net/quic/quic_chromium_client_session.cc - Issue 1454993002: QUIC - Code to verify SCT tag with certificate transparency verifier

Side by Side Diff: net/quic/quic_chromium_client_session.cc

Issue 1454993002: QUIC - Code to verify SCT tag with certificate transparency verifier (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/quic_chromium_client_session.h"	5 #include "net/quic/quic_chromium_client_session.h"

6	6

7 #include "base/callback_helpers.h"	7 #include "base/callback_helpers.h"

8 #include "base/location.h"	8 #include "base/location.h"

9 #include "base/metrics/histogram_macros.h"	9 #include "base/metrics/histogram_macros.h"

10 #include "base/metrics/sparse_histogram.h"	10 #include "base/metrics/sparse_histogram.h"

11 #include "base/single_thread_task_runner.h"	11 #include "base/single_thread_task_runner.h"

12 #include "base/stl_util.h"	12 #include "base/stl_util.h"

13 #include "base/strings/string_number_conversions.h"	13 #include "base/strings/string_number_conversions.h"

14 #include "base/thread_task_runner_handle.h"	14 #include "base/thread_task_runner_handle.h"

15 #include "base/values.h"	15 #include "base/values.h"

16 #include "net/base/io_buffer.h"	16 #include "net/base/io_buffer.h"

17 #include "net/base/net_errors.h"	17 #include "net/base/net_errors.h"

18 #include "net/base/network_activity_monitor.h"	18 #include "net/base/network_activity_monitor.h"

	19 #include "net/cert/cert_verify_result.h"

19 #include "net/http/transport_security_state.h"	20 #include "net/http/transport_security_state.h"

20 #include "net/quic/crypto/proof_verifier_chromium.h"	21 #include "net/quic/crypto/proof_verifier_chromium.h"

21 #include "net/quic/crypto/quic_server_info.h"	22 #include "net/quic/crypto/quic_server_info.h"

22 #include "net/quic/quic_connection_helper.h"	23 #include "net/quic/quic_connection_helper.h"

23 #include "net/quic/quic_crypto_client_stream_factory.h"	24 #include "net/quic/quic_crypto_client_stream_factory.h"

24 #include "net/quic/quic_server_id.h"	25 #include "net/quic/quic_server_id.h"

25 #include "net/quic/quic_stream_factory.h"	26 #include "net/quic/quic_stream_factory.h"

26 #include "net/spdy/spdy_session.h"	27 #include "net/spdy/spdy_session.h"

27 #include "net/ssl/channel_id_service.h"	28 #include "net/ssl/channel_id_service.h"

28 #include "net/ssl/ssl_connection_status_flags.h"	29 #include "net/ssl/ssl_connection_status_flags.h"

(...skipping 464 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
493 ssl_info->public_key_hashes = cert_verify_result_->public_key_hashes;	494 ssl_info->public_key_hashes = cert_verify_result_->public_key_hashes;

494 ssl_info->is_issued_by_known_root =	495 ssl_info->is_issued_by_known_root =

495 cert_verify_result_->is_issued_by_known_root;	496 cert_verify_result_->is_issued_by_known_root;

496	497

497 ssl_info->connection_status = ssl_connection_status;	498 ssl_info->connection_status = ssl_connection_status;

498 ssl_info->client_cert_sent = false;	499 ssl_info->client_cert_sent = false;

499 ssl_info->channel_id_sent = crypto_stream_->WasChannelIDSent();	500 ssl_info->channel_id_sent = crypto_stream_->WasChannelIDSent();

500 ssl_info->security_bits = security_bits;	501 ssl_info->security_bits = security_bits;

501 ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL;	502 ssl_info->handshake_type = SSLInfo::HANDSHAKE_FULL;

502 ssl_info->pinning_failure_log = pinning_failure_log_;	503 ssl_info->pinning_failure_log = pinning_failure_log_;

	504

	505 // TODO(rtenneti): Move the following code into ssl_util.cc a new file.
	Ryan Hamilton 2015/11/18 20:57:26 +1. Or, it could be a static method of SSLInfo: S +1. Or, it could be a static method of SSLInfo: SSLInfo::UpdateSignedCertificateTimestamps(info, ct_verify_result_); ramant (doing other things) 2015/11/21 00:27:03 Done. Show quoted text On 2015/11/18 20:57:26, Ryan Hamilton wrote: > +1. Or, it could be a static method of SSLInfo: > > SSLInfo::UpdateSignedCertificateTimestamps(info, ct_verify_result_); > Done.
	506 for (ct::SCTList::const_iterator iter =

	507 ct_verify_result_->verified_scts.begin();

