summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-10 20:20:53 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-04-10 20:20:53 +0000
commit0008c19d2f0a9abf735184146d93f5c3c674d94b (patch)
treee947cc6a32d0d03a5ced2afe3e91ffb7847f7f6d
parent3954c3a76994f8e3a8eec65f4d90580ba8ab0e80 (diff)
downloadchromium_src-0008c19d2f0a9abf735184146d93f5c3c674d94b.zip
chromium_src-0008c19d2f0a9abf735184146d93f5c3c674d94b.tar.gz
chromium_src-0008c19d2f0a9abf735184146d93f5c3c674d94b.tar.bz2
Revert "net: add DNS revocation experiment."
The reverts r127994 as the experiment has concluded. BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@131620 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--chrome/browser/chrome_browser_main.cc18
-rw-r--r--chrome/browser/chrome_browser_main.h4
-rw-r--r--chrome/browser/net/chrome_network_delegate.cc104
-rw-r--r--chrome/browser/net/chrome_network_delegate.h10
4 files changed, 0 insertions, 136 deletions
diff --git a/chrome/browser/chrome_browser_main.cc b/chrome/browser/chrome_browser_main.cc
index 14c5dee..3cca0dd 100644
--- a/chrome/browser/chrome_browser_main.cc
+++ b/chrome/browser/chrome_browser_main.cc
@@ -57,7 +57,6 @@
#include "chrome/browser/metrics/tracking_synchronizer.h"
#include "chrome/browser/nacl_host/nacl_process_host.h"
#include "chrome/browser/net/chrome_net_log.h"
-#include "chrome/browser/net/chrome_network_delegate.h"
#include "chrome/browser/net/predictor.h"
#include "chrome/browser/notifications/desktop_notification_service.h"
#include "chrome/browser/notifications/desktop_notification_service_factory.h"
@@ -993,22 +992,6 @@ void ChromeBrowserMainParts::AutoLaunchChromeFieldTrial() {
}
}
-void ChromeBrowserMainParts::ComodoDNSExperimentFieldTrial() {
- // 100% probability of being in the experiment group until the timeout.
- const base::FieldTrial::Probability kDivisor = 1;
- const base::FieldTrial::Probability kProbability = 1;
-
- // After April 15, 2012 builds, it will always be in default group.
- scoped_refptr<base::FieldTrial> trial(
- new base::FieldTrial("ComodoDNSExperiment", kDivisor,
- "inactive", 2012, 4, 15));
-
- const int active = trial->AppendGroup("active", kProbability);
-
- if (trial->group() == active)
- ChromeNetworkDelegate::EnableComodoDNSExperiment();
-}
-
// ChromeBrowserMainParts: |SetupMetricsAndFieldTrials()| related --------------
void ChromeBrowserMainParts::SetupFieldTrials(bool metrics_recording_enabled,
@@ -1029,7 +1012,6 @@ void ChromeBrowserMainParts::SetupFieldTrials(bool metrics_recording_enabled,
PredictorFieldTrial();
DefaultAppsFieldTrial();
AutoLaunchChromeFieldTrial();
- ComodoDNSExperimentFieldTrial();
AutocompleteFieldTrial::Activate();
NewTabUI::SetupFieldTrials();
}
diff --git a/chrome/browser/chrome_browser_main.h b/chrome/browser/chrome_browser_main.h
index 4cafccd..2f75057 100644
--- a/chrome/browser/chrome_browser_main.h
+++ b/chrome/browser/chrome_browser_main.h
@@ -127,10 +127,6 @@ class ChromeBrowserMainParts : public content::BrowserMainParts {
// computer startup has on retention and usage of Chrome.
void AutoLaunchChromeFieldTrial();
- // A field trial to test the viability of a DNS based, certificate revocation
- // system.
