Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(496)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_policy_enforcer.cc

Issue 2333923004: Extracting NetLog inner classes into their own classes. (Closed)
Patch Set: git rebase-update patch Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_policy_enforcer.h ('k') | net/cert/ct_policy_enforcer_unittest.cc » ('j') | net/log/net_log_entry.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_policy_enforcer.h" 5 #include "net/cert/ct_policy_enforcer.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
11 #include <utility> 11 #include <utility>
12 12
13 #include "base/bind.h" 13 #include "base/bind.h"
14 #include "base/build_time.h" 14 #include "base/build_time.h"
15 #include "base/callback_helpers.h" 15 #include "base/callback_helpers.h"
16 #include "base/metrics/field_trial.h" 16 #include "base/metrics/field_trial.h"
17 #include "base/metrics/histogram_macros.h" 17 #include "base/metrics/histogram_macros.h"
18 #include "base/numerics/safe_conversions.h" 18 #include "base/numerics/safe_conversions.h"
19 #include "base/strings/string_number_conversions.h" 19 #include "base/strings/string_number_conversions.h"
20 #include "base/time/time.h" 20 #include "base/time/time.h"
21 #include "base/values.h" 21 #include "base/values.h"
22 #include "base/version.h" 22 #include "base/version.h"
23 #include "net/cert/ct_ev_whitelist.h" 23 #include "net/cert/ct_ev_whitelist.h"
24 #include "net/cert/ct_known_logs.h" 24 #include "net/cert/ct_known_logs.h"
25 #include "net/cert/ct_policy_status.h" 25 #include "net/cert/ct_policy_status.h"
26 #include "net/cert/ct_verify_result.h" 26 #include "net/cert/ct_verify_result.h"
27 #include "net/cert/signed_certificate_timestamp.h" 27 #include "net/cert/signed_certificate_timestamp.h"
28 #include "net/cert/x509_certificate.h" 28 #include "net/cert/x509_certificate.h"
29 #include "net/cert/x509_certificate_net_log_param.h" 29 #include "net/cert/x509_certificate_net_log_param.h"
30 #include "net/log/net_log.h" 30 #include "net/log/net_log_capture_mode.h"
31 #include "net/log/net_log_event_type.h" 31 #include "net/log/net_log_event_type.h"
32 #include "net/log/net_log_parameters_callback_typedef.h"
33 #include "net/log/net_log_with_source.h"
32 34
33 namespace net { 35 namespace net {
34 36
35 namespace { 37 namespace {
36 38
37 // Returns true if the current build is recent enough to ensure that 39 // Returns true if the current build is recent enough to ensure that
38 // built-in security information (e.g. CT Logs) is fresh enough. 40 // built-in security information (e.g. CT Logs) is fresh enough.
39 // TODO(eranm): Move to base or net/base 41 // TODO(eranm): Move to base or net/base
40 bool IsBuildTimely() { 42 bool IsBuildTimely() {
41 const base::Time build_time = base::GetBuildTime(); 43 const base::Time build_time = base::GetBuildTime();
(...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after
406 // needs up-to-date information about logs to consider certificates to 408 // needs up-to-date information about logs to consider certificates to
407 // be compliant with policy. 409 // be compliant with policy.
408 bool build_timely = IsBuildTimely(); 410 bool build_timely = IsBuildTimely();
409 ct::CertPolicyCompliance compliance; 411 ct::CertPolicyCompliance compliance;
410 if (!build_timely) { 412 if (!build_timely) {
411 compliance = ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY; 413 compliance = ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY;
412 } else { 414 } else {
413 compliance = CheckCertPolicyCompliance(*cert, verified_scts); 415 compliance = CheckCertPolicyCompliance(*cert, verified_scts);
414 } 416 }
415 417
416 NetLog::ParametersCallback net_log_callback = 418 NetLogParametersCallback net_log_callback =
417 base::Bind(&NetLogCertComplianceCheckResultCallback, 419 base::Bind(&NetLogCertComplianceCheckResultCallback,
418 base::Unretained(cert), build_timely, compliance); 420 base::Unretained(cert), build_timely, compliance);
419 421
420 net_log.AddEvent(NetLogEventType::CERT_CT_COMPLIANCE_CHECKED, 422 net_log.AddEvent(NetLogEventType::CERT_CT_COMPLIANCE_CHECKED,
421 net_log_callback); 423 net_log_callback);
422 424
423 return compliance; 425 return compliance;
424 } 426 }
425 427
426 ct::EVPolicyCompliance CTPolicyEnforcer::DoesConformToCTEVPolicy( 428 ct::EVPolicyCompliance CTPolicyEnforcer::DoesConformToCTEVPolicy(
427 X509Certificate* cert, 429 X509Certificate* cert,
428 const ct::EVCertsWhitelist* ev_whitelist, 430 const ct::EVCertsWhitelist* ev_whitelist,
429 const ct::SCTList& verified_scts, 431 const ct::SCTList& verified_scts,
430 const NetLogWithSource& net_log) { 432 const NetLogWithSource& net_log) {
431 EVComplianceDetails details; 433 EVComplianceDetails details;
432 // If the build is not timely, no certificate is considered compliant 434 // If the build is not timely, no certificate is considered compliant
433 // with EV policy. The reasoning is that, for example, a log might 435 // with EV policy. The reasoning is that, for example, a log might
434 // have been pulled and is no longer considered valid; thus, a client 436 // have been pulled and is no longer considered valid; thus, a client
435 // needs up-to-date information about logs to consider certificates to 437 // needs up-to-date information about logs to consider certificates to
436 // be compliant with policy. 438 // be compliant with policy.
437 details.build_timely = IsBuildTimely(); 439 details.build_timely = IsBuildTimely();
438 if (!details.build_timely) { 440 if (!details.build_timely) {
439 details.status = ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY; 441 details.status = ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY;
440 } else { 442 } else {
441 CheckCTEVPolicyCompliance(cert, ev_whitelist, verified_scts, net_log, 443 CheckCTEVPolicyCompliance(cert, ev_whitelist, verified_scts, net_log,
442 &details); 444 &details);
443 } 445 }
444 446
445 NetLog::ParametersCallback net_log_callback = 447 NetLogParametersCallback net_log_callback =
446 base::Bind(&NetLogEVComplianceCheckResultCallback, base::Unretained(cert), 448 base::Bind(&NetLogEVComplianceCheckResultCallback, base::Unretained(cert),
447 base::Unretained(&details)); 449 base::Unretained(&details));
448 450
449 net_log.AddEvent(NetLogEventType::EV_CERT_CT_COMPLIANCE_CHECKED, 451 net_log.AddEvent(NetLogEventType::EV_CERT_CT_COMPLIANCE_CHECKED,
450 net_log_callback); 452 net_log_callback);
451 453
452 if (!details.build_timely) 454 if (!details.build_timely)
453 return ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY; 455 return ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY;
454 456
455 LogEVPolicyComplianceToUMA(details.status, ev_whitelist); 457 LogEVPolicyComplianceToUMA(details.status, ev_whitelist);
456 458
457 return details.status; 459 return details.status;
458 } 460 }
459 461
460 } // namespace net 462 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/ct_policy_enforcer.h ('k') | net/cert/ct_policy_enforcer_unittest.cc » ('j') | net/log/net_log_entry.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698