Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.h" | 5 #include "chrome/browser/extensions/api/gcd_private/privet_v3_context_getter.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "chrome/common/chrome_content_client.h" | 8 #include "chrome/common/chrome_content_client.h" |
| 9 #include "chrome/common/chrome_switches.h" | 9 #include "chrome/common/chrome_switches.h" |
| 10 #include "net/base/net_errors.h" | 10 #include "net/base/net_errors.h" |
| (...skipping 14 matching lines...) Expand all Loading... | |
| 25 | 25 |
| 26 int Verify(net::X509Certificate* cert, | 26 int Verify(net::X509Certificate* cert, |
| 27 const std::string& hostname, | 27 const std::string& hostname, |
| 28 const std::string& ocsp_response, | 28 const std::string& ocsp_response, |
| 29 int flags, | 29 int flags, |
| 30 net::CRLSet* crl_set, | 30 net::CRLSet* crl_set, |
| 31 net::CertVerifyResult* verify_result, | 31 net::CertVerifyResult* verify_result, |
| 32 const net::CompletionCallback& callback, | 32 const net::CompletionCallback& callback, |
| 33 scoped_ptr<Request>* out_req, | 33 scoped_ptr<Request>* out_req, |
| 34 const net::BoundNetLog& net_log) override { | 34 const net::BoundNetLog& net_log) override { |
| 35 // Mark certificate as invalid as we didn't check it. | |
| 36 verify_result->Reset(); | 35 verify_result->Reset(); |
| 37 verify_result->verified_cert = cert; | 36 verify_result->verified_cert = cert; |
| 38 verify_result->cert_status = net::CERT_STATUS_INVALID; | |
| 39 | 37 |
| 40 auto it = fingerprints_.find(hostname); | 38 // Because no trust anchor checking is being performed, don't indicate that |
| 41 if (it == fingerprints_.end()) | 39 // it came from an OS-trusted root. |
| 42 return net::ERR_CERT_INVALID; | 40 verify_result->is_issued_by_known_root = false; |
| 41 // Because no trust anchor checking is being performed, don't indicate that | |
| 42 // it came from a supplemental trust anchor. | |
| 43 verify_result->is_issued_by_additional_trust_anchor = false; | |
| 44 // Because no name checking is being performed, don't indicate that it the | |
| 45 // common name was used. | |
| 46 verify_result->common_name_fallback_used = false; | |
| 47 // Because the signature is not checked, do not indicate any deprecated | |
| 48 // signature algorithms were used, even if they might be present. | |
| 49 verify_result->has_md2 = false; | |
| 50 verify_result->has_md4 = false; | |
| 51 verify_result->has_md5 = false; | |
| 52 verify_result->has_sha1 = false; | |
| 53 verify_result->has_sha1_leaf = false; | |
| 54 // Because no chain hashes calculation is being performed, keep hashes | |
| 55 // container clean. | |
| 56 verify_result->public_key_hashes.clear(); | |
|
Vitaly Buka (NO REVIEWS)
2015/11/17 00:08:14
Default implementation calculates hashes for certs
| |
| 43 | 57 |
| 44 auto fingerprint = | 58 verify_result->cert_status = CheckFingerprint(cert, hostname) |
| 45 net::X509Certificate::CalculateFingerprint256(cert->os_cert_handle()); | 59 ? 0 |
| 46 return it->second.Equals(fingerprint) ? net::OK : net::ERR_CERT_INVALID; | 60 : net::CERT_STATUS_AUTHORITY_INVALID; |
| 61 return net::IsCertStatusError(verify_result->cert_status) | |
| 62 ? net::MapCertStatusToNetError(verify_result->cert_status) | |
| 63 : net::OK; | |
| 47 } | 64 } |
| 48 | 65 |
| 49 void AddPairedHost(const std::string& host, | 66 void AddPairedHost(const std::string& host, |
| 50 const net::SHA256HashValue& certificate_fingerprint) { | 67 const net::SHA256HashValue& certificate_fingerprint) { |
| 51 fingerprints_[host] = certificate_fingerprint; | 68 fingerprints_[host] = certificate_fingerprint; |
| 52 } | 69 } |
| 53 | 70 |
| 54 private: | 71 private: |
| 72 bool CheckFingerprint(net::X509Certificate* cert, | |
| 73 const std::string& hostname) const { | |
| 74 auto it = fingerprints_.find(hostname); | |
| 75 if (it == fingerprints_.end()) | |
| 76 return false; | |
| 77 | |
| 78 return it->second.Equals( | |
| 79 net::X509Certificate::CalculateFingerprint256(cert->os_cert_handle())); | |
| 80 } | |
| 81 | |
| 55 std::map<std::string, net::SHA256HashValue> fingerprints_; | 82 std::map<std::string, net::SHA256HashValue> fingerprints_; |
| 56 | 83 |
| 57 DISALLOW_COPY_AND_ASSIGN(CertVerifier); | 84 DISALLOW_COPY_AND_ASSIGN(CertVerifier); |
| 58 }; | 85 }; |
| 59 | 86 |
| 60 PrivetV3ContextGetter::PrivetV3ContextGetter( | 87 PrivetV3ContextGetter::PrivetV3ContextGetter( |
| 61 const scoped_refptr<base::SingleThreadTaskRunner>& net_task_runner) | 88 const scoped_refptr<base::SingleThreadTaskRunner>& net_task_runner) |
| 62 : net_task_runner_(net_task_runner), weak_ptr_factory_(this) { | 89 : net_task_runner_(net_task_runner), weak_ptr_factory_(this) { |
| 63 CHECK(base::CommandLine::ForCurrentProcess()->HasSwitch( | 90 CHECK(base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 64 switches::kEnablePrivetV3)); | 91 switches::kEnablePrivetV3)); |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 104 const net::SHA256HashValue& certificate_fingerprint) { | 131 const net::SHA256HashValue& certificate_fingerprint) { |
| 105 InitOnNetThread(); | 132 InitOnNetThread(); |
| 106 cert_verifier_->AddPairedHost(host, certificate_fingerprint); | 133 cert_verifier_->AddPairedHost(host, certificate_fingerprint); |
| 107 } | 134 } |
| 108 | 135 |
| 109 PrivetV3ContextGetter::~PrivetV3ContextGetter() { | 136 PrivetV3ContextGetter::~PrivetV3ContextGetter() { |
| 110 DCHECK(net_task_runner_->BelongsToCurrentThread()); | 137 DCHECK(net_task_runner_->BelongsToCurrentThread()); |
| 111 } | 138 } |
| 112 | 139 |
| 113 } // namespace extensions | 140 } // namespace extensions |
| OLD | NEW |