| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> |
| 8 |
| 7 #include "base/bind.h" | 9 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 9 #include "base/callback_helpers.h" | 11 #include "base/callback_helpers.h" |
| 10 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
| 11 #include "base/logging.h" | 13 #include "base/logging.h" |
| 12 #include "base/macros.h" | 14 #include "base/macros.h" |
| 13 #include "base/metrics/histogram_macros.h" | 15 #include "base/metrics/histogram_macros.h" |
| 14 #include "base/stl_util.h" | 16 #include "base/stl_util.h" |
| 15 #include "base/strings/stringprintf.h" | 17 #include "base/strings/stringprintf.h" |
| 16 #include "crypto/signature_verifier.h" | 18 #include "crypto/signature_verifier.h" |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 DLOG(DFATAL) << *error_details; | 171 DLOG(DFATAL) << *error_details; |
| 170 return QUIC_FAILURE; | 172 return QUIC_FAILURE; |
| 171 } | 173 } |
| 172 | 174 |
| 173 verify_details_.reset(new ProofVerifyDetailsChromium); | 175 verify_details_.reset(new ProofVerifyDetailsChromium); |
| 174 | 176 |
| 175 if (certs.empty()) { | 177 if (certs.empty()) { |
| 176 *error_details = "Failed to create certificate chain. Certs are empty."; | 178 *error_details = "Failed to create certificate chain. Certs are empty."; |
| 177 DLOG(WARNING) << *error_details; | 179 DLOG(WARNING) << *error_details; |
| 178 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 180 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 179 *verify_details = verify_details_.Pass(); | 181 *verify_details = std::move(verify_details_); |
| 180 return QUIC_FAILURE; | 182 return QUIC_FAILURE; |
| 181 } | 183 } |
| 182 | 184 |
| 183 // Convert certs to X509Certificate. | 185 // Convert certs to X509Certificate. |
| 184 vector<StringPiece> cert_pieces(certs.size()); | 186 vector<StringPiece> cert_pieces(certs.size()); |
| 185 for (unsigned i = 0; i < certs.size(); i++) { | 187 for (unsigned i = 0; i < certs.size(); i++) { |
| 186 cert_pieces[i] = base::StringPiece(certs[i]); | 188 cert_pieces[i] = base::StringPiece(certs[i]); |
| 187 } | 189 } |
| 188 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); | 190 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); |
| 189 if (!cert_.get()) { | 191 if (!cert_.get()) { |
| 190 *error_details = "Failed to create certificate chain"; | 192 *error_details = "Failed to create certificate chain"; |
| 191 DLOG(WARNING) << *error_details; | 193 DLOG(WARNING) << *error_details; |
| 192 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 194 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 193 *verify_details = verify_details_.Pass(); | 195 *verify_details = std::move(verify_details_); |
| 194 return QUIC_FAILURE; | 196 return QUIC_FAILURE; |
| 195 } | 197 } |
| 196 | 198 |
| 197 if (cert_transparency_verifier_ && !cert_sct.empty()) { | 199 if (cert_transparency_verifier_ && !cert_sct.empty()) { |
| 198 // Note that this is a completely synchronous operation: The CT Log Verifier | 200 // Note that this is a completely synchronous operation: The CT Log Verifier |
| 199 // gets all the data it needs for SCT verification and does not do any | 201 // gets all the data it needs for SCT verification and does not do any |
| 200 // external communication. | 202 // external communication. |
| 201 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, | 203 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, |
| 202 &verify_details_->ct_verify_result, | 204 &verify_details_->ct_verify_result, |
| 203 net_log_); | 205 net_log_); |
| 204 } | 206 } |
| 205 | 207 |
| 206 // We call VerifySignature first to avoid copying of server_config and | 208 // We call VerifySignature first to avoid copying of server_config and |
| 207 // signature. | 209 // signature. |
| 208 if (!VerifySignature(server_config, signature, certs[0])) { | 210 if (!VerifySignature(server_config, signature, certs[0])) { |
| 209 *error_details = "Failed to verify signature of server config"; | 211 *error_details = "Failed to verify signature of server config"; |
