Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(97)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 1115903002: Refactor the API for CertVerifier::Verify() and the implementation of MultiThreadedCertVerifier::Ver (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase again Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/cert_verifier.h ('K') | « net/net.gypi ('k') | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/proof_verifier_chromium.h" 5 #include "net/quic/crypto/proof_verifier_chromium.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
11 #include "base/logging.h" 11 #include "base/logging.h"
12 #include "base/metrics/histogram.h" 12 #include "base/metrics/histogram.h"
13 #include "base/profiler/scoped_tracker.h" 13 #include "base/profiler/scoped_tracker.h"
14 #include "base/stl_util.h" 14 #include "base/stl_util.h"
15 #include "base/strings/stringprintf.h" 15 #include "base/strings/stringprintf.h"
16 #include "crypto/signature_verifier.h" 16 #include "crypto/signature_verifier.h"
17 #include "net/base/net_errors.h" 17 #include "net/base/net_errors.h"
18 #include "net/cert/asn1_util.h" 18 #include "net/cert/asn1_util.h"
19 #include "net/cert/cert_status_flags.h" 19 #include "net/cert/cert_status_flags.h"
20 #include "net/cert/cert_verifier.h" 20 #include "net/cert/cert_verifier.h"
21 #include "net/cert/cert_verify_result.h" 21 #include "net/cert/cert_verify_result.h"
22 #include "net/cert/single_request_cert_verifier.h"
23 #include "net/cert/x509_certificate.h" 22 #include "net/cert/x509_certificate.h"
24 #include "net/cert/x509_util.h" 23 #include "net/cert/x509_util.h"
25 #include "net/http/transport_security_state.h" 24 #include "net/http/transport_security_state.h"
26 #include "net/log/net_log.h" 25 #include "net/log/net_log.h"
27 #include "net/quic/crypto/crypto_protocol.h" 26 #include "net/quic/crypto/crypto_protocol.h"
28 #include "net/ssl/ssl_config_service.h" 27 #include "net/ssl/ssl_config_service.h"
29 28
30 using base::StringPiece; 29 using base::StringPiece;
31 using base::StringPrintf; 30 using base::StringPrintf;
32 using std::string; 31 using std::string;
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
73 int DoVerifyCertComplete(int result); 72 int DoVerifyCertComplete(int result);
74 73
75 bool VerifySignature(const std::string& signed_data, 74 bool VerifySignature(const std::string& signed_data,
76 const std::string& signature, 75 const std::string& signature,
77 const std::string& cert); 76 const std::string& cert);
78 77
79 // Proof verifier to notify when this jobs completes. 78 // Proof verifier to notify when this jobs completes.
80 ProofVerifierChromium* proof_verifier_; 79 ProofVerifierChromium* proof_verifier_;
81 80
82 // The underlying verifier used for verifying certificates. 81 // The underlying verifier used for verifying certificates.
83 scoped_ptr<SingleRequestCertVerifier> verifier_; 82 CertVerifier* verifier_;
83 scoped_ptr<CertVerifier::Request> cert_verifier_request_;
84 84
85 TransportSecurityState* transport_security_state_; 85 TransportSecurityState* transport_security_state_;
86 86
87 // |hostname| specifies the hostname for which |certs| is a valid chain. 87 // |hostname| specifies the hostname for which |certs| is a valid chain.
88 std::string hostname_; 88 std::string hostname_;
89 89
90 scoped_ptr<ProofVerifierCallback> callback_; 90 scoped_ptr<ProofVerifierCallback> callback_;
91 scoped_ptr<ProofVerifyDetailsChromium> verify_details_; 91 scoped_ptr<ProofVerifyDetailsChromium> verify_details_;
92 std::string error_details_; 92 std::string error_details_;
93 93
94 // X509Certificate from a chain of DER encoded certificates. 94 // X509Certificate from a chain of DER encoded certificates.
