#include "base/metrics/histogram.h"
#include "base/strings/string_util.h"
#include "crypto/ec_private_key.h"
-#include "net/ssl/server_bound_cert_service.h"
+#include "net/base/host_port_pair.h"
+#include "net/ssl/channel_id_service.h"
#include "net/ssl/ssl_config_service.h"
namespace net {
return kProtoSPDY3;
} else if (proto_string == "spdy/3.1") {
return kProtoSPDY31;
- } else if (proto_string == "h2-12") {
- // This is the HTTP/2 draft 12 identifier. For internal
+ } else if (proto_string == "h2-13") {
+ // This is the HTTP/2 draft 13 identifier. For internal
// consistency, HTTP/2 is named SPDY4 within Chromium.
return kProtoSPDY4;
} else if (proto_string == "quic/1+spdy/3") {
case kProtoSPDY31:
return "spdy/3.1";
case kProtoSPDY4:
- // This is the HTTP/2 draft 12 identifier. For internal
+ // This is the HTTP/2 draft 13 identifier. For internal
// consistency, HTTP/2 is named SPDY4 within Chromium.
- return "h2-12";
+ return "h2-13";
case kProtoQUIC1SPDY3:
return "quic/1+spdy/3";
case kProtoUnknown:
return NULL;
}
-// static
-std::string SSLClientSocket::ServerProtosToString(
- const std::string& server_protos) {
- const char* protos = server_protos.c_str();
- size_t protos_len = server_protos.length();
- std::vector<std::string> server_protos_with_commas;
- for (size_t i = 0; i < protos_len; ) {
- const size_t len = protos[i];
- std::string proto_str(&protos[i + 1], len);
- server_protos_with_commas.push_back(proto_str);
- i += len + 1;
- }
- return JoinString(server_protos_with_commas, ',');
-}
-
bool SSLClientSocket::WasNpnNegotiated() const {
return was_npn_negotiated_;
}
return protocol_negotiated_;
}
+// static
+std::string SSLClientSocket::CreateSessionCacheKey(
+ const HostPortPair& host_and_port,
+ const std::string& ssl_session_cache_shard) {
+ std::string result = host_and_port.ToString();
+ result.append("/");
+ result.append(ssl_session_cache_shard);
+ return result;
+}
+
bool SSLClientSocket::IgnoreCertError(int error, int load_flags) {
if (error == OK || load_flags & LOAD_IGNORE_ALL_CERT_ERRORS)
return true;
// static
void SSLClientSocket::RecordChannelIDSupport(
- ServerBoundCertService* server_bound_cert_service,
+ ChannelIDService* channel_id_service,
bool negotiated_channel_id,
bool channel_id_enabled,
bool supports_ecc) {
CLIENT_AND_SERVER = 2,
CLIENT_NO_ECC = 3,
CLIENT_BAD_SYSTEM_TIME = 4,
- CLIENT_NO_SERVER_BOUND_CERT_SERVICE = 5,
- DOMAIN_BOUND_CERT_USAGE_MAX
+ CLIENT_NO_CHANNEL_ID_SERVICE = 5,
+ CHANNEL_ID_USAGE_MAX
} supported = DISABLED;
if (negotiated_channel_id) {
supported = CLIENT_AND_SERVER;
} else if (channel_id_enabled) {
- if (!server_bound_cert_service)
- supported = CLIENT_NO_SERVER_BOUND_CERT_SERVICE;
+ if (!channel_id_service)
+ supported = CLIENT_NO_CHANNEL_ID_SERVICE;
else if (!supports_ecc)
supported = CLIENT_NO_ECC;
- else if (!server_bound_cert_service->IsSystemTimeValid())
+ else if (!channel_id_service->IsSystemTimeValid())
supported = CLIENT_BAD_SYSTEM_TIME;
else
supported = CLIENT_ONLY;
}
UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported,
- DOMAIN_BOUND_CERT_USAGE_MAX);
+ CHANNEL_ID_USAGE_MAX);
}
// static
bool SSLClientSocket::IsChannelIDEnabled(
const SSLConfig& ssl_config,
- ServerBoundCertService* server_bound_cert_service) {
+ ChannelIDService* channel_id_service) {
if (!ssl_config.channel_id_enabled)
return false;
- if (!server_bound_cert_service) {
- DVLOG(1) << "NULL server_bound_cert_service_, not enabling channel ID.";
+ if (!channel_id_service) {
+ DVLOG(1) << "NULL channel_id_service_, not enabling channel ID.";
return false;
}
if (!crypto::ECPrivateKey::IsSupported()) {
DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID.";
return false;
}
- if (!server_bound_cert_service->IsSystemTimeValid()) {
+ if (!channel_id_service->IsSystemTimeValid()) {
DVLOG(1) << "System time is not within the supported range for certificate "
"generation, not enabling channel ID.";
return false;
return true;
}
+// static
+std::vector<uint8_t> SSLClientSocket::SerializeNextProtos(
+ const std::vector<std::string>& next_protos) {
+ // Do a first pass to determine the total length.
+ size_t wire_length = 0;
+ for (std::vector<std::string>::const_iterator i = next_protos.begin();
+ i != next_protos.end(); ++i) {
+ if (i->size() > 255) {
+ LOG(WARNING) << "Ignoring overlong NPN/ALPN protocol: " << *i;
+ continue;
+ }
+ if (i->size() == 0) {
+ LOG(WARNING) << "Ignoring empty NPN/ALPN protocol";
+ continue;
+ }
+ wire_length += i->size();
+ wire_length++;
+ }
+
+ // Allocate memory for the result and fill it in.
+ std::vector<uint8_t> wire_protos;
+ wire_protos.reserve(wire_length);
+ for (std::vector<std::string>::const_iterator i = next_protos.begin();
+ i != next_protos.end(); i++) {
+ if (i->size() == 0 || i->size() > 255)
+ continue;
+ wire_protos.push_back(i->size());
+ wire_protos.resize(wire_protos.size() + i->size());
+ memcpy(&wire_protos[wire_protos.size() - i->size()],
+ i->data(), i->size());
+ }
+ DCHECK_EQ(wire_protos.size(), wire_length);
+
+ return wire_protos;
+}
+
} // namespace net