OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
230 base::Unretained(this)), | 230 base::Unretained(this)), |
231 &cert_verifier_request_, net_log_); | 231 &cert_verifier_request_, net_log_); |
232 } | 232 } |
233 | 233 |
234 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 234 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
235 cert_verifier_request_.reset(); | 235 cert_verifier_request_.reset(); |
236 | 236 |
237 const CertVerifyResult& cert_verify_result = | 237 const CertVerifyResult& cert_verify_result = |
238 verify_details_->cert_verify_result; | 238 verify_details_->cert_verify_result; |
239 const CertStatus cert_status = cert_verify_result.cert_status; | 239 const CertStatus cert_status = cert_verify_result.cert_status; |
| 240 // TODO(estark): replace 0 below with the port that the connection was |
| 241 // made on. |
240 if (transport_security_state_ && | 242 if (transport_security_state_ && |
241 (result == OK || | 243 (result == OK || |
242 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 244 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
243 !transport_security_state_->CheckPublicKeyPins( | 245 !transport_security_state_->CheckPublicKeyPins( |
244 hostname_, | 246 hostname_, cert_verify_result.is_issued_by_known_root, |
245 cert_verify_result.is_issued_by_known_root, | 247 cert_verify_result.public_key_hashes, 0, cert_, |
246 cert_verify_result.public_key_hashes, | 248 cert_verify_result.verified_cert, |
| 249 TransportSecurityState::SEND_PUBLIC_KEY_PIN_REPORT, |
247 &verify_details_->pinning_failure_log)) { | 250 &verify_details_->pinning_failure_log)) { |
248 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 251 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
249 } | 252 } |
250 | 253 |
251 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 254 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
252 SSLConfigService::GetEVCertsWhitelist(); | 255 SSLConfigService::GetEVCertsWhitelist(); |
253 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && | 256 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && |
254 ev_whitelist->IsValid()) { | 257 ev_whitelist->IsValid()) { |
255 const SHA256HashValue fingerprint( | 258 const SHA256HashValue fingerprint( |
256 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); | 259 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); |
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
392 } | 395 } |
393 return status; | 396 return status; |
394 } | 397 } |
395 | 398 |
396 void ProofVerifierChromium::OnJobComplete(Job* job) { | 399 void ProofVerifierChromium::OnJobComplete(Job* job) { |
397 active_jobs_.erase(job); | 400 active_jobs_.erase(job); |
398 delete job; | 401 delete job; |
399 } | 402 } |
400 | 403 |
401 } // namespace net | 404 } // namespace net |
OLD | NEW |