| 210 DLOG(WARNING) << *error_details; | 212 DLOG(WARNING) << *error_details; |
| 211 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 213 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 212 *verify_details = verify_details_.Pass(); | 214 *verify_details = std::move(verify_details_); |
| 213 return QUIC_FAILURE; | 215 return QUIC_FAILURE; |
| 214 } | 216 } |
| 215 | 217 |
| 216 hostname_ = hostname; | 218 hostname_ = hostname; |
| 217 | 219 |
| 218 next_state_ = STATE_VERIFY_CERT; | 220 next_state_ = STATE_VERIFY_CERT; |
| 219 switch (DoLoop(OK)) { | 221 switch (DoLoop(OK)) { |
| 220 case OK: | 222 case OK: |
| 221 *verify_details = verify_details_.Pass(); | 223 *verify_details = std::move(verify_details_); |
| 222 return QUIC_SUCCESS; | 224 return QUIC_SUCCESS; |
| 223 case ERR_IO_PENDING: | 225 case ERR_IO_PENDING: |
| 224 callback_.reset(callback); | 226 callback_.reset(callback); |
| 225 return QUIC_PENDING; | 227 return QUIC_PENDING; |
| 226 default: | 228 default: |
| 227 *error_details = error_details_; | 229 *error_details = error_details_; |
| 228 *verify_details = verify_details_.Pass(); | 230 *verify_details = std::move(verify_details_); |
| 229 return QUIC_FAILURE; | 231 return QUIC_FAILURE; |
| 230 } | 232 } |
| 231 } | 233 } |
| 232 | 234 |
| 233 int ProofVerifierChromium::Job::DoLoop(int last_result) { | 235 int ProofVerifierChromium::Job::DoLoop(int last_result) { |
| 234 int rv = last_result; | 236 int rv = last_result; |
| 235 do { | 237 do { |
| 236 State state = next_state_; | 238 State state = next_state_; |
| 237 next_state_ = STATE_NONE; | 239 next_state_ = STATE_NONE; |
| 238 switch (state) { | 240 switch (state) { |
| (...skipping 10 matching lines...) Expand all Loading... |
| 249 LOG(DFATAL) << "unexpected state " << state; | 251 LOG(DFATAL) << "unexpected state " << state; |
| 250 break; | 252 break; |
| 251 } | 253 } |
| 252 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); | 254 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); |
| 253 return rv; | 255 return rv; |
| 254 } | 256 } |
| 255 | 257 |
| 256 void ProofVerifierChromium::Job::OnIOComplete(int result) { | 258 void ProofVerifierChromium::Job::OnIOComplete(int result) { |
| 257 int rv = DoLoop(result); | 259 int rv = DoLoop(result); |
| 258 if (rv != ERR_IO_PENDING) { | 260 if (rv != ERR_IO_PENDING) { |
| 259 scoped_ptr<ProofVerifierCallback> callback(callback_.Pass()); | 261 scoped_ptr<ProofVerifierCallback> callback(std::move(callback_)); |
| 260 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium. | 262 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium. |
| 261 scoped_ptr<ProofVerifyDetails> verify_details(verify_details_.Pass()); | 263 scoped_ptr<ProofVerifyDetails> verify_details(std::move(verify_details_)); |
| 262 callback->Run(rv == OK, error_details_, &verify_details); | 264 callback->Run(rv == OK, error_details_, &verify_details); |
| 263 // Will delete |this|. | 265 // Will delete |this|. |
| 264 proof_verifier_->OnJobComplete(this); | 266 proof_verifier_->OnJobComplete(this); |
| 265 } | 267 } |
| 266 } | 268 } |
| 267 | 269 |
| 268 int ProofVerifierChromium::Job::DoVerifyCert(int result) { | 270 int ProofVerifierChromium::Job::DoVerifyCert(int result) { |
| 269 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 271 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
| 270 | 272 |
| 271 return verifier_->Verify( | 273 return verifier_->Verify( |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 434 } | 436 } |
| 435 return status; | 437 return status; |
| 436 } | 438 } |
| 437 | 439 |
| 438 void ProofVerifierChromium::OnJobComplete(Job* job) { | 440 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 439 active_jobs_.erase(job); | 441 active_jobs_.erase(job); |
| 440 delete job; | 442 delete job; |
| 441 } | 443 } |
| 442 | 444 |
| 443 } // namespace net | 445 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1545233002:
Convert Pass()→std::move() in //net (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master