summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorrkn@chromium.org <rkn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-07-21 16:55:17 +0000
committerrkn@chromium.org <rkn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-07-21 16:55:17 +0000
commitfeb79bcd1b3f755b1125ba471c4e17c7b7ede66d (patch)
tree612c11cda543dbb6342d87613274a62aa08d8100 /net
parent6b4adc7d6f8787274a0fcf080777032521912e0c (diff)
downloadchromium_src-feb79bcd1b3f755b1125ba471c4e17c7b7ede66d.zip
chromium_src-feb79bcd1b3f755b1125ba471c4e17c7b7ede66d.tar.gz
chromium_src-feb79bcd1b3f755b1125ba471c4e17c7b7ede66d.tar.bz2
Added an OriginBoundCertStore field to the SSLClientSocketNSS class and
did the plumbing to pass this field through the layers. In addition, this CL groups several fields together into a single struct |SSLClientSocket::Context|. BUG=None TEST=None Review URL: http://codereview.chromium.org/7315009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93416 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r--net/http/http_network_session.cc1
-rw-r--r--net/http/http_network_session.h2
-rw-r--r--net/http/http_network_transaction_unittest.cc6
-rw-r--r--net/http/http_proxy_client_socket_pool_unittest.cc1
-rw-r--r--net/http/http_stream_factory_impl_unittest.cc2
-rw-r--r--net/socket/client_socket_factory.cc24
-rw-r--r--net/socket/client_socket_factory.h6
-rw-r--r--net/socket/client_socket_pool_base_unittest.cc3
-rw-r--r--net/socket/client_socket_pool_manager.cc5
-rw-r--r--net/socket/client_socket_pool_manager.h3
-rw-r--r--net/socket/socket_test_util.cc6
-rw-r--r--net/socket/socket_test_util.h6
-rw-r--r--net/socket/ssl_client_socket.h33
-rw-r--r--net/socket/ssl_client_socket_mac.cc4
-rw-r--r--net/socket/ssl_client_socket_mac.h2
-rw-r--r--net/socket/ssl_client_socket_nss.cc8
-rw-r--r--net/socket/ssl_client_socket_nss.h7
-rw-r--r--net/socket/ssl_client_socket_openssl.cc4
-rw-r--r--net/socket/ssl_client_socket_openssl.h2
-rw-r--r--net/socket/ssl_client_socket_pool.cc69
-rw-r--r--net/socket/ssl_client_socket_pool.h22
-rw-r--r--net/socket/ssl_client_socket_pool_unittest.cc1
-rw-r--r--net/socket/ssl_client_socket_unittest.cc12
-rw-r--r--net/socket/ssl_client_socket_win.cc4
-rw-r--r--net/socket/ssl_client_socket_win.h2
-rw-r--r--net/socket/ssl_server_socket_unittest.cc5
-rw-r--r--net/socket/transport_client_socket_pool_unittest.cc3
-rw-r--r--net/socket_stream/socket_stream.cc7
-rw-r--r--net/socket_stream/socket_stream.h1
-rw-r--r--net/url_request/url_request_context.cc2
-rw-r--r--net/url_request/url_request_context.h10
31 files changed, 154 insertions, 109 deletions
diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc
index 9f738ec..b52aa107 100644
--- a/net/http/http_network_session.cc
+++ b/net/http/http_network_session.cc
@@ -35,6 +35,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params)
ClientSocketFactory::GetDefaultFactory(),
params.host_resolver,
params.cert_verifier,
+ params.origin_bound_cert_service,
params.dnsrr_resolver,
params.dns_cert_checker,
params.ssl_host_info_factory,
diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h
index f7da921..373979f 100644
--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -51,6 +51,7 @@ class NET_API HttpNetworkSession
: client_socket_factory(NULL),
host_resolver(NULL),
cert_verifier(NULL),
+ origin_bound_cert_service(NULL),
dnsrr_resolver(NULL),
dns_cert_checker(NULL),
proxy_service(NULL),
@@ -63,6 +64,7 @@ class NET_API HttpNetworkSession
ClientSocketFactory* client_socket_factory;
HostResolver* host_resolver;
CertVerifier* cert_verifier;
+ OriginBoundCertService* origin_bound_cert_service;
DnsRRResolver* dnsrr_resolver;
DnsCertProvenanceChecker* dns_cert_checker;
ProxyService* proxy_service;
diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc
index 863693a..2e76b4b 100644
--- a/net/http/http_network_transaction_unittest.cc
+++ b/net/http/http_network_transaction_unittest.cc
@@ -321,7 +321,7 @@ CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool(
HostResolver* host_resolver,
CertVerifier* cert_verifier)
: SSLClientSocketPool(0, 0, NULL, host_resolver, cert_verifier, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL) {}
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL) {}
