Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Set CERT_STATUS_PINNED_KEY_MISSING Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/transport_security_state_unittest.cc ('k') | net/socket/ssl_client_socket_impl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/proof_verifier_chromium.h" 5 #include "net/quic/crypto/proof_verifier_chromium.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/bind_helpers.h" 10 #include "base/bind_helpers.h"
(...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after
332 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; 332 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV;
333 } 333 }
334 } 334 }
335 335
336 verify_details_->ct_verify_result.cert_policy_compliance = 336 verify_details_->ct_verify_result.cert_policy_compliance =
337 policy_enforcer_->DoesConformToCertPolicy( 337 policy_enforcer_->DoesConformToCertPolicy(
338 cert_verify_result.verified_cert.get(), 338 cert_verify_result.verified_cert.get(),
339 verify_details_->ct_verify_result.verified_scts, net_log_); 339 verify_details_->ct_verify_result.verified_scts, net_log_);
340 } 340 }
341 341
342 if ((result == OK || 342 if (transport_security_state_ &&
343 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 343 (result == OK ||
344 !transport_security_state_->CheckPublicKeyPins( 344 (IsCertificateError(result) && IsCertStatusMinorError(cert_status)))) {
345 HostPortPair(hostname_, port_), 345 TransportSecurityState::PKPStatus pin_validity =
346 cert_verify_result.is_issued_by_known_root, 346 transport_security_state_->CheckPublicKeyPins(
347 cert_verify_result.public_key_hashes, cert_.get(), 347 HostPortPair(hostname_, port_),
348 cert_verify_result.verified_cert.get(), 348 cert_verify_result.is_issued_by_known_root,
349 TransportSecurityState::ENABLE_PIN_REPORTS, 349 cert_verify_result.public_key_hashes, cert_.get(),
350 &verify_details_->pinning_failure_log)) { 350 cert_verify_result.verified_cert.get(),
351 if (cert_verify_result.is_issued_by_known_root) { 351 TransportSecurityState::ENABLE_PIN_REPORTS,
352 verify_details_->cert_verify_result.cert_status |= 352 &verify_details_->pinning_failure_log);
353 CERT_STATUS_PINNED_KEY_MISSING; 353 switch (pin_validity) {
354 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 354 case TransportSecurityState::PKPStatus::VIOLATED:
355 } else { 355 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
356 verify_details_->pkp_bypassed = true; 356 verify_details_->cert_verify_result.cert_status |=
357 CERT_STATUS_PINNED_KEY_MISSING;
358 break;
359 case TransportSecurityState::PKPStatus::BYPASSED:
360 verify_details_->pkp_bypassed = true;
361 // Fall through.
362 case TransportSecurityState::PKPStatus::OK:
363 // Do nothing.
364 break;
357 } 365 }
358 } 366 }
359 367
360 if (result != OK) { 368 if (result != OK) {
361 std::string error_string = ErrorToString(result); 369 std::string error_string = ErrorToString(result);
362 error_details_ = StringPrintf("Failed to verify certificate chain: %s", 370 error_details_ = StringPrintf("Failed to verify certificate chain: %s",
363 error_string.c_str()); 371 error_string.c_str());
364 DLOG(WARNING) << error_details_; 372 DLOG(WARNING) << error_details_;
365 } 373 }
366 374
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after
489 } 497 }
490 return status; 498 return status;
491 } 499 }
492 500
493 void ProofVerifierChromium::OnJobComplete(Job* job) { 501 void ProofVerifierChromium::OnJobComplete(Job* job) {
494 active_jobs_.erase(job); 502 active_jobs_.erase(job);
495 delete job; 503 delete job;
496 } 504 }
497 505
498 } // namespace net 506 } // namespace net
OLDNEW
« no previous file with comments | « net/http/transport_security_state_unittest.cc ('k') | net/socket/ssl_client_socket_impl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698