| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "base/prefs/pref_service.h" |
| 9 #include "chrome/browser/browser_process.h" |
| 10 #include "chrome/browser/profiles/profile.h" |
| 11 #include "chrome/browser/profiles/profile_manager.h" |
| 12 #include "chrome/common/pref_names.h" |
| 13 #include "content/public/browser/browser_thread.h" |
| 14 #include "net/base/net_errors.h" |
| 15 #include "net/cert/cert_verify_proc.h" |
| 16 #include "net/cert/multi_threaded_cert_verifier.h" |
| 17 |
| 18 namespace policy { |
| 19 |
| 20 namespace { |
| 21 |
| 22 void TaintProfile(void* profile_ptr) { |
| 23 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); |
| 24 Profile* profile = reinterpret_cast<Profile*>(profile_ptr); |
| 25 if (!g_browser_process->profile_manager()->IsValidProfile(profile)) |
| 26 return; |
| 27 profile->GetPrefs()->SetBoolean(prefs::kUsedPolicyCertificatesOnce, true); |
| 28 } |
| 29 |
| 30 void MaybeTaintProfile(const net::CertVerifyResult& verify_result, |
| 31 void* profile) { |
| 32 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 33 if (verify_result.is_issued_by_additional_trust_anchor) { |
| 34 content::BrowserThread::PostTask(content::BrowserThread::UI, FROM_HERE, |
| 35 base::Bind(&TaintProfile, profile)); |
| 36 } |
| 37 } |
| 38 |
| 39 void CallbackWrapper(void* profile, |
| 40 const net::CertVerifyResult* verify_result, |
| 41 const net::CompletionCallback& original_callback, |
| 42 int error) { |
| 43 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 44 if (error == net::OK) |
| 45 MaybeTaintProfile(*verify_result, profile); |
| 46 if (!original_callback.is_null()) |
| 47 original_callback.Run(error); |
| 48 } |
| 49 |
| 50 } // namespace |
| 51 |
| 52 PolicyCertVerifier::PolicyCertVerifier( |
| 53 void* profile, |
| 54 net::CertTrustAnchorProvider* trust_anchor_provider) |
| 55 : profile_(profile) { |
| 56 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 57 net::MultiThreadedCertVerifier* verifier = |
| 58 new net::MultiThreadedCertVerifier(net::CertVerifyProc::CreateDefault()); |
| 59 verifier->SetCertTrustAnchorProvider(trust_anchor_provider); |
| 60 delegate_.reset(verifier); |
| 61 } |
| 62 |
| 63 PolicyCertVerifier::~PolicyCertVerifier() { |
| 64 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 65 } |
| 66 |
| 67 int PolicyCertVerifier::Verify(net::X509Certificate* cert, |
| 68 const std::string& hostname, |
| 69 int flags, |
| 70 net::CRLSet* crl_set, |
| 71 net::CertVerifyResult* verify_result, |
| 72 const net::CompletionCallback& callback, |
| 73 RequestHandle* out_req, |
| 74 const net::BoundNetLog& net_log) { |
| 75 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 76 net::CompletionCallback wrapped_callback = |
| 77 base::Bind(&CallbackWrapper, profile_, verify_result, callback); |
| 78 int error = delegate_->Verify(cert, hostname, flags, crl_set, verify_result, |
| 79 wrapped_callback, out_req, net_log); |
| 80 if (error == net::OK) |
| 81 MaybeTaintProfile(*verify_result, profile_); |
| 82 return error; |
| 83 } |
| 84 |
| 85 void PolicyCertVerifier::CancelRequest(RequestHandle req) { |
| 86 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO)); |
| 87 delegate_->CancelRequest(req); |
| 88 } |
| 89 |
| 90 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13035003:
Added a PolicyCertVerifier that uses the trust anchors from the ONC policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src