//-----------------------------------------------------------------------------
@@ -7098,9 +7098,11 @@ TEST_F(HttpNetworkTransactionTest,
SSLConfig ssl_config;
session->ssl_config_service()->GetSSLConfig(&ssl_config);
scoped_ptr<ClientSocketHandle> ssl_connection(new ClientSocketHandle);
+ SSLClientSocketContext context;
+ context.cert_verifier = session_deps.cert_verifier.get();
ssl_connection->set_socket(session_deps.socket_factory.CreateSSLClientSocket(
connection.release(), HostPortPair("" , 443), ssl_config,
- NULL /* ssl_host_info */, session_deps.cert_verifier.get(), NULL));
+ NULL /* ssl_host_info */, context));
EXPECT_EQ(ERR_IO_PENDING, ssl_connection->socket()->Connect(&callback));
EXPECT_EQ(OK, callback.WaitForResult());
diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc
index fc4b2ed..0a1a2d5 100644
--- a/net/http/http_proxy_client_socket_pool_unittest.cc
+++ b/net/http/http_proxy_client_socket_pool_unittest.cc
@@ -66,6 +66,7 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam {
&ssl_histograms_,
&host_resolver_,
&cert_verifier_,
+ NULL /* origin_bound_cert_store */,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
diff --git a/net/http/http_stream_factory_impl_unittest.cc b/net/http/http_stream_factory_impl_unittest.cc
index 91bcfdb..1b40d5e 100644
--- a/net/http/http_stream_factory_impl_unittest.cc
+++ b/net/http/http_stream_factory_impl_unittest.cc
@@ -208,7 +208,7 @@ template<>
CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool(
HostResolver* host_resolver, CertVerifier* cert_verifier)
: SSLClientSocketPool(0, 0, NULL, host_resolver, cert_verifier, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL),
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL),
last_num_streams_(-1) {}
TEST(HttpStreamFactoryTest, PreconnectDirect) {
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 1104d25..227a801 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -73,32 +73,29 @@ class DefaultClientSocketFactory : public ClientSocketFactory,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ const SSLClientSocketContext& context) {
scoped_ptr<SSLHostInfo> shi(ssl_host_info);
+
#if defined(OS_WIN)
if (g_use_system_ssl) {
return new SSLClientSocketWin(transport_socket, host_and_port,
- ssl_config, cert_verifier);
+ ssl_config, context);
}
return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), cert_verifier,
- dns_cert_checker);
+ shi.release(), context);
#elif defined(USE_OPENSSL)
return new SSLClientSocketOpenSSL(transport_socket, host_and_port,
- ssl_config, cert_verifier);
+ ssl_config, context);
#elif defined(USE_NSS)
return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), cert_verifier,
- dns_cert_checker);
+ shi.release(), context);
#elif defined(OS_MACOSX)
if (g_use_system_ssl) {
return new SSLClientSocketMac(transport_socket, host_and_port,
- ssl_config, cert_verifier);
+ ssl_config, context);
}
return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), cert_verifier,
- dns_cert_checker);
+ shi.release(), context);
#else
NOTIMPLEMENTED();
return NULL;
@@ -136,12 +133,11 @@ SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier) {
+ const SSLClientSocketContext& context) {
ClientSocketHandle* socket_handle = new ClientSocketHandle();
socket_handle->set_socket(transport_socket);
return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config,
- ssl_host_info, cert_verifier,
- NULL /* DnsCertProvenanceChecker */);
+ ssl_host_info, context);
}
// static
diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h
index d1fe2f7..c2e0350 100644
--- a/net/socket/client_socket_factory.h
+++ b/net/socket/client_socket_factory.h
@@ -23,6 +23,7 @@ class DatagramClientSocket;
class DnsCertProvenanceChecker;
class HostPortPair;
class SSLClientSocket;
+struct SSLClientSocketContext;
struct SSLConfig;
class SSLHostInfo;
class StreamSocket;
@@ -51,8 +52,7 @@ class NET_API ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker) = 0;
+ const SSLClientSocketContext& context) = 0;
// Deprecated function (http://crbug.com/37810) that takes a StreamSocket.
virtual SSLClientSocket* CreateSSLClientSocket(
@@ -60,7 +60,7 @@ class NET_API ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier);
+ const SSLClientSocketContext& context);
// Clears cache used for SSL session resumption.
