Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_log_ct_verifier.cc

Issue 2208073002: DO NOT REVIEW: Certificate Transparency: Extend SCT verify result enum. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: CT: Formatting and compilation fixes. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/cert/ct_verify_result.h ('K') | « net/cert/ct_verify_result.h ('k') | net/cert/sct_status_flags.h » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/multi_log_ct_verifier.h" 5 #include "net/cert/multi_log_ct_verifier.h"
6 6
7 #include <vector> 7 #include <vector>
8 #include <utility>
8 9
9 #include "base/bind.h" 10 #include "base/bind.h"
10 #include "base/callback_helpers.h" 11 #include "base/callback_helpers.h"
11 #include "base/metrics/histogram_macros.h" 12 #include "base/metrics/histogram_macros.h"
12 #include "base/values.h" 13 #include "base/values.h"
13 #include "net/base/net_errors.h" 14 #include "net/base/net_errors.h"
14 #include "net/cert/ct_log_verifier.h" 15 #include "net/cert/ct_log_verifier.h"
15 #include "net/cert/ct_objects_extractor.h" 16 #include "net/cert/ct_objects_extractor.h"
16 #include "net/cert/ct_serialization.h" 17 #include "net/cert/ct_serialization.h"
17 #include "net/cert/ct_signed_certificate_timestamp_log_param.h" 18 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 // Assume this SCT is untrusted until proven otherwise. 191 // Assume this SCT is untrusted until proven otherwise.
191 const auto& it = logs_.find(sct->log_id); 192 const auto& it = logs_.find(sct->log_id);
192 if (it == logs_.end()) { 193 if (it == logs_.end()) {
193 DVLOG(1) << "SCT does not match any known log."; 194 DVLOG(1) << "SCT does not match any known log.";
194 result->unknown_logs_scts.push_back(sct); 195 result->unknown_logs_scts.push_back(sct);
195 LogSCTStatusToUMA(ct::SCT_STATUS_LOG_UNKNOWN); 196 LogSCTStatusToUMA(ct::SCT_STATUS_LOG_UNKNOWN);
196 return false; 197 return false;
197 } 198 }
198 199
199 sct->log_description = it->second->description(); 200 sct->log_description = it->second->description();
201 ct::SCTVerifyStatus sct_status = ct::SCT_STATUS_NONE;
200 202
201 if (!it->second->Verify(expected_entry, *sct.get())) { 203 if (!it->second->Verify(expected_entry, *sct.get())) {
202 DVLOG(1) << "Unable to verify SCT signature."; 204 DVLOG(1) << "Unable to verify SCT signature.";
203 result->invalid_scts.push_back(sct); 205 sct_status = ct::SCT_STATUS_INVALID_SIGNATURE;
204 LogSCTStatusToUMA(ct::SCT_STATUS_INVALID);
205 return false;
206 } 206 }
207 207
208 // SCT verified ok, just make sure the timestamp is legitimate. 208 // SCT verified ok, just make sure the timestamp is legitimate.
209 if (sct->timestamp > base::Time::Now()) { 209 if (sct->timestamp > base::Time::Now()) {
210 DVLOG(1) << "SCT is from the future!"; 210 DVLOG(1) << "SCT is from the future!";
211 result->invalid_scts.push_back(sct); 211 sct_status = ct::SCT_STATUS_INVALID_TIMESTAMP;
212 LogSCTStatusToUMA(ct::SCT_STATUS_INVALID); 212 }
213
214 if (sct_status == ct::SCT_STATUS_INVALID_TIMESTAMP ||
215 sct_status == ct::SCT_STATUS_INVALID_SIGNATURE) {
216 result->invalid_scts.push_back(std::make_pair(sct, sct_status));
217 LogSCTStatusToUMA(sct_status);
213 return false; 218 return false;
214 } 219 }
215 220
216 LogSCTStatusToUMA(ct::SCT_STATUS_OK); 221 LogSCTStatusToUMA(ct::SCT_STATUS_OK);
217 result->verified_scts.push_back(sct); 222 result->verified_scts.push_back(sct);
218 if (observer_) 223 if (observer_)
219 observer_->OnSCTVerified(cert, sct.get()); 224 observer_->OnSCTVerified(cert, sct.get());
220 return true; 225 return true;
221 } 226 }
222 227
223 } // namespace net 228 } // namespace net
OLDNEW
« net/cert/ct_verify_result.h ('K') | « net/cert/ct_verify_result.h ('k') | net/cert/sct_status_flags.h » ('j') | tools/metrics/histograms/histograms.xml » ('J')

Powered by Google App Engine
This is Rietveld 408576698