OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_policy_enforcer.h" | 5 #include "net/cert/cert_policy_enforcer.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/build_time.h" | 10 #include "base/build_time.h" |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
178 // Whether the build is not older than 10 weeks. The value is meaningful only | 178 // Whether the build is not older than 10 weeks. The value is meaningful only |
179 // if |ct_presence_required| is true. | 179 // if |ct_presence_required| is true. |
180 bool build_timely; | 180 bool build_timely; |
181 // Compliance status - meaningful only if |ct_presence_required| and | 181 // Compliance status - meaningful only if |ct_presence_required| and |
182 // |build_timely| are true. | 182 // |build_timely| are true. |
183 CTComplianceStatus status; | 183 CTComplianceStatus status; |
184 // EV whitelist version. | 184 // EV whitelist version. |
185 base::Version whitelist_version; | 185 base::Version whitelist_version; |
186 }; | 186 }; |
187 | 187 |
188 base::Value* NetLogComplianceCheckResultCallback( | 188 scoped_ptr<base::Value> NetLogComplianceCheckResultCallback( |
189 X509Certificate* cert, | 189 X509Certificate* cert, |
190 ComplianceDetails* details, | 190 ComplianceDetails* details, |
191 NetLogCaptureMode capture_mode) { | 191 NetLogCaptureMode capture_mode) { |
192 base::DictionaryValue* dict = new base::DictionaryValue(); | 192 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
193 dict->Set("certificate", NetLogX509CertificateCallback(cert, capture_mode)); | 193 dict->Set("certificate", NetLogX509CertificateCallback(cert, capture_mode)); |
194 dict->SetBoolean("policy_enforcement_required", | 194 dict->SetBoolean("policy_enforcement_required", |
195 details->ct_presence_required); | 195 details->ct_presence_required); |
196 if (details->ct_presence_required) { | 196 if (details->ct_presence_required) { |
197 dict->SetBoolean("build_timely", details->build_timely); | 197 dict->SetBoolean("build_timely", details->build_timely); |
198 if (details->build_timely) { | 198 if (details->build_timely) { |
199 dict->SetString("ct_compliance_status", | 199 dict->SetString("ct_compliance_status", |
200 ComplianceStatusToString(details->status)); | 200 ComplianceStatusToString(details->status)); |
201 if (details->whitelist_version.IsValid()) | 201 if (details->whitelist_version.IsValid()) |
202 dict->SetString("ev_whitelist_version", | 202 dict->SetString("ev_whitelist_version", |
203 details->whitelist_version.GetString()); | 203 details->whitelist_version.GetString()); |
204 } | 204 } |
205 } | 205 } |
206 return dict; | 206 return dict.Pass(); |
207 } | 207 } |
208 | 208 |
209 bool IsCertificateInWhitelist(const X509Certificate& cert, | 209 bool IsCertificateInWhitelist(const X509Certificate& cert, |
210 const ct::EVCertsWhitelist* ev_whitelist) { | 210 const ct::EVCertsWhitelist* ev_whitelist) { |
211 bool cert_in_ev_whitelist = false; | 211 bool cert_in_ev_whitelist = false; |
212 if (ev_whitelist && ev_whitelist->IsValid()) { | 212 if (ev_whitelist && ev_whitelist->IsValid()) { |
213 const SHA256HashValue fingerprint( | 213 const SHA256HashValue fingerprint( |
214 X509Certificate::CalculateFingerprint256(cert.os_cert_handle())); | 214 X509Certificate::CalculateFingerprint256(cert.os_cert_handle())); |
215 | 215 |
216 std::string truncated_fp = | 216 std::string truncated_fp = |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
254 bool CertPolicyEnforcer::DoesConformToCTEVPolicy( | 254 bool CertPolicyEnforcer::DoesConformToCTEVPolicy( |
255 X509Certificate* cert, | 255 X509Certificate* cert, |
256 const ct::EVCertsWhitelist* ev_whitelist, | 256 const ct::EVCertsWhitelist* ev_whitelist, |
257 const ct::CTVerifyResult& ct_result, | 257 const ct::CTVerifyResult& ct_result, |
258 const BoundNetLog& net_log) { | 258 const BoundNetLog& net_log) { |
259 ComplianceDetails details; | 259 ComplianceDetails details; |
260 | 260 |
261 CheckCTEVPolicyCompliance(cert, ev_whitelist, ct_result, &details); | 261 CheckCTEVPolicyCompliance(cert, ev_whitelist, ct_result, &details); |
262 | 262 |
263 NetLog::ParametersCallback net_log_callback = | 263 NetLog::ParametersCallback net_log_callback = |
264 base::Bind(&NetLogComplianceCheckResultCallback, base::Unretained(cert), | 264 base::Bind(NetLogComplianceCheckResultCallback, base::Unretained(cert), |
265 base::Unretained(&details)); | 265 base::Unretained(&details)); |
266 | 266 |
267 net_log.AddEvent(NetLog::TYPE_EV_CERT_CT_COMPLIANCE_CHECKED, | 267 net_log.AddEvent(NetLog::TYPE_EV_CERT_CT_COMPLIANCE_CHECKED, |
268 net_log_callback); | 268 net_log_callback); |
269 | 269 |
270 if (!details.ct_presence_required) | 270 if (!details.ct_presence_required) |
271 return true; | 271 return true; |
272 | 272 |
273 if (!details.build_timely) | 273 if (!details.build_timely) |
274 return false; | 274 return false; |
275 | 275 |
276 LogCTComplianceStatusToUMA(details.status, ev_whitelist); | 276 LogCTComplianceStatusToUMA(details.status, ev_whitelist); |
277 | 277 |
278 if (details.status == CT_IN_WHITELIST || details.status == CT_ENOUGH_SCTS) | 278 if (details.status == CT_IN_WHITELIST || details.status == CT_ENOUGH_SCTS) |
279 return true; | 279 return true; |
280 | 280 |
281 return false; | 281 return false; |
282 } | 282 } |
283 | 283 |
284 } // namespace net | 284 } // namespace net |
OLD | NEW |