Replace SafeBrowsing MAC with downloads over SSL.

BUG=119662
TEST=updated unittests, ran Chrome and verified SB functionality on new profile


Review URL: http://codereview.chromium.org/10069031

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132456 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/prefs/browser_prefs.cc

@@ -46,7 +46,6 @@
 #include "chrome/browser/profiles/profile_info_cache.h"
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/renderer_host/web_cache_manager.h"
-#include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/browser/search_engines/template_url_prepopulate_data.h"
 #include "chrome/browser/tabs/pinned_tab_codec.h"
 #include "chrome/browser/task_manager/task_manager.h"
@@ -130,10 +129,6 @@ void RegisterLocalState(PrefService* local_state) {
   NotificationPrefsManager::RegisterPrefs(local_state);
 #endif
 
-#if defined(ENABLE_SAFE_BROWSING)
-  SafeBrowsingService::RegisterPrefs(local_state);
-#endif
-
 #if defined(ENABLE_TASK_MANAGER)
   TaskManager::RegisterPrefs(local_state);
 #endif  // defined(ENABLE_TASK_MANAGER)

chrome/browser/safe_browsing/protocol_manager.h

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -49,11 +49,8 @@ class SBProtocolManagerFactory {
   virtual SafeBrowsingProtocolManager* CreateProtocolManager(
       SafeBrowsingService* sb_service,
       const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
       net::URLRequestContextGetter* request_context_getter,
-      const std::string& info_url_prefix,
-      const std::string& mackey_url_prefix,
+      const std::string& url_prefix,
       bool disable_auto_update) = 0;
  private:
   DISALLOW_COPY_AND_ASSIGN(SBProtocolManagerFactory);
@@ -65,7 +62,6 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest, TestGetHashUrl);
   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest,
                            TestGetHashBackOffTimes);
-  FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest, TestMacKeyUrl);
   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest,
                            TestSafeBrowsingHitUrl);
   FRIEND_TEST_ALL_PREFIXES(SafeBrowsingProtocolManagerTest,
@@ -87,11 +83,8 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   static SafeBrowsingProtocolManager* Create(
       SafeBrowsingService* sb_service,
       const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
       net::URLRequestContextGetter* request_context_getter,
-      const std::string& info_url_prefix,
-      const std::string& mackey_url_prefix,
+      const std::string& url_prefix,
       bool disable_auto_update);
 
   // Sets up the update schedule and internal state for making periodic requests
@@ -136,8 +129,6 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   // malware reports. |report| is the serialized report.
   void ReportMalwareDetails(const std::string& report);
 
-  bool is_initial_request() const { return initial_request_; }
-
   // The last time we received an update.
   base::Time last_update() const { return last_update_; }
 
@@ -193,11 +184,8 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   SafeBrowsingProtocolManager(
       SafeBrowsingService* sb_service,
       const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
       net::URLRequestContextGetter* request_context_getter,
-      const std::string& http_url_prefix,
-      const std::string& https_url_prefix,
+      const std::string& url_prefix,
       bool disable_auto_update);
 
  private:
@@ -210,13 +198,11 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
     NO_REQUEST = 0,     // No requests in progress
     UPDATE_REQUEST,     // Request for redirect URLs
     CHUNK_REQUEST,      // Request for a specific chunk
-    GETKEY_REQUEST      // Update the client's MAC key
   };
 
-  // Composes a URL using |prefix|, |method| (e.g.: gethash, download,
-  // newkey, report), |client_name| and |version|. When not empty,
-  // |additional_query| is appended to the URL with an additional "&"
-  // in the front.
+  // Composes a URL using |prefix|, |method| (e.g.: gethash, download, report).
+  // |client_name| and |version|. When not empty, |additional_query| is
+  // appended to the URL with an additional "&" in the front.
   static std::string ComposeUrl(const std::string& prefix,
                                 const std::string& method,
                                 const std::string& client_name,
@@ -224,13 +210,9 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
                                 const std::string& additional_query);
 
