net/quic/crypto/proof_verifier_chromium.cc - Issue 1211933005: Initial (partial) implementation of HPKP violation reporting

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 1211933005: Initial (partial) implementation of HPKP violation reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: style fixes, comments Created 5 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/proof_verifier_chromium.h"	5 #include "net/quic/crypto/proof_verifier_chromium.h"

6	6

7 #include "base/bind.h"	7 #include "base/bind.h"

8 #include "base/bind_helpers.h"	8 #include "base/bind_helpers.h"

9 #include "base/callback_helpers.h"	9 #include "base/callback_helpers.h"

10 #include "base/compiler_specific.h"	10 #include "base/compiler_specific.h"

(...skipping 219 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
230 base::Unretained(this)),	230 base::Unretained(this)),

231 &cert_verifier_request_, net_log_);	231 &cert_verifier_request_, net_log_);

232 }	232 }

233	233

234 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {	234 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {

235 cert_verifier_request_.reset();	235 cert_verifier_request_.reset();

236	236

237 const CertVerifyResult& cert_verify_result =	237 const CertVerifyResult& cert_verify_result =

238 verify_details_->cert_verify_result;	238 verify_details_->cert_verify_result;

239 const CertStatus cert_status = cert_verify_result.cert_status;	239 const CertStatus cert_status = cert_verify_result.cert_status;

	240 // TODO(estark): replace 0 below with the port that the connection was

	241 // made on.

240 if (transport_security_state_ &&	242 if (transport_security_state_ &&

241 (result == OK \|\|	243 (result == OK \|\|

242 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&	244 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&

243 !transport_security_state_->CheckPublicKeyPins(	245 !transport_security_state_->CheckPublicKeyPins(

244 hostname_,	246 hostname_, cert_verify_result.is_issued_by_known_root,

245 cert_verify_result.is_issued_by_known_root,	247 cert_verify_result.public_key_hashes, 0, cert_,

246 cert_verify_result.public_key_hashes,	248 cert_verify_result.verified_cert,

	249 TransportSecurityState::SEND_PUBLIC_KEY_PIN_REPORT,

247 &verify_details_->pinning_failure_log)) {	250 &verify_details_->pinning_failure_log)) {

248 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;	251 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;

249 }	252 }

250	253

251 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =	254 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =

252 SSLConfigService::GetEVCertsWhitelist();	255 SSLConfigService::GetEVCertsWhitelist();

253 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() &&	256 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() &&

254 ev_whitelist->IsValid()) {	257 ev_whitelist->IsValid()) {

255 const SHA256HashValue fingerprint(	258 const SHA256HashValue fingerprint(

256 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle()));	259 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle()));

(...skipping 135 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
392 }	395 }

393 return status;	396 return status;

394 }	397 }

395	398

396 void ProofVerifierChromium::OnJobComplete(Job* job) {	399 void ProofVerifierChromium::OnJobComplete(Job* job) {

397 active_jobs_.erase(job);	400 active_jobs_.erase(job);

398 delete job;	401 delete job;

399 }	402 }

400	403

401 } // namespace net	404 } // namespace net

OLD	NEW

« no previous file with comments | « net/net.gypi ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »