diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-27 16:48:46 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-27 16:48:46 +0000 |
| commit | efe22215cad3c4541a443339d948c226d54e44c5 (patch) | |
| tree | 2e8f8489f6b89a594bdb891120324c730178a087 | |
| parent | f18531246f728226c9b2a62f425dfb8db38af243 (diff) | |
| download | chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.zip chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.tar.gz chromium_src-efe22215cad3c4541a443339d948c226d54e44c5.tar.bz2 | |
Remove SSLHostInfo.
BUG=105208
TEST=none
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@144468 0039d316-1c4b-4281-b951-d872f2087c98
46 files changed, 54 insertions, 1230 deletions
diff --git a/chrome/browser/chrome_benchmarking_message_filter.cc b/chrome/browser/chrome_benchmarking_message_filter.cc index 1a44b0b..4e7c5f5 100644 --- a/chrome/browser/chrome_benchmarking_message_filter.cc +++ b/chrome/browser/chrome_benchmarking_message_filter.cc @@ -30,57 +30,6 @@ void ClearCacheCallback(ChromeBenchmarkingMessageFilter* filter, filter->Send(reply_msg); } -// Class to assist with clearing out the cache when we want to preserve -// the sslhostinfo entries. It's not very efficient, but its just for debug. -class DoomEntriesHelper { - public: - explicit DoomEntriesHelper(disk_cache::Backend* backend) - : backend_(backend), - entry_(NULL), - iter_(NULL), - ALLOW_THIS_IN_INITIALIZER_LIST(callback_( - base::Bind(&DoomEntriesHelper::CacheCallback, - base::Unretained(this)))) { - } - - void ClearCache(const net::CompletionCallback& callback) { - clear_cache_callback_ = callback; - return CacheCallback(net::OK); // Start clearing the cache. - } - - const net::CompletionCallback& callback() { return callback_; } - - private: - void CacheCallback(int result) { - do { - if (result != net::OK) { - clear_cache_callback_.Run(result); - delete this; - return; - } - - if (entry_) { - // Doom all entries except those with snapstart information. - std::string key = entry_->GetKey(); - if (key.find("sslhostinfo:") != 0) { - entry_->Doom(); - backend_->EndEnumeration(&iter_); - iter_ = NULL; // We invalidated our iterator - start from the top! - } - entry_->Close(); - entry_ = NULL; - } - result = backend_->OpenNextEntry(&iter_, &entry_, callback_); - } while (result != net::ERR_IO_PENDING); - } - - disk_cache::Backend* backend_; - disk_cache::Entry* entry_; - void* iter_; - net::CompletionCallback callback_; - net::CompletionCallback clear_cache_callback_; -}; - } // namespace ChromeBenchmarkingMessageFilter::ChromeBenchmarkingMessageFilter( @@ -113,8 +62,7 @@ bool ChromeBenchmarkingMessageFilter::OnMessageReceived( return handled; } -void ChromeBenchmarkingMessageFilter::OnClearCache(bool preserve_ssl_host_info, - IPC::Message* reply_msg) { +void ChromeBenchmarkingMessageFilter::OnClearCache(IPC::Message* reply_msg) { // This function is disabled unless the user has enabled // benchmarking extensions. if (!CheckBenchmarkingEnabled()) { @@ -128,16 +76,10 @@ void ChromeBenchmarkingMessageFilter::OnClearCache(bool preserve_ssl_host_info, if (backend) { net::CompletionCallback callback = base::Bind(&ClearCacheCallback, make_scoped_refptr(this), reply_msg); - if (preserve_ssl_host_info) { - DoomEntriesHelper* helper = new DoomEntriesHelper(backend); - helper->ClearCache(callback); // Will self clean. + rv = backend->DoomAllEntries(callback); + if (rv == net::ERR_IO_PENDING) { + // The callback will send the reply. return; - } else { - rv = backend->DoomAllEntries(callback); - if (rv == net::ERR_IO_PENDING) { - // The callback will send the reply. - return; - } } } ChromeViewHostMsg_ClearCache::WriteReplyParams(reply_msg, rv); diff --git a/chrome/browser/chrome_benchmarking_message_filter.h b/chrome/browser/chrome_benchmarking_message_filter.h index 7f0ecb4..35c60bc 100644 --- a/chrome/browser/chrome_benchmarking_message_filter.h +++ b/chrome/browser/chrome_benchmarking_message_filter.h @@ -33,7 +33,7 @@ class ChromeBenchmarkingMessageFilter : public content::BrowserMessageFilter { // Message handlers. void OnCloseCurrentConnections(); - void OnClearCache(bool preserve_ssl_host_info, IPC::Message* reply_msg); + void OnClearCache(IPC::Message* reply_msg); void OnClearHostResolverCache(int* result); void OnEnableSpdy(bool enable); void OnSetCacheMode(bool enabled); diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc index 29c8861..e57f5d9 100644 --- a/chrome/browser/io_thread.cc +++ b/chrome/browser/io_thread.cc @@ -612,7 +612,6 @@ void IOThread::InitSystemRequestContextOnIOThread() { globals_->system_server_bound_cert_service.get(); system_params.transport_security_state = globals_->transport_security_state.get(); - system_params.ssl_host_info_factory = NULL; system_params.proxy_service = globals_->system_proxy_service.get(); system_params.ssl_config_service = globals_->ssl_config_service.get(); system_params.http_auth_handler_factory = diff --git a/chrome/common/benchmarking_messages.h b/chrome/common/benchmarking_messages.h index beaefea..02c8f3d 100644 --- a/chrome/common/benchmarking_messages.h +++ b/chrome/common/benchmarking_messages.h @@ -25,11 +25,8 @@ IPC_MESSAGE_CONTROL1(ChromeViewHostMsg_SetCacheMode, // Message sent from the renderer to the browser to request that the browser // clear the cache. Used for debugging/testing. -// |preserve_ssl_host_info| controls whether clearing the cache will preserve -// persisted SSL information stored in the cache. // |result| is the returned status from the operation. -IPC_SYNC_MESSAGE_CONTROL1_1(ChromeViewHostMsg_ClearCache, - bool /* preserve_ssl_host_info */, +IPC_SYNC_MESSAGE_CONTROL0_1(ChromeViewHostMsg_ClearCache, int /* result */) // Message sent from the renderer to the browser to request that the browser diff --git a/chrome/renderer/benchmarking_extension.cc b/chrome/renderer/benchmarking_extension.cc index d6eb831..f74714f 100644 --- a/chrome/renderer/benchmarking_extension.cc +++ b/chrome/renderer/benchmarking_extension.cc @@ -29,9 +29,9 @@ class BenchmarkingWrapper : public v8::Extension { "if (typeof(chrome.benchmarking) == 'undefined') {" " chrome.benchmarking = {};" "};" - "chrome.benchmarking.clearCache = function(preserve_ssl_entries) {" + "chrome.benchmarking.clearCache = function() {" " native function ClearCache();" - " ClearCache(preserve_ssl_entries);" + " ClearCache();" "};" "chrome.benchmarking.clearHostResolverCache = function() {" " native function ClearHostResolverCache();" @@ -109,12 +109,8 @@ class BenchmarkingWrapper : public v8::Extension { } static v8::Handle<v8::Value> ClearCache(const v8::Arguments& args) { - bool preserve_ssl_host_entries = false; - if (args.Length() && args[0]->IsBoolean()) - preserve_ssl_host_entries = args[0]->BooleanValue(); int rv; - content::RenderThread::Get()->Send(new ChromeViewHostMsg_ClearCache( - preserve_ssl_host_entries, &rv)); + content::RenderThread::Get()->Send(new ChromeViewHostMsg_ClearCache(&rv)); WebCache::clear(); return v8::Undefined(); } diff --git a/content/browser/renderer_host/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper_tcp_socket.cc index 232dbc0..91bd706 100644 --- a/content/browser/renderer_host/pepper_tcp_socket.cc +++ b/content/browser/renderer_host/pepper_tcp_socket.cc @@ -132,7 +132,7 @@ void PepperTCPSocket::SSLHandshake( net::SSLClientSocketContext ssl_context; ssl_context.cert_verifier = manager_->GetCertVerifier(); socket_.reset(factory->CreateSSLClientSocket( - handle, host_port_pair, manager_->ssl_config(), NULL, ssl_context)); + handle, host_port_pair, manager_->ssl_config(), ssl_context)); if (!socket_.get()) { LOG(WARNING) << "Failed to create an SSL client socket."; OnSSLHandshakeCompleted(net::ERR_UNEXPECTED); diff --git a/jingle/notifier/base/chrome_async_socket_unittest.cc b/jingle/notifier/base/chrome_async_socket_unittest.cc index 00eb8ac..ce97531 100644 --- a/jingle/notifier/base/chrome_async_socket_unittest.cc +++ b/jingle/notifier/base/chrome_async_socket_unittest.cc @@ -123,7 +123,7 @@ class MockXmppClientSocketFactory : public ResolvingClientSocketFactory { net::SSLClientSocketContext context; context.cert_verifier = cert_verifier_.get(); return mock_client_socket_factory_->CreateSSLClientSocket( - transport_socket, host_and_port, ssl_config_, NULL, context); + transport_socket, host_and_port, ssl_config_, context); } private: diff --git a/jingle/notifier/base/proxy_resolving_client_socket.cc b/jingle/notifier/base/proxy_resolving_client_socket.cc index 9329c29..9abe6e3 100644 --- a/jingle/notifier/base/proxy_resolving_client_socket.cc +++ b/jingle/notifier/base/proxy_resolving_client_socket.cc @@ -55,7 +55,6 @@ ProxyResolvingClientSocket::ProxyResolvingClientSocket( // transport_security_state is NULL because it's not thread safe. session_params.transport_security_state = NULL; session_params.proxy_service = request_context->proxy_service(); - session_params.ssl_host_info_factory = NULL; session_params.ssl_config_service = request_context->ssl_config_service(); session_params.http_auth_handler_factory = request_context->http_auth_handler_factory(); diff --git a/jingle/notifier/base/xmpp_client_socket_factory.cc b/jingle/notifier/base/xmpp_client_socket_factory.cc index 22ae27c..2594084 100644 --- a/jingle/notifier/base/xmpp_client_socket_factory.cc +++ b/jingle/notifier/base/xmpp_client_socket_factory.cc @@ -49,7 +49,7 @@ net::SSLClientSocket* XmppClientSocketFactory::CreateSSLClientSocket( // TODO(rkn): context.server_bound_cert_service is NULL because the // ServerBoundCertService class is not thread safe. return client_socket_factory_->CreateSSLClientSocket( - transport_socket, host_and_port, ssl_config_, NULL, context); + transport_socket, host_and_port, ssl_config_, context); } diff --git a/net/base/net_log_event_type_list.h b/net/base/net_log_event_type_list.h index fa0df6b..bed5070 100644 --- a/net/base/net_log_event_type_list.h +++ b/net/base/net_log_event_type_list.h @@ -505,7 +505,7 @@ EVENT_TYPE(SSL_WRITE_ERROR) EVENT_TYPE(SSL_VERSION_FALLBACK) // We found that our prediction of the server's certificates was correct and -// we merged the verification with the SSLHostInfo. +// we merged the verification with the SSLHostInfo. (Note: now obsolete.) EVENT_TYPE(SSL_VERIFICATION_MERGED) // An SSL error occurred while calling an NSS function not directly related to diff --git a/net/http/disk_cache_based_ssl_host_info.cc b/net/http/disk_cache_based_ssl_host_info.cc deleted file mode 100644 index eff8522..0000000 --- a/net/http/disk_cache_based_ssl_host_info.cc +++ /dev/null @@ -1,281 +0,0 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/http/disk_cache_based_ssl_host_info.h" - -#include "base/bind.h" -#include "base/callback.h" -#include "base/logging.h" -#include "net/base/completion_callback.h" -#include "net/base/io_buffer.h" -#include "net/base/net_errors.h" -#include "net/http/http_cache.h" -#include "net/http/http_network_session.h" - -namespace net { - -// Some APIs inside disk_cache take a handle that the caller must keep alive -// until the API has finished its asynchronous execution. -// -// Unfortunately, DiskCacheBasedSSLHostInfo may be deleted before the -// operation completes causing a use-after-free. -// -// This data shim struct is meant to provide a location for the disk_cache -// APIs to write into even if the originating DiskCacheBasedSSLHostInfo -// object has been deleted. The lifetime for instances of this struct -// should be bound to the CompletionCallback that is passed to the disk_cache -// API. We do this by binding an instance of this struct to an unused -// parameter for OnIOComplete() using base::Owned(). -// -// This is a hack. A better fix is to make it so that the disk_cache APIs -// take a Callback to a mutator for setting the output value rather than -// writing into a raw handle. Then the caller can just pass in a Callback -// bound to WeakPtr for itself. This callback would correctly "no-op" itself -// when the DiskCacheBasedSSLHostInfo object is deleted. -// -// TODO(ajwong): Change disk_cache's API to return results via Callback. -struct DiskCacheBasedSSLHostInfo::CacheOperationDataShim { - CacheOperationDataShim() : backend(NULL), entry(NULL) {} - - disk_cache::Backend* backend; - disk_cache::Entry* entry; -}; - -DiskCacheBasedSSLHostInfo::DiskCacheBasedSSLHostInfo( - const std::string& hostname, - const SSLConfig& ssl_config, - CertVerifier* cert_verifier, - HttpCache* http_cache) - : SSLHostInfo(hostname, ssl_config, cert_verifier), - ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)), - data_shim_(new CacheOperationDataShim()), - io_callback_( - base::Bind(&DiskCacheBasedSSLHostInfo::OnIOComplete, - weak_factory_.GetWeakPtr(), - base::Owned(data_shim_))), // Ownership assigned. - state_(GET_BACKEND), - ready_(false), - found_entry_(false), - hostname_(hostname), - http_cache_(http_cache), - backend_(NULL), - entry_(NULL) { -} - -void DiskCacheBasedSSLHostInfo::Start() { - DCHECK(CalledOnValidThread()); - DCHECK_EQ(GET_BACKEND, state_); - DoLoop(OK); -} - -int DiskCacheBasedSSLHostInfo::WaitForDataReady( - const CompletionCallback& callback) { - DCHECK(CalledOnValidThread()); - DCHECK(state_ != GET_BACKEND); - - if (ready_) - return OK; - - if (!callback.is_null()) { - DCHECK(user_callback_.is_null()); - user_callback_ = callback; - } - - return ERR_IO_PENDING; -} - -void DiskCacheBasedSSLHostInfo::Persist() { - DCHECK(CalledOnValidThread()); - DCHECK(state_ != GET_BACKEND); - - DCHECK(new_data_.empty()); - CHECK(ready_); - DCHECK(user_callback_.is_null()); - new_data_ = Serialize(); - - if (!backend_) - return; - - state_ = CREATE_OR_OPEN; - DoLoop(OK); -} - -DiskCacheBasedSSLHostInfo::~DiskCacheBasedSSLHostInfo() { - DCHECK(user_callback_.is_null()); - if (entry_) - entry_->Close(); -} - -std::string DiskCacheBasedSSLHostInfo::key() const { - return "sslhostinfo:" + hostname_; -} - -void DiskCacheBasedSSLHostInfo::OnIOComplete(CacheOperationDataShim* unused, - int rv) { - rv = DoLoop(rv); - if (rv != ERR_IO_PENDING && !user_callback_.is_null()) { - CompletionCallback callback = user_callback_; - user_callback_.Reset(); - callback.Run(rv); - } -} - -int DiskCacheBasedSSLHostInfo::DoLoop(int rv) { - do { - switch (state_) { - case GET_BACKEND: - rv = DoGetBackend(); - break; - case GET_BACKEND_COMPLETE: - rv = DoGetBackendComplete(rv); - break; - case OPEN: - rv = DoOpen(); - break; - case OPEN_COMPLETE: - rv = DoOpenComplete(rv); - break; - case READ: - rv = DoRead(); - break; - case READ_COMPLETE: - rv = DoReadComplete(rv); - break; - case WAIT_FOR_DATA_READY_DONE: - rv = DoWaitForDataReadyDone(); - break; - case CREATE_OR_OPEN: - rv = DoCreateOrOpen(); - break; - case CREATE_OR_OPEN_COMPLETE: - rv = DoCreateOrOpenComplete(rv); - break; - case WRITE: - rv = DoWrite(); - break; - case WRITE_COMPLETE: - rv = DoWriteComplete(rv); - break; - case SET_DONE: - rv = DoSetDone(); - break; - default: - rv = OK; - NOTREACHED(); - } - } while (rv != ERR_IO_PENDING && state_ != NONE); - - return rv; -} - -int DiskCacheBasedSSLHostInfo::DoGetBackendComplete(int rv) { - if (rv == OK) { - backend_ = data_shim_->backend; - state_ = OPEN; - } else { - state_ = WAIT_FOR_DATA_READY_DONE; - } - return OK; -} - -int DiskCacheBasedSSLHostInfo::DoOpenComplete(int rv) { - if (rv == OK) { - entry_ = data_shim_->entry; - state_ = READ; - found_entry_ = true; - } else { - state_ = WAIT_FOR_DATA_READY_DONE; - } - - return OK; -} - -int DiskCacheBasedSSLHostInfo::DoReadComplete(int rv) { - if (rv > 0) - data_.assign(read_buffer_->data(), rv); - - state_ = WAIT_FOR_DATA_READY_DONE; - return OK; -} - -int DiskCacheBasedSSLHostInfo::DoWriteComplete(int rv) { - state_ = SET_DONE; - return OK; -} - -int DiskCacheBasedSSLHostInfo::DoCreateOrOpenComplete(int rv) { - if (rv != OK) { - state_ = SET_DONE; - } else { - entry_ = data_shim_->entry; - state_ = WRITE; - } - return OK; -} - -int DiskCacheBasedSSLHostInfo::DoGetBackend() { - state_ = GET_BACKEND_COMPLETE; - return http_cache_->GetBackend(&data_shim_->backend, io_callback_); -} - -int DiskCacheBasedSSLHostInfo::DoOpen() { - state_ = OPEN_COMPLETE; - return backend_->OpenEntry(key(), &data_shim_->entry, io_callback_); -} - -int DiskCacheBasedSSLHostInfo::DoRead() { - const int32 size = entry_->GetDataSize(0 /* index */); - if (!size) { - state_ = WAIT_FOR_DATA_READY_DONE; - return OK; - } - - read_buffer_ = new IOBuffer(size); - state_ = READ_COMPLETE; - return entry_->ReadData( - 0 /* index */, 0 /* offset */, read_buffer_, size, io_callback_); -} - -int DiskCacheBasedSSLHostInfo::DoWrite() { - write_buffer_ = new IOBuffer(new_data_.size()); - memcpy(write_buffer_->data(), new_data_.data(), new_data_.size()); - state_ = WRITE_COMPLETE; - - return entry_->WriteData( - 0 /* index */, 0 /* offset */, write_buffer_, new_data_.size(), - io_callback_, true /* truncate */); -} - -int DiskCacheBasedSSLHostInfo::DoCreateOrOpen() { - DCHECK(entry_ == NULL); - state_ = CREATE_OR_OPEN_COMPLETE; - if (found_entry_) { - return backend_->OpenEntry(key(), &data_shim_->entry, io_callback_); - } - - return backend_->CreateEntry(key(), &data_shim_->entry, io_callback_); -} - -int DiskCacheBasedSSLHostInfo::DoWaitForDataReadyDone() { - DCHECK(!ready_); - state_ = NONE; - ready_ = true; - // We close the entry because, if we shutdown before ::Persist is called, - // then we might leak a cache reference, which causes a DCHECK on shutdown. - if (entry_) - entry_->Close(); - entry_ = NULL; - Parse(data_); - return OK; -} - -int DiskCacheBasedSSLHostInfo::DoSetDone() { - if (entry_) - entry_->Close(); - entry_ = NULL; - state_ = NONE; - return OK; -} - -} // namespace net diff --git a/net/http/disk_cache_based_ssl_host_info.h b/net/http/disk_cache_based_ssl_host_info.h deleted file mode 100644 index 3496ed6..0000000 --- a/net/http/disk_cache_based_ssl_host_info.h +++ /dev/null @@ -1,106 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_HTTP_DISK_CACHE_BASED_SSL_HOST_INFO_H_ -#define NET_HTTP_DISK_CACHE_BASED_SSL_HOST_INFO_H_ - -#include <string> - -#include "base/memory/ref_counted.h" -#include "base/memory/weak_ptr.h" -#include "base/threading/non_thread_safe.h" -#include "net/base/completion_callback.h" -#include "net/disk_cache/disk_cache.h" -#include "net/socket/ssl_host_info.h" - -namespace net { - -class HttpCache; -class IOBuffer; -struct SSLConfig; - -// DiskCacheBasedSSLHostInfo fetches information about an SSL host from our -// standard disk cache. Since the information is defined to be non-sensitive, -// it's ok for us to keep it on disk. -class NET_EXPORT_PRIVATE DiskCacheBasedSSLHostInfo - : public SSLHostInfo, - public NON_EXPORTED_BASE(base::NonThreadSafe) { - public: - DiskCacheBasedSSLHostInfo(const std::string& hostname, - const SSLConfig& ssl_config, - CertVerifier* cert_verifier, - HttpCache* http_cache); - - // SSLHostInfo implementation. - virtual void Start() OVERRIDE; - virtual int WaitForDataReady(const CompletionCallback& callback) OVERRIDE; - virtual void Persist() OVERRIDE; - - private: - struct CacheOperationDataShim; - enum State { - GET_BACKEND, - GET_BACKEND_COMPLETE, - OPEN, - OPEN_COMPLETE, - READ, - READ_COMPLETE, - WAIT_FOR_DATA_READY_DONE, - CREATE_OR_OPEN, - CREATE_OR_OPEN_COMPLETE, - WRITE, - WRITE_COMPLETE, - SET_DONE, - NONE, - }; - - virtual ~DiskCacheBasedSSLHostInfo(); - - std::string key() const; - - // The |unused| parameter is a small hack so that we can have the - // CacheOperationDataShim object owned by the Callback that is created for - // this method. See comment above CacheOperationDataShim for details. - void OnIOComplete(CacheOperationDataShim* unused, int rv); - - int DoLoop(int rv); - - int DoGetBackendComplete(int rv); - int DoOpenComplete(int rv); - int DoReadComplete(int rv); - int DoWriteComplete(int rv); - int DoCreateOrOpenComplete(int rv); - - int DoGetBackend(); - int DoOpen(); - int DoRead(); - int DoWrite(); - int DoCreateOrOpen(); - - // DoWaitForDataReadyDone is the terminal state of the read operation. - int DoWaitForDataReadyDone(); - - // DoSetDone is the terminal state of the write operation. - int DoSetDone(); - - base::WeakPtrFactory<DiskCacheBasedSSLHostInfo> weak_factory_; - CacheOperationDataShim* data_shim_; // Owned by |io_callback_|. - CompletionCallback io_callback_; - State state_; - bool ready_; - bool found_entry_; // Controls the behavior of DoCreateOrOpen. - std::string