Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(294)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/multi_log_ct_verifier.cc

Issue 2333923004: Extracting NetLog inner classes into their own classes. (Closed)
Patch Set: Some nit fixes and better, impl-agnostic naming of net_log_parameters_callback_typedef.h -> net/log… Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/extensions/api/log_private/log_private_api.h ('K') | « net/cert/ct_signed_certificate_timestamp_log_param.cc ('k') | net/cert/multi_log_ct_verifier_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/multi_log_ct_verifier.h" 5 #include "net/cert/multi_log_ct_verifier.h"
6 6
7 #include <vector> 7 #include <vector>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/callback_helpers.h" 10 #include "base/callback_helpers.h"
11 #include "base/metrics/histogram_macros.h" 11 #include "base/metrics/histogram_macros.h"
12 #include "base/values.h" 12 #include "base/values.h"
13 #include "net/base/net_errors.h" 13 #include "net/base/net_errors.h"
14 #include "net/cert/ct_log_verifier.h" 14 #include "net/cert/ct_log_verifier.h"
15 #include "net/cert/ct_objects_extractor.h" 15 #include "net/cert/ct_objects_extractor.h"
16 #include "net/cert/ct_serialization.h" 16 #include "net/cert/ct_serialization.h"
17 #include "net/cert/ct_signed_certificate_timestamp_log_param.h" 17 #include "net/cert/ct_signed_certificate_timestamp_log_param.h"
18 #include "net/cert/ct_verify_result.h" 18 #include "net/cert/ct_verify_result.h"
19 #include "net/cert/sct_status_flags.h" 19 #include "net/cert/sct_status_flags.h"
20 #include "net/cert/x509_certificate.h" 20 #include "net/cert/x509_certificate.h"
21 #include "net/log/net_log.h"
22 #include "net/log/net_log_event_type.h" 21 #include "net/log/net_log_event_type.h"
22 #include "net/log/net_log_parameters_callback.h"
23 #include "net/log/net_log_with_source.h"
23 24
24 namespace net { 25 namespace net {
25 26
26 namespace { 27 namespace {
27 28
28 // Record SCT verification status. This metric would help detecting presence 29 // Record SCT verification status. This metric would help detecting presence
29 // of unknown CT logs as well as bad deployments (invalid SCTs). 30 // of unknown CT logs as well as bad deployments (invalid SCTs).
30 void LogSCTStatusToUMA(ct::SCTVerifyStatus status) { 31 void LogSCTStatusToUMA(ct::SCTVerifyStatus status) {
31 // Note SCT_STATUS_MAX + 1 is passed to the UMA_HISTOGRAM_ENUMERATION as that 32 // Note SCT_STATUS_MAX + 1 is passed to the UMA_HISTOGRAM_ENUMERATION as that
32 // macro requires the values to be strictly less than the boundary value, 33 // macro requires the values to be strictly less than the boundary value,
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
110 std::string sct_list_from_ocsp; 111 std::string sct_list_from_ocsp;
111 if (!stapled_ocsp_response.empty() && 112 if (!stapled_ocsp_response.empty() &&
112 !cert->GetIntermediateCertificates().empty()) { 113 !cert->GetIntermediateCertificates().empty()) {
113 ct::ExtractSCTListFromOCSPResponse( 114 ct::ExtractSCTListFromOCSPResponse(
114 cert->GetIntermediateCertificates().front(), cert->serial_number(), 115 cert->GetIntermediateCertificates().front(), cert->serial_number(),
115 stapled_ocsp_response, &sct_list_from_ocsp); 116 stapled_ocsp_response, &sct_list_from_ocsp);
116 } 117 }
117 118
118 // Log to Net Log, after extracting SCTs but before possibly failing on 119 // Log to Net Log, after extracting SCTs but before possibly failing on
119 // X.509 entry creation. 120 // X.509 entry creation.
120 NetLog::ParametersCallback net_log_callback = 121 NetLogParametersCallback net_log_callback =
121 base::Bind(&NetLogRawSignedCertificateTimestampCallback, 122 base::Bind(&NetLogRawSignedCertificateTimestampCallback, &embedded_scts,
122 &embedded_scts, &sct_list_from_ocsp, &sct_list_from_tls_extension); 123 &sct_list_from_ocsp, &sct_list_from_tls_extension);
123 124
124 net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, 125 net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED,
125 net_log_callback); 126 net_log_callback);
126 127
127 ct::LogEntry x509_entry; 128 ct::LogEntry x509_entry;
128 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { 129 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) {
129 has_verified_scts |= VerifySCTs( 130 has_verified_scts |= VerifySCTs(
130 sct_list_from_ocsp, x509_entry, 131 sct_list_from_ocsp, x509_entry,
131 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert, result); 132 ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert, result);
132 133
133 has_verified_scts |= VerifySCTs( 134 has_verified_scts |= VerifySCTs(
134 sct_list_from_tls_extension, x509_entry, 135 sct_list_from_tls_extension, x509_entry,
135 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert, result); 136 ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert, result);
136 } 137 }
137 138
138 NetLog::ParametersCallback net_log_checked_callback = 139 NetLogParametersCallback net_log_checked_callback =
139 base::Bind(&NetLogSignedCertificateTimestampCallback, result); 140 base::Bind(&NetLogSignedCertificateTimestampCallback, result);
140 141
141 net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED, 142 net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED,
142 net_log_checked_callback); 143 net_log_checked_callback);
143 144
144 LogNumSCTsToUMA(*result); 145 LogNumSCTsToUMA(*result);
145 146
146 if (has_verified_scts) 147 if (has_verified_scts)
147 return OK; 148 return OK;
148 149
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
212 return false; 213 return false;
213 } 214 }
214 215
215 AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, &(result->scts)); 216 AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, &(result->scts));
216 if (observer_) 217 if (observer_)
217 observer_->OnSCTVerified(cert, sct.get()); 218 observer_->OnSCTVerified(cert, sct.get());
218 return true; 219 return true;
219 } 220 }
220 221
221 } // namespace net 222 } // namespace net
OLDNEW
« chrome/browser/extensions/api/log_private/log_private_api.h ('K') | « net/cert/ct_signed_certificate_timestamp_log_param.cc ('k') | net/cert/multi_log_ct_verifier_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698