   // Generates Update URL for querying about the latest set of chunk updates.
-  // Append "wrkey=xxx" to the URL when |use_mac| is true.
-  GURL UpdateUrl(bool use_mac) const;
+  GURL UpdateUrl() const;
   // Generates GetHash request URL for retrieving full hashes.
-  // Append "wrkey=xxx" to the URL when |use_mac| is true.
-  GURL GetHashUrl(bool use_mac) const;
-  // Generates new MAC client key request URL.
-  GURL MacKeyUrl() const;
+  GURL GetHashUrl() const;
   // Generates URL for reporting safe browsing hits for UMA users.
   GURL SafeBrowsingHitUrl(
       const GURL& malicious_url, const GURL& page_url, const GURL& referrer_url,
@@ -269,23 +251,15 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   // Sends a request for a chunk to the SafeBrowsing servers.
   void IssueChunkRequest();
 
-  // Gets a key from the SafeBrowsing servers for use with MAC. This should only
-  // be called once per client unless the server directly tells us to update.
-  void IssueKeyRequest();
-
   // Formats a string returned from the database into:
-  //   "list_name;a:<add_chunk_ranges>:s:<sub_chunk_ranges>:mac\n"
-  static std::string FormatList(const SBListChunkRanges& list, bool use_mac);
+  //   "list_name;a:<add_chunk_ranges>:s:<sub_chunk_ranges>\n"
+  static std::string FormatList(const SBListChunkRanges& list);
 
   // Runs the protocol parser on received data and update the
   // SafeBrowsingService with the new content. Returns 'true' on successful
   // parse, 'false' on error.
   bool HandleServiceResponse(const GURL& url, const char* data, int length);
 
-  // If the SafeBrowsing service wants us to re-key, we clear our key state and
-  // issue the request.
-  void HandleReKey();
-
   // Updates internal state for each GetHash response error, assuming that the
   // current time is |now|.
   void HandleGetHashError(const base::Time& now);
@@ -332,7 +306,7 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   int next_update_sec_;
   base::OneShotTimer<SafeBrowsingProtocolManager> update_timer_;
 
-  // All chunk requests that need to be made, along with their MAC.
+  // All chunk requests that need to be made.
   std::deque<ChunkUrl> chunk_request_urls_;
 
   // Map of GetHash requests.
@@ -348,19 +322,10 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   };
   UpdateRequestState update_state_;
 
-  // We'll attempt to get keys once per browser session if we don't already have
-  // them. They are not essential to operation, but provide a layer of
-  // verification.
-  bool initial_request_;
-
   // True if the service has been given an add/sub chunk but it hasn't been
   // added to the database yet.
   bool chunk_pending_to_write_;
 
-  // The keys used for MAC. Empty keys mean we aren't using MAC.
-  std::string client_key_;
-  std::string wrapped_key_;
-
   // The last time we successfully received an update.
   base::Time last_update_;
 
@@ -384,19 +349,16 @@ class SafeBrowsingProtocolManager : public content::URLFetcherDelegate {
   std::string client_name_;
 
   // A string that is appended to the end of URLs for download, gethash,
-  // newkey, safebrowsing hits and chunk update requests.
+  // safebrowsing hits and chunk update requests.
   std::string additional_query_;
 
   // The context we use to issue network requests.
   scoped_refptr<net::URLRequestContextGetter> request_context_getter_;
 
   // URL prefix where browser fetches safebrowsing chunk updates, hashes, and
-  // reports hits to the safebrowsing list for UMA users.
-  std::string http_url_prefix_;
-
-  // URL prefix where browser fetches MAC client key, and reports detailed
-  // malware reports for users who opt-in.
-  std::string https_url_prefix_;
+  // reports hits to the safebrowsing list and sends detaild malware reports
+  // for UMA users.
+  std::string url_prefix_;
 
   // When true, protocol manager will not start an update unless
   // ForceScheduleNextUpdate() is called. This is set for testing purpose.

