllServerBoundCerts(
+ std::vector<ServerBoundCert>* server_bound_certs) = 0;
// Returns the number of certs in the store.
// Public only for unit testing.
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc
index c46b73b..16720bd 100644
--- a/net/base/ssl_config_service.cc
+++ b/net/base/ssl_config_service.cc
@@ -22,7 +22,7 @@ SSLConfig::SSLConfig()
ssl3_enabled(true),
tls1_enabled(true),
cached_info_enabled(false),
- origin_bound_certs_enabled(false),
+ domain_bound_certs_enabled(false),
false_start_enabled(true),
send_client_cert(false),
verify_ev_cert(false),
@@ -131,8 +131,8 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
(orig_config.tls1_enabled != new_config.tls1_enabled) ||
(orig_config.disabled_cipher_suites !=
new_config.disabled_cipher_suites) ||
- (orig_config.origin_bound_certs_enabled !=
- new_config.origin_bound_certs_enabled) ||
+ (orig_config.domain_bound_certs_enabled !=
+ new_config.domain_bound_certs_enabled) ||
(orig_config.false_start_enabled !=
new_config.false_start_enabled);
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 0c5abc1..d44e6ea 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -70,7 +70,7 @@ struct NET_EXPORT SSLConfig {
std::vector<uint16> disabled_cipher_suites;
bool cached_info_enabled; // True if TLS cached info extension is enabled.
- bool origin_bound_certs_enabled; // True if TLS origin bound cert extension
+ bool domain_bound_certs_enabled; // True if TLS origin bound cert extension
// is enabled.
bool false_start_enabled; // True if we'll use TLS False Start.
diff --git a/net/base/x509_util.h b/net/base/x509_util.h
index 825ee02..4c07b25 100644
--- a/net/base/x509_util.h
+++ b/net/base/x509_util.h
@@ -19,19 +19,20 @@ namespace net {
namespace x509_util {
-// Creates an origin bound certificate containing the public key in |key|.
-// Web origin, serial number and validity period are given as
+// Creates a server bound certificate containing the public key in |key|.
+// Domain, serial number and validity period are given as
// parameters. The certificate is signed by the private key in |key|.
// The hashing algorithm for the signature is SHA-1.
//
// See Internet Draft draft-balfanz-tls-obc-00 for more details:
// http://tools.ietf.org/html/draft-balfanz-tls-obc-00
-bool NET_EXPORT_PRIVATE CreateOriginBoundCertEC(crypto::ECPrivateKey* key,
- const std::string& origin,
- uint32 serial_number,
- base::Time not_valid_before,
- base::Time not_valid_after,
- std::string* der_cert);
+bool NET_EXPORT_PRIVATE CreateDomainBoundCertEC(
+ crypto::ECPrivateKey* key,
+ const std::string& domain,
+ uint32 serial_number,
+ base::Time not_valid_before,
+ base::Time not_valid_after,
+ std::string* der_cert);
} // namespace x509_util
diff --git a/net/base/x509_util_nss.cc b/net/base/x509_util_nss.cc
index 141c0fa..b2afe68 100644
--- a/net/base/x509_util_nss.cc
+++ b/net/base/x509_util_nss.cc
@@ -24,31 +24,32 @@
namespace {
-class ObCertOIDWrapper {
+class DomainBoundCertOIDWrapper {
public:
- static ObCertOIDWrapper* GetInstance() {
+ static DomainBoundCertOIDWrapper* GetInstance() {
// Instantiated as a leaky singleton to allow the singleton to be
// constructed on a worker thead that is not joined when a process
// shuts down.
- return Singleton<ObCertOIDWrapper,
- LeakySingletonTraits<ObCertOIDWrapper> >::get();
+ return Singleton<DomainBoundCertOIDWrapper,
+ LeakySingletonTraits<DomainBoundCertOIDWrapper> >::get();
}
- SECOidTag ob_cert_oid_tag() const {
- return ob_cert_oid_tag_;
+ SECOidTag domain_bound_cert_oid_tag() const {
+ return domain_bound_cert_oid_tag_;
}
private:
- friend struct DefaultSingletonTraits<ObCertOIDWrapper>;
+ friend struct DefaultSingletonTraits<DomainBoundCertOIDWrapper>;
- ObCertOIDWrapper();
+ DomainBoundCertOIDWrapper();
- SECOidTag ob_cert_oid_tag_;
+ SECOidTag domain_bound_cert_oid_tag_;
- DISALLOW_COPY_AND_ASSIGN(ObCertOIDWrapper);
+ DISALLOW_COPY_AND_ASSIGN(DomainBoundCertOIDWrapper);
};
-ObCertOIDWrapper::ObCertOIDWrapper(): ob_cert_oid_tag_(SEC_OID_UNKNOWN) {
+DomainBoundCertOIDWrapper::DomainBoundCertOIDWrapper()
+ : domain_bound_cert_oid_tag_(SEC_OID_UNKNOWN) {
// 1.3.6.1.4.1.11129.2.1.6
// (iso.org.dod.internet.private.enterprises.google.googleSecurity.
// certificateExtensions.originBoundCertificate)
@@ -63,8 +64,8 @@ ObCertOIDWrapper::ObCertOIDWrapper(): ob_cert_oid_tag_(SEC_OID_UNKNOWN) {
oid_data.desc = "Origin Bound Certificate";
oid_data.mechanism = CKM_INVALID_MECHANISM;
oid_data.supportedExtension = SUPPORTED_CERT_EXTENSION;
- ob_cert_oid_tag_ = SECOID_AddEntry(&oid_data);
- if (ob_cert_oid_tag_ == SEC_OID_UNKNOWN)
+ domain_bound_cert_oid_tag_ = SECOID_AddEntry(&oid_data);
+ if (domain_bound_cert_oid_tag_ == SEC_OID_UNKNOWN)
LOG(ERROR) << "OB_CERT OID tag creation failed";
}
@@ -169,10 +170,10 @@ bool SignCertificate(
return true;
}
-bool CreateOriginBoundCertInternal(
+bool CreateDomainBoundCertInternal(
SECKEYPublicKey* public_key,
SECKEYPrivateKey* private_key,
- const std::string& origin,
+ const std::string& domain,
uint32 serial_number,
base::Time not_valid_before,
base::Time not_valid_after,
@@ -196,28 +197,29 @@ bool CreateOriginBoundCertInternal(
}
// Create SECItem for IA5String encoding.
- SECItem origin_string_item = {
+ SECItem domain_string_item = {
siAsciiString,
- (unsigned char*)origin.data(),
- origin.size()
+ (unsigned char*)domain.data(),
+ domain.size()
};
// IA5Encode and arena allocate SECItem
- SECItem* asn1_origin_string = SEC_ASN1EncodeItem(
- cert->arena, NULL, &origin_string_item,
+ SECItem* asn1_domain_string = SEC_ASN1EncodeItem(
+ cert->arena, NULL, &domain_string_item,
SEC_ASN1_GET(SEC_IA5StringTemplate));
- if (asn1_origin_string == NULL) {
- LOG(ERROR) << "Unable to get ASN1 encoding for origin in ob_cert extension";
+ if (asn1_domain_string == NULL) {
+ LOG(ERROR) << "Unable to get ASN1 encoding for domain in domain_bound_cert"
+ " extension";
CERT_DestroyCertificate(cert);
return false;
}
// Add the extension to the opaque handle
- if (CERT_AddExtension(cert_handle,
- ObCertOIDWrapper::GetInstance()->ob_cert_oid_tag(),
- asn1_origin_string,
- PR_TRUE, PR_TRUE) != SECSuccess){
- LOG(ERROR) << "Unable to add origin bound cert extension to opaque handle";
+ if (CERT_AddExtension(
+ cert_handle,
+ DomainBoundCertOIDWrapper::GetInstance()->domain_bound_cert_oid_tag(),
+ asn1_domain_string, PR_TRUE, PR_TRUE) != SECSuccess){
+ LOG(ERROR) << "Unable to add domain bound cert extension to opaque handle";
CERT_DestroyCertificate(cert);
return false;
}
@@ -272,17 +274,17 @@ CERTCertificate* CreateSelfSignedCert(
return cert;
}
-bool CreateOriginBoundCertEC(
+bool CreateDomainBoundCertEC(
crypto::ECPrivateKey* key,
- const std::string& origin,
+ const std::string& domain,
uint32 serial_number,
base::Time not_valid_before,
base::Time not_valid_after,
std::string* der_cert) {
DCHECK(key);
- return CreateOriginBoundCertInternal(key->public_key(),
+ return CreateDomainBoundCertInternal(key->public_key(),
key->key(),
- origin,
+ domain,
serial_number,
not_valid_before,
not_valid_after,
diff --git a/net/base/x509_util_nss_unittest.cc b/net/base/x509_util_nss_unittest.cc
index 97eb5b4..be719d7 100644
--- a/net/base/x509_util_nss_unittest.cc
+++ b/net/base/x509_util_nss_unittest.cc
@@ -74,7 +74,7 @@ void VerifyCertificateSignature(const std::string& der_cert,
EXPECT_TRUE(ok);
}
-void VerifyOriginBoundCert(const std::string& origin,
+void VerifyDomainBoundCert(const std::string& domain,
const std::string& der_cert) {
// Origin Bound Cert OID.
static const char oid_string[] = "1.3.6.1.4.1.11129.2.1.6";
@@ -82,8 +82,8 @@ void VerifyOriginBoundCert(const std::string& origin,
// Create object neccessary for extension lookup call.
SECItem extension_object = {
siAsciiString,
- (unsigned char*)origin.data(),
- origin.size()
+ (unsigned char*)domain.data(),
+ domain.size()
};
// IA5Encode and arena allocate SECItem.
@@ -139,24 +139,24 @@ void VerifyOriginBoundCert(const std::string& origin,
} // namespace
-// This test creates an origin-bound cert from an EC private key and
+// This test creates a domain-bound cert from an EC private key and
// then verifies the content of the certificate.
-TEST(X509UtilNSSTest, CreateOriginBoundCertEC) {
+TEST(X509UtilNSSTest, CreateDomainBoundCertEC) {
// Create a sample ASCII weborigin.
- std::string origin = "http://weborigin.com:443";
+ std::string domain = "weborigin.com";
base::Time now = base::Time::Now();
scoped_ptr<crypto::ECPrivateKey> private_key(
crypto::ECPrivateKey::Create());
std::string der_cert;
- ASSERT_TRUE(x509_util::CreateOriginBoundCertEC(
+ ASSERT_TRUE(x509_util::CreateDomainBoundCertEC(
private_key.get(),
- origin, 1,
+ domain, 1,
now,
now + base::TimeDelta::FromDays(1),
&der_cert));
- VerifyOriginBoundCert(origin, der_cert);
+ VerifyDomainBoundCert(domain, der_cert);
#if !defined(OS_WIN) && !defined(OS_MACOSX)
// signature_verifier_win and signature_verifier_mac can't handle EC certs.
diff --git a/net/base/x509_util_openssl.cc b/net/base/x509_util_openssl.cc
index 8bebfe0..b240644 100644
--- a/net/base/x509_util_openssl.cc
+++ b/net/base/x509_util_openssl.cc
@@ -15,9 +15,9 @@ namespace net {
namespace x509_util {
-bool CreateOriginBoundCertEC(
+bool CreateDomainBoundCertEC(
crypto::ECPrivateKey* key,
- const std::string& origin,
+ const std::string& domain,
uint32 serial_number,
base::Time not_valid_before,
base::Time not_valid_after,
diff --git a/net/base/x509_util_openssl_unittest.cc b/net/base/x509_util_openssl_unittest.cc
index 599d0e4..2067505 100644
--- a/net/base/x509_util_openssl_unittest.cc
+++ b/net/base/x509_util_openssl_unittest.cc
@@ -10,18 +10,18 @@
namespace net {
-// For OpenSSL, x509_util::CreateOriginBoundCertEC() is not yet implemented
+// For OpenSSL, x509_util::CreateDomainBoundCertEC() is not yet implemented
// and should return false. This unit test ensures that a stub implementation
// is present.