virtual void ClearSSLSessionCache() = 0;
diff --git a/net/socket/client_socket_pool_base_unittest.cc b/net/socket/client_socket_pool_base_unittest.cc
index e9b4ae9..6d35fe7 100644
--- a/net/socket/client_socket_pool_base_unittest.cc
+++ b/net/socket/client_socket_pool_base_unittest.cc
@@ -137,8 +137,7 @@ class MockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ const SSLClientSocketContext& context) {
NOTIMPLEMENTED();
delete ssl_host_info;
return NULL;
diff --git a/net/socket/client_socket_pool_manager.cc b/net/socket/client_socket_pool_manager.cc
index d917fbe..ec9e2f4 100644
--- a/net/socket/client_socket_pool_manager.cc
+++ b/net/socket/client_socket_pool_manager.cc
@@ -257,6 +257,7 @@ ClientSocketPoolManager::ClientSocketPoolManager(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
+ OriginBoundCertService* origin_bound_cert_service,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
@@ -266,6 +267,7 @@ ClientSocketPoolManager::ClientSocketPoolManager(
socket_factory_(socket_factory),
host_resolver_(host_resolver),
cert_verifier_(cert_verifier),
+ origin_bound_cert_service_(origin_bound_cert_service),
dnsrr_resolver_(dnsrr_resolver),
dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
@@ -284,6 +286,7 @@ ClientSocketPoolManager::ClientSocketPoolManager(
&ssl_pool_histograms_,
host_resolver,
cert_verifier,
+ origin_bound_cert_service,
dnsrr_resolver,
dns_cert_checker,
ssl_host_info_factory,
@@ -488,6 +491,7 @@ HttpProxyClientSocketPool* ClientSocketPoolManager::GetSocketPoolForHTTPProxy(
&ssl_for_https_proxy_pool_histograms_,
host_resolver_,
cert_verifier_,
+ origin_bound_cert_service_,
dnsrr_resolver_,
dns_cert_checker_,
ssl_host_info_factory_,
@@ -525,6 +529,7 @@ SSLClientSocketPool* ClientSocketPoolManager::GetSocketPoolForSSLWithProxy(
&ssl_pool_histograms_,
host_resolver_,
cert_verifier_,
+ origin_bound_cert_service_,
dnsrr_resolver_,
dns_cert_checker_,
ssl_host_info_factory_,
diff --git a/net/socket/client_socket_pool_manager.h b/net/socket/client_socket_pool_manager.h
index 5bf61e4..27dc66d 100644
--- a/net/socket/client_socket_pool_manager.h
+++ b/net/socket/client_socket_pool_manager.h
@@ -44,6 +44,7 @@ class HostPortPair;
class HttpProxyClientSocketPool;
class HostResolver;
class NetLog;
+class OriginBoundCertService;
class ProxyInfo;
class ProxyService;
class SOCKSClientSocketPool;
@@ -83,6 +84,7 @@ class ClientSocketPoolManager : public base::NonThreadSafe,
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
+ OriginBoundCertService* origin_bound_cert_service,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
@@ -185,6 +187,7 @@ class ClientSocketPoolManager : public base::NonThreadSafe,
ClientSocketFactory* const socket_factory_;
HostResolver* const host_resolver_;
CertVerifier* const cert_verifier_;
+ OriginBoundCertService* const origin_bound_cert_service_;
DnsRRResolver* const dnsrr_resolver_;
DnsCertProvenanceChecker* const dns_cert_checker_;
SSLHostInfoFactory* const ssl_host_info_factory_;
diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc
index 2a11ec0..faa3dea 100644
--- a/net/socket/socket_test_util.cc
+++ b/net/socket/socket_test_util.cc
@@ -617,8 +617,7 @@ SSLClientSocket* MockClientSocketFactory::CreateSSLClientSocket(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ const SSLClientSocketContext& context) {
MockSSLClientSocket* socket =
new MockSSLClientSocket(transport_socket, host_and_port, ssl_config,
ssl_host_info, mock_ssl_data_.GetNext());
@@ -1538,8 +1537,7 @@ SSLClientSocket* DeterministicMockClientSocketFactory::CreateSSLClientSocket(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ const SSLClientSocketContext& context) {
MockSSLClientSocket* socket =
new MockSSLClientSocket(transport_socket, host_and_port, ssl_config,
ssl_host_info, mock_ssl_data_.GetNext());
diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h
index ae4014c..fa9abd9 100644
--- a/net/socket/socket_test_util.h
+++ b/net/socket/socket_test_util.h
@@ -565,8 +565,7 @@ class MockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker);
+ const SSLClientSocketContext& context);
virtual void ClearSSLSessionCache();
private:
@@ -980,8 +979,7 @@ class DeterministicMockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker);
+ const SSLClientSocketContext& context);
virtual void ClearSSLSessionCache();
private:
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index dcf3383..8dfd25d 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -15,8 +15,13 @@
namespace net {
+class CertVerifier;
+class DnsCertProvenanceChecker;
+class DnsRRResolver;
+class OriginBoundCertService;
class SSLCertRequestInfo;
class SSLHostInfo;
+class SSLHostInfoFactory;
class SSLInfo;
struct RRResponse;
@@ -36,6 +41,34 @@ class DNSSECProvider {
~DNSSECProvider() {}
};
+// This struct groups together several fields which are used by various
+// classes related to SSLClientSocket.