chrome/browser/safe_browsing/protocol_parser.cc

@@ -44,8 +44,6 @@ SafeBrowsingProtocolParser::SafeBrowsingProtocolParser() {
 bool SafeBrowsingProtocolParser::ParseGetHash(
     const char* chunk_data,
     int chunk_len,
-    const std::string& key,
-    bool* re_key,
     std::vector<SBFullHashResult>* full_hashes) {
   full_hashes->clear();
   int length = chunk_len;
@@ -53,23 +51,6 @@ bool SafeBrowsingProtocolParser::ParseGetHash(
 
   int offset;
   std::string line;
-  if (!key.empty()) {
-    if (!GetLine(data, length, &line))
-      return false;  // Error! Bad GetHash result.
-
-    if (line == "e:pleaserekey") {
-      *re_key = true;
-      return true;
-    }
-
-    offset = static_cast<int>(line.size()) + 1;
-    data += offset;
-    length -= offset;
-
-    if (!safe_browsing_util::VerifyMAC(key, line, data, length))
-      return false;
-  }
-
   while (length > 0) {
     if (!GetLine(data, length, &line))
       return false;
@@ -125,9 +106,7 @@ void SafeBrowsingProtocolParser::FormatGetHash(
 bool SafeBrowsingProtocolParser::ParseUpdate(
     const char* chunk_data,
     int chunk_len,
-    const std::string& key,
     int* next_update_sec,
-    bool* re_key,
     bool* reset,
     std::vector<SBChunkDelete>* deletes,
     std::vector<ChunkUrl>* chunk_urls) {
@@ -141,12 +120,6 @@ bool SafeBrowsingProtocolParser::ParseUpdate(
   // Populated below.
   std::string list_name;
 
-  // If we requested the MAC, the response must start with a MAC command.
-  // This test ensures it is present, the value will be verified in the
-  // switch statement below.
-  if (!key.empty() && (length < 1 || data[0] != 'm'))
-    return false;
-
   while (length > 0) {
     std::string cmd_line;
     if (!GetLine(data, length, &cmd_line))
@@ -184,50 +157,20 @@ bool SafeBrowsingProtocolParser::ParseUpdate(
         break;
       }
 
-      case 'e':
-        if (cmd_parts[1] != "pleaserekey")
-          return false;
-        *re_key = true;
-        break;
-
       case 'i':
         // The line providing the name of the list (i.e. 'goog-phish-shavar').
         list_name = cmd_parts[1];
         break;
 
-      case 'm':
-        // Verify that the MAC of the remainer of this chunk is what we expect.
-        if (!key.empty() &&
-            !safe_browsing_util::VerifyMAC(key, cmd_parts[1], data, length))
-          return false;
-        break;
-
       case 'n':
         // The line providing the next earliest time (in seconds) to re-query.
         *next_update_sec = atoi(cmd_parts[1].c_str());
         break;
 
       case 'u': {
-        // The redirect command is of the form: u:<url>,<mac> where <url> can
-        // contain multiple colons, commas or any valid URL characters. We scan
-        // backwards in the string looking for the first ',' we encounter and
-        // assume that everything before that is the URL and everything after
-        // is the MAC (if the MAC was requested).
-        std::string mac;
-        std::string redirect_url(cmd_line, 2);  // Skip the initial "u:".
-        if (!key.empty()) {
-          std::string::size_type mac_pos = redirect_url.rfind(',');
-          if (mac_pos == std::string::npos)
-            return false;
-          mac = redirect_url.substr(mac_pos + 1);
-          redirect_url = redirect_url.substr(0, mac_pos);
-        }
-
         ChunkUrl chunk_url;
-        chunk_url.url = redirect_url;
+        chunk_url.url = cmd_line.substr(2);  // Skip the initial "u:".
         chunk_url.list_name = list_name;
-        if (!key.empty())
-          chunk_url.mac = mac;
         chunk_urls->push_back(chunk_url);
         break;
       }
@@ -250,18 +193,10 @@ bool SafeBrowsingProtocolParser::ParseUpdate(
 bool SafeBrowsingProtocolParser::ParseChunk(const std::string& list_name,
                                             const char* data,
                                             int length,
-                                            const std::string& key,
-                                            const std::string& mac,
-                                            bool* re_key,
                                             SBChunkList* chunks) {
   int remaining = length;
   const char* chunk_data = data;
 