-TEST(X509UtilOpenSSLTest, CreateOriginBoundCertNotImplemented) {
- std::string origin = "http://weborigin.com:443";
+TEST(X509UtilOpenSSLTest, CreateDomainBoundCertNotImplemented) {
+ std::string domain = "weborigin.com";
base::Time now = base::Time::Now();
scoped_ptr<crypto::ECPrivateKey> private_key(
crypto::ECPrivateKey::Create());
std::string der_cert;
- EXPECT_FALSE(x509_util::CreateOriginBoundCertEC(
+ EXPECT_FALSE(x509_util::CreateDomainBoundCertEC(
private_key.get(),
- origin, 1,
+ domain, 1,
now,
now + base::TimeDelta::FromDays(1),
&der_cert));
diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc
index 41e5436..28e8529 100644
--- a/net/http/http_cache.cc
+++ b/net/http/http_cache.cc
@@ -45,7 +45,7 @@ namespace {
HttpNetworkSession* CreateNetworkSession(
HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
ProxyService* proxy_service,
SSLHostInfoFactory* ssl_host_info_factory,
@@ -58,7 +58,7 @@ HttpNetworkSession* CreateNetworkSession(
HttpNetworkSession::Params params;
params.host_resolver = host_resolver;
params.cert_verifier = cert_verifier;
- params.origin_bound_cert_service = origin_bound_cert_service;
+ params.server_bound_cert_service = server_bound_cert_service;
params.transport_security_state = transport_security_state;
params.proxy_service = proxy_service;
params.ssl_host_info_factory = ssl_host_info_factory;
@@ -298,7 +298,7 @@ class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory {
//-----------------------------------------------------------------------------
HttpCache::HttpCache(HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
ProxyService* proxy_service,
const std::string& ssl_session_cache_shard,
@@ -320,7 +320,7 @@ HttpCache::HttpCache(HostResolver* host_resolver,
CreateNetworkSession(
host_resolver,
cert_verifier,
- origin_bound_cert_service,
+ server_bound_cert_service,
transport_security_state,
proxy_service,
ssl_host_info_factory_.get(),
diff --git a/net/http/http_cache.h b/net/http/http_cache.h
index d1e7ad8..fa44f9468 100644
--- a/net/http/http_cache.h
+++ b/net/http/http_cache.h
@@ -51,7 +51,7 @@ class HttpServerProperties;
class IOBuffer;
class NetLog;
class NetworkDelegate;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyService;
class SSLConfigService;
class TransportSecurityState;
@@ -121,7 +121,7 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory,
// The HttpCache takes ownership of the |backend_factory|.
HttpCache(HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
ProxyService* proxy_service,
const std::string& ssl_session_cache_shard,
diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc
index 6cacaf3..e10c12f 100644
--- a/net/http/http_network_session.cc
+++ b/net/http/http_network_session.cc
@@ -33,7 +33,7 @@ net::ClientSocketPoolManager* CreateSocketPoolManager(
net::ClientSocketFactory::GetDefaultFactory(),
params.host_resolver,
params.cert_verifier,
- params.origin_bound_cert_service,
+ params.server_bound_cert_service,
params.transport_security_state,
params.ssl_host_info_factory,
params.ssl_session_cache_shard,
diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h
index 9d8c2ec..1da8c21 100644
--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -35,7 +35,7 @@ class HttpResponseBodyDrainer;
class HttpServerProperties;
class NetLog;
class NetworkDelegate;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyService;
class SOCKSClientSocketPool;
class SSLClientSocketPool;
@@ -54,7 +54,7 @@ class NET_EXPORT HttpNetworkSession
: client_socket_factory(NULL),
host_resolver(NULL),
cert_verifier(NULL),
- origin_bound_cert_service(NULL),
+ server_bound_cert_service(NULL),
transport_security_state(NULL),
proxy_service(NULL),
ssl_host_info_factory(NULL),
@@ -68,7 +68,7 @@ class NET_EXPORT HttpNetworkSession
ClientSocketFactory* client_socket_factory;
HostResolver* host_resolver;
CertVerifier* cert_verifier;
- OriginBoundCertService* origin_bound_cert_service;
+ ServerBoundCertService* server_bound_cert_service;
TransportSecurityState* transport_security_state;
ProxyService* proxy_service;
SSLHostInfoFactory* ssl_host_info_factory;
diff --git a/net/http/http_proxy_client_socket_pool_spdy21_unittest.cc b/net/http/http_proxy_client_socket_pool_spdy21_unittest.cc
index 1569627..25f8c64 100644
--- a/net/http/http_proxy_client_socket_pool_spdy21_unittest.cc
+++ b/net/http/http_proxy_client_socket_pool_spdy21_unittest.cc
@@ -69,7 +69,7 @@ class HttpProxyClientSocketPoolSpdy21Test : public TestWithHttpParam {
&ssl_histograms_,
&host_resolver_,
&cert_verifier_,
- NULL /* origin_bound_cert_store */,
+ NULL /* server_bound_cert_store */,
NULL /* transport_security_state */,
NULL /* ssl_host_info_factory */,
"" /* ssl_session_cache_shard */,
diff --git a/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc b/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc
index b1bbe6d..f54e7d2 100644
--- a/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc
+++ b/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc
@@ -69,7 +69,7 @@ class HttpProxyClientSocketPoolSpdy2Test : public TestWithHttpParam {
&ssl_histograms_,
&host_resolver_,
&cert_verifier_,
- NULL /* origin_bound_cert_store */,
+ NULL /* server_bound_cert_store */,
NULL /* transport_security_state */,
NULL /* ssl_host_info_factory */,
"" /* ssl_session_cache_shard */,
diff --git a/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc b/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc
index c5c3b1a..0bc603e 100644
--- a/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc
+++ b/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc
@@ -69,7 +69,7 @@ class HttpProxyClientSocketPoolSpdy3Test : public TestWithHttpParam {
&ssl_histograms_,
&host_resolver_,
&cert_verifier_,
- NULL /* origin_bound_cert_store */,
+ NULL /* server_bound_cert_store */,
NULL /* transport_security_state */,
NULL /* ssl_host_info_factory */,
"" /* ssl_session_cache_shard */,
diff --git a/net/socket/client_socket_pool_manager_impl.cc b/net/socket/client_socket_pool_manager_impl.cc
index 19e0442..ccd3965 100644
--- a/net/socket/client_socket_pool_manager_impl.cc
+++ b/net/socket/client_socket_pool_manager_impl.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -37,7 +37,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
SSLHostInfoFactory* ssl_host_info_factory,
const std::string& ssl_session_cache_shard,
@@ -47,7 +47,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
socket_factory_(socket_factory),
host_resolver_(host_resolver),
cert_verifier_(cert_verifier),
- origin_bound_cert_service_(origin_bound_cert_service),
+ server_bound_cert_service_(server_bound_cert_service),
transport_security_state_(transport_security_state),
ssl_host_info_factory_(ssl_host_info_factory),
ssl_session_cache_shard_(ssl_session_cache_shard),
@@ -66,7 +66,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl(
&ssl_pool_histograms_,
host_resolver,
cert_verifier,
- origin_bound_cert_service,
+ server_bound_cert_service,
transport_security_state,
ssl_host_info_factory,
ssl_session_cache_shard,
@@ -286,7 +286,7 @@ ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy(
&ssl_for_https_proxy_pool_histograms_,
host_resolver_,
cert_verifier_,
- origin_bound_cert_service_,
+ server_bound_cert_service_,
transport_security_state_,
ssl_host_info_factory_,
ssl_session_cache_shard_,
@@ -325,7 +325,7 @@ SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy(
&ssl_pool_histograms_,
host_resolver_,
cert_verifier_,
- origin_bound_cert_service_,
+ server_bound_cert_service_,
transport_security_state_,
ssl_host_info_factory_,
ssl_session_cache_shard_,
diff --git a/net/socket/client_socket_pool_manager_impl.h b/net/socket/client_socket_pool_manager_impl.h
index 96caa31..2559aad 100644
--- a/net/socket/client_socket_pool_manager_impl.h
+++ b/net/socket/client_socket_pool_manager_impl.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -26,7 +26,7 @@ class ClientSocketPoolHistograms;
class HttpProxyClientSocketPool;
class HostResolver;
class NetLog;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyService;
class SOCKSClientSocketPool;
class SSLClientSocketPool;
@@ -61,7 +61,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
SSLHostInfoFactory* ssl_host_info_factory,
const std::string& ssl_session_cache_shard,
@@ -107,7 +107,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe,
ClientSocketFactory* const socket_factory_;
HostResolver* const host_resolver_;
CertVerifier* const cert_verifier_;
- OriginBoundCertService* const origin_bound_cert_service_;
+ ServerBoundCertService* const server_bound_cert_service_;
TransportSecurityState* const transport_security_state_;
SSLHostInfoFactory* const ssl_host_info_factory_;
const std::string ssl_session_cache_shard_;
diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc
index ef5b0db..f5236ab 100644
--- a/net/socket/socket_test_util.cc
+++ b/net/socket/socket_test_util.cc
@@ -242,7 +242,7 @@ SSLSocketDataProvider::SSLSocketDataProvider(IoMode mode, int result)
protocol_negotiated(SSLClientSocket::kProtoUnknown),
client_cert_sent(false),
cert_request_info(NULL),
- origin_bound_cert_type(CLIENT_CERT_INVALID_TYPE) {
+ domain_bound_cert_type(CLIENT_CERT_INVALID_TYPE) {
}
SSLSocketDataProvider::~SSLSocketDataProvider() {
@@ -696,7 +696,7 @@ int MockClientSocket::ExportKeyingMaterial(const base::StringPiece& label,
return OK;
}
-OriginBoundCertService* MockClientSocket::GetOriginBoundCertService() const {
+ServerBoundCertService* MockClientSocket::GetServerBoundCertService() const {
NOTREACHED();
return NULL;
}
@@ -1132,7 +1132,7 @@ base::TimeDelta MockSSLClientSocket::GetConnectTimeMicros() const {
void MockSSLClientSocket::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->Reset();
ssl_info->cert = data_->cert;
- ssl_info->client_cert_sent = WasOriginBoundCertSent() ||
+ ssl_info->client_cert_sent = WasDomainBoundCertSent() ||
data_->client_cert_sent;
}
@@ -1178,21 +1178,21 @@ void MockSSLClientSocket::set_protocol_negotiated(
protocol_negotiated_ = protocol_negotiated;
}
-bool MockSSLClientSocket::WasOriginBoundCertSent() const {
- return data_->origin_bound_cert_type != CLIENT_CERT_INVALID_TYPE;
+bool MockSSLClientSocket::WasDomainBoundCertSent() const {
+ return data_->domain_bound_cert_type != CLIENT_CERT_INVALID_TYPE;
}
-SSLClientCertType MockSSLClientSocket::origin_bound_cert_type() const {
- return data_->origin_bound_cert_type;
+SSLClientCertType MockSSLClientSocket::domain_bound_cert_type() const {
+ return data_->domain_bound_cert_type;
}
-SSLClientCertType MockSSLClientSocket::set_origin_bound_cert_type(
+SSLClientCertType MockSSLClientSocket::set_domain_bound_cert_type(
SSLClientCertType type) {
- return data_->origin_bound_cert_type = type;
+ return data_->domain_bound_cert_type = type;
}
-OriginBoundCertService* MockSSLClientSocket::GetOriginBoundCertService() const {
- return data_->origin_bound_cert_service;
+ServerBoundCertService* MockSSLClientSocket::GetServerBoundCertService() const {
+ return data_->server_bound_cert_service;
}
void MockSSLClientSocket::OnReadComplete(const MockRead& data) {
diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h
index ecd671c..f678614 100644
--- a/net/socket/socket_test_util.h
+++ b/net/socket/socket_test_util.h
@@ -48,7 +48,7 @@ enum {
class AsyncSocket;
class MockClientSocket;
-class OriginBoundCertService;
+class ServerBoundCertService;
class SSLClientSocket;
class SSLHostInfo;
class StreamSocket;
@@ -280,8 +280,8 @@ struct SSLSocketDataProvider {
bool client_cert_sent;
SSLCertRequestInfo* cert_request_info;
scoped_refptr<X509Certificate> cert;
- SSLClientCertType origin_bound_cert_type;
- OriginBoundCertService* origin_bound_cert_service;
+ SSLClientCertType domain_bound_cert_type;
+ ServerBoundCertService* server_bound_cert_service;
};
// A DataProvider where the client must write a request before the reads (e.g.
