Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(28)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.h

Issue 1454993002: QUIC - Code to verify SCT tag with certificate transparency verifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase with TOT - use scoped_refptr<const CTLogVerifier> Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_network_session.cc ('k') | net/quic/crypto/proof_verifier_chromium.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ 5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ 6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
7 7
8 #include <set> 8 #include <set>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
11 11
12 #include "base/basictypes.h" 12 #include "base/basictypes.h"
13 #include "base/compiler_specific.h" 13 #include "base/compiler_specific.h"
14 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/scoped_ptr.h"
15 #include "net/base/net_export.h" 15 #include "net/base/net_export.h"
16 #include "net/cert/cert_verify_result.h" 16 #include "net/cert/cert_verify_result.h"
17 #include "net/cert/ct_verify_result.h"
17 #include "net/cert/x509_certificate.h" 18 #include "net/cert/x509_certificate.h"
18 #include "net/log/net_log.h" 19 #include "net/log/net_log.h"
19 #include "net/quic/crypto/proof_verifier.h" 20 #include "net/quic/crypto/proof_verifier.h"
20 21
21 namespace net { 22 namespace net {
22 23
23 class CertPolicyEnforcer; 24 class CertPolicyEnforcer;
24 class CertVerifier; 25 class CertVerifier;
26 class CTVerifier;
25 class TransportSecurityState; 27 class TransportSecurityState;
26 28
27 // ProofVerifyDetailsChromium is the implementation-specific information that a 29 // ProofVerifyDetailsChromium is the implementation-specific information that a
28 // ProofVerifierChromium returns about a certificate verification. 30 // ProofVerifierChromium returns about a certificate verification.
29 class NET_EXPORT_PRIVATE ProofVerifyDetailsChromium 31 class NET_EXPORT_PRIVATE ProofVerifyDetailsChromium
30 : public ProofVerifyDetails { 32 : public ProofVerifyDetails {
31 public: 33 public:
32 34
33 // ProofVerifyDetails implementation 35 // ProofVerifyDetails implementation
34 ProofVerifyDetails* Clone() const override; 36 ProofVerifyDetails* Clone() const override;
35 37
36 CertVerifyResult cert_verify_result; 38 CertVerifyResult cert_verify_result;
39 ct::CTVerifyResult ct_verify_result;
37 40
38 // pinning_failure_log contains a message produced by 41 // pinning_failure_log contains a message produced by
39 // TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a 42 // TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a
40 // pinning failure. It is a (somewhat) human-readable string. 43 // pinning failure. It is a (somewhat) human-readable string.
41 std::string pinning_failure_log; 44 std::string pinning_failure_log;
42 }; 45 };
43 46
44 // ProofVerifyContextChromium is the implementation-specific information that a 47 // ProofVerifyContextChromium is the implementation-specific information that a
45 // ProofVerifierChromium needs in order to log correctly. 48 // ProofVerifierChromium needs in order to log correctly.
46 struct ProofVerifyContextChromium : public ProofVerifyContext { 49 struct ProofVerifyContextChromium : public ProofVerifyContext {
47 public: 50 public:
48 ProofVerifyContextChromium(int cert_verify_flags, const BoundNetLog& net_log) 51 ProofVerifyContextChromium(int cert_verify_flags, const BoundNetLog& net_log)
49 : cert_verify_flags(cert_verify_flags), net_log(net_log) {} 52 : cert_verify_flags(cert_verify_flags), net_log(net_log) {}
50 53
51 int cert_verify_flags; 54 int cert_verify_flags;
52 BoundNetLog net_log; 55 BoundNetLog net_log;
53 }; 56 };
54 57
55 // ProofVerifierChromium implements the QUIC ProofVerifier interface. It is 58 // ProofVerifierChromium implements the QUIC ProofVerifier interface. It is
56 // capable of handling multiple simultaneous requests. 59 // capable of handling multiple simultaneous requests.
57 class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier { 60 class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier {
58 public: 61 public:
59 ProofVerifierChromium(CertVerifier* cert_verifier, 62 ProofVerifierChromium(CertVerifier* cert_verifier,
60 CertPolicyEnforcer* cert_policy_enforcer, 63 CertPolicyEnforcer* cert_policy_enforcer,
61 TransportSecurityState* transport_security_state); 64 TransportSecurityState* transport_security_state,
65 CTVerifier* cert_transparency_verifier);
62 ~ProofVerifierChromium() override; 66 ~ProofVerifierChromium() override;
63 67
64 // ProofVerifier interface 68 // ProofVerifier interface
65 QuicAsyncStatus VerifyProof(const std::string& hostname, 69 QuicAsyncStatus VerifyProof(const std::string& hostname,
66 const std::string& server_config, 70 const std::string& server_config,
67 const std::vector<std::string>& certs, 71 const std::vector<std::string>& certs,
68 const std::string& cert_sct, 72 const std::string& cert_sct,
69 const std::string& signature, 73 const std::string& signature,
70 const ProofVerifyContext* verify_context, 74 const ProofVerifyContext* verify_context,
71 std::string* error_details, 75 std::string* error_details,
72 scoped_ptr<ProofVerifyDetails>* verify_details, 76 scoped_ptr<ProofVerifyDetails>* verify_details,
73 ProofVerifierCallback* callback) override; 77 ProofVerifierCallback* callback) override;
74 78
75 private: 79 private:
76 class Job; 80 class Job;
77 typedef std::set<Job*> JobSet; 81 typedef std::set<Job*> JobSet;
78 82
79 void OnJobComplete(Job* job); 83 void OnJobComplete(Job* job);
80 84
81 // Set owning pointers to active jobs. 85 // Set owning pointers to active jobs.
82 JobSet active_jobs_; 86 JobSet active_jobs_;
83 87
84 // Underlying verifier used to verify certificates. 88 // Underlying verifier used to verify certificates.
85 CertVerifier* const cert_verifier_; 89 CertVerifier* const cert_verifier_;
86 CertPolicyEnforcer* const cert_policy_enforcer_; 90 CertPolicyEnforcer* const cert_policy_enforcer_;
87 91
88 TransportSecurityState* const transport_security_state_; 92 TransportSecurityState* const transport_security_state_;
93 CTVerifier* const cert_transparency_verifier_;
89 94
90 DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium); 95 DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium);
91 }; 96 };
92 97
93 } // namespace net 98 } // namespace net
94 99
95 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ 100 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_
OLDNEW
« no previous file with comments | « net/http/http_network_session.cc ('k') | net/quic/crypto/proof_verifier_chromium.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698