95 scoped_refptr<X509Certificate> cert_; 95 scoped_refptr<X509Certificate> cert_;
96 96
97 State next_state_; 97 State next_state_;
98 98
99 BoundNetLog net_log_; 99 BoundNetLog net_log_;
100 100
101 DISALLOW_COPY_AND_ASSIGN(Job); 101 DISALLOW_COPY_AND_ASSIGN(Job);
102 }; 102 };
103 103
104 ProofVerifierChromium::Job::Job( 104 ProofVerifierChromium::Job::Job(
105 ProofVerifierChromium* proof_verifier, 105 ProofVerifierChromium* proof_verifier,
106 CertVerifier* cert_verifier, 106 CertVerifier* cert_verifier,
107 TransportSecurityState* transport_security_state, 107 TransportSecurityState* transport_security_state,
108 const BoundNetLog& net_log) 108 const BoundNetLog& net_log)
109 : proof_verifier_(proof_verifier), 109 : proof_verifier_(proof_verifier),
110 verifier_(new SingleRequestCertVerifier(cert_verifier)), 110 verifier_(cert_verifier),
111 transport_security_state_(transport_security_state), 111 transport_security_state_(transport_security_state),
112 next_state_(STATE_NONE), 112 next_state_(STATE_NONE),
113 net_log_(net_log) { 113 net_log_(net_log) {
114 } 114 }
115 115
116 QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof( 116 QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof(
117 const string& hostname, 117 const string& hostname,
118 const string& server_config, 118 const string& server_config,
119 const vector<string>& certs, 119 const vector<string>& certs,
120 const string& signature, 120 const string& signature,
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after
221 221
222 int ProofVerifierChromium::Job::DoVerifyCert(int result) { 222 int ProofVerifierChromium::Job::DoVerifyCert(int result) {
223 next_state_ = STATE_VERIFY_CERT_COMPLETE; 223 next_state_ = STATE_VERIFY_CERT_COMPLETE;
224 224
225 int flags = 0; 225 int flags = 0;
226 return verifier_->Verify(cert_.get(), hostname_, std::string(), flags, 226 return verifier_->Verify(cert_.get(), hostname_, std::string(), flags,
227 SSLConfigService::GetCRLSet().get(), 227 SSLConfigService::GetCRLSet().get(),
228 &verify_details_->cert_verify_result, 228 &verify_details_->cert_verify_result,
229 base::Bind(&ProofVerifierChromium::Job::OnIOComplete, 229 base::Bind(&ProofVerifierChromium::Job::OnIOComplete,
230 base::Unretained(this)), 230 base::Unretained(this)),
231 net_log_); 231 &cert_verifier_request_, net_log_);
232 } 232 }
233 233
234 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { 234 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
235 verifier_.reset(); 235 cert_verifier_request_.reset();
236 236
237 const CertVerifyResult& cert_verify_result = 237 const CertVerifyResult& cert_verify_result =
238 verify_details_->cert_verify_result; 238 verify_details_->cert_verify_result;
239 const CertStatus cert_status = cert_verify_result.cert_status; 239 const CertStatus cert_status = cert_verify_result.cert_status;
240 if (transport_security_state_ && 240 if (transport_security_state_ &&
241 (result == OK || 241 (result == OK ||
242 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 242 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
243 !transport_security_state_->CheckPublicKeyPins( 243 !transport_security_state_->CheckPublicKeyPins(
244 hostname_, 244 hostname_,
245 cert_verify_result.is_issued_by_known_root, 245 cert_verify_result.is_issued_by_known_root,
(...skipping 146 matching lines...) Expand 10 before | Expand all | Expand 10 after
392 } 392 }
393 return status; 393 return status;
394 } 394 }
395 395
396 void ProofVerifierChromium::OnJobComplete(Job* job) { 396 void ProofVerifierChromium::OnJobComplete(Job* job) {
397 active_jobs_.erase(job); 397 active_jobs_.erase(job);
398 delete job; 398 delete job;
399 } 399 }
400 400
401 } // namespace net 401 } // namespace net
OLDNEW
« net/cert/cert_verifier.h ('K') | « net/net.gypi ('k') | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698