new_data_; - const std::string hostname_; - HttpCache* const http_cache_; - disk_cache::Backend* backend_; - disk_cache::Entry* entry_; - CompletionCallback user_callback_; - scoped_refptr<IOBuffer> read_buffer_; - scoped_refptr<IOBuffer> write_buffer_; - std::string data_; -}; - -} // namespace net - -#endif // NET_HTTP_DISK_CACHE_BASED_SSL_HOST_INFO_H_ diff --git a/net/http/disk_cache_based_ssl_host_info_unittest.cc b/net/http/disk_cache_based_ssl_host_info_unittest.cc deleted file mode 100644 index 2bb3db7..0000000 --- a/net/http/disk_cache_based_ssl_host_info_unittest.cc +++ /dev/null @@ -1,118 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "base/bind.h" -#include "base/bind_helpers.h" -#include "base/compiler_specific.h" -#include "base/message_loop.h" -#include "net/base/mock_cert_verifier.h" -#include "net/base/net_errors.h" -#include "net/base/ssl_config_service.h" -#include "net/http/disk_cache_based_ssl_host_info.h" -#include "net/http/mock_http_cache.h" -#include "testing/gtest/include/gtest/gtest.h" - -namespace { - -// This is an empty transaction, needed to register the URL and the test mode. -const MockTransaction kHostInfoTransaction = { - "sslhostinfo:https://www.google.com", - "", - base::Time(), - "", - net::LOAD_NORMAL, - "", - "", - base::Time(), - "", - TEST_MODE_NORMAL, - NULL, - 0 -}; - -// Tests that we can delete a DiskCacheBasedSSLHostInfo object in a -// completion callback for DiskCacheBasedSSLHostInfo::WaitForDataReady. -TEST(DiskCacheBasedSSLHostInfo, DeleteInCallback) { - scoped_ptr<net::CertVerifier> cert_verifier(new net::MockCertVerifier); - // Use the blocking mock backend factory to force asynchronous completion - // of ssl_host_info->WaitForDataReady(), so that the callback will run. - MockBlockingBackendFactory* factory = new MockBlockingBackendFactory(); - MockHttpCache cache(factory); - net::SSLConfig ssl_config; - scoped_ptr<net::SSLHostInfo> ssl_host_info( - new net::DiskCacheBasedSSLHostInfo("https://www.verisign.com", ssl_config, - cert_verifier.get(), - cache.http_cache())); - ssl_host_info->Start(); - net::TestCompletionCallback callback; - int rv = ssl_host_info->WaitForDataReady(callback.callback()); - EXPECT_EQ(net::ERR_IO_PENDING, rv); - // Now complete the backend creation and let the callback run. - factory->FinishCreation(); - EXPECT_EQ(net::OK, callback.GetResult(rv)); -} - -// Tests the basic logic of storing, retrieving and updating data. -TEST(DiskCacheBasedSSLHostInfo, Update) { - MockHttpCache cache; - AddMockTransaction(&kHostInfoTransaction); - net::TestCompletionCallback callback; - - // Store a certificate chain. - scoped_ptr<net::CertVerifier> cert_verifier(new net::MockCertVerifier); - net::SSLConfig ssl_config; - scoped_ptr<net::SSLHostInfo> ssl_host_info( - new net::DiskCacheBasedSSLHostInfo("https://www.google.com", ssl_config, - cert_verifier.get(), - cache.http_cache())); - ssl_host_info->Start(); - int rv = ssl_host_info->WaitForDataReady(callback.callback()); - EXPECT_EQ(net::OK, callback.GetResult(rv)); - - net::SSLHostInfo::State* state = ssl_host_info->mutable_state(); - EXPECT_TRUE(state->certs.empty()); - state->certs.push_back(std::string("foo")); - ssl_host_info->Persist(); - - // Wait until Persist() does the work. - MessageLoop::current()->RunAllPending(); - - // Open the stored certificate chain. - ssl_host_info.reset( - new net::DiskCacheBasedSSLHostInfo("https://www.google.com", ssl_config, - cert_verifier.get(), - cache.http_cache())); - ssl_host_info->Start(); - rv = ssl_host_info->WaitForDataReady(callback.callback()); - EXPECT_EQ(net::OK, callback.GetResult(rv)); - - // And now update the data. - state = ssl_host_info->mutable_state(); - EXPECT_EQ(1U, state->certs.size()); - EXPECT_EQ("foo", state->certs.front()); - state->certs.push_back(std::string("bar")); - - // Fail instead of DCHECKing double creates. - cache.disk_cache()->set_double_create_check(false); - ssl_host_info->Persist(); - MessageLoop::current()->RunAllPending(); - - // Verify that the state was updated. - ssl_host_info.reset( - new net::DiskCacheBasedSSLHostInfo("https://www.google.com", ssl_config, - cert_verifier.get(), - cache.http_cache())); - ssl_host_info->Start(); - rv = ssl_host_info->WaitForDataReady(callback.callback()); - EXPECT_EQ(net::OK, callback.GetResult(rv)); - - state = ssl_host_info->mutable_state(); - EXPECT_EQ(2U, state->certs.size()); - EXPECT_EQ("foo", state->certs[0]); - EXPECT_EQ("bar", state->certs[1]); - - RemoveMockTransaction(&kHostInfoTransaction); -} - -} // namespace diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc index 41bd1c0..defc365 100644 --- a/net/http/http_cache.cc +++ b/net/http/http_cache.cc @@ -28,7 +28,6 @@ #include "net/base/load_flags.h" #include "net/base/net_errors.h" #include "net/disk_cache/disk_cache.h" -#include "net/http/disk_cache_based_ssl_host_info.h" #include "net/http/http_cache_transaction.h" #include "net/http/http_network_layer.h" #include "net/http/http_network_session.h" @@ -36,7 +35,6 @@ #include "net/http/http_response_headers.h" #include "net/http/http_response_info.h" #include "net/http/http_util.h" -#include "net/socket/ssl_host_info.h" namespace net { @@ -48,7 +46,6 @@ HttpNetworkSession* CreateNetworkSession( ServerBoundCertService* server_bound_cert_service, TransportSecurityState* transport_security_state, ProxyService* proxy_service, - SSLHostInfoFactory* ssl_host_info_factory, const std::string& ssl_session_cache_shard, SSLConfigService* ssl_config_service, HttpAuthHandlerFactory* http_auth_handler_factory, @@ -62,7 +59,6 @@ HttpNetworkSession* CreateNetworkSession( params.server_bound_cert_service = server_bound_cert_service; params.transport_security_state = transport_security_state; params.proxy_service = proxy_service; - params.ssl_host_info_factory = ssl_host_info_factory; params.ssl_session_cache_shard = ssl_session_cache_shard; params.ssl_config_service = ssl_config_service; params.http_auth_handler_factory = http_auth_handler_factory; @@ -279,25 +275,6 @@ void HttpCache::MetadataWriter::OnIOComplete(int result) { //----------------------------------------------------------------------------- -class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory { - public: - SSLHostInfoFactoryAdaptor(CertVerifier* cert_verifier, HttpCache* http_cache) - : cert_verifier_(cert_verifier), - http_cache_(http_cache) { - } - - virtual SSLHostInfo* GetForHost(const std::string& hostname, - const SSLConfig& ssl_config) { - return new DiskCacheBasedSSLHostInfo( - hostname, ssl_config, cert_verifier_, http_cache_); - } - - private: - CertVerifier* const cert_verifier_; - HttpCache* const http_cache_; -}; - -//----------------------------------------------------------------------------- HttpCache::HttpCache(HostResolver* host_resolver, CertVerifier* cert_verifier, ServerBoundCertService* server_bound_cert_service, @@ -315,9 +292,6 @@ HttpCache::HttpCache(HostResolver* host_resolver, backend_factory_(backend_factory), building_backend_(false), mode_(NORMAL), - ssl_host_info_factory_(new SSLHostInfoFactoryAdaptor( - cert_verifier, - ALLOW_THIS_IN_INITIALIZER_LIST(this))), network_layer_( new HttpNetworkLayer( CreateNetworkSession( @@ -326,7 +300,6 @@ HttpCache::HttpCache(HostResolver* host_resolver, server_bound_cert_service, transport_security_state, proxy_service, - ssl_host_info_factory_.get(), ssl_session_cache_shard, ssl_config_service, http_auth_handler_factory, @@ -343,9 +316,6 @@ HttpCache::HttpCache(HttpNetworkSession* session, backend_factory_(backend_factory), building_backend_(false), mode_(NORMAL), - ssl_host_info_factory_(new SSLHostInfoFactoryAdaptor( - session->cert_verifier(), - ALLOW_THIS_IN_INITIALIZER_LIST(this))), network_layer_(new HttpNetworkLayer(session)) { } diff --git a/net/http/http_cache.h b/net/http/http_cache.h index 84a65da..1f2d7c7 100644 --- a/net/http/http_cache.h +++ b/net/http/http_cache.h @@ -212,7 +212,6 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory, // Types -------------------------------------------------------------------- class MetadataWriter; - class SSLHostInfoFactoryAdaptor; class Transaction; class WorkItem; friend class Transaction; @@ -380,8 +379,6 @@ class NET_EXPORT HttpCache : public HttpTransactionFactory, Mode mode_; - const scoped_ptr<SSLHostInfoFactoryAdaptor> ssl_host_info_factory_; - const scoped_ptr<HttpTransactionFactory> network_layer_; scoped_ptr<disk_cache::Backend> disk_cache_; diff --git a/net/http/http_cache_transaction.cc b/net/http/http_cache_transaction.cc index 006759e..f572efe 100644 --- a/net/http/http_cache_transaction.cc +++ b/net/http/http_cache_transaction.cc @@ -28,7 +28,6 @@ #include "net/base/ssl_cert_request_info.h" #include "net/base/ssl_config_service.h" #include "net/disk_cache/disk_cache.h" -#include "net/http/disk_cache_based_ssl_host_info.h" #include "net/http/http_network_session.h" #include "net/http/http_request_info.h" #include "net/http/http_response_headers.h" diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index c40061b9..0d9b459 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -36,7 +36,6 @@ net::ClientSocketPoolManager* CreateSocketPoolManager( params.cert_verifier, params.server_bound_cert_service, params.transport_security_state, - params.ssl_host_info_factory, params.ssl_session_cache_shard, params.proxy_service, params.ssl_config_service, diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index c37f4d6..9cbf8ef 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -39,7 +39,6 @@ class ProxyService; class SOCKSClientSocketPool; class SSLClientSocketPool; class SSLConfigService; -class SSLHostInfoFactory; class TransportClientSocketPool; class TransportSecurityState; @@ -56,7 +55,6 @@ class NET_EXPORT HttpNetworkSession server_bound_cert_service(NULL), transport_security_state(NULL), proxy_service(NULL), - ssl_host_info_factory(NULL), ssl_config_service(NULL), http_auth_handler_factory(NULL), network_delegate(NULL), @@ -70,7 +68,6 @@ class NET_EXPORT HttpNetworkSession ServerBoundCertService* server_bound_cert_service; TransportSecurityState* transport_security_state; ProxyService* proxy_service; - SSLHostInfoFactory* ssl_host_info_factory; std::string