summaryrefslogtreecommitdiffstats
path: root/net/quic/quic_stream_factory.cc
diff options
context:
space:
mode:
Diffstat (limited to 'net/quic/quic_stream_factory.cc')
-rw-r--r--net/quic/quic_stream_factory.cc104
1 files changed, 16 insertions, 88 deletions
diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc
index 06b5134..2d94951 100644
--- a/net/quic/quic_stream_factory.cc
+++ b/net/quic/quic_stream_factory.cc
@@ -77,7 +77,6 @@ class QuicStreamFactory::Job {
const HostPortPair& host_port_pair,
bool is_https,
base::StringPiece method,
- CertVerifier* cert_verifier,
QuicServerInfo* server_info,
const BoundNetLog& net_log);
@@ -120,7 +119,6 @@ class QuicStreamFactory::Job {
bool is_https_;
QuicSessionKey session_key_;
bool is_post_;
- CertVerifier* cert_verifier_;
scoped_ptr<QuicServerInfo> server_info_;
const BoundNetLog net_log_;
QuicClientSession* session_;
@@ -136,7 +134,6 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
const HostPortPair& host_port_pair,
bool is_https,
base::StringPiece method,
- CertVerifier* cert_verifier,
QuicServerInfo* server_info,
const BoundNetLog& net_log)
: factory_(factory),
@@ -144,7 +141,6 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
is_https_(is_https),
session_key_(host_port_pair, is_https),
is_post_(method == "POST"),
- cert_verifier_(cert_verifier),
server_info_(server_info),
net_log_(net_log),
session_(NULL),
@@ -266,8 +262,8 @@ int QuicStreamFactory::Job::DoConnect() {
io_state_ = STATE_CONNECT_COMPLETE;
int rv = factory_->CreateSession(session_key_.host_port_pair(), is_https_,
- cert_verifier_, server_info_.Pass(),
- address_list_, net_log_, &session_);
+ server_info_.Pass(), address_list_,
+ net_log_, &session_);
if (rv != OK) {
DCHECK(rv != ERR_IO_PENDING);
DCHECK(!session_);
@@ -315,18 +311,15 @@ QuicStreamRequest::~QuicStreamRequest() {
int QuicStreamRequest::Request(const HostPortPair& host_port_pair,
bool is_https,
base::StringPiece method,
- CertVerifier* cert_verifier,
const BoundNetLog& net_log,
const CompletionCallback& callback) {
DCHECK(!stream_);
DCHECK(callback_.is_null());
DCHECK(factory_);
- int rv = factory_->Create(host_port_pair, is_https,
- method, cert_verifier, net_log, this);
+ int rv = factory_->Create(host_port_pair, is_https, method, net_log, this);
if (rv == ERR_IO_PENDING) {
host_port_pair_ = host_port_pair;
is_https_ = is_https;
- cert_verifier_ = cert_verifier;
net_log_ = net_log;
callback_ = callback;
} else {
@@ -356,6 +349,7 @@ QuicStreamFactory::QuicStreamFactory(
HostResolver* host_resolver,
ClientSocketFactory* client_socket_factory,
base::WeakPtr<HttpServerProperties> http_server_properties,
+ CertVerifier* cert_verifier,
QuicCryptoClientStreamFactory* quic_crypto_client_stream_factory,
QuicRandom* random_generator,
QuicClock* clock,
@@ -367,6 +361,7 @@ QuicStreamFactory::QuicStreamFactory(
host_resolver_(host_resolver),
client_socket_factory_(client_socket_factory),
http_server_properties_(http_server_properties),
+ cert_verifier_(cert_verifier),
quic_server_info_factory_(NULL),
quic_crypto_client_stream_factory_(quic_crypto_client_stream_factory),
random_generator_(random_generator),
@@ -383,21 +378,21 @@ QuicStreamFactory::QuicStreamFactory(
QuicTime::Delta::FromSeconds(30),
QuicTime::Delta::FromSeconds(30));
- canoncial_suffixes_.push_back(string(".c.youtube.com"));
- canoncial_suffixes_.push_back(string(".googlevideo.com"));
+ crypto_config_.SetDefaults();
+ crypto_config_.AddCanonicalSuffix(".c.youtube.com");
+ crypto_config_.AddCanonicalSuffix(".googlevideo.com");
+ crypto_config_.SetProofVerifier(new ProofVerifierChromium(cert_verifier));
}
QuicStreamFactory::~QuicStreamFactory() {
CloseAllSessions(ERR_ABORTED);
STLDeleteElements(&all_sessions_);
STLDeleteValues(&active_jobs_);
- STLDeleteValues(&all_crypto_configs_);
}
int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
bool is_https,
base::StringPiece method,
- CertVerifier* cert_verifier,
const BoundNetLog& net_log,
QuicStreamRequest* request) {
QuicSessionKey session_key(host_port_pair, is_https);
@@ -415,18 +410,15 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
QuicServerInfo* quic_server_info = NULL;
if (quic_server_info_factory_) {
- QuicCryptoClientConfig* crypto_config =
- GetOrCreateCryptoConfig(session_key);
QuicCryptoClientConfig::CachedState* cached =
- crypto_config->LookupOrCreate(session_key);
+ crypto_config_.LookupOrCreate(session_key);
DCHECK(cached);
if (cached->IsEmpty()) {