	508 iter != ct_verify_result_->verified_scts.end(); ++iter) {
	Ryan Hamilton 2015/11/18 20:57:26 Can you use a c++11 range based for loop here: fo Can you use a c++11 range based for loop here: for (const auto& sct : ct_verify_result_->verified_scts) { ssl_info->signed_certificate_timestamps.push_back( SignedCertificateTimestampAndStatus(sct, ct::SCT_STATUS_OK)); } ramant (doing other things) 2015/11/21 00:27:03 Done. Show quoted text On 2015/11/18 20:57:26, Ryan Hamilton wrote: > Can you use a c++11 range based for loop here: > > for (const auto& sct : ct_verify_result_->verified_scts) { > ssl_info->signed_certificate_timestamps.push_back( > SignedCertificateTimestampAndStatus(sct, ct::SCT_STATUS_OK)); > } Done.
	509 ssl_info->signed_certificate_timestamps.push_back(

	510 SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_OK));

	511 }

	512 for (ct::SCTList::const_iterator iter =

	513 ct_verify_result_->invalid_scts.begin();

	514 iter != ct_verify_result_->invalid_scts.end(); ++iter) {

	515 ssl_info->signed_certificate_timestamps.push_back(

	516 SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_INVALID));

	517 }

	518 for (ct::SCTList::const_iterator iter =

	519 ct_verify_result_->unknown_logs_scts.begin();

	520 iter != ct_verify_result_->unknown_logs_scts.end(); ++iter) {

	521 ssl_info->signed_certificate_timestamps.push_back(

	522 SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_LOG_UNKNOWN));

	523 }

	524

503 return true;	525 return true;

504 }	526 }

505	527

506 int QuicChromiumClientSession::CryptoConnect(	528 int QuicChromiumClientSession::CryptoConnect(

507 bool require_confirmation,	529 bool require_confirmation,

508 const CompletionCallback& callback) {	530 const CompletionCallback& callback) {

509 require_confirmation_ = require_confirmation;	531 require_confirmation_ = require_confirmation;

510 handshake_start_ = base::TimeTicks::Now();	532 handshake_start_ = base::TimeTicks::Now();

511 RecordHandshakeState(STATE_STARTED);	533 RecordHandshakeState(STATE_STARTED);

512 DCHECK(flow_controller());	534 DCHECK(flow_controller());

(...skipping 280 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
793 }	815 }

794	816

795 void QuicChromiumClientSession::OnProofVerifyDetailsAvailable(	817 void QuicChromiumClientSession::OnProofVerifyDetailsAvailable(

796 const ProofVerifyDetails& verify_details) {	818 const ProofVerifyDetails& verify_details) {

797 const ProofVerifyDetailsChromium* verify_details_chromium =	819 const ProofVerifyDetailsChromium* verify_details_chromium =

798 reinterpret_cast<const ProofVerifyDetailsChromium*>(&verify_details);	820 reinterpret_cast<const ProofVerifyDetailsChromium*>(&verify_details);

799 CertVerifyResult* result_copy = new CertVerifyResult;	821 CertVerifyResult* result_copy = new CertVerifyResult;

800 result_copy->CopyFrom(verify_details_chromium->cert_verify_result);	822 result_copy->CopyFrom(verify_details_chromium->cert_verify_result);

801 cert_verify_result_.reset(result_copy);	823 cert_verify_result_.reset(result_copy);

802 pinning_failure_log_ = verify_details_chromium->pinning_failure_log;	824 pinning_failure_log_ = verify_details_chromium->pinning_failure_log;

	825 ct::CTVerifyResult* ct_verify_result_copy = new ct::CTVerifyResult;

	826 *ct_verify_result_copy = verify_details_chromium->ct_verify_result;

	827 ct_verify_result_.reset(ct_verify_result_copy);

803 logger_->OnCertificateVerified(*cert_verify_result_);	828 logger_->OnCertificateVerified(*cert_verify_result_);

804 }	829 }

805	830

806 void QuicChromiumClientSession::StartReading() {	831 void QuicChromiumClientSession::StartReading() {

807 packet_reader_.StartReading();	832 packet_reader_.StartReading();

808 }	833 }

809	834

810 void QuicChromiumClientSession::CloseSessionOnError(int error,	835 void QuicChromiumClientSession::CloseSessionOnError(int error,

811 QuicErrorCode quic_error) {	836 QuicErrorCode quic_error) {

812 RecordAndCloseSessionOnError(error, quic_error);	837 RecordAndCloseSessionOnError(error, quic_error);

(...skipping 150 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
963 return;	988 return;

964	989

965 // TODO(rch): re-enable this code once beta is cut.	990 // TODO(rch): re-enable this code once beta is cut.

966 // if (stream_factory_)	991 // if (stream_factory_)

967 // stream_factory_->OnSessionConnectTimeout(this);	992 // stream_factory_->OnSessionConnectTimeout(this);

968 // CloseAllStreams(ERR_QUIC_HANDSHAKE_FAILED);	993 // CloseAllStreams(ERR_QUIC_HANDSHAKE_FAILED);

969 // DCHECK_EQ(0u, GetNumOpenStreams());	994 // DCHECK_EQ(0u, GetNumOpenStreams());

970 }	995 }

971	996

972 } // namespace net	997 } // namespace net

OLD	NEW