+struct SSLClientSocketContext {
+ SSLClientSocketContext()
+ : cert_verifier(NULL),
+ origin_bound_cert_service(NULL),
+ dnsrr_resolver(NULL),
+ dns_cert_checker(NULL),
+ ssl_host_info_factory(NULL) {}
+
+ SSLClientSocketContext(CertVerifier* cert_verifier_arg,
+ OriginBoundCertService* origin_bound_cert_service_arg,
+ DnsRRResolver* dnsrr_resolver_arg,
+ DnsCertProvenanceChecker* dns_cert_checker_arg,
+ SSLHostInfoFactory* ssl_host_info_factory_arg)
+ : cert_verifier(cert_verifier_arg),
+ origin_bound_cert_service(origin_bound_cert_service_arg),
+ dnsrr_resolver(dnsrr_resolver_arg),
+ dns_cert_checker(dns_cert_checker_arg),
+ ssl_host_info_factory(ssl_host_info_factory_arg) {}
+
+ CertVerifier* cert_verifier;
+ OriginBoundCertService* origin_bound_cert_service;
+ DnsRRResolver* dnsrr_resolver;
+ DnsCertProvenanceChecker* dns_cert_checker;
+ SSLHostInfoFactory* ssl_host_info_factory;
+};
+
// A client socket that uses SSL as the transport layer.
//
// NOTE: The SSL handshake occurs within the Connect method after a TCP
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 3f7821f..dd5bdd9 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -521,7 +521,7 @@ EnabledCipherSuites::EnabledCipherSuites() {
SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
- CertVerifier* cert_verifier)
+ const SSLClientSocketContext& context)
: handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete),
transport_read_callback_(this,
&SSLClientSocketMac::OnTransportReadComplete),
@@ -536,7 +536,7 @@ SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket,
user_read_buf_len_(0),
user_write_buf_len_(0),
next_handshake_state_(STATE_NONE),
- cert_verifier_(cert_verifier),
+ cert_verifier_(context.cert_verifier),
renegotiating_(false),
client_cert_requested_(false),
ssl_context_(NULL),
diff --git a/net/socket/ssl_client_socket_mac.h b/net/socket/ssl_client_socket_mac.h
index 8ef33e9..e2830b3 100644
--- a/net/socket/ssl_client_socket_mac.h
+++ b/net/socket/ssl_client_socket_mac.h
@@ -37,7 +37,7 @@ class SSLClientSocketMac : public SSLClientSocket {
SSLClientSocketMac(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
- CertVerifier* cert_verifier);
+ const SSLClientSocketContext& context);
virtual ~SSLClientSocketMac();
// SSLClientSocket methods:
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 536b206..27894c4 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -424,8 +424,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_ctx)
+ const SSLClientSocketContext& context)
: ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_(
this, &SSLClientSocketNSS::BufferSendComplete)),
ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_(
@@ -447,7 +446,8 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
server_cert_verify_result_(NULL),
ssl_connection_status_(0),
client_auth_cert_needed_(false),
- cert_verifier_(cert_verifier),
+ cert_verifier_(context.cert_verifier),
+ origin_bound_cert_service_(context.origin_bound_cert_service),
handshake_callback_called_(false),
completed_handshake_(false),
eset_mitm_detected_(false),
@@ -458,7 +458,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
nss_bufs_(NULL),
net_log_(transport_socket->socket()->NetLog()),
ssl_host_info_(ssl_host_info),
- dns_cert_checker_(dns_ctx),
+ dns_cert_checker_(context.dns_cert_checker),
valid_thread_id_(base::kInvalidThreadId) {
EnterFunction("");
}
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 8189949..796de65 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -34,6 +34,7 @@ class BoundNetLog;
class CertVerifier;
class ClientSocketHandle;
class DnsCertProvenanceChecker;
+class OriginBoundCertService;
class SingleRequestCertVerifier;
class SSLHostInfo;
class X509Certificate;
@@ -51,8 +52,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dnsrr_resolver);
+ const SSLClientSocketContext& context);
virtual ~SSLClientSocketNSS();
// For tests
@@ -214,6 +214,9 @@ class SSLClientSocketNSS : public SSLClientSocket {
CertVerifier* const cert_verifier_;
scoped_ptr<SingleRequestCertVerifier> verifier_;
+ // For the use of origin bound certificates for client auth.