@@ -602,7 +602,7 @@ class MockClientSocket : public SSLClientSocket {
unsigned int outlen) OVERRIDE;
virtual NextProtoStatus GetNextProto(std::string* proto,
std::string* server_protos) OVERRIDE;
- virtual OriginBoundCertService* GetOriginBoundCertService() const OVERRIDE;
+ virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
protected:
virtual ~MockClientSocket();
@@ -757,11 +757,11 @@ class MockSSLClientSocket : public MockClientSocket, public AsyncSocket {
// This MockSocket does not implement the manual async IO feature.
virtual void OnReadComplete(const MockRead& data) OVERRIDE;
- virtual bool WasOriginBoundCertSent() const OVERRIDE;
- virtual SSLClientCertType origin_bound_cert_type() const OVERRIDE;
- virtual SSLClientCertType set_origin_bound_cert_type(
+ virtual bool WasDomainBoundCertSent() const OVERRIDE;
+ virtual SSLClientCertType domain_bound_cert_type() const OVERRIDE;
+ virtual SSLClientCertType set_domain_bound_cert_type(
SSLClientCertType type) OVERRIDE;
- virtual OriginBoundCertService* GetOriginBoundCertService() const OVERRIDE;
+ virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
private:
static void ConnectCallback(MockSSLClientSocket *ssl_client_socket,
diff --git a/net/socket/ssl_client_socket.cc b/net/socket/ssl_client_socket.cc
index ecee79b..10873ae 100644
--- a/net/socket/ssl_client_socket.cc
+++ b/net/socket/ssl_client_socket.cc
@@ -12,7 +12,7 @@ SSLClientSocket::SSLClientSocket()
: was_npn_negotiated_(false),
was_spdy_negotiated_(false),
protocol_negotiated_(kProtoUnknown),
- origin_bound_cert_type_(CLIENT_CERT_INVALID_TYPE) {
+ domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE) {
}
SSLClientSocket::NextProto SSLClientSocket::NextProtoFromString(
@@ -124,17 +124,17 @@ void SSLClientSocket::set_protocol_negotiated(
protocol_negotiated_ = protocol_negotiated;
}
-bool SSLClientSocket::WasOriginBoundCertSent() const {
- return origin_bound_cert_type_ != CLIENT_CERT_INVALID_TYPE;
+bool SSLClientSocket::WasDomainBoundCertSent() const {
+ return domain_bound_cert_type_ != CLIENT_CERT_INVALID_TYPE;
}
-SSLClientCertType SSLClientSocket::origin_bound_cert_type() const {
- return origin_bound_cert_type_;
+SSLClientCertType SSLClientSocket::domain_bound_cert_type() const {
+ return domain_bound_cert_type_;
}
-SSLClientCertType SSLClientSocket::set_origin_bound_cert_type(
+SSLClientCertType SSLClientSocket::set_domain_bound_cert_type(
SSLClientCertType type) {
- return origin_bound_cert_type_ = type;
+ return domain_bound_cert_type_ = type;
}
} // namespace net
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index bafe1d4..6b86900 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -18,7 +18,7 @@
namespace net {
class CertVerifier;
-class OriginBoundCertService;
+class ServerBoundCertService;
class SSLCertRequestInfo;
class SSLHostInfo;
class SSLHostInfoFactory;
@@ -30,23 +30,23 @@ class TransportSecurityState;
struct SSLClientSocketContext {
SSLClientSocketContext()
: cert_verifier(NULL),
- origin_bound_cert_service(NULL),
+ server_bound_cert_service(NULL),
transport_security_state(NULL),
ssl_host_info_factory(NULL) {}
SSLClientSocketContext(CertVerifier* cert_verifier_arg,
- OriginBoundCertService* origin_bound_cert_service_arg,
+ ServerBoundCertService* server_bound_cert_service_arg,
TransportSecurityState* transport_security_state_arg,
SSLHostInfoFactory* ssl_host_info_factory_arg,
const std::string& ssl_session_cache_shard_arg)
: cert_verifier(cert_verifier_arg),
- origin_bound_cert_service(origin_bound_cert_service_arg),
+ server_bound_cert_service(server_bound_cert_service_arg),
transport_security_state(transport_security_state_arg),
ssl_host_info_factory(ssl_host_info_factory_arg),
ssl_session_cache_shard(ssl_session_cache_shard_arg) {}
CertVerifier* cert_verifier;
- OriginBoundCertService* origin_bound_cert_service;
+ ServerBoundCertService* server_bound_cert_service;
TransportSecurityState* transport_security_state;
SSLHostInfoFactory* ssl_host_info_factory;
// ssl_session_cache_shard is an opaque string that identifies a shard of the
@@ -142,21 +142,21 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
virtual void set_protocol_negotiated(
SSLClientSocket::NextProto protocol_negotiated);
- // Returns the OriginBoundCertService used by this socket, or NULL if
- // origin bound certificates are not supported.
- virtual OriginBoundCertService* GetOriginBoundCertService() const = 0;
+ // Returns the ServerBoundCertService used by this socket, or NULL if
+ // server bound certificates are not supported.
+ virtual ServerBoundCertService* GetServerBoundCertService() const = 0;
- // Returns true if an origin bound certificate was sent on this connection.
+ // Returns true if a domain bound certificate was sent on this connection.
// This may be useful for protocols, like SPDY, which allow the same
- // connection to be shared between multiple origins, each of which need
- // an origin bound certificate.
- virtual bool WasOriginBoundCertSent() const;
+ // connection to be shared between multiple domains, each of which need
+ // a domain bound certificate.
+ virtual bool WasDomainBoundCertSent() const;
- // Returns the type of the origin bound cert that was sent, or
+ // Returns the type of the domain bound cert that was sent, or
// CLIENT_CERT_INVALID_TYPE if none was sent.
- virtual SSLClientCertType origin_bound_cert_type() const;
+ virtual SSLClientCertType domain_bound_cert_type() const;
- virtual SSLClientCertType set_origin_bound_cert_type(SSLClientCertType type);
+ virtual SSLClientCertType set_domain_bound_cert_type(SSLClientCertType type);
private:
// True if NPN was responded to, independent of selecting SPDY or HTTP.
@@ -165,9 +165,9 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
bool was_spdy_negotiated_;
// Protocol that we negotiated with the server.
SSLClientSocket::NextProto protocol_negotiated_;
- // Type of the origin bound cert that was sent, or CLIENT_CERT_INVALID_TYPE
+ // Type of the domain bound cert that was sent, or CLIENT_CERT_INVALID_TYPE
// if none was sent.
- SSLClientCertType origin_bound_cert_type_;
+ SSLClientCertType domain_bound_cert_type_;
};
} // namespace net
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index a89d689..7bb1dcd 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -724,7 +724,7 @@ void SSLClientSocketMac::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
ssl_info->is_issued_by_known_root =
server_cert_verify_result_.is_issued_by_known_root;
- ssl_info->client_cert_sent = WasOriginBoundCertSent() ||
+ ssl_info->client_cert_sent = WasDomainBoundCertSent() ||
(ssl_config_.send_client_cert && ssl_config_.client_cert);
// security info
@@ -793,7 +793,7 @@ SSLClientSocketMac::GetNextProto(std::string* proto,
return kNextProtoUnsupported;
}
-OriginBoundCertService* SSLClientSocketMac::GetOriginBoundCertService() const {
+ServerBoundCertService* SSLClientSocketMac::GetServerBoundCertService() const {
return NULL;
}
diff --git a/net/socket/ssl_client_socket_mac.h b/net/socket/ssl_client_socket_mac.h
index ec2b51a..4559dd7 100644
--- a/net/socket/ssl_client_socket_mac.h
+++ b/net/socket/ssl_client_socket_mac.h
@@ -51,7 +51,7 @@ class SSLClientSocketMac : public SSLClientSocket {
unsigned int outlen) OVERRIDE;
virtual NextProtoStatus GetNextProto(std::string* proto,
std::string* server_protos) OVERRIDE;
- virtual OriginBoundCertService* GetOriginBoundCertService() const OVERRIDE;
+ virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
// StreamSocket implementation.
virtual int Connect(const CompletionCallback& callback) OVERRIDE;
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 2b9c73d..0d712e3 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -447,10 +447,10 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
ssl_connection_status_(0),
client_auth_cert_needed_(false),
cert_verifier_(context.cert_verifier),
- ob_cert_xtn_negotiated_(false),
- origin_bound_cert_service_(context.origin_bound_cert_service),
- ob_cert_type_(CLIENT_CERT_INVALID_TYPE),
- ob_cert_request_handle_(NULL),
+ domain_bound_cert_xtn_negotiated_(false),
+ server_bound_cert_service_(context.server_bound_cert_service),
+ domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE),
+ domain_bound_cert_request_handle_(NULL),
handshake_callback_called_(false),
completed_handshake_(false),
ssl_session_cache_shard_(context.ssl_session_cache_shard),
@@ -500,7 +500,7 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
}
ssl_info->is_issued_by_known_root =
server_cert_verify_result_->is_issued_by_known_root;
- ssl_info->client_cert_sent = WasOriginBoundCertSent() ||
+ ssl_info->client_cert_sent = WasDomainBoundCertSent() ||
(ssl_config_.send_client_cert && ssl_config_.client_cert);
PRUint16 cipher_suite =
@@ -622,9 +622,10 @@ void SSLClientSocketNSS::Disconnect() {
verifier_.reset();
transport_->socket()->Disconnect();
- if (ob_cert_request_handle_ != NULL) {
- origin_bound_cert_service_->CancelRequest(ob_cert_request_handle_);
- ob_cert_request_handle_ = NULL;
+ if (domain_bound_cert_request_handle_ != NULL) {
+ server_bound_cert_service_->CancelRequest(
+ domain_bound_cert_request_handle_);
+ domain_bound_cert_request_handle_ = NULL;
}
// TODO(wtc): Send SSL close_notify alert.
