| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 #include "net/quic/crypto/crypto_protocol.h" | 27 #include "net/quic/crypto/crypto_protocol.h" |
| 28 #include "net/ssl/ssl_config_service.h" | 28 #include "net/ssl/ssl_config_service.h" |
| 29 | 29 |
| 30 using base::StringPiece; | 30 using base::StringPiece; |
| 31 using base::StringPrintf; | 31 using base::StringPrintf; |
| 32 using std::string; | 32 using std::string; |
| 33 using std::vector; | 33 using std::vector; |
| 34 | 34 |
| 35 namespace net { | 35 namespace net { |
| 36 | 36 |
| 37 ProofVerifyDetailsChromium::ProofVerifyDetailsChromium() |
| 38 : pkp_bypassed(false) {} |
| 39 |
| 40 ProofVerifyDetailsChromium::~ProofVerifyDetailsChromium() {} |
| 41 |
| 42 ProofVerifyDetailsChromium::ProofVerifyDetailsChromium( |
| 43 const ProofVerifyDetailsChromium&) = default; |
| 44 |
| 37 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const { | 45 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const { |
| 38 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium; | 46 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium; |
| 39 other->cert_verify_result = cert_verify_result; | 47 other->cert_verify_result = cert_verify_result; |
| 40 other->ct_verify_result = ct_verify_result; | 48 other->ct_verify_result = ct_verify_result; |
| 41 return other; | 49 return other; |
| 42 } | 50 } |
| 43 | 51 |
| 44 // A Job handles the verification of a single proof. It is owned by the | 52 // A Job handles the verification of a single proof. It is owned by the |
| 45 // ProofVerifier. If the verification can not complete synchronously, it | 53 // ProofVerifier. If the verification can not complete synchronously, it |
| 46 // will notify the ProofVerifier upon completion. | 54 // will notify the ProofVerifier upon completion. |
| (...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 328 if (transport_security_state_ && | 336 if (transport_security_state_ && |
| 329 (result == OK || | 337 (result == OK || |
| 330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 338 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 331 !transport_security_state_->CheckPublicKeyPins( | 339 !transport_security_state_->CheckPublicKeyPins( |
| 332 HostPortPair(hostname_, port_), | 340 HostPortPair(hostname_, port_), |
| 333 cert_verify_result.is_issued_by_known_root, | 341 cert_verify_result.is_issued_by_known_root, |
| 334 cert_verify_result.public_key_hashes, cert_.get(), | 342 cert_verify_result.public_key_hashes, cert_.get(), |
| 335 cert_verify_result.verified_cert.get(), | 343 cert_verify_result.verified_cert.get(), |
| 336 TransportSecurityState::ENABLE_PIN_REPORTS, | 344 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 337 &verify_details_->pinning_failure_log)) { | 345 &verify_details_->pinning_failure_log)) { |
| 338 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 346 if (cert_verify_result.is_issued_by_known_root) |
| 347 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 348 else |
| 349 verify_details_->pkp_bypassed = true; |
| 339 } | 350 } |
| 340 | 351 |
| 341 if (result != OK) { | 352 if (result != OK) { |
| 342 std::string error_string = ErrorToString(result); | 353 std::string error_string = ErrorToString(result); |
| 343 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 354 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
| 344 error_string.c_str()); | 355 error_string.c_str()); |
| 345 DLOG(WARNING) << error_details_; | 356 DLOG(WARNING) << error_details_; |
| 346 } | 357 } |
| 347 | 358 |
| 348 // Exit DoLoop and return the result to the caller to VerifyProof. | 359 // Exit DoLoop and return the result to the caller to VerifyProof. |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 465 } | 476 } |
| 466 return status; | 477 return status; |
| 467 } | 478 } |
| 468 | 479 |
| 469 void ProofVerifierChromium::OnJobComplete(Job* job) { | 480 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 470 active_jobs_.erase(job); | 481 active_jobs_.erase(job); |
| 471 delete job; | 482 delete job; |
| 472 } | 483 } |
| 473 | 484 |
| 474 } // namespace net | 485 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2016143002:
Expose when PKP is bypassed in SSLInfo. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master