+ OriginBoundCertService* origin_bound_cert_service_;
+
// True if NSS has called HandshakeCallback.
bool handshake_callback_called_;
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index f679bcc..d1d17c8 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -381,7 +381,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
- CertVerifier* cert_verifier)
+ const SSLClientSocketContext& context)
: ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_(
this, &SSLClientSocketOpenSSL::BufferSendComplete)),
ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_(
@@ -393,7 +393,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
user_write_callback_(NULL),
completed_handshake_(false),
client_auth_cert_needed_(false),
- cert_verifier_(cert_verifier),
+ cert_verifier_(context.cert_verifier),
ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_(
this, &SSLClientSocketOpenSSL::OnHandshakeIOComplete)),
ssl_(NULL),
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 1dcfe0080..5f97388 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -39,7 +39,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
SSLClientSocketOpenSSL(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
- CertVerifier* cert_verifier);
+ const SSLClientSocketContext& context);
~SSLClientSocketOpenSSL();
const HostPortPair& host_and_port() const { return host_and_port_; }
diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc
index 06a27f4..619acdb 100644
--- a/net/socket/ssl_client_socket_pool.cc
+++ b/net/socket/ssl_client_socket_pool.cc
@@ -73,21 +73,17 @@ SSLSocketParams::~SSLSocketParams() {}
// Timeout for the SSL handshake portion of the connect.
static const int kSSLHandshakeTimeoutInSeconds = 30;
-SSLConnectJob::SSLConnectJob(
- const std::string& group_name,
- const scoped_refptr<SSLSocketParams>& params,
- const base::TimeDelta& timeout_duration,
- TransportClientSocketPool* transport_pool,
- SOCKSClientSocketPool* socks_pool,
- HttpProxyClientSocketPool* http_proxy_pool,
- ClientSocketFactory* client_socket_factory,
- HostResolver* host_resolver,
- CertVerifier* cert_verifier,
- DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
- SSLHostInfoFactory* ssl_host_info_factory,
- Delegate* delegate,
- NetLog* net_log)
+SSLConnectJob::SSLConnectJob(const std::string& group_name,
+ const scoped_refptr<SSLSocketParams>& params,
+ const base::TimeDelta& timeout_duration,
+ TransportClientSocketPool* transport_pool,
+ SOCKSClientSocketPool* socks_pool,
+ HttpProxyClientSocketPool* http_proxy_pool,
+ ClientSocketFactory* client_socket_factory,
+ HostResolver* host_resolver,
+ const SSLClientSocketContext& context,
+ Delegate* delegate,
+ NetLog* net_log)
: ConnectJob(group_name, timeout_duration, delegate,
BoundNetLog::Make(net_log, NetLog::SOURCE_CONNECT_JOB)),
params_(params),
@@ -96,10 +92,7 @@ SSLConnectJob::SSLConnectJob(
http_proxy_pool_(http_proxy_pool),
client_socket_factory_(client_socket_factory),
host_resolver_(host_resolver),
- cert_verifier_(cert_verifier),
- dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
- ssl_host_info_factory_(ssl_host_info_factory),
+ context_(context),
ALLOW_THIS_IN_INITIALIZER_LIST(
callback_(this, &SSLConnectJob::OnIOComplete)) {}
@@ -193,15 +186,16 @@ int SSLConnectJob::DoLoop(int result) {
int SSLConnectJob::DoTransportConnect() {
DCHECK(transport_pool_);
- if (ssl_host_info_factory_) {
+ if (context_.ssl_host_info_factory) {
ssl_host_info_.reset(
- ssl_host_info_factory_->GetForHost(params_->host_and_port().host(),
- params_->ssl_config()));
+ context_.ssl_host_info_factory->GetForHost(
+ params_->host_and_port().host(),
+ params_->ssl_config()));
}
if (ssl_host_info_.get()) {
- if (dnsrr_resolver_)
- ssl_host_info_->StartDnsLookup(dnsrr_resolver_);
+ if (context_.dnsrr_resolver)
+ ssl_host_info_->StartDnsLookup(context_.dnsrr_resolver);
// This starts fetching the SSL host info from the disk cache for early
// certificate verification and the TLS cached information extension.
@@ -284,8 +278,7 @@ int SSLConnectJob::DoSSLConnect() {
ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
transport_socket_handle_.release(), params_->host_and_port(),
- params_->ssl_config(), ssl_host_info_.release(), cert_verifier_,
- dns_cert_checker_));
+ params_->ssl_config(), ssl_host_info_.release(), context_));
return ssl_socket_->Connect(&callback_);
}
@@ -419,20 +412,14 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
HttpProxyClientSocketPool* http_proxy_pool,
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
- CertVerifier* cert_verifier,
- DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
- SSLHostInfoFactory* ssl_host_info_factory,
+ const SSLClientSocketContext& context,
NetLog* net_log)
: transport_pool_(transport_pool),
socks_pool_(socks_pool),
http_proxy_pool_(http_proxy_pool),
client_socket_factory_(client_socket_factory),
host_resolver_(host_resolver),
- cert_verifier_(cert_verifier),
- dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
- ssl_host_info_factory_(ssl_host_info_factory),
+ context_(context),
net_log_(net_log) {
base::TimeDelta max_transport_timeout = base::TimeDelta();
base::TimeDelta pool_timeout;
@@ -458,6 +445,7 @@ SSLClientSocketPool::SSLClientSocketPool(
ClientSocketPoolHistograms* histograms,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
+ OriginBoundCertService* origin_bound_cert_service,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
@@ -479,10 +467,12 @@ SSLClientSocketPool::SSLClientSocketPool(
http_proxy_pool,
client_socket_factory,
host_resolver,
- cert_verifier,
- dnsrr_resolver,
- dns_cert_checker,
- ssl_host_info_factory,
+ SSLClientSocketContext(
+ cert_verifier,
+ origin_bound_cert_service,
+ dnsrr_resolver,
+ dns_cert_checker,
+ ssl_host_info_factory),
net_log)),
ssl_config_service_(ssl_config_service) {
if (ssl_config_service_)
@@ -501,8 +491,7 @@ ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(),
transport_pool_, socks_pool_, http_proxy_pool_,
client_socket_factory_, host_resolver_,
- cert_verifier_, dnsrr_resolver_, dns_cert_checker_,
- ssl_host_info_factory_, delegate, net_log_);
+ context_, delegate, net_log_);
}
int SSLClientSocketPool::RequestSocket(const std::string& group_name,
diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h
index dec7e50..5db1fd4 100644
--- a/net/socket/ssl_client_socket_pool.h
+++ b/net/socket/ssl_client_socket_pool.h
@@ -100,10 +100,7 @@ class SSLConnectJob : public ConnectJob {
HttpProxyClientSocketPool* http_proxy_pool,
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
- CertVerifier* cert_verifier,
- DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
- SSLHostInfoFactory* ssl_host_info_factory,
+ const SSLClientSocketContext& context,
Delegate* delegate,
NetLog* net_log);
virtual ~SSLConnectJob();
@@ -151,10 +148,8 @@ class SSLConnectJob : public ConnectJob {
HttpProxyClientSocketPool* const http_proxy_pool_;
ClientSocketFactory* const client_socket_factory_;
HostResolver* const host_resolver_;
- CertVerifier* const cert_verifier_;
- DnsRRResolver* const dnsrr_resolver_;
- DnsCertProvenanceChecker* dns_cert_checker_;
- SSLHostInfoFactory* const ssl_host_info_factory_;
+
+ const SSLClientSocketContext context_;
State next_state_;
CompletionCallbackImpl<SSLConnectJob> callback_;
@@ -181,6 +176,7 @@ class NET_TEST SSLClientSocketPool : public ClientSocketPool,
ClientSocketPoolHistograms* histograms,
HostResolver* host_resolver,
CertVerifier* cert_verifier,
+ OriginBoundCertService* origin_bound_cert_service,
DnsRRResolver* dnsrr_resolver,
DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
@@ -250,10 +246,7 @@ class NET_TEST SSLClientSocketPool : public ClientSocketPool,
HttpProxyClientSocketPool* http_proxy_pool,
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
- CertVerifier* cert_verifier,
- DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
- SSLHostInfoFactory* ssl_host_info_factory,
+ const SSLClientSocketContext& context,
NetLog* net_log);
virtual ~SSLConnectJobFactory() {}
@@ -272,10 +265,7 @@ class NET_TEST SSLClientSocketPool : public ClientSocketPool,
HttpProxyClientSocketPool* const http_proxy_pool_;
ClientSocketFactory* const client_socket_factory_;
HostResolver* const host_resolver_;
- CertVerifier* const cert_verifier_;
- DnsRRResolver* const dnsrr_resolver_;
- DnsCertProvenanceChecker* const dns_cert_checker_;
- SSLHostInfoFactory* const ssl_host_info_factory_;
+ const SSLClientSocketContext context_;
base::TimeDelta timeout_;
NetLog* net_log_;
diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc
index 9df1376..2175e17 100644
--- a/net/socket/ssl_client_socket_pool_unittest.cc
+++ b/net/socket/ssl_client_socket_pool_unittest.cc
@@ -93,6 +93,7 @@ class SSLClientSocketPoolTest : public testing::Test {
ssl_histograms_.get(),
NULL /* host_resolver */,
NULL /* cert_verifier */,
+ NULL /* origin_bound_cert_service */,
NULL /* dnsrr_resolver */,
NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 9946c90..4feabaf 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -36,11 +36,13 @@ class SSLClientSocketTest : public PlatformTest {
net::StreamSocket* transport_socket,
const net::HostPortPair& host_and_port,
const net::SSLConfig& ssl_config) {
+ net::SSLClientSocketContext context;
+ context.cert_verifier = cert_verifier_.get();
return socket_factory_->CreateSSLClientSocket(transport_socket,
host_and_port,
ssl_config,
NULL,
- cert_verifier_.get());
+ context);
}
net::ClientSocketFactory* socket_factory_;
@@ -79,10 +81,12 @@ TEST_F(SSLClientSocketTest, Connect) {
rv = callback.WaitForResult();
EXPECT_EQ(net::OK, rv);
+ net::SSLClientSocketContext context;
+ context.cert_verifier = cert_verifier_.get();
scoped_ptr<net::SSLClientSocket> sock(
socket_factory_->CreateSSLClientSocket(
transport, test_server.host_port_pair(), kDefaultSSLConfig,
- NULL, cert_verifier_.get()));
+ NULL, context));
EXPECT_FALSE(sock->IsConnected());
@@ -374,10 +378,12 @@ TEST_F(SSLClientSocketTest, Read_FullDuplex) {
rv = callback.WaitForResult();
EXPECT_EQ(net::OK, rv);
+ net::SSLClientSocketContext context;
+ context.cert_verifier = cert_verifier_.get();
scoped_ptr<net::SSLClientSocket> sock(
socket_factory_->CreateSSLClientSocket(
transport, test_server.host_port_pair(), kDefaultSSLConfig,
- NULL, cert_verifier_.get()));
+ NULL, context));
rv = sock->Connect(&callback);
if (rv == net::ERR_IO_PENDING)
diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc
index 6784b64..4719857 100644
--- a/net/socket/ssl_client_socket_win.cc
+++ b/net/socket/ssl_client_socket_win.cc
@@ -384,7 +384,7 @@ static const int kRecvBufferSize = (5 + 16*1024 + 64);
SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
- CertVerifier* cert_verifier)
+ const SSLClientSocketContext& context)
: ALLOW_THIS_IN_INITIALIZER_LIST(
handshake_io_callback_(this,
&SSLClientSocketWin::OnHandshakeIOComplete)),
@@ -401,7 +401,7 @@ SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket,
user_write_callback_(NULL),
user_write_buf_len_(0),
next_state_(STATE_NONE),
- cert_verifier_(cert_verifier),
+ cert_verifier_(context.cert_verifier),
creds_(NULL),
isc_status_(SEC_E_OK),
payload_send_buffer_len_(0),
diff --git a/net/socket/ssl_client_socket_win.h b/net/socket/ssl_client_socket_win.h
index 59f403a..e7fa0a5 100644
--- a/net/socket/ssl_client_socket_win.h
+++ b/net/socket/ssl_client_socket_win.h
@@ -42,7 +42,7 @@ class SSLClientSocketWin : public SSLClientSocket {
SSLClientSocketWin(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
- CertVerifier* cert_verifier);
+ const SSLClientSocketContext& context);
~SSLClientSocketWin();
// SSLClientSocket methods:
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index 1ab9f63..64b5922 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -267,10 +267,11 @@ class SSLServerSocketTest : public PlatformTest {
ssl_config.allowed_bad_certs.push_back(cert_and_status);
net::HostPortPair host_and_pair("unittest", 0);
+ net::SSLClientSocketContext context;
+ context.cert_verifier = &cert_verifier_;
client_socket_.reset(
socket_factory_->CreateSSLClientSocket(
- fake_client_socket, host_and_pair, ssl_config, NULL,
- &cert_verifier_));
+ fake_client_socket, host_and_pair, ssl_config, NULL, context));
server_socket_.reset(net::CreateSSLServerSocket(fake_server_socket,
cert, private_key.get(),
net::SSLConfig()));
diff --git a/net/socket/transport_client_socket_pool_unittest.cc b/net/socket/transport_client_socket_pool_unittest.cc
index 12666df..1692cf3 100644
--- a/net/socket/transport_client_socket_pool_unittest.cc
+++ b/net/socket/transport_client_socket_pool_unittest.cc
@@ -322,8 +322,7 @@ class MockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- CertVerifier* cert_verifier,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ const SSLClientSocketContext& context) {
NOTIMPLEMENTED();
delete ssl_host_info;
return NULL;
diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc
index b8e9773..74eabec 100644
--- a/net/socket_stream/socket_stream.cc
+++ b/net/socket_stream/socket_stream.cc
@@ -53,6 +53,7 @@ SocketStream::SocketStream(const GURL& url, Delegate* delegate)
next_state_(STATE_NONE),
host_resolver_(NULL),
cert_verifier_(NULL),
+ origin_bound_cert_service_(NULL),
http_auth_handler_factory_(NULL),
factory_(ClientSocketFactory::GetDefaultFactory()),
proxy_mode_(kDirectConnection),
@@ -121,6 +122,7 @@ void SocketStream::set_context(URLRequestContext* context) {
if (context_) {
host_resolver_ = context_->host_resolver();
cert_verifier_ = context_->cert_verifier();
+ origin_bound_cert_service_ = context_->origin_bound_cert_service();
http_auth_handler_factory_ = context_->http_auth_handler_factory();
}
}
@@ -850,12 +852,15 @@ int SocketStream::DoSOCKSConnectComplete(int result) {
int SocketStream::DoSSLConnect() {
DCHECK(factory_);
+ SSLClientSocketContext ssl_context;
+ ssl_context.cert_verifier = cert_verifier_;
+ ssl_context.origin_bound_cert_service = origin_bound_cert_service_;
// TODO(agl): look into plumbing SSLHostInfo here.
