Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1361)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/spdy/spdy_session.cc

Issue 10807088: Implement TLS Channel ID support for SPDY CREDENTIAL frames (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Factor out MockClientSocket::kTlsUnique. Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/spdy/spdy_credential_builder_unittest.cc ('K') | « net/spdy/spdy_http_stream_spdy3_unittest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/spdy/spdy_session.cc
diff --git a/net/spdy/spdy_session.cc b/net/spdy/spdy_session.cc
index 0e859c50c9340eac66f1d362052c2821d03de073..119fd9fe04387d35c073fdb066b648a08a911edb 100644
--- a/net/spdy/spdy_session.cc
+++ b/net/spdy/spdy_session.cc
@@ -31,6 +31,7 @@
#include "net/base/server_bound_cert_service.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties.h"
+#include "net/spdy/spdy_credential_builder.h"
#include "net/spdy/spdy_frame_builder.h"
#include "net/spdy/spdy_http_utils.h"
#include "net/spdy/spdy_protocol.h"
@@ -626,42 +627,15 @@ SpdyCredentialControlFrame* SpdySession::CreateCredentialFrame(
const std::string& cert,
RequestPriority priority) {
DCHECK(is_secure_);
- unsigned char secret[32]; // 32 bytes from the spec
- GetSSLClientSocket()->ExportKeyingMaterial("SPDY certificate proof",
- true, origin,
- secret, arraysize(secret));
-
- // Convert the key string into a vector<unit8>
- std::vector<uint8> key_data;
- for (size_t i = 0; i < key.length(); i++) {
- key_data.push_back(key[i]);
- }
-
- std::vector<uint8> proof;
- switch (type) {
- case CLIENT_CERT_ECDSA_SIGN: {
- base::StringPiece spki_piece;
- asn1::ExtractSPKIFromDERCert(cert, &spki_piece);
- std::vector<uint8> spki(spki_piece.data(),
- spki_piece.data() + spki_piece.size());
- scoped_ptr<crypto::ECPrivateKey> private_key(
- crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
- ServerBoundCertService::kEPKIPassword, key_data, spki));
- scoped_ptr<crypto::ECSignatureCreator> creator(
- crypto::ECSignatureCreator::Create(private_key.get()));
- creator->Sign(secret, arraysize(secret), &proof);
- break;
- }
- default:
- NOTREACHED();
- }
+ SSLClientSocket* ssl_socket = GetSSLClientSocket();
+ DCHECK(ssl_socket);
+ DCHECK(ssl_socket->WasChannelIDSent());
SpdyCredential credential;
- GURL origin_url(origin);
- credential.slot =
- credential_state_.SetHasCredential(origin_url);
- credential.certs.push_back(cert);
- credential.proof.assign(proof.begin(), proof.end());
+ std::string tls_unique;
+ ssl_socket->GetTLSUniqueChannelBinding(&tls_unique);
+ size_t slot = credential_state_.SetHasCredential(GURL(origin));
+ SpdyCredentialBuilder::Build(tls_unique, type, key, cert, slot, &credential);
ramant (doing other things) 2012/08/02 00:03:05 nit: should we consider checking errors returned b
jar (doing other things) 2012/08/02 16:21:56 I think you skipped this question somehow. I thin
Ryan Hamilton 2012/08/02 16:42:39 Eeek! You're exactly right, of course. Done.
DCHECK(buffered_spdy_framer_.get());
scoped_ptr<SpdyCredentialControlFrame> credential_frame(
« net/spdy/spdy_credential_builder_unittest.cc ('K') | « net/spdy/spdy_http_stream_spdy3_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698