@@ -658,7 +659,7 @@ void SSLClientSocketNSS::Disconnect() {
nss_bufs_ = NULL;
client_certs_.clear();
client_auth_cert_needed_ = false;
- ob_cert_xtn_negotiated_ = false;
+ domain_bound_cert_xtn_negotiated_ = false;
LeaveFunction("");
}
@@ -971,16 +972,16 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
#ifdef SSL_ENABLE_OB_CERTS
rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OB_CERTS,
- ssl_config_.origin_bound_certs_enabled);
+ ssl_config_.domain_bound_certs_enabled);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OB_CERTS");
#endif
#ifdef SSL_ENCRYPT_CLIENT_CERTS
// For now, enable the encrypted client certificates extension only if
- // origin-bound certificates are enabled.
+ // server-bound certificates are enabled.
rv = SSL_OptionSet(nss_fd_, SSL_ENCRYPT_CLIENT_CERTS,
- ssl_config_.origin_bound_certs_enabled);
+ ssl_config_.domain_bound_certs_enabled);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENCRYPT_CLIENT_CERTS");
#endif
@@ -1282,8 +1283,8 @@ int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
case STATE_HANDSHAKE:
rv = DoHandshake();
break;
- case STATE_GET_OB_CERT_COMPLETE:
- rv = DoGetOBCertComplete(rv);
+ case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE:
+ rv = DoGetDBCertComplete(rv);
break;
case STATE_VERIFY_DNSSEC:
rv = DoVerifyDNSSEC(rv);
@@ -1430,14 +1431,14 @@ int SSLClientSocketNSS::DoHandshake() {
int net_error = net::OK;
SECStatus rv = SSL_ForceHandshake(nss_fd_);
- // TODO(rkn): Handle the case in which origin-bound cert generation takes
+ // TODO(rkn): Handle the case in which server-bound cert generation takes
// too long and the server has closed the connection. Report some new error
// code so that the higher level code will attempt to delete the socket and
// redo the handshake.
if (client_auth_cert_needed_) {
- if (ob_cert_xtn_negotiated_) {
- GotoState(STATE_GET_OB_CERT_COMPLETE);
+ if (domain_bound_cert_xtn_negotiated_) {
+ GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE);
net_error = ERR_IO_PENDING;
} else {
net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
@@ -1552,12 +1553,12 @@ int SSLClientSocketNSS::DoHandshake() {
return net_error;
}
-int SSLClientSocketNSS::ImportOBCertAndKey(CERTCertificate** cert,
+int SSLClientSocketNSS::ImportDBCertAndKey(CERTCertificate** cert,
SECKEYPrivateKey** key) {
// Set the certificate.
SECItem cert_item;
- cert_item.data = (unsigned char*) ob_cert_.data();
- cert_item.len = ob_cert_.size();
+ cert_item.data = (unsigned char*) domain_bound_cert_.data();
+ cert_item.len = domain_bound_cert_.size();
*cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
&cert_item,
NULL,
@@ -1567,13 +1568,14 @@ int SSLClientSocketNSS::ImportOBCertAndKey(CERTCertificate** cert,
return MapNSSError(PORT_GetError());
// Set the private key.
- switch (ob_cert_type_) {
+ switch (domain_bound_cert_type_) {
case CLIENT_CERT_ECDSA_SIGN: {
SECKEYPublicKey* public_key = NULL;
if (!crypto::ECPrivateKey::ImportFromEncryptedPrivateKeyInfo(
- OriginBoundCertService::kEPKIPassword,
- reinterpret_cast<const unsigned char*>(ob_private_key_.data()),
- ob_private_key_.size(),
+ ServerBoundCertService::kEPKIPassword,
+ reinterpret_cast<const unsigned char*>(
+ domain_bound_private_key_.data()),
+ domain_bound_private_key_.size(),
&(*cert)->subjectPublicKeyInfo,
false,
false,
@@ -1595,18 +1597,18 @@ int SSLClientSocketNSS::ImportOBCertAndKey(CERTCertificate** cert,
return OK;
}
-int SSLClientSocketNSS::DoGetOBCertComplete(int result) {
- net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_ORIGIN_BOUND_CERT,
+int SSLClientSocketNSS::DoGetDBCertComplete(int result) {
+ net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT,
result);
client_auth_cert_needed_ = false;
- ob_cert_request_handle_ = NULL;
+ domain_bound_cert_request_handle_ = NULL;
if (result != OK)
return result;
CERTCertificate* cert;
SECKEYPrivateKey* key;
- int error = ImportOBCertAndKey(&cert, &key);
+ int error = ImportDBCertAndKey(&cert, &key);
if (error != OK)
return error;
@@ -1622,7 +1624,7 @@ int SSLClientSocketNSS::DoGetOBCertComplete(int result) {
return MapNSSError(PORT_GetError());
GotoState(STATE_HANDSHAKE);
- set_origin_bound_cert_type(ob_cert_type_);
+ set_domain_bound_cert_type(domain_bound_cert_type_);
return OK;
}
@@ -2173,7 +2175,7 @@ SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg,
}
// static
-bool SSLClientSocketNSS::OriginBoundCertNegotiated(PRFileDesc* socket) {
+bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) {
PRBool xtn_negotiated = PR_FALSE;
SECStatus rv = SSL_HandshakeNegotiatedExtension(
socket, ssl_ob_cert_xtn, &xtn_negotiated);
@@ -2182,42 +2184,42 @@ bool SSLClientSocketNSS::OriginBoundCertNegotiated(PRFileDesc* socket) {
return xtn_negotiated ? true : false;
}
-SECStatus SSLClientSocketNSS::OriginBoundClientAuthHandler(
+SECStatus SSLClientSocketNSS::DomainBoundClientAuthHandler(
const SECItem* cert_types,
CERTCertificate** result_certificate,
SECKEYPrivateKey** result_private_key) {
- ob_cert_xtn_negotiated_ = true;
+ domain_bound_cert_xtn_negotiated_ = true;
- // We have negotiated the origin-bound certificate extension.
+ // We have negotiated the domain-bound certificate extension.
std::string origin = "https://" + host_and_port_.ToString();
std::vector<uint8> requested_cert_types(cert_types->data,
cert_types->data + cert_types->len);
- net_log_.BeginEvent(NetLog::TYPE_SSL_GET_ORIGIN_BOUND_CERT, NULL);
- int error = origin_bound_cert_service_->GetOriginBoundCert(
+ net_log_.BeginEvent(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, NULL);
+ int error = server_bound_cert_service_->GetDomainBoundCert(
origin,
requested_cert_types,
- &ob_cert_type_,
- &ob_private_key_,
- &ob_cert_,
+ &domain_bound_cert_type_,
+ &domain_bound_private_key_,
+ &domain_bound_cert_,
base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
base::Unretained(this)),
- &ob_cert_request_handle_);
+ &domain_bound_cert_request_handle_);
if (error == ERR_IO_PENDING) {
// Asynchronous case.
client_auth_cert_needed_ = true;
return SECWouldBlock;
}
- net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_ORIGIN_BOUND_CERT,
+ net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT,
error);
SECStatus rv = SECSuccess;
if (error == OK) {
// Synchronous success.
- int result = ImportOBCertAndKey(result_certificate,
+ int result = ImportDBCertAndKey(result_certificate,
result_private_key);
if (result == OK) {
- set_origin_bound_cert_type(ob_cert_type_);
+ set_domain_bound_cert_type(domain_bound_cert_type_);
} else {
rv = SECFailure;
}
@@ -2249,9 +2251,9 @@ SECStatus SSLClientSocketNSS::PlatformClientAuthHandler(
const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
- // Check if an origin-bound certificate is requested.
- if (OriginBoundCertNegotiated(socket)) {
- return that->OriginBoundClientAuthHandler(
+ // Check if a domain-bound certificate is requested.
+ if (DomainBoundCertNegotiated(socket)) {
+ return that->DomainBoundClientAuthHandler(
cert_types, result_nss_certificate, result_nss_private_key);
}
@@ -2555,9 +2557,9 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler(
const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket);
- // Check if an origin-bound certificate is requested.
- if (OriginBoundCertNegotiated(socket)) {
- return that->OriginBoundClientAuthHandler(
+ // Check if a domain-bound certificate is requested.
+ if (DomainBoundCertNegotiated(socket)) {
+ return that->DomainBoundClientAuthHandler(
cert_types, result_certificate, result_private_key);
}
@@ -2711,8 +2713,8 @@ bool SSLClientSocketNSS::CalledOnValidThread() const {
return valid_thread_id_ == base::PlatformThread::CurrentId();
}
-OriginBoundCertService* SSLClientSocketNSS::GetOriginBoundCertService() const {
- return origin_bound_cert_service_;
+ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
+ return server_bound_cert_service_;
}
} // namespace net
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 1582f37..49343d1 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -35,7 +35,7 @@ namespace net {
class BoundNetLog;
class CertVerifier;
class ClientSocketHandle;
-class OriginBoundCertService;
+class ServerBoundCertService;
class SingleRequestCertVerifier;
class SSLHostInfo;
class TransportSecurityState;
@@ -93,14 +93,14 @@ class SSLClientSocketNSS : public SSLClientSocket {
const CompletionCallback& callback) OVERRIDE;
virtual bool SetReceiveBufferSize(int32 size) OVERRIDE;
virtual bool SetSendBufferSize(int32 size) OVERRIDE;
- virtual OriginBoundCertService* GetOriginBoundCertService() const OVERRIDE;
+ virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
private:
enum State {
STATE_NONE,
STATE_LOAD_SSL_HOST_INFO,
STATE_HANDSHAKE,
- STATE_GET_OB_CERT_COMPLETE,
+ STATE_GET_DOMAIN_BOUND_CERT_COMPLETE,
STATE_VERIFY_DNSSEC,
STATE_VERIFY_CERT,
STATE_VERIFY_CERT_COMPLETE,
@@ -132,14 +132,14 @@ class SSLClientSocketNSS : public SSLClientSocket {
int DoHandshake();
- // ImportOBCertAndKey is a helper function for turning a DER-encoded cert and
+ // ImportDBCertAndKey is a helper function for turning a DER-encoded cert and
// key into a CERTCertificate and SECKEYPrivateKey. Returns OK upon success
// and an error code otherwise.
- // Requires |ob_private_key_| and |ob_cert_| to have been set by a call to
- // OriginBoundCertService->GetOriginBoundCert. The caller takes ownership of
- // the |*cert| and |*key|.
- int ImportOBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key);
- int DoGetOBCertComplete(int result);
+ // Requires |domain_bound_private_key_| and |domain_bound_cert_| to have been
+ // set by a call to ServerBoundCertService->GetDomainBoundCert. The caller
+ // takes ownership of the |*cert| and |*key|.
+ int ImportDBCertAndKey(CERTCertificate** cert, SECKEYPrivateKey** key);
+ int DoGetDBCertComplete(int result);
int DoVerifyDNSSEC(int result);
int DoVerifyCert(int result);
int DoVerifyCertComplete(int result);
@@ -163,11 +163,11 @@ class SSLClientSocketNSS : public SSLClientSocket {
// argument.
static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket,
PRBool checksig, PRBool is_server);
- // Returns true if connection negotiated the origin bound cert extension.
- static bool OriginBoundCertNegotiated(PRFileDesc* socket);
- // Origin bound cert client auth handler.
+ // Returns true if connection negotiated the domain bound cert extension.
+ static bool DomainBoundCertNegotiated(PRFileDesc* socket);
+ // Domain bound cert client auth handler.
