| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
| 11 #include "base/metrics/histogram_macros.h" | 11 #include "base/metrics/histogram_macros.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "net/base/net_errors.h" | 13 #include "net/base/net_errors.h" |
| 14 #include "net/cert/ct_log_verifier.h" | 14 #include "net/cert/ct_log_verifier.h" |
| 15 #include "net/cert/ct_objects_extractor.h" | 15 #include "net/cert/ct_objects_extractor.h" |
| 16 #include "net/cert/ct_serialization.h" | 16 #include "net/cert/ct_serialization.h" |
| 17 #include "net/cert/ct_signed_certificate_timestamp_log_param.h" | 17 #include "net/cert/ct_signed_certificate_timestamp_log_param.h" |
| 18 #include "net/cert/ct_verify_result.h" | 18 #include "net/cert/ct_verify_result.h" |
| 19 #include "net/cert/sct_status_flags.h" | 19 #include "net/cert/sct_status_flags.h" |
| 20 #include "net/cert/x509_certificate.h" | 20 #include "net/cert/x509_certificate.h" |
| 21 #include "net/log/net_log.h" | 21 #include "net/log/net_log.h" |
| 22 #include "net/log/net_log_event_type.h" |
| 22 | 23 |
| 23 namespace net { | 24 namespace net { |
| 24 | 25 |
| 25 namespace { | 26 namespace { |
| 26 | 27 |
| 27 // Record SCT verification status. This metric would help detecting presence | 28 // Record SCT verification status. This metric would help detecting presence |
| 28 // of unknown CT logs as well as bad deployments (invalid SCTs). | 29 // of unknown CT logs as well as bad deployments (invalid SCTs). |
| 29 void LogSCTStatusToUMA(ct::SCTVerifyStatus status) { | 30 void LogSCTStatusToUMA(ct::SCTVerifyStatus status) { |
| 30 // Note SCT_STATUS_MAX + 1 is passed to the UMA_HISTOGRAM_ENUMERATION as that | 31 // Note SCT_STATUS_MAX + 1 is passed to the UMA_HISTOGRAM_ENUMERATION as that |
| 31 // macro requires the values to be strictly less than the boundary value, | 32 // macro requires the values to be strictly less than the boundary value, |
| (...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 stapled_ocsp_response, &sct_list_from_ocsp); | 116 stapled_ocsp_response, &sct_list_from_ocsp); |
| 116 } | 117 } |
| 117 | 118 |
| 118 // Log to Net Log, after extracting SCTs but before possibly failing on | 119 // Log to Net Log, after extracting SCTs but before possibly failing on |
| 119 // X.509 entry creation. | 120 // X.509 entry creation. |
| 120 NetLog::ParametersCallback net_log_callback = | 121 NetLog::ParametersCallback net_log_callback = |
| 121 base::Bind(&NetLogRawSignedCertificateTimestampCallback, | 122 base::Bind(&NetLogRawSignedCertificateTimestampCallback, |
| 122 &embedded_scts, &sct_list_from_ocsp, &sct_list_from_tls_extension); | 123 &embedded_scts, &sct_list_from_ocsp, &sct_list_from_tls_extension); |
| 123 | 124 |
| 124 net_log.AddEvent( | 125 net_log.AddEvent( |
| 125 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, | 126 NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, |
| 126 net_log_callback); | 127 net_log_callback); |
| 127 | 128 |
| 128 ct::LogEntry x509_entry; | 129 ct::LogEntry x509_entry; |
| 129 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { | 130 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { |
| 130 has_verified_scts |= VerifySCTs( | 131 has_verified_scts |= VerifySCTs( |
| 131 sct_list_from_ocsp, x509_entry, | 132 sct_list_from_ocsp, x509_entry, |
| 132 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert, result); | 133 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert, result); |
| 133 | 134 |
| 134 has_verified_scts |= VerifySCTs( | 135 has_verified_scts |= VerifySCTs( |
| 135 sct_list_from_tls_extension, x509_entry, | 136 sct_list_from_tls_extension, x509_entry, |
| 136 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert, result); | 137 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert, result); |
| 137 } | 138 } |
| 138 | 139 |
| 139 NetLog::ParametersCallback net_log_checked_callback = | 140 NetLog::ParametersCallback net_log_checked_callback = |
| 140 base::Bind(&NetLogSignedCertificateTimestampCallback, result); | 141 base::Bind(&NetLogSignedCertificateTimestampCallback, result); |
| 141 | 142 |
| 142 net_log.AddEvent( | 143 net_log.AddEvent( |
| 143 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, | 144 NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, |
| 144 net_log_checked_callback); | 145 net_log_checked_callback); |
| 145 | 146 |
| 146 LogNumSCTsToUMA(*result); | 147 LogNumSCTsToUMA(*result); |
| 147 | 148 |
| 148 if (has_verified_scts) | 149 if (has_verified_scts) |
| 149 return OK; | 150 return OK; |
| 150 | 151 |
| 151 return ERR_CT_NO_SCTS_VERIFIED_OK; | 152 return ERR_CT_NO_SCTS_VERIFIED_OK; |
| 152 } | 153 } |
| 153 | 154 |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 214 return false; | 215 return false; |
| 215 } | 216 } |
| 216 | 217 |
| 217 AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, &(result->scts)); | 218 AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, &(result->scts)); |
| 218 if (observer_) | 219 if (observer_) |
| 219 observer_->OnSCTVerified(cert, sct.get()); | 220 observer_->OnSCTVerified(cert, sct.get()); |
| 220 return true; | 221 return true; |
| 221 } | 222 } |
| 222 | 223 |
| 223 } // namespace net | 224 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2315613002:
Extracted NetLog class's inner enum types into their own enum classes and (Closed)