- void ComodoDNSExperimentFieldTrial();
-
// Methods for |SetupMetricsAndFieldTrials()| --------------------------------
// Constructs metrics service and does related initialization, including
diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index cb88f30..545d127 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -4,9 +4,7 @@
#include "chrome/browser/net/chrome_network_delegate.h"
-#include "base/base64.h"
#include "base/logging.h"
-#include "base/metrics/histogram.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/content_settings/cookie_settings.h"
#include "chrome/browser/content_settings/tab_specific_content_settings.h"
@@ -24,11 +22,8 @@
#include "content/public/browser/render_view_host.h"
#include "content/public/browser/resource_request_info.h"
#include "net/base/host_port_pair.h"
-#include "net/base/dns_util.h"
-#include "net/base/dnsrr_resolver.h"
#include "net/base/net_errors.h"
#include "net/base/net_log.h"
-#include "net/base/public_key_hashes.h"
#include "net/cookies/cookie_monster.h"
#include "net/http/http_request_headers.h"
#include "net/http/http_response_headers.h"
@@ -108,66 +103,6 @@ void ForwardRequestStatus(
}
}
-const char* const kComodoCerts[] = {
- kSPKIHash_AAACertificateServices,
- kSPKIHash_AddTrustClass1CARoot,
- kSPKIHash_AddTrustExternalCARoot,
- kSPKIHash_AddTrustPublicCARoot,
- kSPKIHash_AddTrustQualifiedCARoot,
- kSPKIHash_COMODOCertificationAuthority,
- kSPKIHash_SecureCertificateServices,
- kSPKIHash_TrustedCertificateServices,
- kSPKIHash_UTNDATACorpSGC,
- kSPKIHash_UTNUSERFirstClientAuthenticationandEmail,
- kSPKIHash_UTNUSERFirstHardware,
- kSPKIHash_UTNUSERFirstObject,
-};
-
-// IsComodoCertificate returns true if a known Comodo public key appears in
-// |public_key_hashes|.
-// TODO(agl): remove once experiment is complete, by July 2012.
-static bool IsComodoCertificate(
- const std::vector<net::SHA1Fingerprint>& public_key_hashes) {
- for (std::vector<net::SHA1Fingerprint>::const_iterator
- i = public_key_hashes.begin(); i != public_key_hashes.end(); ++i) {
- std::string base64_hash;
- base::Base64Encode(
- base::StringPiece(reinterpret_cast<const char*>(i->data),
- arraysize(i->data)),
- &base64_hash);
- base64_hash = "sha1/" + base64_hash;
-
- for (size_t j = 0; j < arraysize(kComodoCerts); j++) {
- if (base64_hash == kComodoCerts[j])
- return true;
- }
- }
-
- return false;
-}
-
-// RecordComodoDNSResult is a callback from a DNS resolution. It records the
-// elapsed time in a histogram.
-// TODO(agl): remove once experiment is complete, by July 2012.
-static void RecordComodoDNSResult(net::RRResponse* response,
- base::TimeTicks start_time,
- int result) {
- base::TimeDelta total_time = base::TimeTicks::Now() - start_time;
- if (total_time.InMilliseconds() > 10) {
- // If the reply took > 10 ms there's a good chance that it didn't come from
- // a local DNS cache.
- if (result == net::OK &&
- response->rrdatas.size() &&
- response->rrdatas[0].find("wibble") != std::string::npos) {
- UMA_HISTOGRAM_TIMES("Net.ComodoDNSExperimentSuccessTime", total_time);
- } else {
- UMA_HISTOGRAM_TIMES("Net.ComodoDNSExperimentFailureTime", total_time);
- }
- }
-}
-
-bool g_comodo_dns_experiment_enabled = false;
-
} // namespace
ChromeNetworkDelegate::ChromeNetworkDelegate(
@@ -199,11 +134,6 @@ void ChromeNetworkDelegate::InitializeReferrersEnabled(
enable_referrers->MoveToThread(BrowserThread::IO);
}
-// static
-void ChromeNetworkDelegate::EnableComodoDNSExperiment() {
- g_comodo_dns_experiment_enabled = true;
-}
-
int ChromeNetworkDelegate::OnBeforeURLRequest(
net::URLRequest* request,
const net::CompletionCallback& callback,
@@ -267,40 +197,6 @@ void ChromeNetworkDelegate::OnResponseStarted(net::URLRequest* request) {
ExtensionWebRequestEventRouter::GetInstance()->OnResponseStarted(
profile_, extension_info_map_.get(), request);
ForwardProxyErrors(request, event_router_.get(), profile_);
-
- if (g_comodo_dns_experiment_enabled) {
- // This is a temporary experiment, in conjuction with Comodo, to measure the
- // effectiveness of a possible DNS-based revocation mechanism.
