net: Plumb DnsCertProvenanceChecker around.

DnsCertProvenanceChecker is introduced to abstract away the action of uploading reports. It's implemented by ChromeDnsCertProvenanceChecker which lives in a scoped_ptr off of a URLRequestContext. It's only active on the main context (i.e. not in incognito mode). This might change in the future, but it's a nice, conservative choice for the moment. The DnsCertProvenanceChecker is plumbed all the way to SSLClientSocket (via HttpCache) where it replaces the DnsRRResolver. Above SSLClientSocket, it's plumbed in addition to the DnsRRResolver because the later will end up going into SSLHostInfo in the future. At the moment, ChromeDnsCertProvenanceCheckerContext is just a skeleton to avoid putting too much real code in a plumbing job. BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66623 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-11-18 15:44:44 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-11-18 15:44:44 +0000
commit: 3e35b224fd0c36f17f432f23e2eb3729667210b1 (patch)
tree: 9fc1ee327a5b872858aefe4bea60ded90080054e /chrome
parent: be796bb642e82b4702fb84cfb451a09a37890c58 (diff)
download: chromium_src-3e35b224fd0c36f17f432f23e2eb3729667210b1.zip
chromium_src-3e35b224fd0c36f17f432f23e2eb3729667210b1.tar.gz
chromium_src-3e35b224fd0c36f17f432f23e2eb3729667210b1.tar.bz2
6 files changed, 57 insertions, 0 deletions
diff --git a/chrome/browser/net/chrome_url_request_context.cc b/chrome/browser/net/chrome_url_request_context.cc
index 159c674..547893e 100644
--- a/chrome/browser/net/chrome_url_request_context.cc
+++ b/chrome/browser/net/chrome_url_request_context.cc
@@ -33,6 +33,7 @@
 #include "net/proxy/proxy_config_service_fixed.h"
 #include "net/proxy/proxy_script_fetcher.h"
 #include "net/proxy/proxy_service.h"
+#include "net/socket/dns_cert_provenance_checker.h"
 #include "net/url_request/url_request.h"
 #include "webkit/glue/webkit_glue.h"
 
@@ -223,6 +224,47 @@ class ChromeCookieMonsterDelegate : public net::CookieMonster::Delegate {
 };
 
 // ----------------------------------------------------------------------------
+// Implementation of DnsCertProvenanceChecker
+// ----------------------------------------------------------------------------
+
+// WARNING: do not use this with anything other than the main
+// ChromeURLRequestContext. Eventually we'll want to have the other contexts
+// point to the main ChromeURLRequestContext, which then causes lifetime
+// ordering issues wrt ChromeURLRequestContexts, since we're using a raw
+// pointer, and we'll get shutdown ordering problems.
+
+class ChromeDnsCertProvenanceChecker :
+    public net::DnsCertProvenanceChecker,
+    public net::DnsCertProvenanceChecker::Delegate {
+ public:
+  ChromeDnsCertProvenanceChecker(
+      net::DnsRRResolver* dnsrr_resolver,
+      ChromeURLRequestContext* url_req_context)
+      : dnsrr_resolver_(dnsrr_resolver),
+        url_req_context_(url_req_context) {
+  }
+
+  // DnsCertProvenanceChecker interface
+  virtual void DoAsyncVerification(
+      const std::string& hostname,
+      const std::vector<base::StringPiece>& der_certs) {
+    net::DnsCertProvenanceChecker::DoAsyncLookup(hostname, der_certs,
+                                                 dnsrr_resolver_, this);
+  }
+
+  // DnsCertProvenanceChecker::Delegate interface
+  virtual void OnDnsCertLookupFailed(
+      const std::string& hostname,
+      const std::vector<std::string>& der_certs) {
+    // Currently unimplemented.
+  }
+
+ private:
+  net::DnsRRResolver* const dnsrr_resolver_;
+  ChromeURLRequestContext* const url_req_context_;
+};
+
+// ----------------------------------------------------------------------------
 // Helper factories
 // ----------------------------------------------------------------------------
 
@@ -264,6 +306,10 @@ ChromeURLRequestContext* FactoryForOriginal::Create() {
   context->set_dnsrr_resolver(io_thread_globals->dnsrr_resolver.get());
   context->set_http_auth_handler_factory(
       io_thread_globals->http_auth_handler_factory.get());
+  context->set_dns_cert_checker(
+      new ChromeDnsCertProvenanceChecker(
+          io_thread_globals->dnsrr_resolver.get(),
+          context));
 
   const CommandLine& command_line = *CommandLine::ForCurrentProcess();
 
