File: system_network_context_manager.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (297 lines) | stat: -rw-r--r-- 12,355 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_NET_SYSTEM_NETWORK_CONTEXT_MANAGER_H_
#define CHROME_BROWSER_NET_SYSTEM_NETWORK_CONTEXT_MANAGER_H_

#include <memory>
#include <optional>
#include <vector>

#include "base/gtest_prod_util.h"
#include "base/memory/raw_ptr.h"
#include "base/memory/scoped_refptr.h"
#include "chrome/browser/net/cert_verifier_service_time_updater.h"
#include "chrome/browser/net/cookie_encryption_provider_impl.h"
#include "chrome/browser/net/proxy_config_monitor.h"
#include "chrome/browser/net/stub_resolver_config_reader.h"
#include "chrome/browser/ssl/ssl_config_service_manager.h"
#include "chrome/common/buildflags.h"
#include "components/prefs/pref_change_registrar.h"
#include "components/prefs/pref_member.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h"
#include "services/network/public/mojom/host_resolver.mojom-forward.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/network/public/mojom/ssl_config.mojom-forward.h"
#include "services/network/public/mojom/url_loader_factory.mojom.h"

class NetworkAnnotationMonitor;
class PrefRegistrySimple;
class PrefService;

namespace network {
namespace mojom {
class URLLoaderFactory;
}
class SharedURLLoaderFactory;
}  // namespace network

namespace net_log {
class NetExportFileWriter;
class NetLogProxySource;
}

// Responsible for creating and managing access to the system NetworkContext.
// Lives on the UI thread. The NetworkContext this owns is intended for requests
// not associated with a profile. It stores no data on disk, and has no HTTP
// cache, but it does have ephemeral cookie and channel ID stores. It also does
// not have access to HTTP proxy auth information the user has entered or that
// comes from extensions, and similarly, has no extension-provided per-profile
// proxy configuration information.
//
// This class is also responsible for configuring global NetworkService state.
//
// The "system" NetworkContext will either share a URLRequestContext with
// IOThread's SystemURLRequestContext and be part of IOThread's NetworkService
// (If the network service is disabled) or be an independent NetworkContext
// using the actual network service.
//
// This class is intended to eventually replace IOThread. Handling the two cases
// differently allows this to be used in production without breaking anything or
// requiring two separate paths, while IOThread consumers slowly transition over
// to being compatible with the network service.
class SystemNetworkContextManager {
 public:
  SystemNetworkContextManager(const SystemNetworkContextManager&) = delete;
  SystemNetworkContextManager& operator=(const SystemNetworkContextManager&) =
      delete;

  ~SystemNetworkContextManager();

  // Creates the global instance of SystemNetworkContextManager. If an
  // instance already exists, this will cause a DCHECK failure.
  static SystemNetworkContextManager* CreateInstance(PrefService* pref_service);

  // Checks if the global SystemNetworkContextManager has been created.
  static bool HasInstance();

  // Gets the global SystemNetworkContextManager instance. If it has not been
  // created yet, NetworkService is called, which will cause the
  // SystemNetworkContextManager to be created.
  static SystemNetworkContextManager* GetInstance();

  // Destroys the global SystemNetworkContextManager instance.
  static void DeleteInstance();

  static void RegisterPrefs(PrefRegistrySimple* registry);

  static StubResolverConfigReader* GetStubResolverConfigReader();

  // Returns the System NetworkContext. May only be called after SetUp(). Does
  // any initialization of the NetworkService that may be needed when first
  // called.
  network::mojom::NetworkContext* GetContext();

  // Returns a URLLoaderFactory owned by the SystemNetworkContextManager that is
  // backed by the SystemNetworkContext. Allows sharing of the URLLoaderFactory.
  // Prefer this to creating a new one.  Call Clone() on the value returned by
  // this method to get a URLLoaderFactory that can be used on other threads.
  network::mojom::URLLoaderFactory* GetURLLoaderFactory();

  // Returns a SharedURLLoaderFactory owned by the SystemNetworkContextManager
  // that is backed by the SystemNetworkContext.
  scoped_refptr<network::SharedURLLoaderFactory> GetSharedURLLoaderFactory();