-  if (!key.empty() &&
-      !safe_browsing_util::VerifyMAC(key, mac, data, length)) {
-    return false;
-  }
-
   while (remaining > 0) {
     std::string cmd_line;
     if (!GetLine(chunk_data, length, &cmd_line))
@@ -272,15 +207,7 @@ bool SafeBrowsingProtocolParser::ParseChunk(const std::string& list_name,
     remaining -= line_len;
     std::vector<std::string> cmd_parts;
     base::SplitString(cmd_line, ':', &cmd_parts);
-
-    // Handle a possible re-key command.
     if (cmd_parts.size() != 4) {
-      if (cmd_parts.size() == 2 &&
-          cmd_parts[0] == "e" &&
-          cmd_parts[1] == "pleaserekey") {
-        *re_key = true;
-        continue;
-      }
       return false;
     }
 
@@ -485,45 +412,3 @@ bool SafeBrowsingProtocolParser::ReadPrefixes(
 
   return true;
 }
-
-bool SafeBrowsingProtocolParser::ParseNewKey(const char* chunk_data,
-                                             int chunk_length,
-                                             std::string* client_key,
-                                             std::string* wrapped_key) {
-  DCHECK(client_key && wrapped_key);
-  client_key->clear();
-  wrapped_key->clear();
-
-  const char* data = chunk_data;
-  int remaining = chunk_length;
-
-  while (remaining > 0) {
-    std::string line;
-    if (!GetLine(data, remaining, &line))
-      return false;
-
-    std::vector<std::string> cmd_parts;
-    base::SplitString(line, ':', &cmd_parts);
-    if (cmd_parts.size() != 3)
-      return false;
-
-    if (static_cast<int>(cmd_parts[2].size()) != atoi(cmd_parts[1].c_str()))
-      return false;
-
-    if (cmd_parts[0] == "clientkey") {
-      client_key->assign(cmd_parts[2]);
-    } else if (cmd_parts[0] == "wrappedkey") {
-      wrapped_key->assign(cmd_parts[2]);
-    } else {
-      return false;
-    }
-
-    data += line.size() + 1;
-    remaining -= static_cast<int>(line.size()) + 1;
-  }
-
-  if (client_key->empty() || wrapped_key->empty())
-    return false;
-
-  return true;
-}

chrome/browser/safe_browsing/protocol_parser.h

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -56,18 +56,13 @@ class SafeBrowsingProtocolParser {
   // Parse the response of an update request. Results for chunk deletions (both
   // add-del and sub-del are returned in 'chunk_deletes', and new chunk URLs to
   // download are contained in 'chunk_urls'. The next time the client is allowed
-  // to request another update is returned in 'next_update_sec'. If the service
-  // wants us to retrieve new MAC keys, 're_key' will be set to true. If we are
-  // using MACs to verify responses, the 'key' must be set to the private key
-  // returned from the SafeBrowsing servers. 'reset' will be set to true if the
-  // SafeBrowsing service wants us to dump our database.
+  // to request another update is returned in 'next_update_sec'. 'reset' will
+  // be set to true if the SafeBrowsing service wants us to dump our database.
   // Returns 'true'if it was able to decode the chunk properly, 'false' if not
   // decoded properly and the results should be ignored.
   bool ParseUpdate(const char* chunk_data,
                    int chunk_len,
-                   const std::string& key,
                    int* next_update_sec,
-                   bool* re_key,
                    bool* reset,
                    std::vector<SBChunkDelete>* chunk_deletes,
                    std::vector<ChunkUrl>* chunk_urls);
@@ -78,30 +73,17 @@ class SafeBrowsingProtocolParser {
   bool ParseChunk(const std::string& list_name,
                   const char* chunk_data,
                   int chunk_len,
-                  const std::string& key,
-                  const std::string& mac,
-                  bool* re_key,
                   SBChunkList* chunks);
 
   // Parse the result of a GetHash request, returning the list of full hashes.
-  // If we are checking for valid MACs, the caller should populate 'key'.
   bool ParseGetHash(const char* chunk_data,
                     int chunk_len,
-                    const std::string& key,
-                    bool* re_key,
                     std::vector<SBFullHashResult>* full_hashes);
 
   // Convert a list of partial hashes into a proper GetHash request.
   void FormatGetHash(const std::vector<SBPrefix>& prefixes,
                      std::string* request);
 