quic_server_info = quic_server_info_factory_->GetForServer(session_key);
}
}
scoped_ptr<Job> job(new Job(this, host_resolver_, host_port_pair,
- is_https, method, cert_verifier,
- quic_server_info, net_log));
+ is_https, method, quic_server_info, net_log));
int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete,
base::Unretained(this), job.get()));
@@ -651,7 +643,6 @@ bool QuicStreamFactory::HasActiveSession(
int QuicStreamFactory::CreateSession(
const HostPortPair& host_port_pair,
bool is_https,
- CertVerifier* cert_verifier,
scoped_ptr<QuicServerInfo> server_info,
const AddressList& address_list,
const BoundNetLog& net_log,
@@ -717,9 +708,7 @@ int QuicStreamFactory::CreateSession(
writer->SetConnection(connection);
connection->options()->max_packet_length = max_packet_length_;
- QuicCryptoClientConfig* crypto_config = GetOrCreateCryptoConfig(session_key);
- InitializeCachedState(session_key, crypto_config, server_info);
- DCHECK(crypto_config);
+ InitializeCachedState(session_key, server_info);
QuicConfig config = config_;
if (http_server_properties_) {
@@ -734,11 +723,8 @@ int QuicStreamFactory::CreateSession(
*session = new QuicClientSession(
connection, socket.Pass(), writer.Pass(), this,
quic_crypto_client_stream_factory_, server_info.Pass(), session_key,
- config, crypto_config, net_log.net_log());
+ config, &crypto_config_, net_log.net_log());
all_sessions_.insert(*session); // owning pointer
- if (is_https) {
- crypto_config->SetProofVerifier(new ProofVerifierChromium(cert_verifier));
- }
return OK;
}
@@ -758,72 +744,14 @@ void QuicStreamFactory::ActivateSession(
ip_aliases_[ip_alias_key].insert(session);
}
-QuicCryptoClientConfig* QuicStreamFactory::GetOrCreateCryptoConfig(
- const QuicSessionKey& session_key) {
- QuicCryptoClientConfig* crypto_config;
-
- if (ContainsKey(all_crypto_configs_, session_key)) {
- crypto_config = all_crypto_configs_[session_key];
- DCHECK(crypto_config);
- } else {
- // TODO(rtenneti): if two quic_sessions for the same host_port_pair
- // share the same crypto_config, will it cause issues?
- crypto_config = new QuicCryptoClientConfig();
- crypto_config->SetDefaults();
- all_crypto_configs_[session_key] = crypto_config;
- PopulateFromCanonicalConfig(session_key, crypto_config);
- }
- return crypto_config;
-}
-
-void QuicStreamFactory::PopulateFromCanonicalConfig(
- const QuicSessionKey& session_key,
- QuicCryptoClientConfig* crypto_config) {
- const string server_hostname = session_key.host();
- unsigned i = 0;
- for (; i < canoncial_suffixes_.size(); ++i) {
- if (EndsWith(server_hostname, canoncial_suffixes_[i], false)) {
- break;
- }
- }
- if (i == canoncial_suffixes_.size())
- return;
-
- HostPortPair suffix_host_port_pair(canoncial_suffixes_[i],
- session_key.port());
- QuicSessionKey suffix_session_key(suffix_host_port_pair,
- session_key.is_https());
- if (!ContainsKey(canonical_hostname_to_origin_map_, suffix_session_key)) {
- // This is the first host we've seen which matches the suffix, so make it
- // canonical.
- canonical_hostname_to_origin_map_[suffix_session_key] = session_key;
- return;
- }
-
- const QuicSessionKey& canonical_session_key =
- canonical_hostname_to_origin_map_[suffix_session_key];
- QuicCryptoClientConfig* canonical_crypto_config =
- all_crypto_configs_[canonical_session_key];
- DCHECK(canonical_crypto_config);
-
- // Copy the CachedState for the canonical server from canonical_crypto_config
- // as the initial CachedState for the server_hostname in crypto_config.
- crypto_config->InitializeFrom(session_key, canonical_session_key,
- canonical_crypto_config);
- // Update canonical version to point at the "most recent" crypto_config.
- canonical_hostname_to_origin_map_[suffix_session_key] =
- canonical_session_key;
-}
-
void QuicStreamFactory::InitializeCachedState(
const QuicSessionKey& session_key,
- QuicCryptoClientConfig* crypto_config,
const scoped_ptr<QuicServerInfo>& server_info) {
if (!server_info)
return;
QuicCryptoClientConfig::CachedState* cached =
- crypto_config->LookupOrCreate(session_key);
+ crypto_config_.LookupOrCreate(session_key);
if (!cached->IsEmpty())
return;
@@ -834,8 +762,8 @@ void QuicStreamFactory::InitializeCachedState(
clock_->WallNow()))
return;
- if (!crypto_config->proof_verifier()) {
- // If no verifier is set then we don't check the certificates.
+ if (!session_key.is_https()) {
+ // Don't check the certificates for insecure QUIC.
cached->SetProofValid();
}
}