Merge Chromium at r65505: Initial merge by git.

Change-Id: I31d8f1d8cd33caaf7f47ffa7350aef42d5fbdb45

1 files changed, 78 insertions, 1 deletions

diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc
index cc29545..4f6c1bb 100644
--- a/net/socket/ssl_host_info.cc
+++ b/net/socket/ssl_host_info.cc
@@ -4,6 +4,11 @@
 
 #include "net/socket/ssl_host_info.h"
 
+#include "base/metrics/histogram.h"
+#include "base/string_piece.h"
+#include "net/base/cert_verifier.h"
+#include "net/base/ssl_config_service.h"
+#include "net/base/x509_certificate.h"
 #include "net/socket/ssl_client_socket.h"
 #ifdef ANDROID
 // the android platform build system use a fixed include path relative to the
@@ -15,7 +20,25 @@
 
 namespace net {
 
-SSLHostInfo::SSLHostInfo() {
+SSLHostInfo::State::State()
+    : npn_valid(false),
+      npn_status(SSLClientSocket::kNextProtoUnsupported) {
+}
+
+SSLHostInfo::State::~State() {}
+
+SSLHostInfo::SSLHostInfo(
+    const std::string& hostname,
+    const SSLConfig& ssl_config)
+    : hostname_(hostname),
+      cert_verification_complete_(false),
+      cert_parsing_failed_(false),
+      cert_verification_callback_(NULL),
+      rev_checking_enabled_(ssl_config.rev_checking_enabled),
+      verify_ev_cert_(ssl_config.verify_ev_cert),
+      callback_(new CancelableCompletionCallback<SSLHostInfo>(
+                        ALLOW_THIS_IN_INITIALIZER_LIST(this),
+                        &SSLHostInfo::VerifyCallback)) {
   state_.npn_valid = false;
 }
 
@@ -66,6 +89,7 @@ bool SSLHostInfo::Parse(const std::string& data) {
   state->certs.clear();
   state->server_hello.clear();
   state->npn_valid = false;
+  cert_verification_complete_ = false;
 
   if (!proto.ParseFromString(data))
     return false;
@@ -80,6 +104,30 @@ bool SSLHostInfo::Parse(const std::string& data) {
     state->npn_protocol = proto.npn_protocol();
   }
 
+  if (state->certs.size() > 0) {
+    std::vector<base::StringPiece> der_certs(state->certs.size());
+    for (size_t i = 0; i < state->certs.size(); i++)
+      der_certs[i] = state->certs[i];
+    cert_ = X509Certificate::CreateFromDERCertChain(der_certs);
+    if (cert_.get()) {
+      int flags = 0;
+      if (verify_ev_cert_)
+        flags |= X509Certificate::VERIFY_EV_CERT;
+      if (rev_checking_enabled_)
+        flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
+      verifier_.reset(new CertVerifier);
+      VLOG(1) << "Kicking off verification for " << hostname_;
+      verification_start_time_ = base::TimeTicks::Now();
+      if (verifier_->Verify(cert_.get(), hostname_, flags,
+                            &cert_verify_result_, callback_) == OK) {
+        VerifyCallback(OK);
+      }
+    } else {
+      cert_parsing_failed_ = true;
+      DCHECK(!cert_verification_callback_);
+    }
+  }
+
   return true;
 }
 
@@ -101,6 +149,35 @@ std::string SSLHostInfo::Serialize() const {
   return proto.SerializeAsString();
 }
 
+const CertVerifyResult& SSLHostInfo::cert_verify_result() const {
+  return cert_verify_result_;
+}
+
+int SSLHostInfo::WaitForCertVerification(CompletionCallback* callback) {
+  if (cert_verification_complete_)
+    return cert_verification_result_;
+  DCHECK(!cert_parsing_failed_);
+  DCHECK(!cert_verification_callback_);
+  DCHECK(!state_.certs.empty());
+  cert_verification_callback_ = callback;
+  return ERR_IO_PENDING;
+}
+
+void SSLHostInfo::VerifyCallback(int rv) {
+  DCHECK(!verification_start_time_.is_null());
+  base::TimeTicks now = base::TimeTicks::Now();
+  const base::TimeDelta duration = now - verification_start_time();
+  UMA_HISTOGRAM_TIMES("Net.SSLHostInfoVerificationTimeMs", duration);
+  VLOG(1) << "Verification took " << duration.InMilliseconds() << "ms";
+  cert_verification_complete_ = true;
+  cert_verification_result_ = rv;
+  if (cert_verification_callback_) {
+    CompletionCallback* callback = cert_verification_callback_;
+    cert_verification_callback_ = NULL;
+    callback->Run(rv);
+  }
+}
+
 SSLHostInfoFactory::~SSLHostInfoFactory() {}
 
 }  // namespace net