-  // Parse the keys used for subsequent communications with the SafeBrowsing
-  // servers. Returns true on successful parse, false on parse error.
-  bool ParseNewKey(const char* chunk_data,
-                   int chunk_length,
-                   std::string* client_key,
-                   std::string* wrapped_key);
-
  private:
   bool ParseAddChunk(const std::string& list_name,
                      const char* data,

chrome/browser/safe_browsing/safe_browsing_service.cc

@@ -59,14 +59,9 @@ namespace {
 const FilePath::CharType kCookiesFile[] = FILE_PATH_LITERAL(" Cookies");
 
 // The default URL prefix where browser fetches chunk updates, hashes,
-// and reports safe browsing hits.
-const char* const kSbDefaultInfoURLPrefix =
-    "http://safebrowsing.clients.google.com/safebrowsing";
-
-// The default URL prefix where browser fetches MAC client key and reports
-// malware details.
-const char* const kSbDefaultMacKeyURLPrefix =
-    "https://sb-ssl.google.com/safebrowsing";
+// and reports safe browsing hits and malware details.
+const char* const kSbDefaultURLPrefix =
+    "https://safebrowsing.google.com/safebrowsing";
 
 // When download url check takes this long, client's callback will be called
 // without waiting for the result.
@@ -586,26 +581,11 @@ void SafeBrowsingService::OnBlockingPageDone(
   }
 }
 
-void SafeBrowsingService::OnNewMacKeys(const std::string& client_key,
-                                       const std::string& wrapped_key) {
-  PrefService* prefs = g_browser_process->local_state();
-  if (prefs) {
-    prefs->SetString(prefs::kSafeBrowsingClientKey, client_key);
-    prefs->SetString(prefs::kSafeBrowsingWrappedKey, wrapped_key);
-  }
-}
-
 net::URLRequestContextGetter* SafeBrowsingService::url_request_context() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
   return url_request_context_getter_.get();
 }
 
-// static
-void SafeBrowsingService::RegisterPrefs(PrefService* prefs) {
-  prefs->RegisterStringPref(prefs::kSafeBrowsingClientKey, "");
-  prefs->RegisterStringPref(prefs::kSafeBrowsingWrappedKey, "");
-}
-
 void SafeBrowsingService::ResetDatabase() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   DCHECK(enabled_);
@@ -653,9 +633,7 @@ void SafeBrowsingService::DestroyURLRequestContextOnIOThread() {
   url_request_context_ = NULL;
 }
 
-void SafeBrowsingService::StartOnIOThread(
-    const std::string& client_key,
-    const std::string& wrapped_key) {
+void SafeBrowsingService::StartOnIOThread() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO));
   if (enabled_)
     return;
@@ -686,24 +664,17 @@ void SafeBrowsingService::StartOnIOThread(
   bool disable_auto_update =
       cmdline->HasSwitch(switches::kSbDisableAutoUpdate) ||
       cmdline->HasSwitch(switches::kDisableBackgroundNetworking);
-  std::string info_url_prefix =
-      cmdline->HasSwitch(switches::kSbInfoURLPrefix) ?
-      cmdline->GetSwitchValueASCII(switches::kSbInfoURLPrefix) :
-      kSbDefaultInfoURLPrefix;
-  std::string mackey_url_prefix =
-      cmdline->HasSwitch(switches::kSbMacKeyURLPrefix) ?
-      cmdline->GetSwitchValueASCII(switches::kSbMacKeyURLPrefix) :
-      kSbDefaultMacKeyURLPrefix;
+  std::string url_prefix =
+      cmdline->HasSwitch(switches::kSbURLPrefix) ?
+      cmdline->GetSwitchValueASCII(switches::kSbURLPrefix) :
+      kSbDefaultURLPrefix;
 
   DCHECK(!protocol_manager_);
   protocol_manager_ =
       SafeBrowsingProtocolManager::Create(this,
                                           client_name,
-                                          client_key,
-                                          wrapped_key,
                                           url_request_context_getter_,
-                                          info_url_prefix,
-                                          mackey_url_prefix,
+                                          url_prefix,
                                           disable_auto_update);
 
   protocol_manager_->Initialize();
@@ -1005,17 +976,6 @@ void SafeBrowsingService::DatabaseUpdateFinished(bool update_succeeded) {
 void SafeBrowsingService::Start() {
   DCHECK(BrowserThread::CurrentlyOn(BrowserThread::UI));
 