  // Called when content creates a NetworkService. Creates the
  // SystemNetworkContext, if the network service is enabled.
  void OnNetworkServiceCreated(network::mojom::NetworkService* network_service);

  // Permanently disables QUIC, both for NetworkContexts using the IOThread's
  // NetworkService, and for those using the network service (if enabled).
  void DisableQuic();

  // Returns an mojo::PendingReceiver<SSLConfigClient> that can be passed as a
  // NetworkContextParam.
  mojo::PendingReceiver<network::mojom::SSLConfigClient>
  GetSSLConfigClientReceiver();

  // Adds a CookieEncryptionManager mojo remote to the specified
  // `network_context_params`.
  void AddCookieEncryptionManagerToNetworkContextParams(
      network::mojom::NetworkContextParams* network_context_params);

  // Populates |initial_ssl_config| and |ssl_config_client_receiver| members of
  // |network_context_params|. As long as the SystemNetworkContextManager
  // exists, any NetworkContext created with the params will continue to get
  // SSL configuration updates.
  void AddSSLConfigToNetworkContextParams(
      network::mojom::NetworkContextParams* network_context_params);

  // Configures default set of parameters for configuring the network context.
  void ConfigureDefaultNetworkContextParams(
      network::mojom::NetworkContextParams* network_context_params);

  // Performs the same function as ConfigureDefaultNetworkContextParams(), and
  // then returns a newly allocated network::mojom::NetworkContextParams with
  // some modifications: if the CertVerifierService is enabled, the new
  // NetworkContextParams will contain a CertVerifierServiceRemoteParams.
  // Otherwise the newly configured CertVerifierCreationParams is placed
  // directly into the NetworkContextParams.
  network::mojom::NetworkContextParamsPtr CreateDefaultNetworkContextParams();

  // Returns a shared global NetExportFileWriter instance, used by net-export.
  // It lives here so it can outlive chrome://net-export/ if the tab is closed
  // or destroyed, and so that it's destroyed before Mojo is shut down.
  net_log::NetExportFileWriter* GetNetExportFileWriter();

  // Updates the network service with the given list of |trust_anchor_ids| (a
  // list of TLS Trust Anchor IDs in binary representation).
  void UpdateTrustAnchorIDs(std::vector<std::vector<uint8_t>> trust_anchor_ids);

  // Returns whether the network sandbox is enabled. This depends on policy but
  // also feature status from sandbox. Called before there is an instance of
  // SystemNetworkContextManager.
  static bool IsNetworkSandboxEnabled();

  // Flushes all pending SSL configuration changes.
  void FlushSSLConfigManagerForTesting();

  // Flushes all pending proxy configuration changes.
  void FlushProxyConfigMonitorForTesting();

  // Call |FlushForTesting()| on Network Service related interfaces. For test
  // use only.
  void FlushNetworkInterfaceForTesting();

#if BUILDFLAG(IS_CHROMEOS)
  // Call |FlushForTesting()| on NetworkAnnotationMonitor. For test use only.
  void FlushNetworkAnnotationMonitorForTesting();
#endif  // BUILDFLAG(IS_CHROMEOS)

  static network::mojom::HttpAuthStaticParamsPtr
  GetHttpAuthStaticParamsForTesting();
  static network::mojom::HttpAuthDynamicParamsPtr
  GetHttpAuthDynamicParamsForTesting();

  // Enables Certificate Transparency and enforcing the Chrome Certificate
  // Transparency Policy. For test use only. Use std::nullopt_t to reset to
  // the default state.
  static void SetEnableCertificateTransparencyForTesting(
      std::optional<bool> enabled);

  // Reloads the static CT log lists but overriding the log list update time
  // with the current time. For test use only.
  void SetCTLogListTimelyForTesting();

  static bool IsCertificateTransparencyEnabled();

  static void set_stub_resolver_config_reader_for_testing(
      StubResolverConfigReader* reader) {
    stub_resolver_config_reader_for_testing_ = reader;
  }

 private:
  FRIEND_TEST_ALL_PREFIXES(
      SystemNetworkContextServiceCertVerifierBuiltinPermissionsPolicyTest,
      Test);

  class URLLoaderFactoryForSystem;
  class NetworkProcessLaunchWatcher;

