OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
11 #include "base/callback_helpers.h" | 11 #include "base/callback_helpers.h" |
12 #include "base/compiler_specific.h" | 12 #include "base/compiler_specific.h" |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/macros.h" | 14 #include "base/macros.h" |
15 #include "base/metrics/histogram_macros.h" | 15 #include "base/metrics/histogram_macros.h" |
16 #include "base/stl_util.h" | 16 #include "base/stl_util.h" |
17 #include "base/strings/stringprintf.h" | 17 #include "base/strings/stringprintf.h" |
18 #include "crypto/signature_verifier.h" | 18 #include "crypto/signature_verifier.h" |
19 #include "net/base/host_port_pair.h" | 19 #include "net/base/host_port_pair.h" |
20 #include "net/base/net_errors.h" | 20 #include "net/base/net_errors.h" |
21 #include "net/cert/asn1_util.h" | 21 #include "net/cert/asn1_util.h" |
22 #include "net/cert/cert_policy_enforcer.h" | |
23 #include "net/cert/cert_status_flags.h" | 22 #include "net/cert/cert_status_flags.h" |
24 #include "net/cert/cert_verifier.h" | 23 #include "net/cert/cert_verifier.h" |
25 #include "net/cert/cert_verify_result.h" | 24 #include "net/cert/cert_verify_result.h" |
| 25 #include "net/cert/ct_policy_enforcer.h" |
26 #include "net/cert/ct_verifier.h" | 26 #include "net/cert/ct_verifier.h" |
27 #include "net/cert/x509_certificate.h" | 27 #include "net/cert/x509_certificate.h" |
28 #include "net/cert/x509_util.h" | 28 #include "net/cert/x509_util.h" |
29 #include "net/http/transport_security_state.h" | 29 #include "net/http/transport_security_state.h" |
30 #include "net/log/net_log.h" | 30 #include "net/log/net_log.h" |
31 #include "net/quic/crypto/crypto_protocol.h" | 31 #include "net/quic/crypto/crypto_protocol.h" |
32 #include "net/ssl/ssl_config_service.h" | 32 #include "net/ssl/ssl_config_service.h" |
33 | 33 |
34 using base::StringPiece; | 34 using base::StringPiece; |
35 using base::StringPrintf; | 35 using base::StringPrintf; |
36 using std::string; | 36 using std::string; |
37 using std::vector; | 37 using std::vector; |
38 | 38 |
39 namespace net { | 39 namespace net { |
40 | 40 |
41 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const { | 41 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const { |
42 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium; | 42 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium; |
43 other->cert_verify_result = cert_verify_result; | 43 other->cert_verify_result = cert_verify_result; |
44 other->ct_verify_result = ct_verify_result; | 44 other->ct_verify_result = ct_verify_result; |
45 return other; | 45 return other; |
46 } | 46 } |
47 | 47 |
48 // A Job handles the verification of a single proof. It is owned by the | 48 // A Job handles the verification of a single proof. It is owned by the |
49 // ProofVerifier. If the verification can not complete synchronously, it | 49 // ProofVerifier. If the verification can not complete synchronously, it |
50 // will notify the ProofVerifier upon completion. | 50 // will notify the ProofVerifier upon completion. |
51 class ProofVerifierChromium::Job { | 51 class ProofVerifierChromium::Job { |
52 public: | 52 public: |
53 Job(ProofVerifierChromium* proof_verifier, | 53 Job(ProofVerifierChromium* proof_verifier, |
54 CertVerifier* cert_verifier, | 54 CertVerifier* cert_verifier, |
55 CertPolicyEnforcer* cert_policy_enforcer, | 55 CTPolicyEnforcer* ct_policy_enforcer, |
56 TransportSecurityState* transport_security_state, | 56 TransportSecurityState* transport_security_state, |
57 CTVerifier* cert_transparency_verifier, | 57 CTVerifier* cert_transparency_verifier, |
58 int cert_verify_flags, | 58 int cert_verify_flags, |
59 const BoundNetLog& net_log); | 59 const BoundNetLog& net_log); |
60 ~Job(); | 60 ~Job(); |
61 | 61 |
62 // Starts the proof verification. If |QUIC_PENDING| is returned, then | 62 // Starts the proof verification. If |QUIC_PENDING| is returned, then |
