| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/cert_verify_proc.h" | 5 #include "net/cert/cert_verify_proc.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/files/file_path.h" | 10 #include "base/files/file_path.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 // for all certificates that are Verified. | 50 // for all certificates that are Verified. |
| 51 class WellKnownCaCertVerifyProc : public CertVerifyProc { | 51 class WellKnownCaCertVerifyProc : public CertVerifyProc { |
| 52 public: | 52 public: |
| 53 // Initialize a CertVerifyProc that will set | 53 // Initialize a CertVerifyProc that will set |
| 54 // |verify_result->is_issued_by_known_root| to |is_well_known|. | 54 // |verify_result->is_issued_by_known_root| to |is_well_known|. |
| 55 explicit WellKnownCaCertVerifyProc(bool is_well_known) | 55 explicit WellKnownCaCertVerifyProc(bool is_well_known) |
| 56 : is_well_known_(is_well_known) {} | 56 : is_well_known_(is_well_known) {} |
| 57 | 57 |
| 58 // CertVerifyProc implementation: | 58 // CertVerifyProc implementation: |
| 59 bool SupportsAdditionalTrustAnchors() const override { return false; } | 59 bool SupportsAdditionalTrustAnchors() const override { return false; } |
| 60 bool SupportsOCSPStapling() const override { return false; } |
| 60 | 61 |
| 61 protected: | 62 protected: |
| 62 ~WellKnownCaCertVerifyProc() override {} | 63 ~WellKnownCaCertVerifyProc() override {} |
| 63 | 64 |
| 64 private: | 65 private: |
| 65 int VerifyInternal(X509Certificate* cert, | 66 int VerifyInternal(X509Certificate* cert, |
| 66 const std::string& hostname, | 67 const std::string& hostname, |
| 68 const std::string& ocsp_response, |
| 67 int flags, | 69 int flags, |
| 68 CRLSet* crl_set, | 70 CRLSet* crl_set, |
| 69 const CertificateList& additional_trust_anchors, | 71 const CertificateList& additional_trust_anchors, |
| 70 CertVerifyResult* verify_result) override; | 72 CertVerifyResult* verify_result) override; |
| 71 | 73 |
| 72 const bool is_well_known_; | 74 const bool is_well_known_; |
| 73 | 75 |
| 74 DISALLOW_COPY_AND_ASSIGN(WellKnownCaCertVerifyProc); | 76 DISALLOW_COPY_AND_ASSIGN(WellKnownCaCertVerifyProc); |
| 75 }; | 77 }; |
| 76 | 78 |
| 77 int WellKnownCaCertVerifyProc::VerifyInternal( | 79 int WellKnownCaCertVerifyProc::VerifyInternal( |
| 78 X509Certificate* cert, | 80 X509Certificate* cert, |
| 79 const std::string& hostname, | 81 const std::string& hostname, |
| 82 const std::string& ocsp_response, |
| 80 int flags, | 83 int flags, |
| 81 CRLSet* crl_set, | 84 CRLSet* crl_set, |
| 82 const CertificateList& additional_trust_anchors, | 85 const CertificateList& additional_trust_anchors, |
| 83 CertVerifyResult* verify_result) { | 86 CertVerifyResult* verify_result) { |
| 84 verify_result->is_issued_by_known_root = is_well_known_; | 87 verify_result->is_issued_by_known_root = is_well_known_; |
| 85 return OK; | 88 return OK; |
| 86 } | 89 } |
| 87 | 90 |
| 88 bool SupportsReturningVerifiedChain() { | 91 bool SupportsReturningVerifiedChain() { |
| 89 #if defined(OS_ANDROID) | 92 #if defined(OS_ANDROID) |
| (...skipping 28 matching lines...) Expand all Loading... |
| 118 bool SupportsAdditionalTrustAnchors() { | 121 bool SupportsAdditionalTrustAnchors() { |
| 119 return verify_proc_->SupportsAdditionalTrustAnchors(); | 122 return verify_proc_->SupportsAdditionalTrustAnchors(); |
| 120 } | 123 } |
| 121 | 124 |
| 122 int Verify(X509Certificate* cert, | 125 int Verify(X509Certificate* cert, |
| 123 const std::string& hostname, | 126 const std::string& hostname, |
| 124 int flags, | 127 int flags, |
| 125 CRLSet* crl_set, | 128 CRLSet* crl_set, |
| 126 const CertificateList& additional_trust_anchors, | 129 const CertificateList& additional_trust_anchors, |
| 127 CertVerifyResult* verify_result) { | 130 CertVerifyResult* verify_result) { |
| 128 return verify_proc_->Verify(cert, hostname, flags, crl_set, | 131 return verify_proc_->Verify(cert, hostname, std::string(), flags, crl_set, |
| 129 additional_trust_anchors, verify_result); | 132 additional_trust_anchors, verify_result); |
| 130 } | 133 } |
| 131 | 134 |
| 132 const CertificateList empty_cert_list_; | 135 const CertificateList empty_cert_list_; |
| 133 scoped_refptr<CertVerifyProc> verify_proc_; | 136 scoped_refptr<CertVerifyProc> verify_proc_; |
| 134 }; | 137 }; |
| 135 | 138 |
| 136 TEST_F(CertVerifyProcTest, DISABLED_WithoutRevocationChecking) { | 139 TEST_F(CertVerifyProcTest, DISABLED_WithoutRevocationChecking) { |
| 137 // Check that verification without revocation checking works. | 140 // Check that verification without revocation checking works. |
| 138 CertificateList certs = CreateCertificateListFromFile( | 141 CertificateList certs = CreateCertificateListFromFile( |
| (...skipping 1466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1605 int flags = 0; | 1608 int flags = 0; |
| 1606 CertVerifyResult verify_result; | 1609 CertVerifyResult verify_result; |
| 1607 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, | 1610 int error = Verify(cert.get(), "127.0.0.1", flags, NULL, empty_cert_list_, |
| 1608 &verify_result); | 1611 &verify_result); |
| 1609 EXPECT_EQ(ERR_CERT_INVALID, error); | 1612 EXPECT_EQ(ERR_CERT_INVALID, error); |
| 1610 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); | 1613 EXPECT_EQ(CERT_STATUS_INVALID, verify_result.cert_status); |
| 1611 } | 1614 } |
| 1612 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | 1615 #endif // defined(OS_MACOSX) && !defined(OS_IOS) |
| 1613 | 1616 |
| 1614 } // namespace net | 1617 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1081913003:
Route OCSP stapling through CertVerifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss