OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 271 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
282 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 282 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
283 cert_verifier_request_.reset(); | 283 cert_verifier_request_.reset(); |
284 | 284 |
285 const CertVerifyResult& cert_verify_result = | 285 const CertVerifyResult& cert_verify_result = |
286 verify_details_->cert_verify_result; | 286 verify_details_->cert_verify_result; |
287 const CertStatus cert_status = cert_verify_result.cert_status; | 287 const CertStatus cert_status = cert_verify_result.cert_status; |
288 verify_details_->ct_verify_result.ct_policies_applied = | 288 verify_details_->ct_verify_result.ct_policies_applied = |
289 (result == OK && policy_enforcer_ != nullptr); | 289 (result == OK && policy_enforcer_ != nullptr); |
290 verify_details_->ct_verify_result.ev_policy_compliance = | 290 verify_details_->ct_verify_result.ev_policy_compliance = |
291 ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; | 291 ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; |
292 if (result == OK && policy_enforcer_ && | 292 if (result == OK && policy_enforcer_) { |
293 (cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { | 293 if ((cert_verify_result.cert_status & CERT_STATUS_IS_EV)) { |
294 ct::EVPolicyCompliance ev_policy_compliance = | 294 ct::EVPolicyCompliance ev_policy_compliance = |
295 policy_enforcer_->DoesConformToCTEVPolicy( | 295 policy_enforcer_->DoesConformToCTEVPolicy( |
| 296 cert_verify_result.verified_cert.get(), |
| 297 SSLConfigService::GetEVCertsWhitelist().get(), |
| 298 verify_details_->ct_verify_result.verified_scts, net_log_); |
| 299 verify_details_->ct_verify_result.ev_policy_compliance = |
| 300 ev_policy_compliance; |
| 301 if (ev_policy_compliance != |
| 302 ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY && |
| 303 ev_policy_compliance != |
| 304 ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST && |
| 305 ev_policy_compliance != |
| 306 ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) { |
| 307 verify_details_->cert_verify_result.cert_status |= |
| 308 CERT_STATUS_CT_COMPLIANCE_FAILED; |
| 309 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; |
| 310 } |
| 311 } |
| 312 |
| 313 verify_details_->ct_verify_result.cert_policy_compliance = |
| 314 policy_enforcer_->DoesConformToCertPolicy( |
296 cert_verify_result.verified_cert.get(), | 315 cert_verify_result.verified_cert.get(), |
297 SSLConfigService::GetEVCertsWhitelist().get(), | |
298 verify_details_->ct_verify_result.verified_scts, net_log_); | 316 verify_details_->ct_verify_result.verified_scts, net_log_); |
299 verify_details_->ct_verify_result.ev_policy_compliance = | |
300 ev_policy_compliance; | |
301 if (ev_policy_compliance != | |
302 ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY && | |
303 ev_policy_compliance != | |
304 ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST && | |
305 ev_policy_compliance != | |
306 ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS) { | |
307 verify_details_->cert_verify_result.cert_status |= | |
308 CERT_STATUS_CT_COMPLIANCE_FAILED; | |
309 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; | |
310 } | |
311 } | 317 } |
312 | 318 |
313 // TODO(estark): replace 0 below with the port of the connection. | 319 // TODO(estark): replace 0 below with the port of the connection. |
314 if (transport_security_state_ && | 320 if (transport_security_state_ && |
315 (result == OK || | 321 (result == OK || |
316 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 322 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
317 !transport_security_state_->CheckPublicKeyPins( | 323 !transport_security_state_->CheckPublicKeyPins( |
318 HostPortPair(hostname_, 0), | 324 HostPortPair(hostname_, 0), |
319 cert_verify_result.is_issued_by_known_root, | 325 cert_verify_result.is_issued_by_known_root, |
320 cert_verify_result.public_key_hashes, cert_.get(), | 326 cert_verify_result.public_key_hashes, cert_.get(), |
(...skipping 129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
450 } | 456 } |
451 return status; | 457 return status; |
452 } | 458 } |
453 | 459 |
454 void ProofVerifierChromium::OnJobComplete(Job* job) { | 460 void ProofVerifierChromium::OnJobComplete(Job* job) { |
455 active_jobs_.erase(job); | 461 active_jobs_.erase(job); |
456 delete job; | 462 delete job; |
457 } | 463 } |
458 | 464 |
459 } // namespace net | 465 } // namespace net |
OLD | NEW |