diff options
Diffstat (limited to 'net/quic/quic_stream_factory.cc')
-rw-r--r-- | net/quic/quic_stream_factory.cc | 104 |
1 files changed, 16 insertions, 88 deletions
diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc index 06b5134..2d94951 100644 --- a/net/quic/quic_stream_factory.cc +++ b/net/quic/quic_stream_factory.cc @@ -77,7 +77,6 @@ class QuicStreamFactory::Job { const HostPortPair& host_port_pair, bool is_https, base::StringPiece method, - CertVerifier* cert_verifier, QuicServerInfo* server_info, const BoundNetLog& net_log); @@ -120,7 +119,6 @@ class QuicStreamFactory::Job { bool is_https_; QuicSessionKey session_key_; bool is_post_; - CertVerifier* cert_verifier_; scoped_ptr<QuicServerInfo> server_info_; const BoundNetLog net_log_; QuicClientSession* session_; @@ -136,7 +134,6 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, const HostPortPair& host_port_pair, bool is_https, base::StringPiece method, - CertVerifier* cert_verifier, QuicServerInfo* server_info, const BoundNetLog& net_log) : factory_(factory), @@ -144,7 +141,6 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory, is_https_(is_https), session_key_(host_port_pair, is_https), is_post_(method == "POST"), - cert_verifier_(cert_verifier), server_info_(server_info), net_log_(net_log), session_(NULL), @@ -266,8 +262,8 @@ int QuicStreamFactory::Job::DoConnect() { io_state_ = STATE_CONNECT_COMPLETE; int rv = factory_->CreateSession(session_key_.host_port_pair(), is_https_, - cert_verifier_, server_info_.Pass(), - address_list_, net_log_, &session_); + server_info_.Pass(), address_list_, + net_log_, &session_); if (rv != OK) { DCHECK(rv != ERR_IO_PENDING); DCHECK(!session_); @@ -315,18 +311,15 @@ QuicStreamRequest::~QuicStreamRequest() { int QuicStreamRequest::Request(const HostPortPair& host_port_pair, bool is_https, base::StringPiece method, - CertVerifier* cert_verifier, const BoundNetLog& net_log, const CompletionCallback& callback) { DCHECK(!stream_); DCHECK(callback_.is_null()); DCHECK(factory_); - int rv = factory_->Create(host_port_pair, is_https, - method, cert_verifier, net_log, this); + int rv = factory_->Create(host_port_pair, is_https, method, net_log, this); if (rv == ERR_IO_PENDING) { host_port_pair_ = host_port_pair; is_https_ = is_https; - cert_verifier_ = cert_verifier; net_log_ = net_log; callback_ = callback; } else { @@ -356,6 +349,7 @@ QuicStreamFactory::QuicStreamFactory( HostResolver* host_resolver, ClientSocketFactory* client_socket_factory, base::WeakPtr<HttpServerProperties> http_server_properties, + CertVerifier* cert_verifier, QuicCryptoClientStreamFactory* quic_crypto_client_stream_factory, QuicRandom* random_generator, QuicClock* clock, @@ -367,6 +361,7 @@ QuicStreamFactory::QuicStreamFactory( host_resolver_(host_resolver), client_socket_factory_(client_socket_factory), http_server_properties_(http_server_properties), + cert_verifier_(cert_verifier), quic_server_info_factory_(NULL), quic_crypto_client_stream_factory_(quic_crypto_client_stream_factory), random_generator_(random_generator), @@ -383,21 +378,21 @@ QuicStreamFactory::QuicStreamFactory( QuicTime::Delta::FromSeconds(30), QuicTime::Delta::FromSeconds(30)); - canoncial_suffixes_.push_back(string(".c.youtube.com")); - canoncial_suffixes_.push_back(string(".googlevideo.com")); + crypto_config_.SetDefaults(); + crypto_config_.AddCanonicalSuffix(".c.youtube.com"); + crypto_config_.AddCanonicalSuffix(".googlevideo.com"); + crypto_config_.SetProofVerifier(new ProofVerifierChromium(cert_verifier)); } QuicStreamFactory::~QuicStreamFactory() { CloseAllSessions(ERR_ABORTED); STLDeleteElements(&all_sessions_); STLDeleteValues(&active_jobs_); - STLDeleteValues(&all_crypto_configs_); } int QuicStreamFactory::Create(const HostPortPair& host_port_pair, bool is_https, base::StringPiece method, - CertVerifier* cert_verifier, const BoundNetLog& net_log, QuicStreamRequest* request) { QuicSessionKey session_key(host_port_pair, is_https); @@ -415,18 +410,15 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair, QuicServerInfo* quic_server_info = NULL; if (quic_server_info_factory_) { - QuicCryptoClientConfig* crypto_config = - GetOrCreateCryptoConfig(session_key); QuicCryptoClientConfig::CachedState* cached = - crypto_config->LookupOrCreate(session_key); + crypto_config_.LookupOrCreate(session_key); DCHECK(cached); if (cached->IsEmpty()) { quic_server_info = quic_server_info_factory_->GetForServer(session_key); } } scoped_ptr<Job> job(new Job(this, host_resolver_, host_port_pair, - is_https, method, cert_verifier, - quic_server_info, net_log)); + is_https, method, quic_server_info, net_log)); int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete, base::Unretained(this), job.get())); @@ -651,7 +643,6 @@ bool QuicStreamFactory::HasActiveSession( int QuicStreamFactory::CreateSession( const HostPortPair& host_port_pair, bool is_https, - CertVerifier* cert_verifier, scoped_ptr<QuicServerInfo> server_info, const AddressList& address_list, const BoundNetLog& net_log, @@ -717,9 +708,7 @@ int QuicStreamFactory::CreateSession( writer->SetConnection(connection); connection->options()->max_packet_length = max_packet_length_; - QuicCryptoClientConfig* crypto_config = GetOrCreateCryptoConfig(session_key); - InitializeCachedState(session_key, crypto_config, server_info); - DCHECK(crypto_config); + InitializeCachedState(session_key, server_info); QuicConfig config = config_; if (http_server_properties_) { @@ -734,11 +723,8 @@ int QuicStreamFactory::CreateSession( *session = new QuicClientSession( connection, socket.Pass(), writer.Pass(), this, quic_crypto_client_stream_factory_, server_info.Pass(), session_key, - config, crypto_config, net_log.net_log()); + config, &crypto_config_, net_log.net_log()); all_sessions_.insert(*session); // owning pointer - if (is_https) { - crypto_config->SetProofVerifier(new ProofVerifierChromium(cert_verifier)); - } return OK; } @@ -758,72 +744,14 @@ void QuicStreamFactory::ActivateSession( ip_aliases_[ip_alias_key].insert(session); } -QuicCryptoClientConfig* QuicStreamFactory::GetOrCreateCryptoConfig( - const QuicSessionKey& session_key) { - QuicCryptoClientConfig* crypto_config; - - if (ContainsKey(all_crypto_configs_, session_key)) { - crypto_config = all_crypto_configs_[session_key]; - DCHECK(crypto_config); - } else { - // TODO(rtenneti): if two quic_sessions for the same host_port_pair - // share the same crypto_config, will it cause issues? - crypto_config = new QuicCryptoClientConfig(); - crypto_config->SetDefaults(); - all_crypto_configs_[session_key] = crypto_config; - PopulateFromCanonicalConfig(session_key, crypto_config); - } - return crypto_config; -} - -void QuicStreamFactory::PopulateFromCanonicalConfig( - const QuicSessionKey& session_key, - QuicCryptoClientConfig* crypto_config) { - const string server_hostname = session_key.host(); - unsigned i = 0; - for (; i < canoncial_suffixes_.size(); ++i) { - if (EndsWith(server_hostname, canoncial_suffixes_[i], false)) { - break; - } - } - if (i == canoncial_suffixes_.size()) - return; - - HostPortPair suffix_host_port_pair(canoncial_suffixes_[i], - session_key.port()); - QuicSessionKey suffix_session_key(suffix_host_port_pair, - session_key.is_https()); - if (!ContainsKey(canonical_hostname_to_origin_map_, suffix_session_key)) { - // This is the first host we've seen which matches the suffix, so make it - // canonical. - canonical_hostname_to_origin_map_[suffix_session_key] = session_key; - return; - } - - const QuicSessionKey& canonical_session_key = - canonical_hostname_to_origin_map_[suffix_session_key]; - QuicCryptoClientConfig* canonical_crypto_config = - all_crypto_configs_[canonical_session_key]; - DCHECK(canonical_crypto_config); - - // Copy the CachedState for the canonical server from canonical_crypto_config - // as the initial CachedState for the server_hostname in crypto_config. - crypto_config->InitializeFrom(session_key, canonical_session_key, - canonical_crypto_config); - // Update canonical version to point at the "most recent" crypto_config. - canonical_hostname_to_origin_map_[suffix_session_key] = - canonical_session_key; -} - void QuicStreamFactory::InitializeCachedState( const QuicSessionKey& session_key, - QuicCryptoClientConfig* crypto_config, const scoped_ptr<QuicServerInfo>& server_info) { if (!server_info) return; QuicCryptoClientConfig::CachedState* cached = - crypto_config->LookupOrCreate(session_key); + crypto_config_.LookupOrCreate(session_key); if (!cached->IsEmpty()) return; @@ -834,8 +762,8 @@ void QuicStreamFactory::InitializeCachedState( clock_->WallNow())) return; - if (!crypto_config->proof_verifier()) { - // If no verifier is set then we don't check the certificates. + if (!session_key.is_https()) { + // Don't check the certificates for insecure QUIC. cached->SetProofValid(); } } |