-  // Retrieve client MAC keys.
-  PrefService* local_state = g_browser_process->local_state();
-  DCHECK(local_state);
-  std::string client_key, wrapped_key;
-  if (local_state) {
-    client_key =
-      local_state->GetString(prefs::kSafeBrowsingClientKey);
-    wrapped_key =
-      local_state->GetString(prefs::kSafeBrowsingWrappedKey);
-  }
-
   CommandLine* cmdline = CommandLine::ForCurrentProcess();
   enable_download_protection_ =
       !cmdline->HasSwitch(switches::kSbDisableDownloadProtection);
@@ -1039,8 +999,7 @@ void SafeBrowsingService::Start() {
 
   BrowserThread::PostTask(
       BrowserThread::IO, FROM_HERE,
-      base::Bind(&SafeBrowsingService::StartOnIOThread,
-                 this, client_key, wrapped_key));
+      base::Bind(&SafeBrowsingService::StartOnIOThread, this));
 }
 
 void SafeBrowsingService::Stop() {

chrome/browser/safe_browsing/safe_browsing_service.h

@@ -263,11 +263,6 @@ class SafeBrowsingService
   void OnBlockingPageDone(const std::vector<UnsafeResource>& resources,
                           bool proceed);
 
-  // Called on the UI thread when the SafeBrowsingProtocolManager has received
-  // updated MAC keys.
-  void OnNewMacKeys(const std::string& client_key,
-                    const std::string& wrapped_key);
-
   bool enabled() const { return enabled_; }
 
   bool download_protection_enabled() const {
@@ -288,9 +283,6 @@ class SafeBrowsingService
 
   net::URLRequestContextGetter* url_request_context();
 
-  // Preference handling.
-  static void RegisterPrefs(PrefService* prefs);
-
   // Called on the IO thread to reset the database.
   void ResetDatabase();
 
@@ -357,8 +349,7 @@ class SafeBrowsingService
 
   // Called to initialize objects that are used on the io_thread.  This may be
   // called multiple times during the life of the SafeBrowsingService.
-  void StartOnIOThread(const std::string& client_key,
-                       const std::string& wrapped_key);
+  void StartOnIOThread();
 
   // Called to shutdown operations on the io_thread. This may be called multiple
   // times during the life of the SafeBrowsingService.

chrome/browser/safe_browsing/safe_browsing_service_browsertest.cc

@@ -194,15 +194,11 @@ class TestProtocolManager :  public SafeBrowsingProtocolManager {
  public:
   TestProtocolManager(SafeBrowsingService* sb_service,
                       const std::string& client_name,
-                      const std::string& client_key,
-                      const std::string& wrapped_key,
                       net::URLRequestContextGetter* request_context_getter,
-                      const std::string& info_url_prefix,
-                      const std::string& mackey_url_prefix,
+                      const std::string& url_prefix,
                       bool disable_auto_update)
-      : SafeBrowsingProtocolManager(sb_service, client_name, client_key,
-                                    wrapped_key, request_context_getter,
-                                    info_url_prefix, mackey_url_prefix,
+      : SafeBrowsingProtocolManager(sb_service, client_name,
+                                    request_context_getter, url_prefix,
                                     disable_auto_update),
         sb_service_(sb_service),
         delay_ms_(0) {
@@ -249,16 +245,12 @@ class TestSBProtocolManagerFactory : public SBProtocolManagerFactory {
   virtual SafeBrowsingProtocolManager* CreateProtocolManager(
       SafeBrowsingService* sb_service,
       const std::string& client_name,
-      const std::string& client_key,
-      const std::string& wrapped_key,
       net::URLRequestContextGetter* request_context_getter,
-      const std::string& info_url_prefix,
-      const std::string& mackey_url_prefix,
+      const std::string& url_prefix,
       bool disable_auto_update) {
     pm_ = new TestProtocolManager(
-        sb_service, client_name, client_key, wrapped_key,
-        request_context_getter, info_url_prefix, mackey_url_prefix,
-        disable_auto_update);
+        sb_service, client_name, request_context_getter,
+        url_prefix, disable_auto_update);
     return pm_;
   }
   TestProtocolManager* GetProtocolManager() {