ssl_session_cache_shard; SSLConfigService* ssl_config_service; HttpAuthHandlerFactory* http_auth_handler_factory; diff --git a/net/http/http_network_transaction_spdy2_unittest.cc b/net/http/http_network_transaction_spdy2_unittest.cc index eb3a80f..72d4bf8 100644 --- a/net/http/http_network_transaction_spdy2_unittest.cc +++ b/net/http/http_network_transaction_spdy2_unittest.cc @@ -413,7 +413,7 @@ CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool( HostResolver* host_resolver, CertVerifier* cert_verifier) : SSLClientSocketPool(0, 0, NULL, host_resolver, cert_verifier, NULL, - NULL, NULL, "", NULL, NULL, NULL, NULL, NULL, NULL) {} + NULL, "", NULL, NULL, NULL, NULL, NULL, NULL) {} //----------------------------------------------------------------------------- @@ -7767,8 +7767,7 @@ TEST_F(HttpNetworkTransactionSpdy2Test, SSLClientSocketContext context; context.cert_verifier = session_deps.cert_verifier.get(); ssl_connection->set_socket(session_deps.socket_factory.CreateSSLClientSocket( - connection.release(), HostPortPair("" , 443), ssl_config, - NULL /* ssl_host_info */, context)); + connection.release(), HostPortPair("" , 443), ssl_config, context)); EXPECT_EQ(ERR_IO_PENDING, ssl_connection->socket()->Connect(callback.callback())); EXPECT_EQ(OK, callback.WaitForResult()); diff --git a/net/http/http_network_transaction_spdy3_unittest.cc b/net/http/http_network_transaction_spdy3_unittest.cc index 36f0b2b..331555c 100644 --- a/net/http/http_network_transaction_spdy3_unittest.cc +++ b/net/http/http_network_transaction_spdy3_unittest.cc @@ -413,7 +413,7 @@ CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool( HostResolver* host_resolver, CertVerifier* cert_verifier) : SSLClientSocketPool(0, 0, NULL, host_resolver, cert_verifier, NULL, - NULL, NULL, "", NULL, NULL, NULL, NULL, NULL, NULL) {} + NULL, "", NULL, NULL, NULL, NULL, NULL, NULL) {} //----------------------------------------------------------------------------- @@ -7766,8 +7766,7 @@ TEST_F(HttpNetworkTransactionSpdy3Test, SSLClientSocketContext context; context.cert_verifier = session_deps.cert_verifier.get(); ssl_connection->set_socket(session_deps.socket_factory.CreateSSLClientSocket( - connection.release(), HostPortPair("" , 443), ssl_config, - NULL /* ssl_host_info */, context)); + connection.release(), HostPortPair("" , 443), ssl_config, context)); EXPECT_EQ(ERR_IO_PENDING, ssl_connection->socket()->Connect(callback.callback())); EXPECT_EQ(OK, callback.WaitForResult()); diff --git a/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc b/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc index 6bd4ce7..65aa4c95 100644 --- a/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_spdy2_unittest.cc @@ -74,7 +74,6 @@ class HttpProxyClientSocketPoolSpdy2Test : public TestWithHttpParam { cert_verifier_.get(), NULL /* server_bound_cert_store */, NULL /* transport_security_state */, - NULL /* ssl_host_info_factory */, "" /* ssl_session_cache_shard */, &socket_factory_, &transport_socket_pool_, diff --git a/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc b/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc index 9d13298..d052b4f 100644 --- a/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_spdy3_unittest.cc @@ -74,7 +74,6 @@ class HttpProxyClientSocketPoolSpdy3Test : public TestWithHttpParam { cert_verifier_.get(), NULL /* server_bound_cert_store */, NULL /* transport_security_state */, - NULL /* ssl_host_info_factory */, "" /* ssl_session_cache_shard */, &socket_factory_, &transport_socket_pool_, diff --git a/net/http/http_stream_factory_impl_unittest.cc b/net/http/http_stream_factory_impl_unittest.cc index 0184a9d9..dbd6a5b 100644 --- a/net/http/http_stream_factory_impl_unittest.cc +++ b/net/http/http_stream_factory_impl_unittest.cc @@ -275,7 +275,7 @@ template<> CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool( HostResolver* host_resolver, CertVerifier* cert_verifier) : SSLClientSocketPool(0, 0, NULL, host_resolver, cert_verifier, NULL, - NULL, NULL, "", NULL, NULL, NULL, NULL, NULL, NULL), + NULL, "", NULL, NULL, NULL, NULL, NULL, NULL), last_num_streams_(-1) {} TEST(HttpStreamFactoryTest, PreconnectDirect) { diff --git a/net/http/http_transaction.h b/net/http/http_transaction.h index c3bc517..ab41732 100644 --- a/net/http/http_transaction.h +++ b/net/http/http_transaction.h @@ -18,7 +18,6 @@ struct HttpRequestInfo; class HttpResponseInfo; class IOBuffer; class X509Certificate; -class SSLHostInfo; // Represents a single HTTP transaction (i.e., a single request/response pair). // HTTP redirects are not followed and authentication challenges are not @@ -111,11 +110,6 @@ class NET_EXPORT_PRIVATE HttpTransaction { // Returns the upload progress in bytes. If there is no upload data, // zero will be returned. This does not include the request headers. virtual uint64 GetUploadProgress() const = 0; - - // SetSSLHostInfo sets a object which reads and writes public information - // about an SSL server. It's used to implement Snap Start. - // TODO(agl): remove this. - virtual void SetSSLHostInfo(SSLHostInfo*) { }; }; } // namespace net diff --git a/net/net.gyp b/net/net.gyp index 3540342..73c7fd4 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -420,8 +420,6 @@ 'ftp/ftp_util.h', 'http/des.cc', 'http/des.h', - 'http/disk_cache_based_ssl_host_info.cc', - 'http/disk_cache_based_ssl_host_info.h', 'http/http_atom_list.h', 'http/http_auth.cc', 'http/http_auth.h', @@ -642,8 +640,6 @@ 'socket/ssl_client_socket_win.h', 'socket/ssl_error_params.cc', 'socket/ssl_error_params.h', - 'socket/ssl_host_info.cc', - 'socket/ssl_host_info.h', 'socket/ssl_server_socket.h', 'socket/ssl_server_socket_nss.cc', 'socket/ssl_server_socket_nss.h', @@ -1150,7 +1146,6 @@ 'ftp/ftp_network_transaction_unittest.cc', 'ftp/ftp_util_unittest.cc', 'http/des_unittest.cc', - 'http/disk_cache_based_ssl_host_info_unittest.cc', 'http/http_auth_cache_unittest.cc', 'http/http_auth_controller_unittest.cc', 'http/http_auth_filter_unittest.cc', diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc index 77fb481..f507f4e 100644 --- a/net/socket/client_socket_factory.cc +++ b/net/socket/client_socket_factory.cc @@ -21,7 +21,6 @@ #include "net/socket/ssl_client_socket_mac.h" #include "net/socket/ssl_client_socket_nss.h" #endif -#include "net/socket/ssl_host_info.h" #include "net/socket/tcp_client_socket.h" #include "net/udp/udp_client_socket.h" @@ -92,10 +91,7 @@ class DefaultClientSocketFactory : public ClientSocketFactory, ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) { - scoped_ptr<SSLHostInfo> shi(ssl_host_info); - // nss_thread_task_runner_ may be NULL if g_use_dedicated_nss_thread is // false or if the dedicated NSS thread failed to start. If so, cause NSS // functions to execute on the current task runner. @@ -115,15 +111,14 @@ class DefaultClientSocketFactory : public ClientSocketFactory, ssl_config, context); #elif defined(USE_NSS) return new SSLClientSocketNSS(nss_task_runner, transport_socket, - host_and_port, ssl_config, shi.release(), - context); + host_and_port, ssl_config, context); #elif defined(OS_WIN) if (g_use_system_ssl) { return new SSLClientSocketWin(transport_socket, host_and_port, ssl_config, context); } return new SSLClientSocketNSS(nss_task_runner, transport_socket, - host_and_port, ssl_config, shi.release(), + host_and_port, ssl_config, context); #elif defined(OS_MACOSX) if (g_use_system_ssl) { @@ -131,7 +126,7 @@ class DefaultClientSocketFactory : public ClientSocketFactory, ssl_config, context); } return new SSLClientSocketNSS(nss_task_runner, transport_socket, - host_and_port, ssl_config, shi.release(), + host_and_port, ssl_config, context); #else NOTIMPLEMENTED(); @@ -158,12 +153,11 @@ SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket( StreamSocket* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) { ClientSocketHandle* socket_handle = new ClientSocketHandle(); socket_handle->set_socket(transport_socket); return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config, - ssl_host_info, context); + context); } // static diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h index 884fc4f..ad14c1d 100644 --- a/net/socket/client_socket_factory.h +++ b/net/socket/client_socket_factory.h @@ -23,7 +23,6 @@ class HostPortPair; class SSLClientSocket; struct SSLClientSocketContext; struct SSLConfig; -class SSLHostInfo; class StreamSocket; // An interface used to instantiate StreamSocket objects. Used to facilitate @@ -52,7 +51,6 @@ class NET_EXPORT ClientSocketFactory { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) = 0; // Deprecated function (http://crbug.com/37810) that takes a StreamSocket. @@ -60,7 +58,6 @@ class NET_EXPORT ClientSocketFactory { StreamSocket* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context); // Clears cache used for SSL session resumption. diff --git a/net/socket/client_socket_pool_base_unittest.cc b/net/socket/client_socket_pool_base_unittest.cc index 24dde96..b53c775 100644 --- a/net/socket/client_socket_pool_base_unittest.cc +++ b/net/socket/client_socket_pool_base_unittest.cc @@ -28,7 +28,6 @@ #include "net/socket/client_socket_handle.h" #include "net/socket/client_socket_pool_histograms.h" #include "net/socket/socket_test_util.h" -#include "net/socket/ssl_host_info.h" #include "net/socket/stream_socket.