socket_.reset(factory_->CreateSSLClientSocket(socket_.release(),
HostPortPair::FromURL(url_),
ssl_config_,
NULL /* ssl_host_info */,
- cert_verifier_));
+ ssl_context));
next_state_ = STATE_SSL_CONNECT_COMPLETE;
metrics_->OnCountConnectionType(SocketStreamMetrics::SSL_CONNECTION);
return socket_->Connect(&io_callback_);
diff --git a/net/socket_stream/socket_stream.h b/net/socket_stream/socket_stream.h
index 3cbea0f..19331f4 100644
--- a/net/socket_stream/socket_stream.h
+++ b/net/socket_stream/socket_stream.h
@@ -304,6 +304,7 @@ class NET_API SocketStream : public base::RefCountedThreadSafe<SocketStream> {
State next_state_;
HostResolver* host_resolver_;
CertVerifier* cert_verifier_;
+ OriginBoundCertService* origin_bound_cert_service_;
HttpAuthHandlerFactory* http_auth_handler_factory_;
ClientSocketFactory* factory_;
diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc
index 608196c..2349a23 100644
--- a/net/url_request/url_request_context.cc
+++ b/net/url_request/url_request_context.cc
@@ -16,6 +16,7 @@ URLRequestContext::URLRequestContext()
: net_log_(NULL),
host_resolver_(NULL),
cert_verifier_(NULL),
+ origin_bound_cert_service_(NULL),
dnsrr_resolver_(NULL),
dns_cert_checker_(NULL),
http_auth_handler_factory_(NULL),
@@ -33,6 +34,7 @@ void URLRequestContext::CopyFrom(URLRequestContext* other) {
set_net_log(other->net_log());
set_host_resolver(other->host_resolver());
set_cert_verifier(other->cert_verifier());
+ set_origin_bound_cert_service(other->origin_bound_cert_service());
set_dnsrr_resolver(other->dnsrr_resolver());
set_dns_cert_checker(other->dns_cert_checker());
set_http_auth_handler_factory(other->http_auth_handler_factory());
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index 4e3b9c1..d64db3d 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -30,6 +30,7 @@ class HostResolver;
class HttpAuthHandlerFactory;
class HttpTransactionFactory;
class NetworkDelegate;
+class OriginBoundCertService;
class ProxyService;
class URLRequest;
class URLRequestJobFactory;
@@ -71,6 +72,14 @@ class NET_API URLRequestContext
cert_verifier_ = cert_verifier;
}
+ OriginBoundCertService* origin_bound_cert_service() const {
+ return origin_bound_cert_service_;
+ }
+ void set_origin_bound_cert_service(
+ OriginBoundCertService* origin_bound_cert_service) {
+ origin_bound_cert_service_ = origin_bound_cert_service;
+ }
+
DnsRRResolver* dnsrr_resolver() const {
return dnsrr_resolver_;
}
@@ -189,6 +198,7 @@ class NET_API URLRequestContext
NetLog* net_log_;
HostResolver* host_resolver_;
CertVerifier* cert_verifier_;
+ OriginBoundCertService* origin_bound_cert_service_;
DnsRRResolver* dnsrr_resolver_;
DnsCertProvenanceChecker* dns_cert_checker_;
HttpAuthHandlerFactory* http_auth_handler_factory_;
generated by cgit v1.1 at 2025-01-20 23:23:53 +0000