// Returns the value the ClientAuthHandler function should return.
- SECStatus OriginBoundClientAuthHandler(
+ SECStatus DomainBoundClientAuthHandler(
const SECItem* cert_types,
CERTCertificate** result_certificate,
SECKEYPrivateKey** result_private_key);
@@ -256,13 +256,13 @@ class SSLClientSocketNSS : public SSLClientSocket {
CertVerifier* const cert_verifier_;
scoped_ptr<SingleRequestCertVerifier> verifier_;
- // For origin bound certificates in client auth.
- bool ob_cert_xtn_negotiated_;
- OriginBoundCertService* origin_bound_cert_service_;
- SSLClientCertType ob_cert_type_;
- std::string ob_private_key_;
- std::string ob_cert_;
- OriginBoundCertService::RequestHandle ob_cert_request_handle_;
+ // For domain bound certificates in client auth.
+ bool domain_bound_cert_xtn_negotiated_;
+ ServerBoundCertService* server_bound_cert_service_;
+ SSLClientCertType domain_bound_cert_type_;
+ std::string domain_bound_private_key_;
+ std::string domain_bound_cert_;
+ ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;
// True if NSS has called HandshakeCallback.
bool handshake_callback_called_;
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index a29acf6..d691f22 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -587,7 +587,7 @@ void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
server_cert_verify_result_.is_issued_by_known_root;
ssl_info->public_key_hashes =
server_cert_verify_result_.public_key_hashes;
- ssl_info->client_cert_sent = WasOriginBoundCertSent() ||
+ ssl_info->client_cert_sent = WasDomainBoundCertSent() ||
(ssl_config_.send_client_cert && ssl_config_.client_cert);
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
@@ -653,8 +653,8 @@ SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
return npn_status_;
}
-OriginBoundCertService*
-SSLClientSocketOpenSSL::GetOriginBoundCertService() const {
+ServerBoundCertService*
+SSLClientSocketOpenSSL::GetServerBoundCertService() const {
return NULL;
}
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 69f03c9..f2739d4 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -65,7 +65,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
unsigned int outlen);
virtual NextProtoStatus GetNextProto(std::string* proto,
std::string* server_protos);
- virtual OriginBoundCertService* GetOriginBoundCertService() const;
+ virtual ServerBoundCertService* GetServerBoundCertService() const;
// StreamSocket implementation.
virtual int Connect(const CompletionCallback& callback);
diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc
index 0c96546..71a5b0d 100644
--- a/net/socket/ssl_client_socket_pool.cc
+++ b/net/socket/ssl_client_socket_pool.cc
@@ -448,7 +448,7 @@ SSLClientSocketPool::SSLClientSocketPool(
ClientSocketPoolHistograms* histograms,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
SSLHostInfoFactory* ssl_host_info_factory,
const std::string& ssl_session_cache_shard,
@@ -471,7 +471,7 @@ SSLClientSocketPool::SSLClientSocketPool(
host_resolver,
SSLClientSocketContext(
cert_verifier,
- origin_bound_cert_service,
+ server_bound_cert_service,
transport_security_state,
ssl_host_info_factory,
ssl_session_cache_shard),
diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h
index bd667ff..d80ace9 100644
--- a/net/socket/ssl_client_socket_pool.h
+++ b/net/socket/ssl_client_socket_pool.h
@@ -176,7 +176,7 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool
ClientSocketPoolHistograms* histograms,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
- OriginBoundCertService* origin_bound_cert_service,
+ ServerBoundCertService* server_bound_cert_service,
TransportSecurityState* transport_security_state,
SSLHostInfoFactory* ssl_host_info_factory,
const std::string& ssl_session_cache_shard,
diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc
index d77e157..c6896ec 100644
--- a/net/socket/ssl_client_socket_pool_unittest.cc
+++ b/net/socket/ssl_client_socket_pool_unittest.cc
@@ -96,7 +96,7 @@ class SSLClientSocketPoolTest : public testing::Test {
ssl_histograms_.get(),
NULL /* host_resolver */,
NULL /* cert_verifier */,
- NULL /* origin_bound_cert_service */,
+ NULL /* server_bound_cert_service */,
NULL /* transport_security_state */,
NULL /* ssl_host_info_factory */,
"" /* ssl_session_cache_shard */,
diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index 4e61c6f..b2054eb 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -412,7 +412,7 @@ void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
ssl_info->is_issued_by_known_root =
server_cert_verify_result_.is_issued_by_known_root;
- ssl_info->client_cert_sent = WasOriginBoundCertSent() ||
+ ssl_info->client_cert_sent = WasDomainBoundCertSent() ||
(ssl_config_.send_client_cert && ssl_config_.client_cert);
SecPkgContext_ConnectionInfo connection_info;
SECURITY_STATUS status = QueryContextAttributes(
@@ -555,7 +555,7 @@ SSLClientSocketWin::GetNextProto(std::string* proto,
return kNextProtoUnsupported;
}
-OriginBoundCertService* SSLClientSocketWin::GetOriginBoundCertService() const {
+ServerBoundCertService* SSLClientSocketWin::GetServerBoundCertService() const {
return NULL;
}
diff --git a/net/socket/ssl_client_socket_win.h b/net/socket/ssl_client_socket_win.h
index e1ca1120..e9a74fe 100644
--- a/net/socket/ssl_client_socket_win.h
+++ b/net/socket/ssl_client_socket_win.h
@@ -55,7 +55,7 @@ class SSLClientSocketWin : public SSLClientSocket {
unsigned int outlen);
virtual NextProtoStatus GetNextProto(std::string* proto,
std::string* server_protos);
- virtual OriginBoundCertService* GetOriginBoundCertService() const OVERRIDE;
+ virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE;
// StreamSocket implementation.
virtual int Connect(const CompletionCallback& callback) OVERRIDE;
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index 11276d1..ce998e4 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -281,7 +281,7 @@ class SSLServerSocketTest : public PlatformTest {
net::SSLConfig ssl_config;
ssl_config.cached_info_enabled = false;
ssl_config.false_start_enabled = false;
- ssl_config.origin_bound_certs_enabled = false;
+ ssl_config.domain_bound_certs_enabled = false;
ssl_config.ssl3_enabled = true;
ssl_config.tls1_enabled = true;
diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc
index 9da4456..8604d28 100644
--- a/net/socket_stream/socket_stream.cc
+++ b/net/socket_stream/socket_stream.cc
@@ -58,7 +58,7 @@ SocketStream::SocketStream(const GURL& url, Delegate* delegate)
next_state_(STATE_NONE),
host_resolver_(NULL),
cert_verifier_(NULL),
- origin_bound_cert_service_(NULL),
+ server_bound_cert_service_(NULL),
http_auth_handler_factory_(NULL),
factory_(ClientSocketFactory::GetDefaultFactory()),
proxy_mode_(kDirectConnection),
@@ -126,7 +126,7 @@ void SocketStream::set_context(URLRequestContext* context) {
if (context_) {
host_resolver_ = context_->host_resolver();
cert_verifier_ = context_->cert_verifier();
- origin_bound_cert_service_ = context_->origin_bound_cert_service();
+ server_bound_cert_service_ = context_->server_bound_cert_service();
http_auth_handler_factory_ = context_->http_auth_handler_factory();
}
}
@@ -923,7 +923,7 @@ int SocketStream::DoSecureProxyConnect() {
DCHECK(factory_);
SSLClientSocketContext ssl_context;
ssl_context.cert_verifier = cert_verifier_;
- ssl_context.origin_bound_cert_service = origin_bound_cert_service_;
+ ssl_context.server_bound_cert_service = server_bound_cert_service_;
// TODO(agl): look into plumbing SSLHostInfo here.
socket_.reset(factory_->CreateSSLClientSocket(
socket_.release(),
@@ -954,7 +954,7 @@ int SocketStream::DoSSLConnect() {
DCHECK(factory_);
SSLClientSocketContext ssl_context;
ssl_context.cert_verifier = cert_verifier_;
- ssl_context.origin_bound_cert_service = origin_bound_cert_service_;
+ ssl_context.server_bound_cert_service = server_bound_cert_service_;
// TODO(agl): look into plumbing SSLHostInfo here.
socket_.reset(factory_->CreateSSLClientSocket(socket_.release(),
HostPortPair::FromURL(url_),
diff --git a/net/socket_stream/socket_stream.h b/net/socket_stream/socket_stream.h
index 510310e..cf678d9 100644
--- a/net/socket_stream/socket_stream.h
+++ b/net/socket_stream/socket_stream.h
@@ -326,7 +326,7 @@ class NET_EXPORT SocketStream
State next_state_;
HostResolver* host_resolver_;
CertVerifier* cert_verifier_;
- OriginBoundCertService* origin_bound_cert_service_;
+ ServerBoundCertService* server_bound_cert_service_;
HttpAuthHandlerFactory* http_auth_handler_factory_;
ClientSocketFactory* factory_;
diff --git a/net/spdy/spdy_http_stream_spdy2_unittest.cc b/net/spdy/spdy_http_stream_spdy2_unittest.cc
index ecec044..1b5662a 100644
--- a/net/spdy/spdy_http_stream_spdy2_unittest.cc
+++ b/net/spdy/spdy_http_stream_spdy2_unittest.cc
@@ -63,12 +63,6 @@ class SpdyHttpStreamSpdy2Test : public testing::Test {
return session_->InitializeWithSocket(connection.release(), false, OK);
}
- void TestSendCredentials(
- OriginBoundCertService* obc_service,
- const std::string& cert,
- const std::string& proof,
- SSLClientCertType type);
-
SpdySessionDependencies session_deps_;
scoped_ptr<OrderedSocketData> data_;
scoped_refptr<HttpNetworkSession> http_session_;
@@ -243,216 +237,6 @@ TEST_F(SpdyHttpStreamSpdy2Test, SpdyURLTest) {
EXPECT_TRUE(data()->at_write_eof());
}
-namespace {
-
-void GetECOriginBoundCertAndProof(const std::string& origin,
- OriginBoundCertService* obc_service,
- std::string* cert,
- std::string* proof) {
- TestCompletionCallback callback;
- std::vector<uint8> requested_cert_types;
- requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
- SSLClientCertType cert_type;
- std::string key;
- OriginBoundCertService::RequestHandle request_handle;
- int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types,
- &cert_type, &key, cert,
- callback.callback(),
- &request_handle);
- EXPECT_EQ(ERR_IO_PENDING, rv);
- EXPECT_EQ(OK, callback.WaitForResult());
- EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
-
- unsigned char secret[32];
- memset(secret, 'A', arraysize(secret));
-
- // Convert the key string into a vector<unit8>
- std::vector<uint8> key_data(key.begin(), key.end());
-
- base::StringPiece spki_piece;
- ASSERT_TRUE(asn1::ExtractSPKIFromDERCert(*cert, &spki_piece));
- std::vector<uint8> spki(spki_piece.data(),
- spki_piece.data() + spki_piece.size());
-
- std::vector<uint8> proof_data;
- scoped_ptr<crypto::ECPrivateKey> private_key(
- crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
- OriginBoundCertService::kEPKIPassword, key_data, spki));
- scoped_ptr<crypto::ECSignatureCreator> creator(
- crypto::ECSignatureCreator::Create(private_key.get()));
- creator->Sign(secret, arraysize(secret), &proof_data);
- proof->assign(proof_data.begin(), proof_data.end());
-}
-
-} // namespace
-
-// TODO(rch): When openssl supports origin bound certifictes, this
-// guard can be removed
-#if !defined(USE_OPENSSL)
-// Test that if we request a resource for a new origin on a session that
-// used origin bound certificates, that we send a CREDENTIAL frame for
-// the new origin before we send the new request.