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -157,10 +156,8 @@ class MockClientSocketFactory : public ClientSocketFactory { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) { NOTIMPLEMENTED(); - delete ssl_host_info; return NULL; } diff --git a/net/socket/client_socket_pool_manager_impl.cc b/net/socket/client_socket_pool_manager_impl.cc index 2124cc7..b67ad0d 100644 --- a/net/socket/client_socket_pool_manager_impl.cc +++ b/net/socket/client_socket_pool_manager_impl.cc @@ -40,7 +40,6 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( CertVerifier* cert_verifier, ServerBoundCertService* server_bound_cert_service, TransportSecurityState* transport_security_state, - SSLHostInfoFactory* ssl_host_info_factory, const std::string& ssl_session_cache_shard, ProxyService* proxy_service, SSLConfigService* ssl_config_service, @@ -51,7 +50,6 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( cert_verifier_(cert_verifier), server_bound_cert_service_(server_bound_cert_service), transport_security_state_(transport_security_state), - ssl_host_info_factory_(ssl_host_info_factory), ssl_session_cache_shard_(ssl_session_cache_shard), proxy_service_(proxy_service), ssl_config_service_(ssl_config_service), @@ -71,7 +69,6 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( cert_verifier, server_bound_cert_service, transport_security_state, - ssl_host_info_factory, ssl_session_cache_shard, socket_factory, transport_socket_pool_.get(), @@ -291,7 +288,6 @@ ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy( cert_verifier_, server_bound_cert_service_, transport_security_state_, - ssl_host_info_factory_, ssl_session_cache_shard_, socket_factory_, tcp_https_ret.first->second /* https proxy */, @@ -331,7 +327,6 @@ SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy( cert_verifier_, server_bound_cert_service_, transport_security_state_, - ssl_host_info_factory_, ssl_session_cache_shard_, socket_factory_, NULL, /* no tcp pool, we always go through a proxy */ diff --git a/net/socket/client_socket_pool_manager_impl.h b/net/socket/client_socket_pool_manager_impl.h index eff1a36..b51b830 100644 --- a/net/socket/client_socket_pool_manager_impl.h +++ b/net/socket/client_socket_pool_manager_impl.h @@ -32,7 +32,6 @@ class ProxyService; class SOCKSClientSocketPool; class SSLClientSocketPool; class SSLConfigService; -class SSLHostInfoFactory; class TransportClientSocketPool; class TransportSecurityState; @@ -64,7 +63,6 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, CertVerifier* cert_verifier, ServerBoundCertService* server_bound_cert_service, TransportSecurityState* transport_security_state, - SSLHostInfoFactory* ssl_host_info_factory, const std::string& ssl_session_cache_shard, ProxyService* proxy_service, SSLConfigService* ssl_config_service, @@ -111,7 +109,6 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, CertVerifier* const cert_verifier_; ServerBoundCertService* const server_bound_cert_service_; TransportSecurityState* const transport_security_state_; - SSLHostInfoFactory* const ssl_host_info_factory_; const std::string ssl_session_cache_shard_; ProxyService* const proxy_service_; const scoped_refptr<SSLConfigService> ssl_config_service_; diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc index b33fa1b..1db1472 100644 --- a/net/socket/socket_test_util.cc +++ b/net/socket/socket_test_util.cc @@ -23,7 +23,6 @@ #include "net/http/http_response_headers.h" #include "net/socket/client_socket_pool_histograms.h" #include "net/socket/socket.h" -#include "net/socket/ssl_host_info.h" #include "testing/gtest/include/gtest/gtest.h" #define NET_TRACE(level, s) DLOG(level) << s << __FUNCTION__ << "() " @@ -643,11 +642,10 @@ SSLClientSocket* MockClientSocketFactory::CreateSSLClientSocket( ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) { MockSSLClientSocket* socket = new MockSSLClientSocket(transport_socket, host_and_port, ssl_config, - ssl_host_info, mock_ssl_data_.GetNext()); + mock_ssl_data_.GetNext()); return socket; } @@ -1081,7 +1079,6 @@ MockSSLClientSocket::MockSSLClientSocket( ClientSocketHandle* transport_socket, const HostPortPair& host_port_pair, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, SSLSocketDataProvider* data) : MockClientSocket(transport_socket->socket()->NetLog().net_log()), transport_(transport_socket), @@ -1092,7 +1089,6 @@ MockSSLClientSocket::MockSSLClientSocket( protocol_negotiated_(kProtoUnknown) { DCHECK(data_); peer_addr_ = data->connect.peer_addr; - delete ssl_host_info; // we take ownership but don't use it. } MockSSLClientSocket::~MockSSLClientSocket() { @@ -1589,11 +1585,10 @@ SSLClientSocket* DeterministicMockClientSocketFactory::CreateSSLClientSocket( ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) { MockSSLClientSocket* socket = new MockSSLClientSocket(transport_socket, host_and_port, ssl_config, - ssl_host_info, mock_ssl_data_.GetNext()); + mock_ssl_data_.GetNext()); ssl_client_sockets_.push_back(socket); return socket; } diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h index 431c4913c4..26a5075 100644 --- a/net/socket/socket_test_util.h +++ b/net/socket/socket_test_util.h @@ -50,7 +50,6 @@ class AsyncSocket; class MockClientSocket; class ServerBoundCertService; class SSLClientSocket; -class SSLHostInfo; class StreamSocket; enum IoMode { @@ -569,7 +568,6 @@ class MockClientSocketFactory : public ClientSocketFactory { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) OVERRIDE; virtual void ClearSSLSessionCache() OVERRIDE; @@ -737,7 +735,6 @@ class MockSSLClientSocket : public MockClientSocket, public AsyncSocket { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, SSLSocketDataProvider* socket); virtual ~MockSSLClientSocket(); @@ -1004,7 +1001,6 @@ class DeterministicMockClientSocketFactory : public ClientSocketFactory { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) OVERRIDE; virtual void ClearSSLSessionCache() OVERRIDE; diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h index 06ed692..61986be 100644 --- a/net/socket/ssl_client_socket.h +++ b/net/socket/ssl_client_socket.h @@ -19,8 +19,6 @@ namespace net { class CertVerifier; class ServerBoundCertService; class SSLCertRequestInfo; -class SSLHostInfo; -class SSLHostInfoFactory; class SSLInfo; class TransportSecurityState; @@ -30,24 +28,20 @@ struct SSLClientSocketContext { SSLClientSocketContext() : cert_verifier(NULL), server_bound_cert_service(NULL), - transport_security_state(NULL), - ssl_host_info_factory(NULL) {} + transport_security_state(NULL) {} SSLClientSocketContext(CertVerifier* cert_verifier_arg, ServerBoundCertService* server_bound_cert_service_arg, TransportSecurityState* transport_security_state_arg, - SSLHostInfoFactory* ssl_host_info_factory_arg, const std::string& ssl_session_cache_shard_arg) : cert_verifier(cert_verifier_arg), server_bound_cert_service(server_bound_cert_service_arg), transport_security_state(transport_security_state_arg), - ssl_host_info_factory(ssl_host_info_factory_arg), ssl_session_cache_shard(ssl_session_cache_shard_arg) {} CertVerifier* cert_verifier; ServerBoundCertService* server_bound_cert_service; TransportSecurityState* transport_security_state; - SSLHostInfoFactory* ssl_host_info_factory; // ssl_session_cache_shard is an opaque string that identifies a shard of the // SSL session cache. SSL sockets with the same ssl_session_cache_shard may // resume each other's SSL sessions but we'll never sessions between shards. diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index af08f71..c303829 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -104,7 +104,6 @@ #include "net/socket/client_socket_handle.h" #include "net/socket/nss_ssl_util.h" #include "net/socket/ssl_error_params.h" -#include "net/socket/ssl_host_info.h" #if defined(OS_WIN) #include <windows.h> @@ -531,7 +530,6 @@ struct HandshakeState { client_certs.clear(); server_cert_chain.Reset(NULL); server_cert = NULL; - predicted_cert_chain_correct = false; resumed_handshake = false; ssl_connection_status = 0; } @@ -562,11 +560,6 @@ struct HandshakeState { PeerCertificateChain server_cert_chain; scoped_refptr<X509Certificate> server_cert; - // True if we predicted a certificate chain (via - // Core::SetPredictedCertificates) and that prediction matched what the - // server sent. - bool predicted_cert_chain_correct; - // True if the current handshake was the result of TLS session resumption. bool resumed_handshake; @@ -1746,26 +1739,6 @@ void SSLClientSocketNSS::Core::HandshakeCallback( core->UpdateServerCert(); core->UpdateConnectionStatus(); - // We need to see if the predicted certificate chain (from - // SetPredictedCertificates) matches the actual certificate chain. - nss_state->predicted_cert_chain_correct = false; - if (!core->predicted_certs_.empty()) { - PeerCertificateChain& certs = nss_state->server_cert_chain; - nss_state->predicted_cert_chain_correct = - certs.size() == core->predicted_certs_.size(); - - if (nss_state->predicted_cert_chain_correct) { - for (unsigned i = 0; i < certs.size(); i++) { - if (certs[i]->derCert.len != core->predicted_certs_[i].size() || - memcmp(certs[i]->derCert.data, core->predicted_certs_[i].data(), - certs[i]->derCert.len) != 0) { - nss_state->predicted_cert_chain_correct = false; - break; - } - } - } - } - // Update the network task runners view of the handshake state whenever // a handshake has completed. core->PostOrRunCallback( @@ -2011,8 +1984,7 @@ int SSLClientSocketNSS::Core::DoHandshake() { #if defined(SSL_ENABLE_OCSP_STAPLING) // TODO(agl): figure out how to plumb an OCSP response into the Mac // system library and update IsOCSPStaplingSupported for Mac. - if (!nss_handshake_state_.predicted_cert_chain_correct && - IsOCSPStaplingSupported()) { + if (IsOCSPStaplingSupported()) { unsigned int len = 0; SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len); if (len) { @@ -2748,13 +2720,11 @@ SSLClientSocketNSS::SSLClientSocketNSS( ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) : nss_task_runner_(nss_task_runner), transport_(transport_socket), host_and_port_(host_and_port), ssl_config_(ssl_config), - server_cert_verify_result_(NULL), cert_verifier_(context.cert_verifier), server_bound_cert_service_(context.server_bound_cert_service), ssl_session_cache_shard_(context.ssl_session_cache_shard), @@ -2762,7 +2732,6 @@ SSLClientSocketNSS::SSLClientSocketNSS( next_handshake_state_(STATE_NONE), nss_fd_(NULL), net_log_(transport_socket->socket()->NetLog()), - ssl_host_info_(ssl_host_info), transport_security_state_(context.transport_security_state), valid_thread_id_(base::kInvalidThreadId) { EnterFunction(""); @@ -2794,18 +2763,18 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { return; } - ssl_info->cert_status = server_cert_verify_result_->cert_status; - ssl_info->cert = server_cert_verify_result_->verified_cert; + ssl_info->cert_status = server_cert_verify_result_.cert_status; + ssl_info->cert = server_cert_verify_result_.verified_cert; ssl_info->connection_status = core_->state().ssl_connection_status; - ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; + ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; for (std::vector<SHA1Fingerprint>::const_iterator i = side_pinned_public_keys_.begin(); i != side_pinned_public_keys_.end(); i++) { ssl_info->public_key_hashes.push_back(*i); } ssl_info->is_issued_by_known_root = - server_cert_verify_result_->is_issued_by_known_root; + server_cert_verify_result_.is_issued_by_known_root; ssl_info->client_cert_sent = ssl_config_.send_client_cert && ssl_config_.client_cert; ssl_info->channel_id_sent = WasChannelIDSent(); @@ -2896,11 +2865,7 @@ int SSLClientSocketNSS::Connect(const CompletionCallback& callback) { return rv; } - if (ssl_config_.cached_info_enabled && ssl_host_info_.get()) { - GotoState(STATE_LOAD_SSL_HOST_INFO); - } else { - GotoState(STATE_HANDSHAKE); - } + GotoState(STATE_HANDSHAKE); rv = DoHandshakeLoop(OK); if (rv == ERR_IO_PENDING) { @@ -2925,8 +2890,7 @@ void SSLClientSocketNSS::Disconnect() { // Reset object state. user_connect_callback_.Reset(); - local_server_cert_verify_result_.Reset(); - server_cert_verify_result_ = NULL; + server_cert_verify_result_.Reset(); completed_handshake_ = false; start_cert_verification_time_ = base::TimeTicks(); InitCore(); @@ -3286,34 +3250,6 @@ void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { LeaveFunction(""); } -void SSLClientSocketNSS::LoadSSLHostInfo() { - const SSLHostInfo::State& state(ssl_host_info_->state()); - - if (state.certs.empty()) - return; - - const std::vector<std::string>& certs_in = state.certs; - core_->SetPredictedCertificates(certs_in); -} - -int SSLClientSocketNSS::DoLoadSSLHostInfo() { - EnterFunction(""); - int rv = ssl_host_info_->WaitForDataReady( - base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, - base::Unretained(this))); - GotoState(STATE_HANDSHAKE); - - if (rv == OK) { - LoadSSLHostInfo(); - } else { - DCHECK_EQ(ERR_IO_PENDING, rv); - GotoState(STATE_LOAD_SSL_HOST_INFO); - } - - LeaveFunction(""); - return rv; -} - int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { EnterFunction(last_io_result); int rv = last_io_result; @@ -3326,10 +3262,6 @@ int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) { State state = next_handshake_state_; GotoState(STATE_NONE); switch (state) { - case STATE_LOAD_SSL_HOST_INFO: - DCHECK(rv == OK || rv == ERR_IO_PENDING); - rv = DoLoadSSLHostInfo(); - break; case STATE_HANDSHAKE: rv = DoHandshake(); break; @@ -3372,7 +3304,6 @@ int SSLClientSocketNSS::DoHandshakeComplete(int result) { EnterFunction(result); if (result == OK) { - SaveSSLHostInfo(); // SSL handshake is completed. Let's verify the certificate. GotoState(STATE_VERIFY_DNSSEC); // Done! @@ -3392,10 +3323,8 @@ int SSLClientSocketNSS::DoVerifyDNSSEC(int result) { host_and_port_.host(), core_->state().server_cert_chain[0], host_and_port_.port()); if (r == DNSVR_SUCCESS) { - local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; - local_server_cert_verify_result_.verified_cert = - core_->state().server_cert; - server_cert_verify_result_ = &local_server_cert_verify_result_; + server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; + server_cert_verify_result_.verified_cert = core_->state().server_cert; GotoState(STATE_VERIFY_CERT_COMPLETE); return OK; } @@ -3421,46 +3350,22 @@ int SSLClientSocketNSS::DoVerifyCert(int result) { if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { DCHECK(start_cert_verification_time_.is_null()); VLOG(1) << "Received an expected bad cert with status: " << cert_status; - server_cert_verify_result_ = &local_server_cert_verify_result_; - local_server_cert_verify_result_.Reset(); - local_server_cert_verify_result_.cert_status = cert_status; - local_server_cert_verify_result_.verified_cert = - core_->state().server_cert; + server_cert_verify_result_.Reset(); + server_cert_verify_result_.cert_status = cert_status; + server_cert_verify_result_.verified_cert = core_->state().server_cert; return OK; } // We may have failed to create X509Certificate object if we are // running inside sandbox. if (!core_->state().server_cert) { - server_cert_verify_result_ = &local_server_cert_verify_result_; - local_server_cert_verify_result_.Reset(); - local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; + server_cert_verify_result_.Reset(); + server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; return ERR_CERT_INVALID; } start_cert_verification_time_ = base::TimeTicks::Now(); - if (ssl_host_info_.get() && !ssl_host_info_->state().certs.empty() && - core_->state().predicted_cert_chain_correct) { - // If the SSLHostInfo had a prediction for the certificate chain of this - // server then it will have optimistically started a verification of that - // chain. So, if the prediction was correct, we should wait for that - // verification to finish rather than start our own. - net_log_.AddEvent(NetLog::TYPE_SSL_VERIFICATION_MERGED); - UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 1 /* true */, 2); - base::TimeTicks end_time = ssl_host_info_->verification_end_time(); - if (end_time.is_null()) - end_time = base::TimeTicks::Now(); - UMA_HISTOGRAM_TIMES("Net.SSLVerificationMergedMsSaved", - end_time - ssl_host_info_->verification_start_time()); - server_cert_verify_result_ = &ssl_host_info_->cert_verify_result(); - return ssl_host_info_->WaitForCertVerification( - base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, - base::Unretained(this))); - } else { - UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); - } - int flags = 0; if (ssl_config_.rev_checking_enabled) flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; @@ -3469,10 +3374,9 @@ int SSLClientSocketNSS::DoVerifyCert(int result) { if (ssl_config_.cert_io_enabled) flags |= X509Certificate::VERIFY_CERT_IO_ENABLED; verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); - server_cert_verify_result_ = &local_server_cert_verify_result_; return verifier_->Verify( core_->state().server_cert, host_and_port_.host(), flags, - SSLConfigService::GetCRLSet(), &local_server_cert_verify_result_, + SSLConfigService::GetCRLSet(), &server_cert_verify_result_, base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, base::Unretained(this)), net_log_); @@ -3520,10 +3424,10 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) { // merges into a SPDY connection to www.example.com, and gets a different // certificate. - const CertStatus cert_status = server_cert_verify_result_->cert_status; + const CertStatus cert_status = server_cert_verify_result_.cert_status; if ((result == OK || (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && - server_cert_verify_result_->is_issued_by_known_root && + server_cert_verify_result_.is_issued_by_known_root && transport_security_state_) { bool sni_available = ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || @@ -3535,7 +3439,7 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) { &domain_state) && domain_state.HasPins()) { if (!domain_state.IsChainOfPublicKeysPermitted( - server_cert_verify_result_->public_key_hashes)) { + server_cert_verify_result_.public_key_hashes)) { const base::Time build_time = base::GetBuildTime(); // Pins are not enforced if the build is sufficiently old. Chrome // users should get updates every six weeks or so, but it's possible @@ -3561,15 +3465,15 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) { void SSLClientSocketNSS::LogConnectionTypeMetrics() const { UpdateConnectionTypeHistograms(CONNECTION_SSL); - if (server_cert_verify_result_->has_md5) + if (server_cert_verify_result_.has_md5) UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); - if (server_cert_verify_result_->has_md2) + if (server_cert_verify_result_.has_md2) UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); - if (server_cert_verify_result_->has_md4) + if (server_cert_verify_result_.has_md4) UpdateConnectionTypeHistograms(CONNECTION_SSL_MD4); - if (server_cert_verify_result_->has_md5_ca) + if (server_cert_verify_result_.has_md5_ca) UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5_CA); - if (server_cert_verify_result_->has_md2_ca) + if (server_cert_verify_result_.has_md2_ca) UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); int ssl_version = SSLConnectionStatusToVersion( core_->state().ssl_connection_status); @@ -3592,35 +3496,6 @@ void SSLClientSocketNSS::LogConnectionTypeMetrics() const { }; } -// SaveSSLHostInfo saves the certificate chain of the connection so that we can -// start verification faster in the future. -void SSLClientSocketNSS::SaveSSLHostInfo() { - if (!ssl_host_info_.get()) - return; - - // If the SSLHostInfo hasn't managed to load from disk yet then we can't save - // anything. - if (ssl_host_info_->WaitForDataReady(net::CompletionCallback()) != OK) - return; - - SSLHostInfo::State* state = ssl_host_info_->mutable_state(); - - state->certs.clear(); - const PeerCertificateChain& certs = core_->state().server_cert_chain; - for (unsigned i = 0; i < certs.size(); i++) { - if (certs[i] == NULL || - certs[i]->derCert.len > std::numeric_limits<uint16>::max()) { - return; - } - - state->certs.push_back(std::string( - reinterpret_cast<char*>(certs[i]->derCert.data), - certs[i]->derCert.len)); - } - - ssl_host_info_->Persist(); -} - void SSLClientSocketNSS::EnsureThreadIdAssigned() const { base::AutoLock auto_lock(lock_); if (valid_thread_id_ != base::kInvalidThreadId) diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 9d6dd94..204b1cb 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -41,7 +41,6 @@ class CertVerifier; class ClientSocketHandle; class ServerBoundCertService; class SingleRequestCertVerifier; -class SSLHostInfo; class TransportSecurityState; class X509Certificate; @@ -64,7 +63,6 @@ class SSLClientSocketNSS : public SSLClientSocket { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context); virtual ~SSLClientSocketNSS(); @@ -113,7 +111,6 @@ class SSLClientSocketNSS : public SSLClientSocket { enum State { STATE_NONE, - STATE_LOAD_SSL_HOST_INFO, STATE_HANDSHAKE, STATE_HANDSHAKE_COMPLETE, STATE_VERIFY_DNSSEC, @@ -133,16 +130,12 @@ class SSLClientSocketNSS : public SSLClientSocket { void DoConnectCallback(int result); void OnHandshakeIOComplete(int result); - void LoadSSLHostInfo(); - int