OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 16 matching lines...) Expand all Loading... |
27 #include "net/quic/crypto/crypto_protocol.h" | 27 #include "net/quic/crypto/crypto_protocol.h" |
28 #include "net/ssl/ssl_config_service.h" | 28 #include "net/ssl/ssl_config_service.h" |
29 | 29 |
30 using base::StringPiece; | 30 using base::StringPiece; |
31 using base::StringPrintf; | 31 using base::StringPrintf; |
32 using std::string; | 32 using std::string; |
33 using std::vector; | 33 using std::vector; |
34 | 34 |
35 namespace net { | 35 namespace net { |
36 | 36 |
| 37 ProofVerifyDetailsChromium::ProofVerifyDetailsChromium() |
| 38 : pkp_bypassed(false) {} |
| 39 |
| 40 ProofVerifyDetailsChromium::~ProofVerifyDetailsChromium() {} |
| 41 |
| 42 ProofVerifyDetailsChromium::ProofVerifyDetailsChromium( |
| 43 const ProofVerifyDetailsChromium&) = default; |
| 44 |
37 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const { | 45 ProofVerifyDetails* ProofVerifyDetailsChromium::Clone() const { |
38 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium; | 46 ProofVerifyDetailsChromium* other = new ProofVerifyDetailsChromium; |
39 other->cert_verify_result = cert_verify_result; | 47 other->cert_verify_result = cert_verify_result; |
40 other->ct_verify_result = ct_verify_result; | 48 other->ct_verify_result = ct_verify_result; |
41 return other; | 49 return other; |
42 } | 50 } |
43 | 51 |
44 // A Job handles the verification of a single proof. It is owned by the | 52 // A Job handles the verification of a single proof. It is owned by the |
45 // ProofVerifier. If the verification can not complete synchronously, it | 53 // ProofVerifier. If the verification can not complete synchronously, it |
46 // will notify the ProofVerifier upon completion. | 54 // will notify the ProofVerifier upon completion. |
(...skipping 281 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 if (transport_security_state_ && | 336 if (transport_security_state_ && |
329 (result == OK || | 337 (result == OK || |
330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 338 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
331 !transport_security_state_->CheckPublicKeyPins( | 339 !transport_security_state_->CheckPublicKeyPins( |
332 HostPortPair(hostname_, port_), | 340 HostPortPair(hostname_, port_), |
333 cert_verify_result.is_issued_by_known_root, | 341 cert_verify_result.is_issued_by_known_root, |
334 cert_verify_result.public_key_hashes, cert_.get(), | 342 cert_verify_result.public_key_hashes, cert_.get(), |
335 cert_verify_result.verified_cert.get(), | 343 cert_verify_result.verified_cert.get(), |
336 TransportSecurityState::ENABLE_PIN_REPORTS, | 344 TransportSecurityState::ENABLE_PIN_REPORTS, |
337 &verify_details_->pinning_failure_log)) { | 345 &verify_details_->pinning_failure_log)) { |
338 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 346 if (cert_verify_result.is_issued_by_known_root) |
| 347 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 348 else |
| 349 verify_details_->pkp_bypassed = true; |
339 } | 350 } |
340 | 351 |
341 if (result != OK) { | 352 if (result != OK) { |
342 std::string error_string = ErrorToString(result); | 353 std::string error_string = ErrorToString(result); |
343 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 354 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
344 error_string.c_str()); | 355 error_string.c_str()); |
345 DLOG(WARNING) << error_details_; | 356 DLOG(WARNING) << error_details_; |
346 } | 357 } |
347 | 358 |
348 // Exit DoLoop and return the result to the caller to VerifyProof. | 359 // Exit DoLoop and return the result to the caller to VerifyProof. |
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
465 } | 476 } |
466 return status; | 477 return status; |
467 } | 478 } |
468 | 479 |
469 void ProofVerifierChromium::OnJobComplete(Job* job) { | 480 void ProofVerifierChromium::OnJobComplete(Job* job) { |
470 active_jobs_.erase(job); | 481 active_jobs_.erase(job); |
471 delete job; | 482 delete job; |
472 } | 483 } |
473 | 484 |
474 } // namespace net | 485 } // namespace net |
OLD | NEW |