OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
119 if (!stapled_ocsp_response.empty() && | 119 if (!stapled_ocsp_response.empty() && |
120 !cert->GetIntermediateCertificates().empty()) { | 120 !cert->GetIntermediateCertificates().empty()) { |
121 ct::ExtractSCTListFromOCSPResponse( | 121 ct::ExtractSCTListFromOCSPResponse( |
122 cert->GetIntermediateCertificates().front(), cert->serial_number(), | 122 cert->GetIntermediateCertificates().front(), cert->serial_number(), |
123 stapled_ocsp_response, &sct_list_from_ocsp); | 123 stapled_ocsp_response, &sct_list_from_ocsp); |
124 } | 124 } |
125 | 125 |
126 // Log to Net Log, after extracting SCTs but before possibly failing on | 126 // Log to Net Log, after extracting SCTs but before possibly failing on |
127 // X.509 entry creation. | 127 // X.509 entry creation. |
128 NetLog::ParametersCallback net_log_callback = | 128 NetLog::ParametersCallback net_log_callback = |
129 base::Bind(&NetLogRawSignedCertificateTimestampCallback, | 129 base::Bind(NetLogRawSignedCertificateTimestampCallback, &embedded_scts, |
130 &embedded_scts, &sct_list_from_ocsp, &sct_list_from_tls_extension); | 130 &sct_list_from_ocsp, &sct_list_from_tls_extension); |
131 | 131 |
132 net_log.AddEvent( | 132 net_log.AddEvent( |
133 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, | 133 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, |
134 net_log_callback); | 134 net_log_callback); |
135 | 135 |
136 ct::LogEntry x509_entry; | 136 ct::LogEntry x509_entry; |
137 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { | 137 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { |
138 has_verified_scts |= VerifySCTs( | 138 has_verified_scts |= VerifySCTs( |
139 sct_list_from_ocsp, | 139 sct_list_from_ocsp, |
140 x509_entry, | 140 x509_entry, |
141 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, | 141 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, |
142 result); | 142 result); |
143 | 143 |
144 has_verified_scts |= VerifySCTs( | 144 has_verified_scts |= VerifySCTs( |
145 sct_list_from_tls_extension, | 145 sct_list_from_tls_extension, |
146 x509_entry, | 146 x509_entry, |
147 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, | 147 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, |
148 result); | 148 result); |
149 } | 149 } |
150 | 150 |
151 NetLog::ParametersCallback net_log_checked_callback = | 151 NetLog::ParametersCallback net_log_checked_callback = |
152 base::Bind(&NetLogSignedCertificateTimestampCallback, result); | 152 base::Bind(NetLogSignedCertificateTimestampCallback, result); |
153 | 153 |
154 net_log.AddEvent( | 154 net_log.AddEvent( |
155 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, | 155 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, |
156 net_log_checked_callback); | 156 net_log_checked_callback); |
157 | 157 |
158 LogNumSCTsToUMA(*result); | 158 LogNumSCTsToUMA(*result); |
159 | 159 |
160 if (has_verified_scts) | 160 if (has_verified_scts) |
161 return OK; | 161 return OK; |
162 | 162 |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
227 LogSCTStatusToUMA(ct::SCT_STATUS_INVALID); | 227 LogSCTStatusToUMA(ct::SCT_STATUS_INVALID); |
228 return false; | 228 return false; |
229 } | 229 } |
230 | 230 |
231 LogSCTStatusToUMA(ct::SCT_STATUS_OK); | 231 LogSCTStatusToUMA(ct::SCT_STATUS_OK); |
232 result->verified_scts.push_back(sct); | 232 result->verified_scts.push_back(sct); |
233 return true; | 233 return true; |
234 } | 234 } |
235 | 235 |
236 } // namespace net | 236 } // namespace net |
OLD | NEW |