net/quic/crypto/proof_verifier_chromium.cc - Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/proof_verifier_chromium.h"	5 #include "net/quic/crypto/proof_verifier_chromium.h"

6	6

7 #include <utility>	7 #include <utility>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "base/bind_helpers.h"	10 #include "base/bind_helpers.h"

(...skipping 318 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
329 }	329 }

330	330

331 verify_details_->ct_verify_result.cert_policy_compliance =	331 verify_details_->ct_verify_result.cert_policy_compliance =

332 policy_enforcer_->DoesConformToCertPolicy(	332 policy_enforcer_->DoesConformToCertPolicy(

333 cert_verify_result.verified_cert.get(),	333 cert_verify_result.verified_cert.get(),

334 verify_details_->ct_verify_result.verified_scts, net_log_);	334 verify_details_->ct_verify_result.verified_scts, net_log_);

335 }	335 }

336	336

337 if (transport_security_state_ &&	337 if (transport_security_state_ &&

338 (result == OK \|\|	338 (result == OK \|\|

339 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&	339 (IsCertificateError(result) && IsCertStatusMinorError(cert_status)))) {

340 !transport_security_state_->CheckPublicKeyPins(	340 TransportSecurityState::PKPStatus pin_validity =

341 HostPortPair(hostname_, port_),	341 transport_security_state_->CheckPublicKeyPins(

342 cert_verify_result.is_issued_by_known_root,	342 HostPortPair(hostname_, port_),

343 cert_verify_result.public_key_hashes, cert_.get(),	343 cert_verify_result.is_issued_by_known_root,

344 cert_verify_result.verified_cert.get(),	344 cert_verify_result.public_key_hashes, cert_.get(),

345 TransportSecurityState::ENABLE_PIN_REPORTS,	345 cert_verify_result.verified_cert.get(),

346 &verify_details_->pinning_failure_log)) {	346 TransportSecurityState::ENABLE_PIN_REPORTS,

347 if (cert_verify_result.is_issued_by_known_root)	347 &verify_details_->pinning_failure_log);

348 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;	348 switch (pin_validity) {

349 else	349 case TransportSecurityState::PKPStatus::VIOLATED:

350 verify_details_->pkp_bypassed = true;	350 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;

	351 break;

	352 case TransportSecurityState::PKPStatus::BYPASSED:

	353 verify_details_->pkp_bypassed = true;

	354 break;
	Ryan Sleevi 2016/06/15 02:04:03 Should this be an explicit/intentional // Fall th Should this be an explicit/intentional // Fall through rather than break; So that it's clear we're treating bypassed as equal to OK dadrian 2016/06/15 02:47:55 I'm wary of using any non-empty fall through, just Show quoted text On 2016/06/15 02:04:03, Ryan Sleevi wrote: > Should this be an explicit/intentional > > // Fall through > > rather than break; > > So that it's clear we're treating bypassed as equal to OK I'm wary of using any non-empty fall through, just in a case a future enum value is added. Instead, we could add a comment indicating we're treating bypass as equal to OK.
	355 case TransportSecurityState::PKPStatus::OK:

	356 // Do nothing.

	357 break;

	358 }

351 }	359 }

352	360

353 if (result != OK) {	361 if (result != OK) {

354 std::string error_string = ErrorToString(result);	362 std::string error_string = ErrorToString(result);

355 error_details_ = StringPrintf("Failed to verify certificate chain: %s",	363 error_details_ = StringPrintf("Failed to verify certificate chain: %s",

356 error_string.c_str());	364 error_string.c_str());

357 DLOG(WARNING) << error_details_;	365 DLOG(WARNING) << error_details_;

358 }	366 }

359	367

360 // Exit DoLoop and return the result to the caller to VerifyProof.	368 // Exit DoLoop and return the result to the caller to VerifyProof.

(...skipping 116 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
477 }	485 }

478 return status;	486 return status;

479 }	487 }

480	488

481 void ProofVerifierChromium::OnJobComplete(Job* job) {	489 void ProofVerifierChromium::OnJobComplete(Job* job) {

482 active_jobs_.erase(job);	490 active_jobs_.erase(job);

483 delete job;	491 delete job;

484 }	492 }

485	493

486 } // namespace net	494 } // namespace net

OLD	NEW

« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | net/socket/ssl_client_socket_impl.cc » ('j') | no next file with comments »