63 // |callback| will be invoked asynchronously when the verification completes. | 63 // |callback| will be invoked asynchronously when the verification completes. |
64 QuicAsyncStatus VerifyProof(const std::string& hostname, | 64 QuicAsyncStatus VerifyProof(const std::string& hostname, |
65 const std::string& server_config, | 65 const std::string& server_config, |
(...skipping 20 matching lines...) Expand all Loading... |
86 const std::string& signature, | 86 const std::string& signature, |
87 const std::string& cert); | 87 const std::string& cert); |
88 | 88 |
89 // Proof verifier to notify when this jobs completes. | 89 // Proof verifier to notify when this jobs completes. |
90 ProofVerifierChromium* proof_verifier_; | 90 ProofVerifierChromium* proof_verifier_; |
91 | 91 |
92 // The underlying verifier used for verifying certificates. | 92 // The underlying verifier used for verifying certificates. |
93 CertVerifier* verifier_; | 93 CertVerifier* verifier_; |
94 scoped_ptr<CertVerifier::Request> cert_verifier_request_; | 94 scoped_ptr<CertVerifier::Request> cert_verifier_request_; |
95 | 95 |
96 CertPolicyEnforcer* policy_enforcer_; | 96 CTPolicyEnforcer* policy_enforcer_; |
97 | 97 |
98 TransportSecurityState* transport_security_state_; | 98 TransportSecurityState* transport_security_state_; |
99 | 99 |
100 CTVerifier* cert_transparency_verifier_; | 100 CTVerifier* cert_transparency_verifier_; |
101 | 101 |
102 // |hostname| specifies the hostname for which |certs| is a valid chain. | 102 // |hostname| specifies the hostname for which |certs| is a valid chain. |
103 std::string hostname_; | 103 std::string hostname_; |
104 | 104 |
105 scoped_ptr<ProofVerifierCallback> callback_; | 105 scoped_ptr<ProofVerifierCallback> callback_; |
106 scoped_ptr<ProofVerifyDetailsChromium> verify_details_; | 106 scoped_ptr<ProofVerifyDetailsChromium> verify_details_; |
(...skipping 11 matching lines...) Expand all Loading... |
118 base::TimeTicks start_time_; | 118 base::TimeTicks start_time_; |
119 | 119 |
120 BoundNetLog net_log_; | 120 BoundNetLog net_log_; |
121 | 121 |
122 DISALLOW_COPY_AND_ASSIGN(Job); | 122 DISALLOW_COPY_AND_ASSIGN(Job); |
123 }; | 123 }; |
124 | 124 |
125 ProofVerifierChromium::Job::Job( | 125 ProofVerifierChromium::Job::Job( |
126 ProofVerifierChromium* proof_verifier, | 126 ProofVerifierChromium* proof_verifier, |
127 CertVerifier* cert_verifier, | 127 CertVerifier* cert_verifier, |
128 CertPolicyEnforcer* cert_policy_enforcer, | 128 CTPolicyEnforcer* ct_policy_enforcer, |
129 TransportSecurityState* transport_security_state, | 129 TransportSecurityState* transport_security_state, |
130 CTVerifier* cert_transparency_verifier, | 130 CTVerifier* cert_transparency_verifier, |
131 int cert_verify_flags, | 131 int cert_verify_flags, |
132 const BoundNetLog& net_log) | 132 const BoundNetLog& net_log) |
133 : proof_verifier_(proof_verifier), | 133 : proof_verifier_(proof_verifier), |
134 verifier_(cert_verifier), | 134 verifier_(cert_verifier), |
135 policy_enforcer_(cert_policy_enforcer), | 135 policy_enforcer_(ct_policy_enforcer), |
136 transport_security_state_(transport_security_state), | 136 transport_security_state_(transport_security_state), |
137 cert_transparency_verifier_(cert_transparency_verifier), | 137 cert_transparency_verifier_(cert_transparency_verifier), |
138 cert_verify_flags_(cert_verify_flags), | 138 cert_verify_flags_(cert_verify_flags), |
139 next_state_(STATE_NONE), | 139 next_state_(STATE_NONE), |
140 start_time_(base::TimeTicks::Now()), | 140 start_time_(base::TimeTicks::Now()), |
141 net_log_(net_log) {} | 141 net_log_(net_log) {} |
142 | 142 |
143 ProofVerifierChromium::Job::~Job() { | 143 ProofVerifierChromium::Job::~Job() { |
144 base::TimeTicks end_time = base::TimeTicks::Now(); | 144 base::TimeTicks end_time = base::TimeTicks::Now(); |
145 UMA_HISTOGRAM_TIMES("Net.QuicSession.VerifyProofTime", | 145 UMA_HISTOGRAM_TIMES("Net.QuicSession.VerifyProofTime", |
(...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
389 DLOG(WARNING) << "VerifyFinal failed"; | 389 DLOG(WARNING) << "VerifyFinal failed"; |
390 return false; | 390 return false; |
391 } | 391 } |
392 | 392 |
393 DVLOG(1) << "VerifyFinal success"; | 393 DVLOG(1) << "VerifyFinal success"; |
394 return true; | 394 return true; |
395 } | 395 } |
396 | 396 |
397 ProofVerifierChromium::ProofVerifierChromium( | 397 ProofVerifierChromium::ProofVerifierChromium( |
398 CertVerifier* cert_verifier, | 398 CertVerifier* cert_verifier, |
399 CertPolicyEnforcer* cert_policy_enforcer, | 399 CTPolicyEnforcer* ct_policy_enforcer, |
400 TransportSecurityState* transport_security_state, | 400 TransportSecurityState* transport_security_state, |
401 CTVerifier* cert_transparency_verifier) | 401 CTVerifier* cert_transparency_verifier) |
402 : cert_verifier_(cert_verifier), | 402 : cert_verifier_(cert_verifier), |
403 cert_policy_enforcer_(cert_policy_enforcer), | 403 ct_policy_enforcer_(ct_policy_enforcer), |
404 transport_security_state_(transport_security_state), | 404 transport_security_state_(transport_security_state), |
405 cert_transparency_verifier_(cert_transparency_verifier) {} | 405 cert_transparency_verifier_(cert_transparency_verifier) {} |
406 | 406 |
407 ProofVerifierChromium::~ProofVerifierChromium() { | 407 ProofVerifierChromium::~ProofVerifierChromium() { |
408 STLDeleteElements(&active_jobs_); | 408 STLDeleteElements(&active_jobs_); |
409 } | 409 } |
410 | 410 |
411 QuicAsyncStatus ProofVerifierChromium::VerifyProof( | 411 QuicAsyncStatus ProofVerifierChromium::VerifyProof( |
412 const std::string& hostname, | 412 const std::string& hostname, |
413 const std::string& server_config, | 413 const std::string& server_config, |
414 const std::vector<std::string>& certs, | 414 const std::vector<std::string>& certs, |
415 const std::string& cert_sct, | 415 const std::string& cert_sct, |
416 const std::string& signature, | 416 const std::string& signature, |
417 const ProofVerifyContext* verify_context, | 417 const ProofVerifyContext* verify_context, |
418 std::string* error_details, | 418 std::string* error_details, |
419 scoped_ptr<ProofVerifyDetails>* verify_details, | 419 scoped_ptr<ProofVerifyDetails>* verify_details, |
420 ProofVerifierCallback* callback) { | 420 ProofVerifierCallback* callback) { |
421 if (!verify_context) { | 421 if (!verify_context) { |
422 *error_details = "Missing context"; | 422 *error_details = "Missing context"; |
423 return QUIC_FAILURE; | 423 return QUIC_FAILURE; |
424 } | 424 } |
425 const ProofVerifyContextChromium* chromium_context = | 425 const ProofVerifyContextChromium* chromium_context = |
426 reinterpret_cast<const ProofVerifyContextChromium*>(verify_context); | 426 reinterpret_cast<const ProofVerifyContextChromium*>(verify_context); |
427 scoped_ptr<Job> job( | 427 scoped_ptr<Job> job( |
428 new Job(this, cert_verifier_, cert_policy_enforcer_, | 428 new Job(this, cert_verifier_, ct_policy_enforcer_, |
429 transport_security_state_, cert_transparency_verifier_, | 429 transport_security_state_, cert_transparency_verifier_, |
430 chromium_context->cert_verify_flags, chromium_context->net_log)); | 430 chromium_context->cert_verify_flags, chromium_context->net_log)); |
431 QuicAsyncStatus status = | 431 QuicAsyncStatus status = |
432 job->VerifyProof(hostname, server_config, certs, cert_sct, signature, | 432 job->VerifyProof(hostname, server_config, certs, cert_sct, signature, |
433 error_details, verify_details, callback); | 433 error_details, verify_details, callback); |
434 if (status == QUIC_PENDING) { | 434 if (status == QUIC_PENDING) { |
435 active_jobs_.insert(job.release()); | 435 active_jobs_.insert(job.release()); |
436 } | 436 } |
437 return status; | 437 return status; |
438 } | 438 } |
439 | 439 |
440 void ProofVerifierChromium::OnJobComplete(Job* job) { | 440 void ProofVerifierChromium::OnJobComplete(Job* job) { |
441 active_jobs_.erase(job); | 441 active_jobs_.erase(job); |
442 delete job; | 442 delete job; |
443 } | 443 } |
444 | 444 |
445 } // namespace net | 445 } // namespace net |
OLD | NEW |