summaryrefslogtreecommitdiffstats
path: root/content/browser/loader
diff options
context:
space:
mode:
Diffstat (limited to 'content/browser/loader')
-rw-r--r--content/browser/loader/resource_loader.cc89
-rw-r--r--content/browser/loader/resource_loader_unittest.cc124
2 files changed, 40 insertions, 173 deletions
diff --git a/content/browser/loader/resource_loader.cc b/content/browser/loader/resource_loader.cc
index 0339cf1..5c2b9b8 100644
--- a/content/browser/loader/resource_loader.cc
+++ b/content/browser/loader/resource_loader.cc
@@ -20,7 +20,6 @@
#include "content/browser/service_worker/service_worker_request_handler.h"
#include "content/browser/ssl/ssl_client_auth_handler.h"
#include "content/browser/ssl/ssl_manager.h"
-#include "content/browser/ssl/ssl_policy.h"
#include "content/common/ssl_status_serialization.h"
#include "content/public/browser/cert_store.h"
#include "content/public/browser/resource_context.h"
@@ -30,7 +29,6 @@
#include "content/public/common/content_switches.h"
#include "content/public/common/process_type.h"
#include "content/public/common/resource_response.h"
-#include "content/public/common/security_style.h"
#include "net/base/io_buffer.h"
#include "net/base/load_flags.h"
#include "net/http/http_response_headers.h"
@@ -77,43 +75,6 @@ void PopulateResourceResponse(ResourceRequestInfoImpl* info,
request->GetLoadTimingInfo(&response->head.load_timing);
}
-void StoreSignedCertificateTimestamps(
- const net::SignedCertificateTimestampAndStatusList& sct_list,
- int process_id,
- SignedCertificateTimestampIDStatusList* sct_ids) {
- SignedCertificateTimestampStore* sct_store(
- SignedCertificateTimestampStore::GetInstance());
-
- for (auto iter = sct_list.begin(); iter != sct_list.end(); ++iter) {
- const int sct_id(sct_store->Store(iter->sct.get(), process_id));
- sct_ids->push_back(
- SignedCertificateTimestampIDAndStatus(sct_id, iter->status));
- }
-}
-
-void GetSSLStatusForRequest(const GURL& url,
- const net::SSLInfo& ssl_info,
- int child_id,
- SSLStatus* ssl_status) {
- DCHECK(ssl_info.cert);
-
- int cert_id =
- CertStore::GetInstance()->StoreCert(ssl_info.cert.get(), child_id);
-
- SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
- StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps,
- child_id, &signed_certificate_timestamp_ids);
-
- ssl_status->cert_id = cert_id;
- ssl_status->cert_status = ssl_info.cert_status;
- ssl_status->security_bits = ssl_info.security_bits;
- ssl_status->connection_status = ssl_info.connection_status;
- ssl_status->signed_certificate_timestamp_ids =
- signed_certificate_timestamp_ids;
- ssl_status->security_style =
- SSLPolicy::GetSecurityStyleForResource(url, *ssl_status);
-}
-
} // namespace
ResourceLoader::ResourceLoader(scoped_ptr<net::URLRequest> request,
@@ -582,17 +543,42 @@ void ResourceLoader::CancelRequestInternal(int error, bool from_renderer) {
}
}
+void ResourceLoader::StoreSignedCertificateTimestamps(
+ const net::SignedCertificateTimestampAndStatusList& sct_list,
+ int process_id,
+ SignedCertificateTimestampIDStatusList* sct_ids) {
+ SignedCertificateTimestampStore* sct_store(
+ SignedCertificateTimestampStore::GetInstance());
+
+ for (net::SignedCertificateTimestampAndStatusList::const_iterator iter =
+ sct_list.begin(); iter != sct_list.end(); ++iter) {
+ const int sct_id(sct_store->Store(iter->sct.get(), process_id));
+ sct_ids->push_back(
+ SignedCertificateTimestampIDAndStatus(sct_id, iter->status));
+ }
+}
+
void ResourceLoader::CompleteResponseStarted() {
ResourceRequestInfoImpl* info = GetRequestInfo();
scoped_refptr<ResourceResponse> response(new ResourceResponse());
PopulateResourceResponse(info, request_.get(), response.get());
if (request_->ssl_info().cert.get()) {
- SSLStatus ssl_status;
- GetSSLStatusForRequest(request_->url(), request_->ssl_info(),
- info->GetChildID(), &ssl_status);
-
- response->head.security_info = SerializeSecurityInfo(ssl_status);
+ int cert_id = CertStore::GetInstance()->StoreCert(
+ request_->ssl_info().cert.get(), info->GetChildID());
+
+ SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
+ StoreSignedCertificateTimestamps(
+ request_->ssl_info().signed_certificate_timestamps,
+ info->GetChildID(),
+ &signed_certificate_timestamp_ids);
+
+ response->head.security_info = SerializeSecurityInfo(
+ cert_id,
+ request_->ssl_info().cert_status,
+ request_->ssl_info().security_bits,
+ request_->ssl_info().connection_status,
+ signed_certificate_timestamp_ids);
} else {
// We should not have any SSL state.