DoLoadSSLHostInfo(); - int DoHandshakeLoop(int last_io_result); int DoHandshake(); int DoHandshakeComplete(int result); int DoVerifyDNSSEC(int result); int DoVerifyCert(int result); int DoVerifyCertComplete(int result); - void SaveSSLHostInfo(); void LogConnectionTypeMetrics() const; @@ -161,11 +154,7 @@ class SSLClientSocketNSS : public SSLClientSocket { CompletionCallback user_connect_callback_; - // |server_cert_verify_result_| points at the verification result, which may, - // or may not be, |&local_server_cert_verify_result_|, depending on whether - // we used an SSLHostInfo's verification. - const CertVerifyResult* server_cert_verify_result_; - CertVerifyResult local_server_cert_verify_result_; + CertVerifyResult server_cert_verify_result_; std::vector<SHA1Fingerprint> side_pinned_public_keys_; CertVerifier* const cert_verifier_; @@ -193,8 +182,6 @@ class SSLClientSocketNSS : public SSLClientSocket { base::TimeTicks start_cert_verification_time_; - scoped_ptr<SSLHostInfo> ssl_host_info_; - TransportSecurityState* transport_security_state_; // The following two variables are added for debugging bug 65948. Will diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc index 7cdf2f8..842da86 100644 --- a/net/socket/ssl_client_socket_pool.cc +++ b/net/socket/ssl_client_socket_pool.cc @@ -18,7 +18,6 @@ #include "net/socket/client_socket_handle.h" #include "net/socket/socks_client_socket_pool.h" #include "net/socket/ssl_client_socket.h" -#include "net/socket/ssl_host_info.h" #include "net/socket/transport_client_socket_pool.h" namespace net { @@ -189,19 +188,6 @@ int SSLConnectJob::DoLoop(int result) { int SSLConnectJob::DoTransportConnect() { DCHECK(transport_pool_); - if (context_.ssl_host_info_factory) { - ssl_host_info_.reset( - context_.ssl_host_info_factory->GetForHost( - params_->host_and_port().host(), - params_->ssl_config())); - } - - if (ssl_host_info_.get()) { - // This starts fetching the SSL host info from the disk cache for early - // certificate verification and the TLS cached information extension. - ssl_host_info_->Start(); - } - next_state_ = STATE_TRANSPORT_CONNECT_COMPLETE; transport_socket_handle_.reset(new ClientSocketHandle()); scoped_refptr<TransportSocketParams> transport_params = @@ -277,7 +263,7 @@ int SSLConnectJob::DoSSLConnect() { ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( transport_socket_handle_.release(), params_->host_and_port(), - params_->ssl_config(), ssl_host_info_.release(), context_)); + params_->ssl_config(), context_)); return ssl_socket_->Connect(callback_); } @@ -449,7 +435,6 @@ SSLClientSocketPool::SSLClientSocketPool( CertVerifier* cert_verifier, ServerBoundCertService* server_bound_cert_service, TransportSecurityState* transport_security_state, - SSLHostInfoFactory* ssl_host_info_factory, const std::string& ssl_session_cache_shard, ClientSocketFactory* client_socket_factory, TransportClientSocketPool* transport_pool, @@ -472,7 +457,6 @@ SSLClientSocketPool::SSLClientSocketPool( cert_verifier, server_bound_cert_service, transport_security_state, - ssl_host_info_factory, ssl_session_cache_shard), net_log)), ssl_config_service_(ssl_config_service) { diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h index 26e5f56..d84af8c 100644 --- a/net/socket/ssl_client_socket_pool.h +++ b/net/socket/ssl_client_socket_pool.h @@ -31,7 +31,6 @@ class HttpProxySocketParams; class SOCKSClientSocketPool; class SOCKSSocketParams; class SSLClientSocket; -class SSLHostInfoFactory; class TransportClientSocketPool; class TransportSecurityState; class TransportSocketParams; @@ -154,7 +153,6 @@ class SSLConnectJob : public ConnectJob { CompletionCallback callback_; scoped_ptr<ClientSocketHandle> transport_socket_handle_; scoped_ptr<SSLClientSocket> ssl_socket_; - scoped_ptr<SSLHostInfo> ssl_host_info_; // The time the DoSSLConnect() method was called. base::TimeTicks ssl_connect_start_time_; @@ -179,7 +177,6 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool CertVerifier* cert_verifier, ServerBoundCertService* server_bound_cert_service, TransportSecurityState* transport_security_state, - SSLHostInfoFactory* ssl_host_info_factory, const std::string& ssl_session_cache_shard, ClientSocketFactory* client_socket_factory, TransportClientSocketPool* transport_pool, diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc index 3eb05fa..34b9951 100644 --- a/net/socket/ssl_client_socket_pool_unittest.cc +++ b/net/socket/ssl_client_socket_pool_unittest.cc @@ -99,7 +99,6 @@ class SSLClientSocketPoolTest : public testing::Test { NULL /* cert_verifier */, NULL /* server_bound_cert_service */, NULL /* transport_security_state */, - NULL /* ssl_host_info_factory */, "" /* ssl_session_cache_shard */, &socket_factory_, transport_pool ? &transport_socket_pool_ : NULL, diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc index 8806254..0c28b2d 100644 --- a/net/socket/ssl_client_socket_unittest.cc +++ b/net/socket/ssl_client_socket_unittest.cc @@ -44,7 +44,6 @@ class SSLClientSocketTest : public PlatformTest { return socket_factory_->CreateSSLClientSocket(transport_socket, host_and_port, ssl_config, - NULL, context_); } @@ -763,7 +762,7 @@ TEST_F(SSLClientSocketTest, ClientSocketHandleNotFromPool) { scoped_ptr<net::SSLClientSocket> sock( socket_factory_->CreateSSLClientSocket( socket_handle, test_server.host_port_pair(), kDefaultSSLConfig, - NULL, context_)); + context_)); EXPECT_FALSE(sock->IsConnected()); rv = sock->Connect(callback.callback()); diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc deleted file mode 100644 index f4edcc6..0000000 --- a/net/socket/ssl_host_info.cc +++ /dev/null @@ -1,206 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/socket/ssl_host_info.h" - -#include "base/bind.h" -#include "base/metrics/histogram.h" -#include "base/pickle.h" -#include "base/string_piece.h" -#include "net/base/crl_set.h" -#include "net/base/ssl_config_service.h" -#include "net/base/x509_certificate.h" -#include "net/socket/ssl_client_socket.h" - -namespace net { - -SSLHostInfo::State::State() {} - -SSLHostInfo::State::~State() {} - -void SSLHostInfo::State::Clear() { - certs.clear(); -} - -SSLHostInfo::SSLHostInfo( - const std::string& hostname, - const SSLConfig& ssl_config, - CertVerifier* cert_verifier) - : cert_verification_complete_(false), - cert_verification_error_(ERR_CERT_INVALID), - hostname_(hostname), - cert_parsing_failed_(false), - rev_checking_enabled_(ssl_config.rev_checking_enabled), - verify_ev_cert_(ssl_config.verify_ev_cert), - verifier_(cert_verifier), - ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) { -} - -SSLHostInfo::~SSLHostInfo() { -} - -const SSLHostInfo::State& SSLHostInfo::state() const { - return state_; -} - -SSLHostInfo::State* SSLHostInfo::mutable_state() { - return &state_; -} - -bool SSLHostInfo::Parse(const std::string& data) { - State* state = mutable_state(); - - state->Clear(); - cert_verification_complete_ = false; - - bool r = ParseInner(data); - if (!r) - state->Clear(); - return r; -} - -bool SSLHostInfo::ParseInner(const std::string& data) { - State* state = mutable_state(); - - Pickle p(data.data(), data.size()); - PickleIterator iter(p); - - int num_der_certs; - if (!p.ReadInt(&iter, &num_der_certs) || - num_der_certs < 0) { - return false; - } - - for (int i = 0; i < num_der_certs; i++) { - std::string der_cert; - if (!p.ReadString(&iter, &der_cert)) - return false; - state->certs.push_back(der_cert); - } - - // Ignore obsolete members of the State structure. - std::string throwaway_string; - bool throwaway_bool; - // This was state->server_hello. - if (!p.ReadString(&iter, &throwaway_string)) - return false; - - // This was state->npn_valid. - if (!p.ReadBool(&iter, &throwaway_bool)) - return false; - - if (throwaway_bool) { - int throwaway_int; - // These were state->npn_status and state->npn_protocol. - if (!p.ReadInt(&iter, &throwaway_int) || - !p.ReadString(&iter, &throwaway_string)) { - return false; - } - } - - if (!state->certs.empty()) { - std::vector<base::StringPiece> der_certs(state->certs.size()); - for (size_t i = 0; i < state->certs.size(); i++) - der_certs[i] = state->certs[i]; - cert_ = X509Certificate::CreateFromDERCertChain(der_certs); - if (cert_.get()) { - int flags = 0; - if (verify_ev_cert_) - flags |= X509Certificate::VERIFY_EV_CERT; - if (rev_checking_enabled_) - flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; - VLOG(1) << "Kicking off verification for " << hostname_; - verification_start_time_ = base::TimeTicks::Now(); - verification_end_time_ = base::TimeTicks(); - scoped_refptr<CRLSet> crl_set(SSLConfigService::GetCRLSet()); - int rv = verifier_.Verify( - cert_.get(), hostname_, flags, crl_set, &cert_verify_result_, - base::Bind(&SSLHostInfo::VerifyCallback, weak_factory_.GetWeakPtr()), - // TODO(willchan): Figure out how to use NetLog here. - BoundNetLog()); - if (rv != ERR_IO_PENDING) - VerifyCallback(rv); - } else { - cert_parsing_failed_ = true; - DCHECK(cert_verification_callback_.is_null()); - } - } - - return true; -} - -std::string SSLHostInfo::Serialize() const { - Pickle p(sizeof(Pickle::Header)); - - static const unsigned kMaxCertificatesSize = 32 * 1024; - unsigned der_certs_size = 0; - - for (std::vector<std::string>::const_iterator - i = state_.certs.begin(); i != state_.certs.end(); i++) { - der_certs_size += i->size(); - } - - // We don't care to save the certificates over a certain size. - if (der_certs_size > kMaxCertificatesSize) - return ""; - - if (!p.WriteInt(state_.certs.size())) - return ""; - - for (std::vector<std::string>::const_iterator - i = state_.certs.begin(); i != state_.certs.end(); i++) { - if (!p.WriteString(*i)) - return ""; - } - - // Write dummy values for obsolete members of the State structure: - // state->server_hello and state->npn_valid. - if (!p.WriteString("") || - !p.WriteBool(false)) { - return ""; - } - - return std::string(reinterpret_cast<const char *>(p.data()), p.size()); -} - -const CertVerifyResult& SSLHostInfo::cert_verify_result() const { - return cert_verify_result_; -} - -int SSLHostInfo::WaitForCertVerification(const CompletionCallback& callback) { - if (cert_verification_complete_) - return