OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "base/metrics/histogram_macros.h" | 12 #include "base/metrics/histogram_macros.h" |
13 #include "base/profiler/scoped_tracker.h" | 13 #include "base/profiler/scoped_tracker.h" |
14 #include "base/stl_util.h" | 14 #include "base/stl_util.h" |
15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
16 #include "crypto/signature_verifier.h" | 16 #include "crypto/signature_verifier.h" |
| 17 #include "net/base/host_port_pair.h" |
17 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
18 #include "net/cert/asn1_util.h" | 19 #include "net/cert/asn1_util.h" |
19 #include "net/cert/cert_status_flags.h" | 20 #include "net/cert/cert_status_flags.h" |
20 #include "net/cert/cert_verifier.h" | 21 #include "net/cert/cert_verifier.h" |
21 #include "net/cert/cert_verify_result.h" | 22 #include "net/cert/cert_verify_result.h" |
22 #include "net/cert/x509_certificate.h" | 23 #include "net/cert/x509_certificate.h" |
23 #include "net/cert/x509_util.h" | 24 #include "net/cert/x509_util.h" |
24 #include "net/http/transport_security_state.h" | 25 #include "net/http/transport_security_state.h" |
25 #include "net/log/net_log.h" | 26 #include "net/log/net_log.h" |
26 #include "net/quic/crypto/crypto_protocol.h" | 27 #include "net/quic/crypto/crypto_protocol.h" |
(...skipping 209 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
236 base::Unretained(this)), | 237 base::Unretained(this)), |
237 &cert_verifier_request_, net_log_); | 238 &cert_verifier_request_, net_log_); |
238 } | 239 } |
239 | 240 |
240 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 241 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
241 cert_verifier_request_.reset(); | 242 cert_verifier_request_.reset(); |
242 | 243 |
243 const CertVerifyResult& cert_verify_result = | 244 const CertVerifyResult& cert_verify_result = |
244 verify_details_->cert_verify_result; | 245 verify_details_->cert_verify_result; |
245 const CertStatus cert_status = cert_verify_result.cert_status; | 246 const CertStatus cert_status = cert_verify_result.cert_status; |
| 247 // TODO(estark): replace 0 below with the port of the connection. |
246 if (transport_security_state_ && | 248 if (transport_security_state_ && |
247 (result == OK || | 249 (result == OK || |
248 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 250 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
249 !transport_security_state_->CheckPublicKeyPins( | 251 !transport_security_state_->CheckPublicKeyPins( |
250 hostname_, | 252 HostPortPair(hostname_, 0), |
251 cert_verify_result.is_issued_by_known_root, | 253 cert_verify_result.is_issued_by_known_root, |
252 cert_verify_result.public_key_hashes, | 254 cert_verify_result.public_key_hashes, cert_.get(), |
| 255 cert_verify_result.verified_cert.get(), |
| 256 TransportSecurityState::ENABLE_PIN_REPORTS, |
253 &verify_details_->pinning_failure_log)) { | 257 &verify_details_->pinning_failure_log)) { |
254 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 258 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
255 } | 259 } |
256 | 260 |
257 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 261 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
258 SSLConfigService::GetEVCertsWhitelist(); | 262 SSLConfigService::GetEVCertsWhitelist(); |
259 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && | 263 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && |
260 ev_whitelist->IsValid()) { | 264 ev_whitelist->IsValid()) { |
261 const SHA256HashValue fingerprint( | 265 const SHA256HashValue fingerprint( |
262 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); | 266 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); |
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
397 } | 401 } |
398 return status; | 402 return status; |
399 } | 403 } |
400 | 404 |
401 void ProofVerifierChromium::OnJobComplete(Job* job) { | 405 void ProofVerifierChromium::OnJobComplete(Job* job) { |
402 active_jobs_.erase(job); | 406 active_jobs_.erase(job); |
403 delete job; | 407 delete job; |
404 } | 408 } |
405 | 409 |
406 } // namespace net | 410 } // namespace net |
OLD | NEW |