chrome/browser/safe_browsing/safe_browsing_test.cc

@@ -52,7 +52,8 @@ using content::BrowserThread;
 
 namespace {
 
-const FilePath::CharType kDataFile[] = FILE_PATH_LITERAL("testing_input.dat");
+const FilePath::CharType kDataFile[] =
+    FILE_PATH_LITERAL("testing_input_nomac.dat");
 const char kUrlVerifyPath[] = "/safebrowsing/verify_urls";
 const char kDBVerifyPath[] = "/safebrowsing/verify_database";
 const char kDBResetPath[] = "/reset";
@@ -209,7 +210,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
   SafeBrowsingServiceTest()
     : safe_browsing_service_(NULL),
       is_database_ready_(true),
-      is_initial_request_(false),
       is_update_scheduled_(false),
       is_checked_url_in_db_(false),
       is_checked_url_safe_(false) {
@@ -221,8 +221,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
   void UpdateSafeBrowsingStatus() {
     ASSERT_TRUE(safe_browsing_service_);
     base::AutoLock lock(update_status_mutex_);
-    is_initial_request_ =
-        safe_browsing_service_->protocol_manager_->is_initial_request();
     last_update_ = safe_browsing_service_->protocol_manager_->last_update();
     is_update_scheduled_ =
         safe_browsing_service_->protocol_manager_->update_timer_.IsRunning();
@@ -273,11 +271,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
     return is_database_ready_;
   }
 
-  bool is_initial_request() {
-    base::AutoLock l(update_status_mutex_);
-    return is_initial_request_;
-  }
-
   base::Time last_update() {
     base::AutoLock l(update_status_mutex_);
     return last_update_;
@@ -317,15 +310,12 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
     command_line->AppendSwitch(
         switches::kDisableClientSidePhishingDetection);
 
-    // In this test, we fetch SafeBrowsing data and Mac key from the same
-    // server. Although in real production, they are served from different
-    // servers.
+    // Point to the testing server for all SafeBrowsing requests.
     std::string url_prefix =
         base::StringPrintf("http://%s:%d/safebrowsing",
                            SafeBrowsingTestServer::Host(),
                            SafeBrowsingTestServer::Port());
-    command_line->AppendSwitchASCII(switches::kSbInfoURLPrefix, url_prefix);
-    command_line->AppendSwitchASCII(switches::kSbMacKeyURLPrefix, url_prefix);
+    command_line->AppendSwitchASCII(switches::kSbURLPrefix, url_prefix);
   }
 
   void SetTestStep(int step) {
@@ -342,7 +332,6 @@ class SafeBrowsingServiceTest : public InProcessBrowserTest {
 
   // States associated with safebrowsing service updates.
   bool is_database_ready_;
-  bool is_initial_request_;
   base::Time last_update_;
   bool is_update_scheduled_;
   // Indicates if there is a match between a URL's prefix and safebrowsing
@@ -577,7 +566,6 @@ IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest,
   // is checked.
   safe_browsing_helper->WaitForStatusUpdate(0);
   EXPECT_TRUE(is_database_ready());
-  EXPECT_TRUE(is_initial_request());
   EXPECT_FALSE(is_update_scheduled());
   EXPECT_TRUE(last_update().is_null());
   // Starts updates. After each update, the test will fetch a list of URLs with
@@ -601,8 +589,7 @@ IN_PROC_BROWSER_TEST_F(SafeBrowsingServiceTest,
       // Periodically pull the status.
       safe_browsing_helper->WaitForStatusUpdate(
           TestTimeouts::tiny_timeout_ms());
-    } while (is_update_scheduled() || is_initial_request() ||
-             !is_database_ready());
+    } while (is_update_scheduled() || !is_database_ready());
 
 
     if (last_update() < now) {

chrome/browser/safe_browsing/safe_browsing_util.cc

@@ -4,12 +4,10 @@
 
 #include "chrome/browser/safe_browsing/safe_browsing_util.h"
 
-#include "base/base64.h"
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "chrome/browser/google/google_util.h"
-#include "crypto/hmac.h"
 #include "crypto/sha2.h"
 #include "googleurl/src/gurl.h"
 #include "googleurl/src/url_util.h"
@@ -20,8 +18,6 @@
 #include "chrome/installer/util/browser_distribution.h"
 #endif
 