cert_verification_error_; - - DCHECK(!cert_parsing_failed_); - DCHECK(cert_verification_callback_.is_null()); - DCHECK(!state_.certs.empty()); - cert_verification_callback_ = callback; - return ERR_IO_PENDING; -} - -void SSLHostInfo::VerifyCallback(int rv) { - DCHECK(!verification_start_time_.is_null()); - base::TimeTicks now = base::TimeTicks::Now(); - const base::TimeDelta duration = now - verification_start_time(); - bool is_google = hostname_ == "google.com" || - (hostname_.size() > 11 && - hostname_.rfind(".google.com") == hostname_.size() - 11); - if (is_google) { - UMA_HISTOGRAM_TIMES("Net.SSLHostInfoVerificationTimeMs_Google", duration); - } - UMA_HISTOGRAM_TIMES("Net.SSLHostInfoVerificationTimeMs", duration); - VLOG(1) << "Verification took " << duration.InMilliseconds() << "ms"; - verification_end_time_ = now; - cert_verification_complete_ = true; - cert_verification_error_ = rv; - if (!cert_verification_callback_.is_null()) { - CompletionCallback callback = cert_verification_callback_; - cert_verification_callback_.Reset(); - callback.Run(rv); - } -} - -SSLHostInfoFactory::~SSLHostInfoFactory() {} - -} // namespace net diff --git a/net/socket/ssl_host_info.h b/net/socket/ssl_host_info.h deleted file mode 100644 index d73cc6d..0000000 --- a/net/socket/ssl_host_info.h +++ /dev/null @@ -1,144 +0,0 @@ -// Copyright (c) 2012 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_SOCKET_SSL_HOST_INFO_H_ -#define NET_SOCKET_SSL_HOST_INFO_H_ - -#include <string> -#include <vector> - -#include "base/memory/ref_counted.h" -#include "base/memory/weak_ptr.h" -#include "base/time.h" -#include "net/base/cert_verifier.h" -#include "net/base/cert_verify_result.h" -#include "net/base/completion_callback.h" -#include "net/base/net_export.h" -#include "net/base/single_request_cert_verifier.h" -#include "net/socket/ssl_client_socket.h" - -namespace net { - -class X509Certificate; -struct SSLConfig; - -// SSLHostInfo is an interface for fetching information about an SSL server. -// This information may be stored on disk so does not include keys or session -// information etc. Primarily it's intended for caching the server's -// certificates. -class NET_EXPORT_PRIVATE SSLHostInfo { - public: - SSLHostInfo(const std::string& hostname, - const SSLConfig& ssl_config, - CertVerifier* certVerifier); - virtual ~SSLHostInfo(); - - // Start will commence the lookup. This must be called before any other - // methods. By opportunistically calling this early, it may be possible to - // overlap this object's lookup and reduce latency. - virtual void Start() = 0; - - // WaitForDataReady returns OK if the fetch of the requested data has - // completed. Otherwise it returns ERR_IO_PENDING and will call |callback| on - // the current thread when ready. - // - // Only a single callback can be outstanding at a given time and, in the - // event that WaitForDataReady returns OK, it's the caller's responsibility - // to delete |callback|. - // - // |callback| may be NULL, in which case ERR_IO_PENDING may still be returned - // but, obviously, a callback will never be made. - virtual int WaitForDataReady(const CompletionCallback& callback) = 0; - - // Persist allows for the host information to be updated for future users. - // This is a fire and forget operation: the caller may drop its reference - // from this object and the store operation will still complete. This can - // only be called once WaitForDataReady has returned OK or called its - // callback. - virtual void Persist() = 0; - - struct State { - State(); - ~State(); - - void Clear(); - - // certs is a vector of DER encoded X.509 certificates, as the server - // returned them and in the same order. - std::vector<std::string> certs; - - private: - DISALLOW_COPY_AND_ASSIGN(State); - }; - - // Once the data is ready, it can be read using the following members. These - // members can then be updated before calling |Persist|. - const State& state() const; - State* mutable_state(); - - // If WaitForCertVerification reports the certificate verification has - // completed, then this contains the result of verifying the certificate. - const CertVerifyResult& cert_verify_result() const; - - // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in - // |state().certs| is still being validated and arranges for the given - // callback to be called when the verification completes. If the verification - // has already finished then WaitForCertVerification returns the result of - // that verification. - int WaitForCertVerification(const CompletionCallback& callback); - - base::TimeTicks verification_start_time() const { - return verification_start_time_; - } - - base::TimeTicks verification_end_time() const { - return verification_end_time_; - } - - protected: - // Parse parses an opaque blob of data and fills out the public member fields - // of this object. It returns true iff the parse was successful. The public - // member fields will be set to something sane in any case. - bool Parse(const std::string& data); - std::string Serialize() const; - State state_; - bool cert_verification_complete_; - int cert_verification_error_; - - private: - // This is the callback function which the CertVerifier calls via |callback_|. - void VerifyCallback(int rv); - - // ParseInner is a helper function for Parse. - bool ParseInner(const std::string& data); - - // This is the hostname that we'll validate the certificates against. - const std::string hostname_; - bool cert_parsing_failed_; - CompletionCallback cert_verification_callback_; - // These three members are taken from the SSLConfig. - bool rev_checking_enabled_; - bool verify_ev_cert_; - base::TimeTicks verification_start_time_; - base::TimeTicks verification_end_time_; - CertVerifyResult cert_verify_result_; - SingleRequestCertVerifier verifier_; - scoped_refptr<X509Certificate> cert_; - base::WeakPtrFactory<SSLHostInfo> weak_factory_; - base::TimeTicks cert_verification_finished_time_; -}; - -class SSLHostInfoFactory { - public: - virtual ~SSLHostInfoFactory(); - - // GetForHost returns a fresh, allocated SSLHostInfo for the given hostname - // or NULL on failure. - virtual SSLHostInfo* GetForHost(const std::string& hostname, - const SSLConfig& ssl_config) = 0; -}; - -} // namespace net - -#endif // NET_SOCKET_SSL_HOST_INFO_H_ diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc index b7aae96..03a6db0 100644 --- a/net/socket/ssl_server_socket_unittest.cc +++ b/net/socket/ssl_server_socket_unittest.cc @@ -340,7 +340,7 @@ class SSLServerSocketTest : public PlatformTest { context.cert_verifier = cert_verifier_.get(); client_socket_.reset( socket_factory_->CreateSSLClientSocket( - fake_client_socket, host_and_pair, ssl_config, NULL, context)); + fake_client_socket, host_and_pair, ssl_config, context)); server_socket_.reset(net::CreateSSLServerSocket(fake_server_socket, cert, private_key.get(), net::SSLConfig())); diff --git a/net/socket/transport_client_socket_pool_unittest.cc b/net/socket/transport_client_socket_pool_unittest.cc index 291640c..93e7d11 100644 --- a/net/socket/transport_client_socket_pool_unittest.cc +++ b/net/socket/transport_client_socket_pool_unittest.cc @@ -20,7 +20,6 @@ #include "net/socket/client_socket_handle.h" #include "net/socket/client_socket_pool_histograms.h" #include "net/socket/socket_test_util.h" -#include "net/socket/ssl_host_info.h" #include "net/socket/stream_socket.h" #include "testing/gtest/include/gtest/gtest.h" @@ -336,10 +335,8 @@ class MockClientSocketFactory : public ClientSocketFactory { ClientSocketHandle* transport_socket, const HostPortPair& host_and_port, const SSLConfig& ssl_config, - SSLHostInfo* ssl_host_info, const SSLClientSocketContext& context) { NOTIMPLEMENTED(); - delete ssl_host_info; return NULL; } diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc index 908223c..43492b3 100644 --- a/net/socket_stream/socket_stream.cc +++ b/net/socket_stream/socket_stream.cc @@ -927,12 +927,10 @@ int SocketStream::DoSecureProxyConnect() { SSLClientSocketContext ssl_context; ssl_context.cert_verifier = cert_verifier_; ssl_context.server_bound_cert_service = server_bound_cert_service_; - // TODO(agl): look into plumbing SSLHostInfo here. socket_.reset(factory_->CreateSSLClientSocket( socket_.release(), proxy_info_.proxy_server().host_port_pair(), proxy_ssl_config_, - NULL /* ssl_host_info */, ssl_context)); next_state_ = STATE_SECURE_PROXY_CONNECT_COMPLETE; metrics_->OnCountConnectionType(SocketStreamMetrics::SECURE_PROXY_CONNECTION); @@ -982,11 +980,9 @@ int SocketStream::DoSSLConnect() { SSLClientSocketContext ssl_context; ssl_context.cert_verifier = cert_verifier_; ssl_context.server_bound_cert_service = server_bound_cert_service_; - // TODO(agl): look into plumbing SSLHostInfo here. socket_.reset(factory_->CreateSSLClientSocket(socket_.release(), HostPortPair::FromURL(url_), server_ssl_config_, - NULL /* ssl_host_info */, ssl_context)); next_state_ = STATE_SSL_CONNECT_COMPLETE; metrics_->OnCountConnectionType(SocketStreamMetrics::SSL_CONNECTION); diff --git a/remoting/jingle_glue/ssl_socket_adapter.cc b/remoting/jingle_glue/ssl_socket_adapter.cc index f070c05..33b04d3 100644 --- a/remoting/jingle_glue/ssl_socket_adapter.cc +++ b/remoting/jingle_glue/ssl_socket_adapter.cc @@ -68,7 +68,7 @@ int SSLSocketAdapter::BeginSSL() { ssl_socket_.reset( net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( transport_socket_, net::HostPortPair(hostname_, 443), ssl_config, - NULL /* ssl_host_info */, context)); + context)); int result = ssl_socket_->Connect( base::Bind(&SSLSocketAdapter::OnConnected, base::Unretained(this))); diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc index 93f3824..9e9a5f4 100644 --- a/remoting/protocol/ssl_hmac_channel_authenticator.cc +++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc @@ -106,7 +106,7 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( context.cert_verifier = cert_verifier_.get(); socket_.reset( net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( - socket.release(), host_and_port, ssl_config, NULL, context)); + socket.release(), host_and_port, ssl_config, context)); result = socket_->Connect( base::Bind(&SslHmacChannelAuthenticator::OnConnected, |