-void SpdyHttpStreamSpdy2Test::TestSendCredentials(
- OriginBoundCertService* obc_service,
- const std::string& cert,
- const std::string& proof,
- SSLClientCertType type) {
- EnableCompression(false);
-
- spdy::SpdyCredential cred;
- cred.slot = 1;
- cred.proof = proof;
- cred.certs.push_back(cert);
-
- scoped_ptr<spdy::SpdyFrame> req(ConstructSpdyGet(NULL, 0, false, 1, LOWEST));
- scoped_ptr<spdy::SpdyFrame> credential(ConstructSpdyCredential(cred));
- scoped_ptr<spdy::SpdyFrame> req2(ConstructSpdyGet("http://www.gmail.com",
- false, 3, LOWEST));
- MockWrite writes[] = {
- CreateMockWrite(*req.get(), 0),
- CreateMockWrite(*credential.get(), 2),
- CreateMockWrite(*req2.get(), 3),
- };
-
- scoped_ptr<spdy::SpdyFrame> resp(ConstructSpdyGetSynReply(NULL, 0, 1));
- scoped_ptr<spdy::SpdyFrame> resp2(ConstructSpdyGetSynReply(NULL, 0, 3));
- MockRead reads[] = {
- CreateMockRead(*resp, 1),
- CreateMockRead(*resp2, 4),
- MockRead(SYNCHRONOUS, 0, 5) // EOF
- };
-
- HostPortPair host_port_pair("www.google.com", 80);
- HostPortProxyPair pair(host_port_pair, ProxyServer::Direct());
-
- DeterministicMockClientSocketFactory* socket_factory =
- session_deps_.deterministic_socket_factory.get();
- scoped_refptr<DeterministicSocketData> data(
- new DeterministicSocketData(reads, arraysize(reads),
- writes, arraysize(writes)));
- socket_factory->AddSocketDataProvider(data.get());
- SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
- ssl.origin_bound_cert_type = type;
- ssl.origin_bound_cert_service = obc_service;
- ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
- socket_factory->AddSSLSocketDataProvider(&ssl);
- http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic(
- &session_deps_);
- session_ = http_session_->spdy_session_pool()->Get(pair, BoundNetLog());
- transport_params_ = new TransportSocketParams(host_port_pair,
- MEDIUM, false, false);
- TestCompletionCallback callback;
- scoped_ptr<ClientSocketHandle> connection(new ClientSocketHandle);
- SSLConfig ssl_config;
- scoped_refptr<SOCKSSocketParams> socks_params;
- scoped_refptr<HttpProxySocketParams> http_proxy_params;
- scoped_refptr<SSLSocketParams> ssl_params(
- new SSLSocketParams(transport_params_,
- socks_params,
- http_proxy_params,
- ProxyServer::SCHEME_DIRECT,
- host_port_pair,
- ssl_config,
- 0,
- false,
- false));
- EXPECT_EQ(ERR_IO_PENDING,
- connection->Init(host_port_pair.ToString(),
- ssl_params,
- MEDIUM,
- callback.callback(),
- http_session_->GetSSLSocketPool(
- HttpNetworkSession::NORMAL_SOCKET_POOL),
- BoundNetLog()));
- callback.WaitForResult();
- EXPECT_EQ(OK,
- session_->InitializeWithSocket(connection.release(), true, OK));
-
- HttpRequestInfo request;
- request.method = "GET";
- request.url = GURL("http://www.google.com/");
- HttpResponseInfo response;
- HttpRequestHeaders headers;
- BoundNetLog net_log;
- scoped_ptr<SpdyHttpStream> http_stream(
- new SpdyHttpStream(session_.get(), true));
- ASSERT_EQ(
- OK,
- http_stream->InitializeStream(&request, net_log, CompletionCallback()));
-
- EXPECT_FALSE(session_->NeedsCredentials(host_port_pair));
- HostPortPair new_host_port_pair("www.gmail.com", 80);
- EXPECT_TRUE(session_->NeedsCredentials(new_host_port_pair));
-
- EXPECT_EQ(ERR_IO_PENDING, http_stream->SendRequest(headers, NULL, &response,
- callback.callback()));
- EXPECT_TRUE(http_session_->spdy_session_pool()->HasSession(pair));
-
- data->RunFor(2);
- callback.WaitForResult();
-
- // Start up second request for resource on a new origin.
- scoped_ptr<SpdyHttpStream> http_stream2(
- new SpdyHttpStream(session_.get(), true));
- request.url = GURL("http://www.gmail.com/");
- ASSERT_EQ(
- OK,
- http_stream2->InitializeStream(&request, net_log, CompletionCallback()));
- EXPECT_EQ(ERR_IO_PENDING, http_stream2->SendRequest(headers, NULL, &response,
- callback.callback()));
- data->RunFor(2);
- callback.WaitForResult();
-
- EXPECT_EQ(ERR_IO_PENDING, http_stream2->ReadResponseHeaders(
- callback.callback()));
- data->RunFor(1);
- EXPECT_EQ(OK, callback.WaitForResult());
- ASSERT_TRUE(response.headers.get() != NULL);
- ASSERT_EQ(200, response.headers->response_code());
-}
-
-class MockECSignatureCreator : public crypto::ECSignatureCreator {
- public:
- explicit MockECSignatureCreator(crypto::ECPrivateKey* key) : key_(key) {}
-
- virtual bool Sign(const uint8* data,
- int data_len,
- std::vector<uint8>* signature) OVERRIDE {
- std::vector<uint8> private_key_value;
- key_->ExportValue(&private_key_value);
- std::string head = "fakesignature";
- std::string tail = "/fakesignature";
-
- signature->clear();
- signature->insert(signature->end(), head.begin(), head.end());
- signature->insert(signature->end(), private_key_value.begin(),
- private_key_value.end());
- signature->insert(signature->end(), '-');
- signature->insert(signature->end(), data, data + data_len);
- signature->insert(signature->end(), tail.begin(), tail.end());
- return true;
- }
-
- private:
- crypto::ECPrivateKey* key_;
- DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreator);
-};
-
-class MockECSignatureCreatorFactory : public crypto::ECSignatureCreatorFactory {
- public:
- MockECSignatureCreatorFactory() {}
- virtual ~MockECSignatureCreatorFactory() {}
-
- virtual crypto::ECSignatureCreator* Create(
- crypto::ECPrivateKey* key) OVERRIDE {
- return new MockECSignatureCreator(key);
- }
- private:
- DISALLOW_COPY_AND_ASSIGN(MockECSignatureCreatorFactory);
-};
-
-#endif // !defined(USE_OPENSSL)
-
// TODO(willchan): Write a longer test for SpdyStream that exercises all
// methods.
diff --git a/net/spdy/spdy_http_stream_spdy3_unittest.cc b/net/spdy/spdy_http_stream_spdy3_unittest.cc
index b0a34c7..68a958c 100644
--- a/net/spdy/spdy_http_stream_spdy3_unittest.cc
+++ b/net/spdy/spdy_http_stream_spdy3_unittest.cc
@@ -64,7 +64,7 @@ class SpdyHttpStreamSpdy3Test : public testing::Test {
}
void TestSendCredentials(
- OriginBoundCertService* obc_service,
+ ServerBoundCertService* server_bound_cert_service,
const std::string& cert,
const std::string& proof,
SSLClientCertType type);
@@ -245,20 +245,20 @@ TEST_F(SpdyHttpStreamSpdy3Test, SpdyURLTest) {
namespace {
-void GetECOriginBoundCertAndProof(const std::string& origin,
- OriginBoundCertService* obc_service,
- std::string* cert,
- std::string* proof) {
+void GetECServerBoundCertAndProof(
+ const std::string& origin,
+ ServerBoundCertService* server_bound_cert_service,
+ std::string* cert,
+ std::string* proof) {
TestCompletionCallback callback;
std::vector<uint8> requested_cert_types;
requested_cert_types.push_back(CLIENT_CERT_ECDSA_SIGN);
SSLClientCertType cert_type;
std::string key;
- OriginBoundCertService::RequestHandle request_handle;
- int rv = obc_service->GetOriginBoundCert(origin, requested_cert_types,
- &cert_type, &key, cert,
- callback.callback(),
- &request_handle);
+ ServerBoundCertService::RequestHandle request_handle;
+ int rv = server_bound_cert_service->GetDomainBoundCert(
+ origin, requested_cert_types, &cert_type, &key, cert, callback.callback(),
+ &request_handle);
EXPECT_EQ(ERR_IO_PENDING, rv);
EXPECT_EQ(OK, callback.WaitForResult());
EXPECT_EQ(CLIENT_CERT_ECDSA_SIGN, cert_type);
@@ -277,7 +277,7 @@ void GetECOriginBoundCertAndProof(const std::string& origin,
std::vector<uint8> proof_data;
scoped_ptr<crypto::ECPrivateKey> private_key(
crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
- OriginBoundCertService::kEPKIPassword, key_data, spki));
+ ServerBoundCertService::kEPKIPassword, key_data, spki));
scoped_ptr<crypto::ECSignatureCreator> creator(
crypto::ECSignatureCreator::Create(private_key.get()));
creator->Sign(secret, arraysize(secret), &proof_data);
@@ -286,14 +286,14 @@ void GetECOriginBoundCertAndProof(const std::string& origin,
} // namespace
-// TODO(rch): When openssl supports origin bound certifictes, this
+// TODO(rch): When openssl supports server bound certifictes, this
// guard can be removed
#if !defined(USE_OPENSSL)
// Test that if we request a resource for a new origin on a session that
-// used origin bound certificates, that we send a CREDENTIAL frame for
-// the new origin before we send the new request.