-static const int kSafeBrowsingMacDigestSize = 20;
-
 // Continue to this URL after submitting the phishing report form.
 // TODO(paulg): Change to a Chrome specific URL.
 static const char kContinueUrlFormat[] =
@@ -479,39 +475,6 @@ bool IsBadbinhashList(const std::string& list_name) {
   return list_name.compare(kBinHashList) == 0;
 }
 
-static void DecodeWebSafe(std::string* decoded) {
-  DCHECK(decoded);
-  for (std::string::iterator i(decoded->begin()); i != decoded->end(); ++i) {
-    if (*i == '_')
-      *i = '/';
-    else if (*i == '-')
-      *i = '+';
-  }
-}
-
-bool VerifyMAC(const std::string& key, const std::string& mac,
-               const char* data, int data_length) {
-  std::string key_copy = key;
-  DecodeWebSafe(&key_copy);
-  std::string decoded_key;
-  base::Base64Decode(key_copy, &decoded_key);
-
-  std::string mac_copy = mac;
-  DecodeWebSafe(&mac_copy);
-  std::string decoded_mac;
-  base::Base64Decode(mac_copy, &decoded_mac);
-
-  crypto::HMAC hmac(crypto::HMAC::SHA1);
-  if (!hmac.Init(decoded_key))
-    return false;
-  const std::string data_str(data, data_length);
-  unsigned char digest[kSafeBrowsingMacDigestSize];
-  if (!hmac.Sign(data_str, digest, kSafeBrowsingMacDigestSize))
-    return false;
-
-  return !memcmp(digest, decoded_mac.data(), kSafeBrowsingMacDigestSize);
-}
-
 GURL GeneratePhishingReportUrl(const std::string& report_page,
                                const std::string& url_to_report,
                                bool is_client_side_detection) {

chrome/browser/safe_browsing/safe_browsing_util.h

-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
@@ -23,10 +23,9 @@ class SBEntry;
 // A truncated hash's type.
 typedef int32 SBPrefix;
 
-// Container for holding a chunk URL and the MAC of the contents of the URL.
+// Container for holding a chunk URL and the list it belongs to.
 struct ChunkUrl {
   std::string url;
-  std::string mac;
   std::string list_name;
 };
 
@@ -319,12 +318,6 @@ bool IsMalwareList(const std::string& list_name);
 bool IsBadbinurlList(const std::string& list_name);
 bool IsBadbinhashList(const std::string& list_name);
 
-// Returns 'true' if 'mac' can be verified using 'key' and 'data'.
-bool VerifyMAC(const std::string& key,
-               const std::string& mac,
-               const char* data,
-               int data_length);
-
 GURL GeneratePhishingReportUrl(const std::string& report_page,
                                const std::string& url_to_report,
                                bool is_client_side_detection);

chrome/common/chrome_switches.cc

@@ -1055,10 +1055,7 @@ const char kRestoreLastSession[]            = "restore-last-session";
 
 // URL prefix used by safebrowsing to fetch hash, download data and report
 // malware.
-const char kSbInfoURLPrefix[] = "safebrowsing-info-url-prefix";
-
-// URL prefix used by safebrowsing to get MAC key.
-const char kSbMacKeyURLPrefix[] = "safebrowsing-mackey-url-prefix";
+const char kSbURLPrefix[] = "safebrowsing-url-prefix";
 
 // If present, safebrowsing only performs update when
 // SafeBrowsingProtocolManager::ForceScheduleNextUpdate() is explicitly called.

chrome/common/chrome_switches.h

@@ -286,8 +286,7 @@ extern const char kReloadKilledTabs[];
 extern const char kRemoteDebuggingFrontend[];
 extern const char kRendererPrintPreview[];
 extern const char kRestoreLastSession[];
-extern const char kSbInfoURLPrefix[];
-extern const char kSbMacKeyURLPrefix[];
+extern const char kSbURLPrefix[];
 extern const char kSbDisableAutoUpdate[];
 extern const char kSbDisableDownloadProtection[];
 extern const char kSearchInOmniboxHint[];