net/quic/crypto/proof_verifier_chromium.cc - Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins

Side by Side Diff: net/quic/crypto/proof_verifier_chromium.cc

Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add comments Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/proof_verifier_chromium.h"	5 #include "net/quic/crypto/proof_verifier_chromium.h"

6	6

7 #include <utility>	7 #include <utility>

8	8

9 #include "base/bind.h"	9 #include "base/bind.h"

10 #include "base/bind_helpers.h"	10 #include "base/bind_helpers.h"

(...skipping 318 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
329 }	329 }

330	330

331 verify_details_->ct_verify_result.cert_policy_compliance =	331 verify_details_->ct_verify_result.cert_policy_compliance =

332 policy_enforcer_->DoesConformToCertPolicy(	332 policy_enforcer_->DoesConformToCertPolicy(

333 cert_verify_result.verified_cert.get(),	333 cert_verify_result.verified_cert.get(),

334 verify_details_->ct_verify_result.verified_scts, net_log_);	334 verify_details_->ct_verify_result.verified_scts, net_log_);

335 }	335 }

336	336

337 if (transport_security_state_ &&	337 if (transport_security_state_ &&

338 (result == OK \|\|	338 (result == OK \|\|

339 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&	339 (IsCertificateError(result) && IsCertStatusMinorError(cert_status)))) {

340 !transport_security_state_->CheckPublicKeyPins(	340 TransportSecurityState::PKPStatus pin_validity =

341 HostPortPair(hostname_, port_),	341 transport_security_state_->CheckPublicKeyPins(

342 cert_verify_result.is_issued_by_known_root,	342 HostPortPair(hostname_, port_),

343 cert_verify_result.public_key_hashes, cert_.get(),	343 cert_verify_result.is_issued_by_known_root,

344 cert_verify_result.verified_cert.get(),	344 cert_verify_result.public_key_hashes, cert_.get(),

345 TransportSecurityState::ENABLE_PIN_REPORTS,	345 cert_verify_result.verified_cert.get(),

346 &verify_details_->pinning_failure_log)) {	346 TransportSecurityState::ENABLE_PIN_REPORTS,

347 if (cert_verify_result.is_issued_by_known_root)	347 &verify_details_->pinning_failure_log);

348 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;	348 switch (pin_validity) {

349 else	349 case TransportSecurityState::PKPStatus::VIOLATED:

350 verify_details_->pkp_bypassed = true;	350 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;

	351 break;

	352 case TransportSecurityState::PKPStatus::BYPASSED:

	353 // BYPASSED is treated the same as OK
	Ryan Sleevi 2016/06/21 00:35:22 STYLE: Should be a complete sentence, with punctua STYLE: Should be a complete sentence, with punctuation. dadrian 2016/06/21 17:59:50 Done. Show quoted text On 2016/06/21 00:35:22, Ryan Sleevi wrote: > STYLE: Should be a complete sentence, with punctuation. Done.
	354 verify_details_->pkp_bypassed = true;

	355 break;
	Ryan Sleevi 2016/06/21 00:35:22 Still nervous about the claim "is" on line 353, si Still nervous about the claim "is" on line 353, since that's not what the code is doing structurally. Really it's a question of omitting the break or not, and https://google.github.io/styleguide/cppguide.html#Loops_and_Switch_Statements totally allows it to be omitted. dadrian 2016/06/21 17:59:50 Done. Show quoted text On 2016/06/21 00:35:22, Ryan Sleevi wrote: > Still nervous about the claim "is" on line 353, since that's not what the code > is doing structurally. > > Really it's a question of omitting the break or not, and > https://google.github.io/styleguide/cppguide.html#Loops_and_Switch_Statements > totally allows it to be omitted. Done.
	356 case TransportSecurityState::PKPStatus::OK:

	357 // Do nothing.

	358 break;

	359 }

351 }	360 }

352	361

353 if (result != OK) {	362 if (result != OK) {

354 std::string error_string = ErrorToString(result);	363 std::string error_string = ErrorToString(result);

355 error_details_ = StringPrintf("Failed to verify certificate chain: %s",	364 error_details_ = StringPrintf("Failed to verify certificate chain: %s",

356 error_string.c_str());	365 error_string.c_str());

357 DLOG(WARNING) << error_details_;	366 DLOG(WARNING) << error_details_;

358 }	367 }

359	368

360 // Exit DoLoop and return the result to the caller to VerifyProof.	369 // Exit DoLoop and return the result to the caller to VerifyProof.

(...skipping 116 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
477 }	486 }

478 return status;	487 return status;

479 }	488 }

480	489

481 void ProofVerifierChromium::OnJobComplete(Job* job) {	490 void ProofVerifierChromium::OnJobComplete(Job* job) {

482 active_jobs_.erase(job);	491 active_jobs_.erase(job);

483 delete job;	492 delete job;

484 }	493 }

485	494

486 } // namespace net	495 } // namespace net

OLD	NEW

« net/http/transport_security_state.cc ('K') | « net/http/transport_security_state_unittest.cc ('k') | net/socket/ssl_client_socket_impl.cc » ('j') | no next file with comments »