+// used domain bound certificates, that we send a CREDENTIAL frame for
+// the new domain before we send the new request.
void SpdyHttpStreamSpdy3Test::TestSendCredentials(
- OriginBoundCertService* obc_service,
+ ServerBoundCertService* server_bound_cert_service,
const std::string& cert,
const std::string& proof,
SSLClientCertType type) {
@@ -332,8 +332,8 @@ void SpdyHttpStreamSpdy3Test::TestSendCredentials(
writes, arraysize(writes)));
socket_factory->AddSocketDataProvider(data.get());
SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
- ssl.origin_bound_cert_type = type;
- ssl.origin_bound_cert_service = obc_service;
+ ssl.domain_bound_cert_type = type;
+ ssl.server_bound_cert_service = server_bound_cert_service;
ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
socket_factory->AddSSLSocketDataProvider(&ssl);
http_session_ = SpdySessionDependencies::SpdyCreateSessionDeterministic(
@@ -457,14 +457,16 @@ TEST_F(SpdyHttpStreamSpdy3Test, SendCredentialsEC) {
crypto::ECSignatureCreator::SetFactoryForTesting(
ec_signature_creator_factory.get());
- scoped_ptr<OriginBoundCertService> obc_service(
- new OriginBoundCertService(new DefaultOriginBoundCertStore(NULL)));
+ scoped_ptr<ServerBoundCertService> server_bound_cert_service(
+ new ServerBoundCertService(new DefaultServerBoundCertStore(NULL)));
std::string cert;
std::string proof;
- GetECOriginBoundCertAndProof("http://www.gmail.com/", obc_service.get(),
+ GetECServerBoundCertAndProof("http://www.gmail.com/",
+ server_bound_cert_service.get(),
&cert, &proof);
- TestSendCredentials(obc_service.get(), cert, proof, CLIENT_CERT_ECDSA_SIGN);
+ TestSendCredentials(server_bound_cert_service.get(), cert, proof,
+ CLIENT_CERT_ECDSA_SIGN);
}
#endif // !defined(USE_OPENSSL)
diff --git a/net/spdy/spdy_session.cc b/net/spdy/spdy_session.cc
index ddfa2a2..cf955db 100644
--- a/net/spdy/spdy_session.cc
+++ b/net/spdy/spdy_session.cc
@@ -407,7 +407,7 @@ net::Error SpdySession::InitializeWithSocket(
protocol = protocol_negotiated;
}
- if (ssl_socket->WasOriginBoundCertSent()) {
+ if (ssl_socket->WasDomainBoundCertSent()) {
// According to the SPDY spec, the credential associated with the TLS
// connection is stored in slot[0].
credential_state_.SetHasCredential(host_port_pair());
@@ -599,7 +599,7 @@ bool SpdySession::NeedsCredentials(const HostPortPair& origin) const {
SSLClientSocket* ssl_socket = GetSSLClientSocket();
if (ssl_socket->protocol_negotiated() < SSLClientSocket::kProtoSPDY3)
return false;
- if (!ssl_socket->WasOriginBoundCertSent())
+ if (!ssl_socket->WasDomainBoundCertSent())
return false;
return !credential_state_.HasCredential(origin);
}
@@ -681,7 +681,7 @@ int SpdySession::WriteCredentialFrame(const std::string& origin,
spki_piece.data() + spki_piece.size());
scoped_ptr<crypto::ECPrivateKey> private_key(
crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
- OriginBoundCertService::kEPKIPassword, key_data, spki));
+ ServerBoundCertService::kEPKIPassword, key_data, spki));
scoped_ptr<crypto::ECSignatureCreator> creator(
crypto::ECSignatureCreator::Create(private_key.get()));
creator->Sign(secret, arraysize(secret), &proof);
@@ -1272,16 +1272,16 @@ bool SpdySession::GetSSLCertRequestInfo(
return true;
}
-OriginBoundCertService* SpdySession::GetOriginBoundCertService() const {
+ServerBoundCertService* SpdySession::GetServerBoundCertService() const {
if (!is_secure_)
return NULL;
- return GetSSLClientSocket()->GetOriginBoundCertService();
+ return GetSSLClientSocket()->GetServerBoundCertService();
}
-SSLClientCertType SpdySession::GetOriginBoundCertType() const {
+SSLClientCertType SpdySession::GetDomainBoundCertType() const {
if (!is_secure_)
return CLIENT_CERT_INVALID_TYPE;
- return GetSSLClientSocket()->origin_bound_cert_type();
+ return GetSSLClientSocket()->domain_bound_cert_type();
}
void SpdySession::OnError(int error_code) {
diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h
index f56187b..66a3acd 100644
--- a/net/spdy/spdy_session.h
+++ b/net/spdy/spdy_session.h
@@ -160,13 +160,13 @@ class NET_EXPORT SpdySession : public base::RefCounted<SpdySession>,
// true when SSL is in use.
bool GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info);
- // Returns the OriginBoundCertService used by this Socket, or NULL
- // Origin Bound Certs are not supported in this session.
- OriginBoundCertService* GetOriginBoundCertService() const;
+ // Returns the ServerBoundCertService used by this Socket, or NULL
+ // if server bound certs are not supported in this session.
+ ServerBoundCertService* GetServerBoundCertService() const;
- // Returns the type of the origin bound cert that was sent, or
+ // Returns the type of the domain bound cert that was sent, or
// CLIENT_CERT_INVALID_TYPE if none was sent.
- SSLClientCertType GetOriginBoundCertType() const;
+ SSLClientCertType GetDomainBoundCertType() const;
// Reset all static settings to initialized values. Used to init test suite.
static void ResetStaticSettingsToInit();
@@ -253,7 +253,7 @@ class NET_EXPORT SpdySession : public base::RefCounted<SpdySession>,
int GetLocalAddress(IPEndPoint* address) const;
// Returns true if a request for a resource in |origin| requires a
- // SPDY CREDENTIAL frame to be sent first, with an origin bound certificate.
+ // SPDY CREDENTIAL frame to be sent first, with a domain bound certificate.
bool NeedsCredentials(const HostPortPair& origin) const;
// Adds |alias| to set of aliases associated with this session.
diff --git a/net/spdy/spdy_session_spdy2_unittest.cc b/net/spdy/spdy_session_spdy2_unittest.cc
index 346c057..cdedd1e 100644
--- a/net/spdy/spdy_session_spdy2_unittest.cc
+++ b/net/spdy/spdy_session_spdy2_unittest.cc
@@ -949,7 +949,7 @@ TEST_F(SpdySessionSpdy2Test, NeedsCredentials) {
session_deps.socket_factory->AddSocketDataProvider(&data);
SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
- ssl.origin_bound_cert_type = CLIENT_CERT_ECDSA_SIGN;
+ ssl.domain_bound_cert_type = CLIENT_CERT_ECDSA_SIGN;
ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY2;
session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
diff --git a/net/spdy/spdy_session_spdy3_unittest.cc b/net/spdy/spdy_session_spdy3_unittest.cc
index f516ed2..c38b769 100644
--- a/net/spdy/spdy_session_spdy3_unittest.cc
+++ b/net/spdy/spdy_session_spdy3_unittest.cc
@@ -949,7 +949,7 @@ TEST_F(SpdySessionSpdy3Test, NeedsCredentials) {
session_deps.socket_factory->AddSocketDataProvider(&data);
SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
- ssl.origin_bound_cert_type = CLIENT_CERT_ECDSA_SIGN;
+ ssl.domain_bound_cert_type = CLIENT_CERT_ECDSA_SIGN;
ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
@@ -1025,7 +1025,7 @@ TEST_F(SpdySessionSpdy3Test, SendCredentials) {
session_deps.socket_factory->AddSocketDataProvider(&data);
SSLSocketDataProvider ssl(SYNCHRONOUS, OK);
- ssl.origin_bound_cert_type = CLIENT_CERT_ECDSA_SIGN;
+ ssl.domain_bound_cert_type = CLIENT_CERT_ECDSA_SIGN;
ssl.protocol_negotiated = SSLClientSocket::kProtoSPDY3;
session_deps.socket_factory->AddSSLSocketDataProvider(&ssl);
diff --git a/net/spdy/spdy_stream.cc b/net/spdy/spdy_stream.cc
index 0f20a85..29967e9 100644
--- a/net/spdy/spdy_stream.cc
+++ b/net/spdy/spdy_stream.cc
@@ -90,7 +90,7 @@ SpdyStream::SpdyStream(SpdySession* session,
net_log_(net_log),
send_bytes_(0),
recv_bytes_(0),
- ob_cert_type_(CLIENT_CERT_INVALID_TYPE) {
+ domain_bound_cert_type_(CLIENT_CERT_INVALID_TYPE) {
}
SpdyStream::~SpdyStream() {
@@ -490,7 +490,7 @@ int SpdyStream::SendRequest(bool has_upload_data) {
return ERR_IO_PENDING;
}
CHECK_EQ(STATE_NONE, io_state_);
- io_state_ = STATE_GET_ORIGIN_BOUND_CERT;
+ io_state_ = STATE_GET_DOMAIN_BOUND_CERT;
return DoLoop(OK);
}
@@ -559,8 +559,8 @@ GURL SpdyStream::GetUrlFromHeaderBlock(
return GURL(url);
}
-void SpdyStream::OnGetOriginBoundCertComplete(int result) {
- DCHECK_EQ(STATE_GET_ORIGIN_BOUND_CERT_COMPLETE, io_state_);
+void SpdyStream::OnGetDomainBoundCertComplete(int result) {
+ DCHECK_EQ(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE, io_state_);
DoLoop(result);
}
@@ -570,19 +570,19 @@ int SpdyStream::DoLoop(int result) {
io_state_ = STATE_NONE;
switch (state) {
// State machine 1: Send headers and body.
- case STATE_GET_ORIGIN_BOUND_CERT:
+ case STATE_GET_DOMAIN_BOUND_CERT:
CHECK_EQ(OK, result);
- result = DoGetOriginBoundCert();
+ result = DoGetDomainBoundCert();
break;
- case STATE_GET_ORIGIN_BOUND_CERT_COMPLETE:
- result = DoGetOriginBoundCertComplete(result);
+ case STATE_GET_DOMAIN_BOUND_CERT_COMPLETE:
+ result = DoGetDomainBoundCertComplete(result);
break;
- case STATE_SEND_ORIGIN_BOUND_CERT:
+ case STATE_SEND_DOMAIN_BOUND_CERT:
CHECK_EQ(OK, result);
- result = DoSendOriginBoundCert();
+ result = DoSendDomainBoundCert();
break;
- case STATE_SEND_ORIGIN_BOUND_CERT_COMPLETE:
- result = DoSendOriginBoundCertComplete(result);
+ case STATE_SEND_DOMAIN_BOUND_CERT_COMPLETE:
+ result = DoSendDomainBoundCertComplete(result);
break;
case STATE_SEND_HEADERS:
CHECK_EQ(OK, result);
@@ -635,7 +635,7 @@ int SpdyStream::DoLoop(int result) {
return result;
}
-int SpdyStream::DoGetOriginBoundCert() {
+int SpdyStream::DoGetDomainBoundCert() {
CHECK(request_.get());
HostPortPair origin(HostPortPair::FromURL(GetUrl()));
if (!session_->NeedsCredentials(origin)) {
@@ -644,42 +644,42 @@ int SpdyStream::DoGetOriginBoundCert() {
return OK;
}
- io_state_ = STATE_GET_ORIGIN_BOUND_CERT_COMPLETE;
- OriginBoundCertService* obc_service = session_->GetOriginBoundCertService();
- DCHECK(obc_service != NULL);
+ io_state_ = STATE_GET_DOMAIN_BOUND_CERT_COMPLETE;
+ ServerBoundCertService* sbc_service = session_->GetServerBoundCertService();
+ DCHECK(sbc_service != NULL);
std::vector<uint8> requested_cert_types;
- requested_cert_types.push_back(session_->GetOriginBoundCertType());
- int rv = obc_service->GetOriginBoundCert(
- GetUrl().GetOrigin().spec(), requested_cert_types, &ob_cert_type_,
- &ob_private_key_, &ob_cert_,
- base::Bind(&SpdyStream::OnGetOriginBoundCertComplete,
+ requested_cert_types.push_back(session_->GetDomainBoundCertType());
+ int rv = sbc_service->GetDomainBoundCert(
+ GetUrl().GetOrigin().spec(), requested_cert_types,
+ &domain_bound_cert_type_, &domain_bound_private_key_, &domain_bound_cert_,
+ base::Bind(&SpdyStream::OnGetDomainBoundCertComplete,
base::Unretained(this)),
- &ob_cert_request_handle_);
+ &domain_bound_cert_request_handle_);
return rv;
}
-int SpdyStream::DoGetOriginBoundCertComplete(int result) {
+int SpdyStream::DoGetDomainBoundCertComplete(int result) {
if (result != OK)
return result;
- io_state_ = STATE_SEND_ORIGIN_BOUND_CERT;
+ io_state_ = STATE_SEND_DOMAIN_BOUND_CERT;
return OK;
}
-int SpdyStream::DoSendOriginBoundCert() {
- io_state_ = STATE_SEND_ORIGIN_BOUND_CERT_COMPLETE;
+int SpdyStream::DoSendDomainBoundCert() {
+ io_state_ = STATE_SEND_DOMAIN_BOUND_CERT_COMPLETE;
CHECK(request_.get());
std::string origin = GetUrl().GetOrigin().spec();
origin.erase(origin.length() - 1); // trim trailing slash
int rv = session_->WriteCredentialFrame(
- origin, ob_cert_type_, ob_private_key_, ob_cert_,
- static_cast<RequestPriority>(priority_));
+ origin, domain_bound_cert_type_, domain_bound_private_key_,
+ domain_bound_cert_, static_cast<RequestPriority>(priority_));
if (rv != ERR_IO_PENDING)
return rv;
return OK;
}
-int SpdyStream::DoSendOriginBoundCertComplete(int result) {
+int SpdyStream::DoSendDomainBoundCertComplete(int result) {
if (result < 0)
return result;
diff --git a/net/spdy/spdy_stream.h b/net/spdy/spdy_stream.h
index 3d0804b..131137d 100644
--- a/net/spdy/spdy_stream.h
+++ b/net/spdy/spdy_stream.h
@@ -258,10 +258,10 @@ class NET_EXPORT_PRIVATE SpdyStream
private:
enum State {
STATE_NONE,
- STATE_GET_ORIGIN_BOUND_CERT,
- STATE_GET_ORIGIN_BOUND_CERT_COMPLETE,
- STATE_SEND_ORIGIN_BOUND_CERT,
- STATE_SEND_ORIGIN_BOUND_CERT_COMPLETE,
+ STATE_GET_DOMAIN_BOUND_CERT,
+ STATE_GET_DOMAIN_BOUND_CERT_COMPLETE,
+ STATE_SEND_DOMAIN_BOUND_CERT,
+ STATE_SEND_DOMAIN_BOUND_CERT_COMPLETE,
STATE_SEND_HEADERS,
STATE_SEND_HEADERS_COMPLETE,
STATE_SEND_BODY,
@@ -274,16 +274,16 @@ class NET_EXPORT_PRIVATE SpdyStream
friend class base::RefCounted<SpdyStream>;
virtual ~SpdyStream();
- void OnGetOriginBoundCertComplete(int result);
+ void OnGetDomainBoundCertComplete(int result);
// Try to make progress sending/receiving the request/response.