DCHECK(!request_->ssl_info().cert_status &&
@@ -708,11 +694,16 @@ void ResourceLoader::ResponseCompleted() {
std::string security_info;
const net::SSLInfo& ssl_info = request_->ssl_info();
if (ssl_info.cert.get() != NULL) {
- SSLStatus ssl_status;
- GetSSLStatusForRequest(request_->url(), ssl_info, info->GetChildID(),
- &ssl_status);
-
- security_info = SerializeSecurityInfo(ssl_status);
+ int cert_id = CertStore::GetInstance()->StoreCert(ssl_info.cert.get(),
+ info->GetChildID());
+ SignedCertificateTimestampIDStatusList signed_certificate_timestamp_ids;
+ StoreSignedCertificateTimestamps(ssl_info.signed_certificate_timestamps,
+ info->GetChildID(),
+ &signed_certificate_timestamp_ids);
+
+ security_info = SerializeSecurityInfo(
+ cert_id, ssl_info.cert_status, ssl_info.security_bits,
+ ssl_info.connection_status, signed_certificate_timestamp_ids);
}
bool defer = false;
diff --git a/content/browser/loader/resource_loader_unittest.cc b/content/browser/loader/resource_loader_unittest.cc
index 14ee69b..7b4000e 100644
--- a/content/browser/loader/resource_loader_unittest.cc
+++ b/content/browser/loader/resource_loader_unittest.cc
@@ -14,8 +14,6 @@
#include "content/browser/browser_thread_impl.h"
#include "content/browser/loader/redirect_to_file_resource_handler.h"
#include "content/browser/loader/resource_loader_delegate.h"
-#include "content/common/ssl_status_serialization.h"
-#include "content/public/browser/cert_store.h"
#include "content/public/browser/client_certificate_delegate.h"
#include "content/public/browser/resource_request_info.h"
#include "content/public/common/content_paths.h"
@@ -32,16 +30,12 @@
#include "net/base/mock_file_stream.h"
#include "net/base/net_errors.h"
#include "net/base/request_priority.h"
-#include "net/base/test_data_directory.h"
#include "net/base/upload_bytes_element_reader.h"
#include "net/cert/x509_certificate.h"
#include "net/ssl/client_cert_store.h"
#include "net/ssl/ssl_cert_request_info.h"
-#include "net/test/cert_test_util.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/url_request/url_request.h"
-#include "net/url_request/url_request_filter.h"
-#include "net/url_request/url_request_interceptor.h"
#include "net/url_request/url_request_job_factory.h"
#include "net/url_request/url_request_job_factory_impl.h"
#include "net/url_request/url_request_test_job.h"
@@ -170,63 +164,6 @@ class MockClientCertJobProtocolHandler
}
};
-// Set up dummy values to use in test HTTPS requests.
-
-scoped_refptr<net::X509Certificate> GetTestCert() {
- return net::ImportCertFromFile(net::GetTestCertsDirectory(),
- "test_mail_google_com.pem");
-}
-
-const net::CertStatus kTestCertError = net::CERT_STATUS_DATE_INVALID;
-const int kTestSecurityBits = 256;
-// SSL3 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
-const int kTestConnectionStatus = 0x300039;
-
-// A mock URLRequestJob which simulates an HTTPS request.
-class MockHTTPSURLRequestJob : public net::URLRequestTestJob {
- public:
- MockHTTPSURLRequestJob(net::URLRequest* request,
- net::NetworkDelegate* network_delegate,
- const std::string& response_headers,
- const std::string& response_data,
- bool auto_advance)
- : net::URLRequestTestJob(request,
- network_delegate,
- response_headers,
- response_data,
- auto_advance) {}
-
- // net::URLRequestTestJob:
- void GetResponseInfo(net::HttpResponseInfo* info) override {
- // Get the original response info, but override the SSL info.
- net::URLRequestJob::GetResponseInfo(info);
- info->ssl_info.cert = GetTestCert();
- info->ssl_info.cert_status = kTestCertError;
- info->ssl_info.security_bits = kTestSecurityBits;
- info->ssl_info.connection_status = kTestConnectionStatus;
- }
-
- private:
- ~MockHTTPSURLRequestJob() override {}
-
- DISALLOW_COPY_AND_ASSIGN(MockHTTPSURLRequestJob);
-};
-
-class MockHTTPSJobURLRequestInterceptor : public net::URLRequestInterceptor {
- public:
- MockHTTPSJobURLRequestInterceptor() {}
- ~MockHTTPSJobURLRequestInterceptor() override {}
-
- // net::URLRequestInterceptor:
- net::URLRequestJob* MaybeInterceptRequest(
- net::URLRequest* request,
- net::NetworkDelegate* network_delegate) const override {
- return new MockHTTPSURLRequestJob(request, network_delegate,
- net::URLRequestTestJob::test_headers(),
- "dummy response", true);
- }
-};
-
// Arbitrary read buffer size.
const int kReadBufSize = 1024;
@@ -601,29 +538,6 @@ class ClientCertResourceLoaderTest : public ResourceLoaderTest {
}
};
-// A ResourceLoaderTest that intercepts https://example.test URLs and
-// sets SSL info on the responses.
-class HTTPSSecurityInfoResourceLoaderTest : public ResourceLoaderTest {
- public:
- HTTPSSecurityInfoResourceLoaderTest()
- : ResourceLoaderTest(), test_https_url_("https://example.test") {}
-
- ~HTTPSSecurityInfoResourceLoaderTest() override {}
-
- const GURL& test_https_url() { return test_https_url_; }
-
- protected:
- void SetUp() override {
- ResourceLoaderTest::SetUp();
- net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
- "https", "example.test", scoped_ptr<net::URLRequestInterceptor>(
- new MockHTTPSJobURLRequestInterceptor));
- }
-
- private:
- const GURL test_https_url_;
-};
-
// Tests that client certificates are requested with ClientCertStore lookup.
TEST_F(ClientCertResourceLoaderTest, WithStoreLookup) {
// Set up the test client cert store.
@@ -1079,42 +993,4 @@ TEST_F(ResourceLoaderRedirectToFileTest, DownstreamDeferStart) {
EXPECT_FALSE(base::PathExists(temp_path()));
}
-// Test that an HTTPS resource has the expected security info attached
-// to it.
-TEST_F(HTTPSSecurityInfoResourceLoaderTest, SecurityInfoOnHTTPSResource) {
- // Start the request and wait for it to finish.
- scoped_ptr<net::URLRequest> request(
- resource_context_.GetRequestContext()->CreateRequest(
- test_https_url(), net::DEFAULT_PRIORITY, nullptr /* delegate */));
- SetUpResourceLoader(request.Pass());
-
- // Send the request and wait until it completes.
- loader_->StartRequest();
- base::RunLoop().RunUntilIdle();
- ASSERT_EQ(net::URLRequestStatus::SUCCESS,
- raw_ptr_to_request_->status().status());
- ASSERT_TRUE(raw_ptr_resource_handler_->received_response_completed());
-
- ResourceResponse* response = raw_ptr_resource_handler_->response();
- ASSERT_TRUE(response);
-
- // Deserialize the security info from the response and check that it
- // is as expected.
- SSLStatus deserialized;
- ASSERT_TRUE(
- DeserializeSecurityInfo(response->head.security_info, &deserialized));
-
- // Expect a BROKEN security style because the cert status has errors.
- EXPECT_EQ(content::SECURITY_STYLE_AUTHENTICATION_BROKEN,
- deserialized.security_style);
- scoped_refptr<net::X509Certificate> cert;
- ASSERT_TRUE(
- CertStore::GetInstance()->RetrieveCert(deserialized.cert_id, &cert));
- EXPECT_TRUE(cert->Equals(GetTestCert().get()));
-
- EXPECT_EQ(kTestCertError, deserialized.cert_status);
- EXPECT_EQ(kTestConnectionStatus, deserialized.connection_status);
- EXPECT_EQ(kTestSecurityBits, deserialized.security_bits);
-}
-
} // namespace content
generated by cgit v1.1 at 2025-05-29 19:11:47 +0000