| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/ssl_status_serialization.h" | 5 #include "content/common/ssl_status_serialization.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/numerics/safe_conversions.h" | 10 #include "base/numerics/safe_conversions.h" |
| 11 #include "base/pickle.h" | 11 #include "base/pickle.h" |
| 12 | 12 |
| 13 namespace { | 13 namespace { |
| 14 | 14 |
| 15 // Checks that an integer |security_style| is a valid SecurityStyle enum | 15 // Checks that an integer |security_style| is a valid SecurityStyle enum |
| 16 // value. Returns true if valid, false otherwise. | 16 // value. Returns true if valid, false otherwise. |
| 17 bool CheckSecurityStyle(int security_style) { | 17 bool CheckSecurityStyle(int security_style) { |
| 18 switch (security_style) { | 18 switch (security_style) { |
| 19 case content::SECURITY_STYLE_UNKNOWN: | 19 case content::SECURITY_STYLE_UNKNOWN: |
| 20 case content::SECURITY_STYLE_UNAUTHENTICATED: | 20 case content::SECURITY_STYLE_UNAUTHENTICATED: |
| 21 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: | 21 case content::SECURITY_STYLE_AUTHENTICATION_BROKEN: |
| 22 case content::SECURITY_STYLE_WARNING: | 22 case content::SECURITY_STYLE_WARNING: |
| 23 case content::SECURITY_STYLE_AUTHENTICATED: | 23 case content::SECURITY_STYLE_AUTHENTICATED: |
| 24 return true; | 24 return true; |
| 25 } | 25 } |
| 26 return false; | 26 return false; |
| 27 } | 27 } |
| 28 | 28 |
| 29 // Checks that an integer |sct_status| is a valid net::ct::SCTVerifyStatus enum | |
| 30 // value. Returns true if valid, false otherwise. | |
| 31 bool CheckSCTStatus(uint32_t sct_status) { | |
| 32 switch (sct_status) { | |
| 33 case net::ct::SCT_STATUS_LOG_UNKNOWN: | |
| 34 // INVALID is deprecated and should not be used anymore, but it | |
| 35 // might have been previously written into the disk cache. | |
| 36 case net::ct::SCT_STATUS_INVALID: | |
| 37 case net::ct::SCT_STATUS_INVALID_SIGNATURE: | |
| 38 case net::ct::SCT_STATUS_OK: | |
| 39 case net::ct::SCT_STATUS_INVALID_TIMESTAMP: | |
| 40 return true; | |
| 41 case net::ct::SCT_STATUS_NONE: | |
| 42 // SCT_STATUS_NONE should never happen, so it isn't valid to | |
| 43 // receive a status of NONE in a serialized SSLStatus. | |
| 44 return false; | |
| 45 } | |
| 46 return false; | |
| 47 } | |
| 48 | |
| 49 } // namespace | 29 } // namespace |
| 50 | 30 |
| 51 namespace content { | 31 namespace content { |
| 52 | 32 |
| 53 std::string SerializeSecurityInfo(const SSLStatus& ssl_status) { | 33 std::string SerializeSecurityInfo(const SSLStatus& ssl_status) { |
| 54 base::Pickle pickle; | 34 base::Pickle pickle; |
| 55 pickle.WriteInt(ssl_status.security_style); | 35 pickle.WriteInt(ssl_status.security_style); |
| 56 pickle.WriteInt(ssl_status.cert_id); | 36 pickle.WriteInt(ssl_status.cert_id); |
| 57 pickle.WriteUInt32(ssl_status.cert_status); | 37 pickle.WriteUInt32(ssl_status.cert_status); |
| 58 pickle.WriteInt(ssl_status.security_bits); | 38 pickle.WriteInt(ssl_status.security_bits); |
| (...skipping 27 matching lines...) Expand all Loading... |
| 86 return false; | 66 return false; |
| 87 } | 67 } |
| 88 | 68 |
| 89 uint32_t num_sct_statuses; | 69 uint32_t num_sct_statuses; |
| 90 if (!iter.ReadUInt32(&num_sct_statuses)) { | 70 if (!iter.ReadUInt32(&num_sct_statuses)) { |
| 91 return false; | 71 return false; |
| 92 } | 72 } |
| 93 | 73 |
| 94 for (uint32_t i = 0; i < num_sct_statuses; i++) { | 74 for (uint32_t i = 0; i < num_sct_statuses; i++) { |
| 95 uint32_t sct_status; | 75 uint32_t sct_status; |
| 96 if (!iter.ReadUInt32(&sct_status) || !CheckSCTStatus(sct_status)) { | 76 if (!iter.ReadUInt32(&sct_status) || |
| 77 !net::ct::IsValidSCTStatus(sct_status)) { |
| 97 *ssl_status = SSLStatus(); | 78 *ssl_status = SSLStatus(); |
| 98 return false; | 79 return false; |
| 99 } | 80 } |
| 100 ssl_status->sct_statuses.push_back( | 81 ssl_status->sct_statuses.push_back( |
| 101 static_cast<net::ct::SCTVerifyStatus>(sct_status)); | 82 static_cast<net::ct::SCTVerifyStatus>(sct_status)); |
| 102 } | 83 } |
| 103 | 84 |
| 104 if (!iter.ReadBool(&ssl_status->pkp_bypassed)) { | 85 if (!iter.ReadBool(&ssl_status->pkp_bypassed)) { |
| 105 *ssl_status = SSLStatus(); | 86 *ssl_status = SSLStatus(); |
| 106 return false; | 87 return false; |
| (...skipping 15 matching lines...) Expand all Loading... |
| 122 // Sanity check |key_exchange_info|: 0 or greater. | 103 // Sanity check |key_exchange_info|: 0 or greater. |
| 123 if (ssl_status->key_exchange_info < 0) { | 104 if (ssl_status->key_exchange_info < 0) { |
| 124 *ssl_status = SSLStatus(); | 105 *ssl_status = SSLStatus(); |
| 125 return false; | 106 return false; |
| 126 } | 107 } |
| 127 | 108 |
| 128 return true; | 109 return true; |
| 129 } | 110 } |
| 130 | 111 |
| 131 } // namespace content | 112 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2294373002:
Certificate Transparency: Remove the obsolete invalid sct status. (Closed)