- // TODO(agl): remove once experiment is complete, by July 2012.
- const net::SSLInfo& ssl_info = request->response_info().ssl_info;
- if (request->response_info().was_cached == false &&
- ssl_info.is_valid() &&
- ssl_info.is_issued_by_known_root &&
- IsComodoCertificate(ssl_info.public_key_hashes)) {
- if (dnsrr_resolver_.get() == NULL)
- dnsrr_resolver_.reset(new net::DnsRRResolver);
-
- // The Comodo DNS record has a 20 minute TTL, so we won't actually
- // request it more than three times an hour because it'll be in the
- // DnsRRResolver's cache. However, just in case something goes wrong we
- // also implement a hard stop to prevent resolutions more than once
- // every ten minutes.
- const base::TimeTicks now(base::TimeTicks::Now());
- if (!last_comodo_resolution_time_.is_null() &&
- (now - last_comodo_resolution_time_).InMinutes() < 10) {
- return;
- }
- last_comodo_resolution_time_ = now;
-
- net::RRResponse* response = new net::RRResponse;
- base::TimeTicks start_time(now);
- dnsrr_resolver_->Resolve(
- "wibble.comodoca.com", net::kDNS_TXT, 0 /* flags */,
- Bind(RecordComodoDNSResult, base::Owned(response), start_time),
- response, 0 /* priority */,
- request->net_log());
- }
- }
}
void ChromeNetworkDelegate::OnRawBytesRead(const net::URLRequest& request,
diff --git a/chrome/browser/net/chrome_network_delegate.h b/chrome/browser/net/chrome_network_delegate.h
index 7abf351..a582c38 100644
--- a/chrome/browser/net/chrome_network_delegate.h
+++ b/chrome/browser/net/chrome_network_delegate.h
@@ -9,7 +9,6 @@
#include "base/basictypes.h"
#include "base/compiler_specific.h"
#include "base/memory/ref_counted.h"
-#include "base/time.h"
#include "net/base/network_delegate.h"
class CookieSettings;
@@ -24,10 +23,6 @@ namespace policy {
class URLBlacklistManager;
}
-namespace net {
-class DnsRRResolver;
-}
-
// ChromeNetworkDelegate is the central point from within the chrome code to
// add hooks into the network stack.
class ChromeNetworkDelegate : public net::NetworkDelegate {
@@ -52,8 +47,6 @@ class ChromeNetworkDelegate : public net::NetworkDelegate {
static void InitializeReferrersEnabled(BooleanPrefMember* enable_referrers,
PrefService* pref_service);
- static void EnableComodoDNSExperiment();
-
private:
// NetworkDelegate implementation.
virtual int OnBeforeURLRequest(net::URLRequest* request,
@@ -102,9 +95,6 @@ class ChromeNetworkDelegate : public net::NetworkDelegate {
// Weak, owned by our owner.
const policy::URLBlacklistManager* url_blacklist_manager_;
- scoped_ptr<net::DnsRRResolver> dnsrr_resolver_;
- base::TimeTicks last_comodo_resolution_time_;
-
DISALLOW_COPY_AND_ASSIGN(ChromeNetworkDelegate);
};
generated by cgit v1.1 at 2025-01-18 11:05:16 +0000