signed_exchange_handler.cc | Explore in Territory

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "content/browser/web_package/signed_exchange_handler.h"

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/342213636): Remove this and spanify to fix the errors.
#pragma allow_unsafe_buffers
#endif

#include <memory>
#include <string_view>
#include <utility>

#include "base/functional/bind.h"
#include "base/metrics/histogram_functions.h"
#include "base/metrics/histogram_macros.h"
#include "base/strings/stringprintf.h"
#include "base/task/sequenced_task_runner.h"
#include "base/time/time.h"
#include "base/trace_event/trace_event.h"
#include "content/browser/loader/merkle_integrity_source_stream.h"
#include "content/browser/renderer_host/frame_tree_node.h"
#include "content/browser/renderer_host/render_frame_host_impl.h"
#include "content/browser/renderer_host/render_process_host_impl.h"
#include "content/browser/storage_partition_impl.h"
#include "content/browser/web_package/prefetched_signed_exchange_cache_entry.h"
#include "content/browser/web_package/signed_exchange_cert_fetcher_factory.h"
#include "content/browser/web_package/signed_exchange_certificate_chain.h"
#include "content/browser/web_package/signed_exchange_devtools_proxy.h"
#include "content/browser/web_package/signed_exchange_envelope.h"
#include "content/browser/web_package/signed_exchange_prologue.h"
#include "content/browser/web_package/signed_exchange_reporter.h"
#include "content/browser/web_package/signed_exchange_signature_verifier.h"
#include "content/browser/web_package/signed_exchange_utils.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/browser/web_contents.h"
#include "content/public/common/content_features.h"
#include "crypto/sha2.h"
#include "mojo/public/cpp/bindings/callback_helpers.h"
#include "net/base/io_buffer.h"
#include "net/base/load_flags.h"
#include "net/base/net_errors.h"
#include "net/cert/asn1_util.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"
#include "net/cookies/cookie_setting_override.h"
#include "net/filter/source_stream.h"
#include "net/ssl/ssl_info.h"
#include "net/storage_access_api/status.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/shared_url_loader_factory.h"
#include "services/network/public/cpp/url_loader_completion_status.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/url_response_head.mojom.h"
#include "third_party/blink/public/common/loader/url_loader_throttle.h"
#include "third_party/blink/public/common/web_package/web_package_request_matcher.h"

namespace content {

namespace {

constexpr char kDigestHeader[] = …;
constexpr char kHistogramSignatureVerificationResult[] = …;
constexpr char kHistogramCertVerificationResult[] = …;
constexpr char kHistogramCTVerificationResult[] = …;
constexpr char kHistogramOCSPResponseStatus[] = …;
constexpr char kHistogramOCSPRevocationStatus[] = …;
constexpr char kSXGFromNonHTTPSErrorMessage[] = …;
constexpr char kSXGWithoutNoSniffErrorMessage[] = …;

network::mojom::NetworkContext* g_network_context_for_testing = …;
bool g_should_ignore_cert_validity_period_error = …;

bool IsSupportedSignedExchangeVersion(
    const std::optional<SignedExchangeVersion>& version) { … }

VerifyCallback;

void VerifyCert(const scoped_refptr<net::X509Certificate>& certificate,
                const GURL& url,
                const std::string& ocsp_result,
                const std::string& sct_list,
                int frame_tree_node_id,
                VerifyCallback callback) { … }

std::string OCSPErrorToString(const bssl::OCSPVerifyResult& ocsp_result) { … }

}  // namespace

// static
void SignedExchangeHandler::SetNetworkContextForTesting(
    network::mojom::NetworkContext* network_context) { … }

// static
void SignedExchangeHandler::SetShouldIgnoreCertValidityPeriodErrorForTesting(
    bool ignore) { … }

SignedExchangeHandler::SignedExchangeHandler(
    bool is_secure_transport,
    bool has_nosniff,
    std::string content_type,
    std::unique_ptr<net::SourceStream> body,
    ExchangeHeadersCallback headers_callback,
    std::unique_ptr<SignedExchangeCertFetcherFactory> cert_fetcher_factory,
    const std::optional<net::IsolationInfo> outer_request_isolation_info,
    int load_flags,
    const net::IPEndPoint& remote_endpoint,
    std::unique_ptr<blink::WebPackageRequestMatcher> request_matcher,
    std::unique_ptr<SignedExchangeDevToolsProxy> devtools_proxy,
    SignedExchangeReporter* reporter,
    int frame_tree_node_id)
    : … { … }

SignedExchangeHandler::~SignedExchangeHandler() = default;

SignedExchangeHandler::SignedExchangeHandler()
    : … { … }

const GURL& SignedExchangeHandler::GetFallbackUrl() const { … }

void SignedExchangeHandler::SetupBuffers(size_t size) { … }

void SignedExchangeHandler::DoHeaderLoop() { … }

void SignedExchangeHandler::DidReadHeader(bool completed_syncly,
                                          int read_result) { … }

SignedExchangeLoadResult
SignedExchangeHandler::ParsePrologueBeforeFallbackUrl() { … }

SignedExchangeLoadResult
SignedExchangeHandler::ParsePrologueFallbackUrlAndAfter() { … }

SignedExchangeLoadResult
SignedExchangeHandler::ParseHeadersAndFetchCertificate() { … }

void SignedExchangeHandler::RunErrorCallback(SignedExchangeLoadResult result,
                                             net::Error error) { … }

void SignedExchangeHandler::OnCertReceived(
    SignedExchangeLoadResult result,
    std::unique_ptr<SignedExchangeCertificateChain> cert_chain,
    net::IPAddress cert_server_ip_address) { … }

// https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#cross-origin-cert-req
SignedExchangeLoadResult SignedExchangeHandler::CheckCertRequirements(
    const net::X509Certificate* verified_cert) { … }

bool SignedExchangeHandler::CheckOCSPStatus(
    const bssl::OCSPVerifyResult& ocsp_result) { … }

void SignedExchangeHandler::OnVerifyCert(int32_t error_code,
                                         const net::CertVerifyResult& cv_result,
                                         bool pkp_bypassed) { … }

void SignedExchangeHandler::CheckAbsenceOfCookies(base::OnceClosure callback) { … }

void SignedExchangeHandler::OnGetCookies(
    base::OnceClosure callback,
    const std::vector<net::CookieWithAccessResult>& results) { … }

void SignedExchangeHandler::CreateResponse(
    network::mojom::URLResponseHeadPtr response_head) { … }

// https://wicg.github.io/webpackage/loading.html#read-a-body
std::unique_ptr<net::SourceStream>
SignedExchangeHandler::CreateResponseBodyStream() { … }

bool SignedExchangeHandler::GetSignedExchangeInfoForPrefetchCache(
    PrefetchedSignedExchangeCacheEntry& entry) const { … }

}  // namespace content
chromium/content/browser/web_package/signed_exchange_handler.cc
