Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(387)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 1212613004: Build and send HPKP violation reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: remove unnecessary net::'s Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/proof_verifier_chromium.h" 5 #include "net/quic/crypto/proof_verifier_chromium.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
11 #include "base/logging.h" 11 #include "base/logging.h"
12 #include "base/metrics/histogram_macros.h" 12 #include "base/metrics/histogram_macros.h"
13 #include "base/profiler/scoped_tracker.h" 13 #include "base/profiler/scoped_tracker.h"
14 #include "base/stl_util.h" 14 #include "base/stl_util.h"
15 #include "base/strings/stringprintf.h" 15 #include "base/strings/stringprintf.h"
16 #include "crypto/signature_verifier.h" 16 #include "crypto/signature_verifier.h"
17 #include "net/base/host_port_pair.h"
17 #include "net/base/net_errors.h" 18 #include "net/base/net_errors.h"
18 #include "net/cert/asn1_util.h" 19 #include "net/cert/asn1_util.h"
19 #include "net/cert/cert_status_flags.h" 20 #include "net/cert/cert_status_flags.h"
20 #include "net/cert/cert_verifier.h" 21 #include "net/cert/cert_verifier.h"
21 #include "net/cert/cert_verify_result.h" 22 #include "net/cert/cert_verify_result.h"
22 #include "net/cert/x509_certificate.h" 23 #include "net/cert/x509_certificate.h"
23 #include "net/cert/x509_util.h" 24 #include "net/cert/x509_util.h"
24 #include "net/http/transport_security_state.h" 25 #include "net/http/transport_security_state.h"
25 #include "net/log/net_log.h" 26 #include "net/log/net_log.h"
26 #include "net/quic/crypto/crypto_protocol.h" 27 #include "net/quic/crypto/crypto_protocol.h"
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after
236 base::Unretained(this)), 237 base::Unretained(this)),
237 &cert_verifier_request_, net_log_); 238 &cert_verifier_request_, net_log_);
238 } 239 }
239 240
240 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { 241 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) {
241 cert_verifier_request_.reset(); 242 cert_verifier_request_.reset();
242 243
243 const CertVerifyResult& cert_verify_result = 244 const CertVerifyResult& cert_verify_result =
244 verify_details_->cert_verify_result; 245 verify_details_->cert_verify_result;
245 const CertStatus cert_status = cert_verify_result.cert_status; 246 const CertStatus cert_status = cert_verify_result.cert_status;
247 // TODO(estark): replace 0 below with the port of the connection.
246 if (transport_security_state_ && 248 if (transport_security_state_ &&
247 (result == OK || 249 (result == OK ||
248 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 250 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
249 !transport_security_state_->CheckPublicKeyPins( 251 !transport_security_state_->CheckPublicKeyPins(
250 hostname_, 252 HostPortPair(hostname_, 0),
251 cert_verify_result.is_issued_by_known_root, 253 cert_verify_result.is_issued_by_known_root,
252 cert_verify_result.public_key_hashes, 254 cert_verify_result.public_key_hashes, cert_.get(),
255 cert_verify_result.verified_cert.get(),
256 TransportSecurityState::ENABLE_PIN_REPORTS,
253 &verify_details_->pinning_failure_log)) { 257 &verify_details_->pinning_failure_log)) {
254 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 258 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
255 } 259 }
256 260
257 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = 261 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
258 SSLConfigService::GetEVCertsWhitelist(); 262 SSLConfigService::GetEVCertsWhitelist();
259 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && 263 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() &&
260 ev_whitelist->IsValid()) { 264 ev_whitelist->IsValid()) {
261 const SHA256HashValue fingerprint( 265 const SHA256HashValue fingerprint(
262 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); 266 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle()));
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
397 } 401 }
398 return status; 402 return status;
399 } 403 }
400 404
401 void ProofVerifierChromium::OnJobComplete(Job* job) { 405 void ProofVerifierChromium::OnJobComplete(Job* job) {
402 active_jobs_.erase(job); 406 active_jobs_.erase(job);
403 delete job; 407 delete job;
404 } 408 }
405 409
406 } // namespace net 410 } // namespace net
OLDNEW
« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698