#if BUILDFLAG(IS_LINUX)
  class GssapiLibraryLoadObserver
      : public network::mojom::GssapiLibraryLoadObserver {
   public:
    explicit GssapiLibraryLoadObserver(SystemNetworkContextManager* owner);
    GssapiLibraryLoadObserver(const GssapiLibraryLoadObserver&) = delete;
    GssapiLibraryLoadObserver& operator=(const GssapiLibraryLoadObserver&) =
        delete;
    ~GssapiLibraryLoadObserver() override;

    void Install(network::mojom::NetworkService* network_service);

    // network::mojom::GssapiLibraryLoadObserver implementation:
    void OnBeforeGssapiLibraryLoad() override;

   private:
    mojo::Receiver<network::mojom::GssapiLibraryLoadObserver>
        gssapi_library_loader_observer_receiver_{this};
    raw_ptr<SystemNetworkContextManager> owner_;
  };
#endif

  // Constructor. |pref_service| must out live this object.
  explicit SystemNetworkContextManager(PrefService* pref_service);

  void UpdateReferrersEnabled();

  // Creates parameters for the NetworkContext. May only be called once, since
  // it initializes some class members.
  network::mojom::NetworkContextParamsPtr CreateNetworkContextParams();

  // Send the current value of the net.explicitly_allowed_network_ports pref to
  // the network process.
  void UpdateExplicitlyAllowedNetworkPorts();

  void UpdateIPv6ReachabilityOverrideEnabled();

  void UpdateTLS13EarlyDataEnabled();

  // The PrefService to retrieve all the pref values.
  raw_ptr<PrefService> local_state_;

  // This is an instance of the default SSLConfigServiceManager for the current
  // platform and it gets SSL preferences from the BrowserProcess's local_state
  // object. It's shared with other NetworkContexts.
  SSLConfigServiceManager ssl_config_service_manager_;

  ProxyConfigMonitor proxy_config_monitor_;

  // NetworkContext using the network service, if the network service is
  // enabled. mojo::NullRemote(), otherwise.
  mojo::Remote<network::mojom::NetworkContext> network_service_network_context_;

  // URLLoaderFactory backed by the NetworkContext returned by GetContext(), so
  // consumers don't all need to create their own factory.
  scoped_refptr<URLLoaderFactoryForSystem> shared_url_loader_factory_;
  mojo::Remote<network::mojom::URLLoaderFactory> url_loader_factory_;

  bool is_quic_allowed_ = true;

  PrefChangeRegistrar pref_change_registrar_;

  BooleanPrefMember enable_referrers_;

  // Copies NetLog events from the browser process to the Network Service, if
  // the network service is running in a separate process. It will be destroyed
  // and re-created on Network Service crash.
  std::unique_ptr<net_log::NetLogProxySource> net_log_proxy_source_;

  // Initialized on first access.
  std::unique_ptr<net_log::NetExportFileWriter> net_export_file_writer_;

  std::unique_ptr<NetworkProcessLaunchWatcher> network_process_launch_watcher_;

  StubResolverConfigReader stub_resolver_config_reader_;
  static StubResolverConfigReader* stub_resolver_config_reader_for_testing_;

  static std::optional<bool> certificate_transparency_enabled_for_testing_;

#if BUILDFLAG(IS_CHROMEOS)
  std::unique_ptr<NetworkAnnotationMonitor> network_annotation_monitor_;
#endif  // BUILDFLAG(IS_CHROMEOS)

#if BUILDFLAG(IS_LINUX)
  GssapiLibraryLoadObserver gssapi_library_loader_observer_{this};
#endif  // BUILDFLAG(IS_LINUX)

  CookieEncryptionProviderImpl cookie_encryption_provider_;

  std::unique_ptr<CertVerifierServiceTimeUpdater> cert_verifier_time_updater_;
};

#endif  // CHROME_BROWSER_NET_SYSTEM_NETWORK_CONTEXT_MANAGER_H_