OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ct_policy_enforcer.h" | 5 #include "net/cert/ct_policy_enforcer.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <utility> | 8 #include <utility> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
254 std::string truncated_fp = | 254 std::string truncated_fp = |
255 std::string(reinterpret_cast<const char*>(fingerprint.data), 8); | 255 std::string(reinterpret_cast<const char*>(fingerprint.data), 8); |
256 cert_in_ev_whitelist = ev_whitelist->ContainsCertificateHash(truncated_fp); | 256 cert_in_ev_whitelist = ev_whitelist->ContainsCertificateHash(truncated_fp); |
257 | 257 |
258 UMA_HISTOGRAM_BOOLEAN("Net.SSL_EVCertificateInWhitelist", | 258 UMA_HISTOGRAM_BOOLEAN("Net.SSL_EVCertificateInWhitelist", |
259 cert_in_ev_whitelist); | 259 cert_in_ev_whitelist); |
260 } | 260 } |
261 return cert_in_ev_whitelist; | 261 return cert_in_ev_whitelist; |
262 } | 262 } |
263 | 263 |
264 void CheckCTEVPolicyCompliance(X509Certificate* cert, | 264 void CheckCTPolicyCompliance(X509Certificate* cert, |
Ryan Sleevi
2016/01/12 21:24:56
git cl format
| |
265 const ct::EVCertsWhitelist* ev_whitelist, | 265 const ct::EVCertsWhitelist* ev_whitelist, |
266 const ct::CTVerifyResult& ct_result, | 266 const ct::CTVerifyResult& ct_result, |
267 ComplianceDetails* result) { | 267 ComplianceDetails* result) { |
268 result->ct_presence_required = true; | 268 result->ct_presence_required = true; |
269 | 269 |
270 if (!IsBuildTimely()) | 270 if (!IsBuildTimely()) |
271 return; | 271 return; |
272 result->build_timely = true; | 272 result->build_timely = true; |
273 | 273 |
274 if (ev_whitelist && ev_whitelist->IsValid()) | 274 if (ev_whitelist && ev_whitelist->IsValid()) |
(...skipping 14 matching lines...) Expand all Loading... | |
289 !HasEnoughDiverseSCTs(ct_result.verified_scts)) { | 289 !HasEnoughDiverseSCTs(ct_result.verified_scts)) { |
290 result->status = CT_NOT_ENOUGH_DIVERSE_SCTS; | 290 result->status = CT_NOT_ENOUGH_DIVERSE_SCTS; |
291 return; | 291 return; |
292 } | 292 } |
293 | 293 |
294 result->status = CT_ENOUGH_SCTS; | 294 result->status = CT_ENOUGH_SCTS; |
295 } | 295 } |
296 | 296 |
297 } // namespace | 297 } // namespace |
298 | 298 |
299 bool CTPolicyEnforcer::DoesConformToCTEVPolicy( | 299 bool CTPolicyEnforcer::DoesConformToCTPolicy( |
300 X509Certificate* cert, | 300 X509Certificate* cert, |
301 const ct::EVCertsWhitelist* ev_whitelist, | 301 const ct::EVCertsWhitelist* ev_whitelist, |
302 const ct::CTVerifyResult& ct_result, | 302 const ct::CTVerifyResult& ct_result, |
303 const BoundNetLog& net_log) { | 303 const BoundNetLog& net_log) { |
304 ComplianceDetails details; | 304 ComplianceDetails details; |
305 | 305 |
306 CheckCTEVPolicyCompliance(cert, ev_whitelist, ct_result, &details); | 306 CheckCTPolicyCompliance(cert, ev_whitelist, ct_result, &details); |
307 | 307 |
308 NetLog::ParametersCallback net_log_callback = | 308 NetLog::ParametersCallback net_log_callback = |
309 base::Bind(&NetLogComplianceCheckResultCallback, base::Unretained(cert), | 309 base::Bind(&NetLogComplianceCheckResultCallback, base::Unretained(cert), |
310 base::Unretained(&details)); | 310 base::Unretained(&details)); |
311 | 311 |
312 net_log.AddEvent(NetLog::TYPE_EV_CERT_CT_COMPLIANCE_CHECKED, | 312 net_log.AddEvent(NetLog::TYPE_EV_CERT_CT_COMPLIANCE_CHECKED, |
313 net_log_callback); | 313 net_log_callback); |
314 | 314 |
315 if (!details.ct_presence_required) | 315 if (!details.ct_presence_required) |
316 return true; | 316 return true; |
317 | 317 |
318 if (!details.build_timely) | 318 if (!details.build_timely) |
319 return false; | 319 return false; |
320 | 320 |
321 LogCTComplianceStatusToUMA(details.status, ev_whitelist); | 321 LogCTComplianceStatusToUMA(details.status, ev_whitelist); |
322 | 322 |
323 if (details.status == CT_IN_WHITELIST || details.status == CT_ENOUGH_SCTS) | 323 if (details.status == CT_IN_WHITELIST || details.status == CT_ENOUGH_SCTS) |
324 return true; | 324 return true; |
325 | 325 |
326 return false; | 326 return false; |
327 } | 327 } |
328 | 328 |
329 } // namespace net | 329 } // namespace net |
OLD | NEW |