From 822581d32a6836feae73b96a2ce494a058004423 Mon Sep 17 00:00:00 2001 From: "wtc@google.com" Date: Thu, 16 Dec 2010 17:27:15 +0000 Subject: Cache certificate verification results in memory. R=agl BUG=63357 TEST=none Review URL: http://codereview.chromium.org/5386001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69414 0039d316-1c4b-4281-b951-d872f2087c98 --- net/http/disk_cache_based_ssl_host_info.cc | 4 +++- net/http/http_cache.cc | 5 +++-- net/http/http_cache.h | 2 ++ net/http/http_network_layer.cc | 11 ++++++++++- net/http/http_network_layer.h | 16 +++++++++++----- net/http/http_network_layer_unittest.cc | 7 +++++++ net/http/http_network_session.cc | 3 +++ net/http/http_network_session.h | 4 ++++ net/http/http_network_transaction_unittest.cc | 10 ++++++++-- net/http/http_proxy_client_socket_pool_unittest.cc | 4 ++++ net/http/http_response_body_drainer_unittest.cc | 1 + net/http/http_stream_factory_unittest.cc | 7 ++++++- 12 files changed, 62 insertions(+), 12 deletions(-) (limited to 'net/http') diff --git a/net/http/disk_cache_based_ssl_host_info.cc b/net/http/disk_cache_based_ssl_host_info.cc index 2b83f56..1b1dfaf 100644 --- a/net/http/disk_cache_based_ssl_host_info.cc +++ b/net/http/disk_cache_based_ssl_host_info.cc @@ -9,6 +9,7 @@ #include "net/base/io_buffer.h" #include "net/base/net_errors.h" #include "net/http/http_cache.h" +#include "net/http/http_network_session.h" namespace net { @@ -16,7 +17,8 @@ DiskCacheBasedSSLHostInfo::DiskCacheBasedSSLHostInfo( const std::string& hostname, const SSLConfig& ssl_config, HttpCache* http_cache) - : SSLHostInfo(hostname, ssl_config), + : SSLHostInfo(hostname, ssl_config, + http_cache->network_layer()->GetSession()->cert_verifier()), weak_ptr_factory_(ALLOW_THIS_IN_INITIALIZER_LIST(this)), callback_(new CallbackImpl(weak_ptr_factory_.GetWeakPtr(), &DiskCacheBasedSSLHostInfo::DoLoop)), diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc index ea4e48b..51cc55f 100644 --- a/net/http/http_cache.cc +++ b/net/http/http_cache.cc @@ -263,7 +263,7 @@ void HttpCache::MetadataWriter::OnIOComplete(int result) { class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory { public: - SSLHostInfoFactoryAdaptor(HttpCache* http_cache) + explicit SSLHostInfoFactoryAdaptor(HttpCache* http_cache) : http_cache_(http_cache) { } @@ -279,6 +279,7 @@ class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory { //----------------------------------------------------------------------------- HttpCache::HttpCache(HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker_, ProxyService* proxy_service, @@ -293,7 +294,7 @@ HttpCache::HttpCache(HostResolver* host_resolver, ssl_host_info_factory_(new SSLHostInfoFactoryAdaptor( ALLOW_THIS_IN_INITIALIZER_LIST(this))), network_layer_(HttpNetworkLayer::CreateFactory(host_resolver, - dnsrr_resolver, dns_cert_checker_, + cert_verifier, dnsrr_resolver, dns_cert_checker_, ssl_host_info_factory_.get(), proxy_service, ssl_config_service, http_auth_handler_factory, network_delegate, net_log)), diff --git a/net/http/http_cache.h b/net/http/http_cache.h index 4b7d736..5c812da 100644 --- a/net/http/http_cache.h +++ b/net/http/http_cache.h @@ -41,6 +41,7 @@ class Entry; namespace net { +class CertVerifier; class DnsCertProvenanceChecker; class DnsRRResolver; class HostResolver; @@ -117,6 +118,7 @@ class HttpCache : public HttpTransactionFactory, // The disk cache is initialized lazily (by CreateTransaction) in this case. // The HttpCache takes ownership of the |backend_factory|. HttpCache(HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, ProxyService* proxy_service, diff --git a/net/http/http_network_layer.cc b/net/http/http_network_layer.cc index 3da23c2..3d3c5dd 100644 --- a/net/http/http_network_layer.cc +++ b/net/http/http_network_layer.cc @@ -21,6 +21,7 @@ namespace net { // static HttpTransactionFactory* HttpNetworkLayer::CreateFactory( HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -32,7 +33,7 @@ HttpTransactionFactory* HttpNetworkLayer::CreateFactory( DCHECK(proxy_service); return new HttpNetworkLayer(ClientSocketFactory::GetDefaultFactory(), - host_resolver, dnsrr_resolver, + host_resolver, cert_verifier, dnsrr_resolver, dns_cert_checker, ssl_host_info_factory, proxy_service, ssl_config_service, http_auth_handler_factory, @@ -52,6 +53,7 @@ HttpTransactionFactory* HttpNetworkLayer::CreateFactory( HttpNetworkLayer::HttpNetworkLayer( ClientSocketFactory* socket_factory, HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -62,6 +64,7 @@ HttpNetworkLayer::HttpNetworkLayer( NetLog* net_log) : socket_factory_(socket_factory), host_resolver_(host_resolver), + cert_verifier_(cert_verifier), dnsrr_resolver_(dnsrr_resolver), dns_cert_checker_(dns_cert_checker), ssl_host_info_factory_(ssl_host_info_factory), @@ -80,6 +83,7 @@ HttpNetworkLayer::HttpNetworkLayer( HttpNetworkLayer::HttpNetworkLayer( ClientSocketFactory* socket_factory, HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -91,6 +95,7 @@ HttpNetworkLayer::HttpNetworkLayer( NetLog* net_log) : socket_factory_(socket_factory), host_resolver_(host_resolver), + cert_verifier_(cert_verifier), dnsrr_resolver_(dnsrr_resolver), dns_cert_checker_(dns_cert_checker), ssl_host_info_factory_(ssl_host_info_factory), @@ -108,6 +113,8 @@ HttpNetworkLayer::HttpNetworkLayer( HttpNetworkLayer::HttpNetworkLayer(HttpNetworkSession* session) : socket_factory_(ClientSocketFactory::GetDefaultFactory()), + host_resolver_(NULL), + cert_verifier_(NULL), dnsrr_resolver_(NULL), dns_cert_checker_(NULL), ssl_host_info_factory_(NULL), @@ -150,6 +157,7 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() { spdy_session_pool_.reset(new SpdySessionPool(ssl_config_service_)); session_ = new HttpNetworkSession( host_resolver_, + cert_verifier_, dnsrr_resolver_, dns_cert_checker_, ssl_host_info_factory_, @@ -162,6 +170,7 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() { net_log_); // These were just temps for lazy-initializing HttpNetworkSession. host_resolver_ = NULL; + cert_verifier_ = NULL; dnsrr_resolver_ = NULL; dns_cert_checker_ = NULL; ssl_host_info_factory_ = NULL; diff --git a/net/http/http_network_layer.h b/net/http/http_network_layer.h index 7781efb..91e1a86 100644 --- a/net/http/http_network_layer.h +++ b/net/http/http_network_layer.h @@ -15,6 +15,7 @@ namespace net { +class CertVerifier; class ClientSocketFactory; class DnsCertProvenanceChecker; class DnsRRResolver; @@ -30,10 +31,12 @@ class SSLHostInfoFactory; class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { public: - // |socket_factory|, |proxy_service| and |host_resolver| must remain valid for - // the lifetime of HttpNetworkLayer. + // |socket_factory|, |proxy_service|, |host_resolver|, etc. must remain + // valid for the lifetime of HttpNetworkLayer. + // TODO(wtc): we only need the next constructor. HttpNetworkLayer(ClientSocketFactory* socket_factory, HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -42,11 +45,10 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { HttpAuthHandlerFactory* http_auth_handler_factory, HttpNetworkDelegate* network_delegate, NetLog* net_log); - // Construct a HttpNetworkLayer with an existing HttpNetworkSession which - // contains a valid ProxyService. HttpNetworkLayer( ClientSocketFactory* socket_factory, HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -57,6 +59,8 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { HttpNetworkDelegate* network_delegate, NetLog* net_log); + // Construct a HttpNetworkLayer with an existing HttpNetworkSession which + // contains a valid ProxyService. explicit HttpNetworkLayer(HttpNetworkSession* session); ~HttpNetworkLayer(); @@ -64,6 +68,7 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { // and allows other implementations to be substituted. static HttpTransactionFactory* CreateFactory( HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -100,9 +105,10 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe { // The factory we will use to create network sockets. ClientSocketFactory* socket_factory_; - // The host resolver and proxy service that will be used when lazily + // The host resolver, proxy service, etc. that will be used when lazily // creating |session_|. HostResolver* host_resolver_; + CertVerifier* cert_verifier_; DnsRRResolver* dnsrr_resolver_; DnsCertProvenanceChecker* dns_cert_checker_; SSLHostInfoFactory* ssl_host_info_factory_; diff --git a/net/http/http_network_layer_unittest.cc b/net/http/http_network_layer_unittest.cc index 3ed54bf..2720c10 100644 --- a/net/http/http_network_layer_unittest.cc +++ b/net/http/http_network_layer_unittest.cc @@ -2,6 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. +#include "net/base/cert_verifier.h" #include "net/base/mock_host_resolver.h" #include "net/base/net_log.h" #include "net/base/ssl_config_service_defaults.h" @@ -21,9 +22,11 @@ class HttpNetworkLayerTest : public PlatformTest { TEST_F(HttpNetworkLayerTest, CreateAndDestroy) { MockHostResolver host_resolver; + net::CertVerifier cert_verifier; net::HttpNetworkLayer factory( NULL, &host_resolver, + &cert_verifier, NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, @@ -41,9 +44,11 @@ TEST_F(HttpNetworkLayerTest, CreateAndDestroy) { TEST_F(HttpNetworkLayerTest, Suspend) { MockHostResolver host_resolver; + net::CertVerifier cert_verifier; net::HttpNetworkLayer factory( NULL, &host_resolver, + &cert_verifier, NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, @@ -90,9 +95,11 @@ TEST_F(HttpNetworkLayerTest, GET) { mock_socket_factory.AddSocketDataProvider(&data); MockHostResolver host_resolver; + net::CertVerifier cert_verifier; net::HttpNetworkLayer factory( &mock_socket_factory, &host_resolver, + &cert_verifier, NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index 1e77b49..e3de475 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -20,6 +20,7 @@ namespace net { // TODO(mbelshe): Move the socket factories into HttpStreamFactory. HttpNetworkSession::HttpNetworkSession( HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -32,6 +33,7 @@ HttpNetworkSession::HttpNetworkSession( NetLog* net_log) : socket_factory_(client_socket_factory), host_resolver_(host_resolver), + cert_verifier_(cert_verifier), dnsrr_resolver_(dnsrr_resolver), dns_cert_checker_(dns_cert_checker), proxy_service_(proxy_service), @@ -39,6 +41,7 @@ HttpNetworkSession::HttpNetworkSession( socket_pool_manager_(net_log, client_socket_factory, host_resolver, + cert_verifier, dnsrr_resolver, dns_cert_checker, ssl_host_info_factory, diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index 43424d2..2c923b6 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -28,6 +28,7 @@ class Value; namespace net { +class CertVerifier; class ClientSocketFactory; class DnsCertProvenanceChecker; class DnsRRResolver; @@ -48,6 +49,7 @@ class HttpNetworkSession : public base::RefCounted, public: HttpNetworkSession( HostResolver* host_resolver, + CertVerifier* cert_verifier, DnsRRResolver* dnsrr_resolver, DnsCertProvenanceChecker* dns_cert_checker, SSLHostInfoFactory* ssl_host_info_factory, @@ -109,6 +111,7 @@ class HttpNetworkSession : public base::RefCounted, // SSL sockets come from the socket_factory(). ClientSocketFactory* socket_factory() { return socket_factory_; } HostResolver* host_resolver() { return host_resolver_; } + CertVerifier* cert_verifier() { return cert_verifier_; } DnsRRResolver* dnsrr_resolver() { return dnsrr_resolver_; } DnsCertProvenanceChecker* dns_cert_checker() { return dns_cert_checker_; @@ -152,6 +155,7 @@ class HttpNetworkSession : public base::RefCounted, SSLClientAuthCache ssl_client_auth_cache_; HttpAlternateProtocols alternate_protocols_; HostResolver* const host_resolver_; + CertVerifier* cert_verifier_; DnsRRResolver* dnsrr_resolver_; DnsCertProvenanceChecker* dns_cert_checker_; scoped_refptr proxy_service_; diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc index 95a8599..79047e1 100644 --- a/net/http/http_network_transaction_unittest.cc +++ b/net/http/http_network_transaction_unittest.cc @@ -74,6 +74,7 @@ struct SessionDependencies { // Default set of dependencies -- "null" proxy service. SessionDependencies() : host_resolver(new MockHostResolver), + cert_verifier(new CertVerifier), proxy_service(ProxyService::CreateDirect()), ssl_config_service(new SSLConfigServiceDefaults), http_auth_handler_factory( @@ -83,6 +84,7 @@ struct SessionDependencies { // Custom proxy service dependency. explicit SessionDependencies(ProxyService* proxy_service) : host_resolver(new MockHostResolver), + cert_verifier(new CertVerifier), proxy_service(proxy_service), ssl_config_service(new SSLConfigServiceDefaults), http_auth_handler_factory( @@ -90,6 +92,7 @@ struct SessionDependencies { net_log(NULL) {} scoped_ptr host_resolver; + scoped_ptr cert_verifier; scoped_refptr proxy_service; scoped_refptr ssl_config_service; MockClientSocketFactory socket_factory; @@ -99,6 +102,7 @@ struct SessionDependencies { HttpNetworkSession* CreateSession(SessionDependencies* session_deps) { return new HttpNetworkSession(session_deps->host_resolver.get(), + session_deps->cert_verifier.get(), NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, @@ -310,7 +314,8 @@ CaptureGroupNameHttpProxySocketPool::CaptureGroupNameSocketPool( template<> CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool( HttpNetworkSession* session) - : SSLClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, NULL, + : SSLClientSocketPool(0, 0, NULL, session->host_resolver(), + session->cert_verifier(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL) {} //----------------------------------------------------------------------------- @@ -6679,7 +6684,8 @@ TEST_F(HttpNetworkTransactionTest, session->ssl_config_service()->GetSSLConfig(&ssl_config); ClientSocket* socket = connection->release_socket(); socket = session->socket_factory()->CreateSSLClientSocket( - socket, HostPortPair("" , 443), ssl_config, NULL /* ssl_host_info */); + socket, HostPortPair("" , 443), ssl_config, NULL /* ssl_host_info */, + session->cert_verifier()); connection->set_socket(socket); EXPECT_EQ(ERR_IO_PENDING, socket->Connect(&callback)); EXPECT_EQ(OK, callback.WaitForResult()); diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc index 56fae19..478a312 100644 --- a/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_unittest.cc @@ -62,9 +62,11 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { ssl_histograms_("MockSSL"), ssl_config_service_(new SSLConfigServiceDefaults), host_resolver_(new MockHostResolver), + cert_verifier_(new CertVerifier), ssl_socket_pool_(kMaxSockets, kMaxSocketsPerGroup, &ssl_histograms_, host_resolver_.get(), + cert_verifier_.get(), NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, @@ -77,6 +79,7 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { http_auth_handler_factory_( HttpAuthHandlerFactory::CreateDefault(host_resolver_.get())), session_(new HttpNetworkSession(host_resolver_.get(), + cert_verifier_.get(), NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, @@ -192,6 +195,7 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam { ClientSocketPoolHistograms ssl_histograms_; scoped_refptr ssl_config_service_; scoped_ptr host_resolver_; + scoped_ptr cert_verifier_; SSLClientSocketPool ssl_socket_pool_; scoped_ptr http_auth_handler_factory_; diff --git a/net/http/http_response_body_drainer_unittest.cc b/net/http/http_response_body_drainer_unittest.cc index 75f099a..76304f8 100644 --- a/net/http/http_response_body_drainer_unittest.cc +++ b/net/http/http_response_body_drainer_unittest.cc @@ -178,6 +178,7 @@ class HttpResponseBodyDrainerTest : public testing::Test { NULL /* host_resolver */, NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, + NULL, NULL /* ssl_host_info_factory */, ProxyService::CreateDirect(), NULL, diff --git a/net/http/http_stream_factory_unittest.cc b/net/http/http_stream_factory_unittest.cc index 63fce33..646f79c 100644 --- a/net/http/http_stream_factory_unittest.cc +++ b/net/http/http_stream_factory_unittest.cc @@ -7,6 +7,7 @@ #include #include "base/basictypes.h" +#include "net/base/cert_verifier.h" #include "net/base/mock_host_resolver.h" #include "net/base/net_log.h" #include "net/base/ssl_config_service_defaults.h" @@ -27,6 +28,7 @@ struct SessionDependencies { // Custom proxy service dependency. explicit SessionDependencies(ProxyService* proxy_service) : host_resolver(new MockHostResolver), + cert_verifier(new CertVerifier), proxy_service(proxy_service), ssl_config_service(new SSLConfigServiceDefaults), http_auth_handler_factory( @@ -34,6 +36,7 @@ struct SessionDependencies { net_log(NULL) {} scoped_ptr host_resolver; + scoped_ptr cert_verifier; scoped_refptr proxy_service; scoped_refptr ssl_config_service; MockClientSocketFactory socket_factory; @@ -43,6 +46,7 @@ struct SessionDependencies { HttpNetworkSession* CreateSession(SessionDependencies* session_deps) { return new HttpNetworkSession(session_deps->host_resolver.get(), + session_deps->cert_verifier.get(), NULL /* dnsrr_resolver */, NULL /* dns_cert_checker */, NULL /* ssl_host_info_factory */, @@ -170,7 +174,8 @@ CapturePreconnectsHttpProxySocketPool::CapturePreconnectsSocketPool( template<> CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool( HttpNetworkSession* session) - : SSLClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, NULL, + : SSLClientSocketPool(0, 0, NULL, session->host_resolver(), + session->cert_verifier(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL) {} TEST(HttpStreamFactoryTest, PreconnectDirect) { -- cgit v1.1