int DoLoop(int result);
// The implementations of each state of the state machine.
- int DoGetOriginBoundCert();
- int DoGetOriginBoundCertComplete(int result);
- int DoSendOriginBoundCert();
- int DoSendOriginBoundCertComplete(int result);
+ int DoGetDomainBoundCert();
+ int DoGetDomainBoundCertComplete(int result);
+ int DoSendDomainBoundCert();
+ int DoSendDomainBoundCertComplete(int result);
int DoSendHeaders();
int DoSendHeadersComplete(int result);
int DoSendBody();
@@ -357,10 +357,10 @@ class NET_EXPORT_PRIVATE SpdyStream
// Data received before delegate is attached.
std::vector<scoped_refptr<IOBufferWithSize> > pending_buffers_;
- SSLClientCertType ob_cert_type_;
- std::string ob_private_key_;
- std::string ob_cert_;
- OriginBoundCertService::RequestHandle ob_cert_request_handle_;
+ SSLClientCertType domain_bound_cert_type_;
+ std::string domain_bound_private_key_;
+ std::string domain_bound_cert_;
+ ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_;
DISALLOW_COPY_AND_ASSIGN(SpdyStream);
};
diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc
index c2c7843..e42d465 100644
--- a/net/url_request/url_request_context.cc
+++ b/net/url_request/url_request_context.cc
@@ -18,7 +18,7 @@ URLRequestContext::URLRequestContext()
net_log_(NULL),
host_resolver_(NULL),
cert_verifier_(NULL),
- origin_bound_cert_service_(NULL),
+ server_bound_cert_service_(NULL),
fraudulent_certificate_reporter_(NULL),
http_auth_handler_factory_(NULL),
proxy_service_(NULL),
@@ -36,7 +36,7 @@ void URLRequestContext::CopyFrom(URLRequestContext* other) {
set_net_log(other->net_log());
set_host_resolver(other->host_resolver());
set_cert_verifier(other->cert_verifier());
- set_origin_bound_cert_service(other->origin_bound_cert_service());
+ set_server_bound_cert_service(other->server_bound_cert_service());
set_fraudulent_certificate_reporter(other->fraudulent_certificate_reporter());
set_http_auth_handler_factory(other->http_auth_handler_factory());
set_proxy_service(other->proxy_service());
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index 7d9d2e6..f4fb5ea 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -31,7 +31,7 @@ class HostResolver;
class HttpAuthHandlerFactory;
class HttpTransactionFactory;
class NetworkDelegate;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyService;
class URLRequest;
class URLRequestJobFactory;
@@ -77,13 +77,13 @@ class NET_EXPORT URLRequestContext
cert_verifier_ = cert_verifier;
}
- OriginBoundCertService* origin_bound_cert_service() const {
- return origin_bound_cert_service_;
+ ServerBoundCertService* server_bound_cert_service() const {
+ return server_bound_cert_service_;
}
- void set_origin_bound_cert_service(
- OriginBoundCertService* origin_bound_cert_service) {
- origin_bound_cert_service_ = origin_bound_cert_service;
+ void set_server_bound_cert_service(
+ ServerBoundCertService* server_bound_cert_service) {
+ server_bound_cert_service_ = server_bound_cert_service;
}
FraudulentCertificateReporter* fraudulent_certificate_reporter() const {
@@ -207,7 +207,7 @@ class NET_EXPORT URLRequestContext
NetLog* net_log_;
HostResolver* host_resolver_;
CertVerifier* cert_verifier_;
- OriginBoundCertService* origin_bound_cert_service_;
+ ServerBoundCertService* server_bound_cert_service_;
FraudulentCertificateReporter* fraudulent_certificate_reporter_;
HttpAuthHandlerFactory* http_auth_handler_factory_;
ProxyService* proxy_service_;
diff --git a/net/url_request/url_request_context_storage.cc b/net/url_request/url_request_context_storage.cc
index 8890839..2c9f816 100644
--- a/net/url_request/url_request_context_storage.cc
+++ b/net/url_request/url_request_context_storage.cc
@@ -44,10 +44,10 @@ void URLRequestContextStorage::set_cert_verifier(CertVerifier* cert_verifier) {
cert_verifier_.reset(cert_verifier);
}
-void URLRequestContextStorage::set_origin_bound_cert_service(
- OriginBoundCertService* origin_bound_cert_service) {
- context_->set_origin_bound_cert_service(origin_bound_cert_service);
- origin_bound_cert_service_.reset(origin_bound_cert_service);
+void URLRequestContextStorage::set_server_bound_cert_service(
+ ServerBoundCertService* server_bound_cert_service) {
+ context_->set_server_bound_cert_service(server_bound_cert_service);
+ server_bound_cert_service_.reset(server_bound_cert_service);
}
void URLRequestContextStorage::set_fraudulent_certificate_reporter(
diff --git a/net/url_request/url_request_context_storage.h b/net/url_request/url_request_context_storage.h
index 8ae2a00..1e62fb1 100644
--- a/net/url_request/url_request_context_storage.h
+++ b/net/url_request/url_request_context_storage.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -23,7 +23,7 @@ class HttpServerProperties;
class HttpTransactionFactory;
class NetLog;
class NetworkDelegate;
-class OriginBoundCertService;
+class ServerBoundCertService;
class ProxyService;
class SSLConfigService;
class TransportSecurityState;
@@ -46,8 +46,8 @@ class NET_EXPORT URLRequestContextStorage {
void set_net_log(NetLog* net_log);
void set_host_resolver(HostResolver* host_resolver);
void set_cert_verifier(CertVerifier* cert_verifier);
- void set_origin_bound_cert_service(
- OriginBoundCertService* origin_bound_cert_service);
+ void set_server_bound_cert_service(
+ ServerBoundCertService* server_bound_cert_service);
void set_fraudulent_certificate_reporter(
FraudulentCertificateReporter* fraudulent_certificate_reporter);
void set_http_auth_handler_factory(
@@ -75,7 +75,7 @@ class NET_EXPORT URLRequestContextStorage {
scoped_ptr<NetLog> net_log_;
scoped_ptr<HostResolver> host_resolver_;
scoped_ptr<CertVerifier> cert_verifier_;
- scoped_ptr<OriginBoundCertService> origin_bound_cert_service_;
+ scoped_ptr<ServerBoundCertService> server_bound_cert_service_;
scoped_ptr<FraudulentCertificateReporter> fraudulent_certificate_reporter_;
scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
scoped_ptr<ProxyService> proxy_service_;
diff --git a/net/url_request/url_request_test_util.cc b/net/url_request/url_request_test_util.cc
index dc5fa05..274a411 100644
--- a/net/url_request/url_request_test_util.cc
+++ b/net/url_request/url_request_test_util.cc
@@ -143,10 +143,10 @@ void TestURLRequestContext::Init() {
if (!cookie_store())
context_storage_.set_cookie_store(new net::CookieMonster(NULL, NULL));
// In-memory origin bound cert service.
- if (!origin_bound_cert_service()) {
- context_storage_.set_origin_bound_cert_service(
- new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(NULL)));
+ if (!server_bound_cert_service()) {
+ context_storage_.set_server_bound_cert_service(
+ new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(NULL)));
}
if (accept_language().empty())
set_accept_language("en-us,fr");
diff --git a/tools/valgrind/gtest_exclude/net_unittests.gtest-tsan.txt b/tools/valgrind/gtest_exclude/net_unittests.gtest-tsan.txt
index a367a26..b3b63d2 100644
--- a/tools/valgrind/gtest_exclude/net_unittests.gtest-tsan.txt
+++ b/tools/valgrind/gtest_exclude/net_unittests.gtest-tsan.txt
@@ -21,4 +21,4 @@ HttpNetworkTransactionTest.KeepAliveConnectionEOF
URLRequestTest.FileTest
# http://crbug.com/92439
-OriginBoundCertServiceTest.*
+ServerBoundCertServiceTest.*
diff --git a/webkit/tools/test_shell/test_shell_request_context.cc b/webkit/tools/test_shell/test_shell_request_context.cc
index 4d38d24..217eac4 100644
--- a/webkit/tools/test_shell/test_shell_request_context.cc
+++ b/webkit/tools/test_shell/test_shell_request_context.cc
@@ -49,8 +49,8 @@ void TestShellRequestContext::Init(
net::HttpCache::Mode cache_mode,
bool no_proxy) {
storage_.set_cookie_store(new net::CookieMonster(NULL, NULL));
- storage_.set_origin_bound_cert_service(new net::OriginBoundCertService(
- new net::DefaultOriginBoundCertStore(NULL)));
+ storage_.set_server_bound_cert_service(new net::ServerBoundCertService(
+ new net::DefaultServerBoundCertStore(NULL)));
// hard-code A-L and A-C for test shells
set_accept_language("en-us,en");
@@ -95,7 +95,7 @@ void TestShellRequestContext::Init(
net::HttpCache* cache =
new net::HttpCache(host_resolver(),
cert_verifier(),
- origin_bound_cert_service(),
+ server_bound_cert_service(),
NULL, // transport_security_state
proxy_service(),
"", // ssl_session_cache_shard
generated by cgit v1.1 at 2025-02-07 16:26:15 +0000