@@ -280,6 +326,7 @@ ChromeURLRequestContext* FactoryForOriginal::Create() {
   net::HttpCache* cache =
       new net::HttpCache(context->host_resolver(),
                          context->dnsrr_resolver(),
+                         context->dns_cert_checker(),
                          context->proxy_service(),
                          context->ssl_config_service(),
                          context->http_auth_handler_factory(),
@@ -406,6 +453,7 @@ ChromeURLRequestContext* FactoryForOffTheRecord::Create() {
   net::HttpCache* cache =
       new net::HttpCache(context->host_resolver(),
                          context->dnsrr_resolver(),
+                         NULL /* dns_cert_checker */,
                          context->proxy_service(),
                          context->ssl_config_service(),
                          context->http_auth_handler_factory(),
@@ -498,6 +546,7 @@ ChromeURLRequestContext* FactoryForMedia::Create() {
     // new set of network stack.
     cache = new net::HttpCache(main_context->host_resolver(),
                                main_context->dnsrr_resolver(),
+                               NULL /* dns_cert_checker */,
                                main_context->proxy_service(),
                                main_context->ssl_config_service(),
                                main_context->http_auth_handler_factory(),
diff --git a/chrome/browser/net/chrome_url_request_context.h b/chrome/browser/net/chrome_url_request_context.h
index 72a31af..d7c08c0 100644
--- a/chrome/browser/net/chrome_url_request_context.h
+++ b/chrome/browser/net/chrome_url_request_context.h
@@ -33,6 +33,7 @@ class PrefService;
 class Profile;
 
 namespace net {
+class DnsCertProvenanceChecker;
 class NetworkDelegate;
 class ProxyConfig;
 }
@@ -130,6 +131,9 @@ class ChromeURLRequestContext : public URLRequestContext {
   void set_dnsrr_resolver(net::DnsRRResolver* dnsrr_resolver) {
     dnsrr_resolver_ = dnsrr_resolver;
   }
+  void set_dns_cert_checker(net::DnsCertProvenanceChecker* ctx) {
+    dns_cert_checker_.reset(ctx);
+  }
   void set_http_transaction_factory(net::HttpTransactionFactory* factory) {
     http_transaction_factory_ = factory;
   }
diff --git a/chrome/browser/net/connection_tester.cc b/chrome/browser/net/connection_tester.cc
index 8f762ef..35a9a71 100644
--- a/chrome/browser/net/connection_tester.cc
+++ b/chrome/browser/net/connection_tester.cc
@@ -65,6 +65,7 @@ class ExperimentURLRequestContext : public URLRequestContext {
         host_resolver_);
     http_transaction_factory_ = new net::HttpCache(
         net::HttpNetworkLayer::CreateFactory(host_resolver_, dnsrr_resolver_,
+            NULL /* dns_cert_checker */,
             NULL /* ssl_host_info_factory */, proxy_service_,
             ssl_config_service_, http_auth_handler_factory_, NULL, NULL),
         net::HttpCache::DefaultBackend::InMemory(0));
diff --git a/chrome/browser/policy/device_management_backend_impl.cc b/chrome/browser/policy/device_management_backend_impl.cc
index c0e9b07..a3dd0e8 100644
--- a/chrome/browser/policy/device_management_backend_impl.cc
+++ b/chrome/browser/policy/device_management_backend_impl.cc
@@ -71,6 +71,7 @@ DeviceManagementBackendRequestContext::DeviceManagementBackendRequestContext(
   http_transaction_factory_ =
       net::HttpNetworkLayer::CreateFactory(host_resolver_,
                                            io_globals->dnsrr_resolver.get(),
+                                           NULL /* dns_cert_checker */,
                                            NULL /* ssl_host_info_factory */,
                                            proxy_service_,
                                            ssl_config_service_,
diff --git a/chrome/service/net/service_url_request_context.cc b/chrome/service/net/service_url_request_context.cc
index c7268f5..ce32f67 100644
--- a/chrome/service/net/service_url_request_context.cc
+++ b/chrome/service/net/service_url_request_context.cc
@@ -125,6 +125,7 @@ ServiceURLRequestContext::ServiceURLRequestContext(
   http_transaction_factory_ = new net::HttpCache(
       net::HttpNetworkLayer::CreateFactory(host_resolver_,
                                            dnsrr_resolver_,
+                                           NULL /* dns_cert_checker */,
                                            NULL /* ssl_host_info_factory */,
                                            proxy_service_,
                                            ssl_config_service_,
diff --git a/chrome/test/plugin/plugin_test.cpp b/chrome/test/plugin/plugin_test.cpp
index 4fc85d1..7b2b4e0 100644
--- a/chrome/test/plugin/plugin_test.cpp
+++ b/chrome/test/plugin/plugin_test.cpp
@@ -281,6 +281,7 @@ class PluginInstallerDownloadTest
       http_transaction_factory_ = new net::HttpCache(
           net::HttpNetworkLayer::CreateFactory(host_resolver_,
                                                NULL /* dnsrr_resolver */,
+                                               NULL /* dns_cert_checker */,
                                                NULL /* ssl_host_info_factory */,
                                                proxy_service_,
                                                ssl_config_service_,
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-11-18 15:44:44 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-11-18 15:44:44 +0000
commit	3e35b224fd0c36f17f432f23e2eb3729667210b1 (patch)
tree	9fc1ee327a5b872858aefe4bea60ded90080054e /chrome
parent	be796bb642e82b4702fb84cfb451a09a37890c58 (diff)
download	chromium_src-3e35b224fd0c36f17f432f23e2eb3729667210b1.zip chromium_src-3e35b224fd0c36f17f432f23e2eb3729667210b1.tar.gz chromium_src-3e35b224fd0c36f17f432f23e2eb3729667210b1.tar.bz2