#include "net/base/network_time_notifier.h"
#include "net/base/sdch_manager.h"
#include "net/cert/cert_verifier.h"
+#include "net/cert/cert_verify_proc.h"
#include "net/cert/ct_known_logs.h"
#include "net/cert/ct_verifier.h"
+#include "net/cert/multi_threaded_cert_verifier.h"
#include "net/cookies/cookie_store.h"
#include "net/dns/host_cache.h"
#include "net/dns/host_resolver.h"
#include "chrome/browser/net/spdyproxy/data_reduction_proxy_settings.h"
#endif
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/login/user_manager.h"
+#include "chrome/browser/chromeos/net/cert_verify_proc_chromeos.h"
+#endif
+
using content::BrowserThread;
class SafeBrowsingURLRequestContext;
globals_->system_network_delegate.reset(network_delegate);
globals_->host_resolver = CreateGlobalHostResolver(net_log_);
UpdateDnsClientEnabled();
- globals_->cert_verifier.reset(net::CertVerifier::CreateDefault());
+#if defined(OS_CHROMEOS)
+ if (chromeos::UserManager::IsMultipleProfilesAllowed()) {
+ // Creates a CertVerifyProc that doesn't allow any profile-provided certs.
+ globals_->cert_verifier.reset(new net::MultiThreadedCertVerifier(
+ new chromeos::CertVerifyProcChromeOS()));
+ } else // NOLINT Fallthrough to normal verifier if multiprofiles not allowed.
+#endif
+ {
+ globals_->cert_verifier.reset(new net::MultiThreadedCertVerifier(
+ net::CertVerifyProc::CreateDefault()));
+ }
globals_->transport_security_state.reset(new net::TransportSecurityState());
#if !defined(USE_OPENSSL)
// For now, Certificate Transparency is only implemented for platforms
if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) {
std::string switch_value = command_line.GetSwitchValueASCII(
switches::kCertificateTransparencyLog);
- size_t delim_pos = switch_value.find(":");
- CHECK(delim_pos != std::string::npos)
- << "CT log description not provided (switch format"
- " is 'description:base64_key')";
- std::string log_description(switch_value.substr(0, delim_pos));
- std::string ct_public_key_data;
- CHECK(base::Base64Decode(
- switch_value.substr(delim_pos + 1),
- &ct_public_key_data)) << "Unable to decode CT public key.";
- scoped_ptr<net::CTLogVerifier> external_log_verifier(
- net::CTLogVerifier::Create(ct_public_key_data, log_description));
- CHECK(external_log_verifier) << "Unable to parse CT public key.";
- ct_verifier->AddLog(external_log_verifier.Pass());
+ std::vector<std::string> logs;
+ base::SplitString(switch_value, ',', &logs);
+ for (std::vector<std::string>::iterator it = logs.begin(); it != logs.end();
+ ++it) {
+ const std::string& curr_log = *it;
+ size_t delim_pos = curr_log.find(":");
+ CHECK(delim_pos != std::string::npos)
+ << "CT log description not provided (switch format"
+ " is 'description:base64_key')";
+ std::string log_description(curr_log.substr(0, delim_pos));
+ std::string ct_public_key_data;
+ CHECK(base::Base64Decode(curr_log.substr(delim_pos + 1),
+ &ct_public_key_data))
+ << "Unable to decode CT public key.";
+ scoped_ptr<net::CTLogVerifier> external_log_verifier(
+ net::CTLogVerifier::Create(ct_public_key_data, log_description));
+ CHECK(external_log_verifier) << "Unable to parse CT public key.";
+ VLOG(1) << "Adding log with description " << log_description;
+ ct_verifier->AddLog(external_log_verifier.Pass());
+ }
}
#else
if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) {