Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(143)

Side by Side Diff: net/cert/ct_policy_enforcer.cc

Issue 2351513002: net: rename BoundNetLog to NetLogWithSource (Closed)
Patch Set: one more fix, content bound_net_log_ Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_policy_enforcer.h" 5 #include "net/cert/ct_policy_enforcer.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <memory> 10 #include <memory>
(...skipping 363 matching lines...) Expand 10 before | Expand all | Expand 10 after
374 return ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS; 374 return ct::EVPolicyCompliance::EV_POLICY_NOT_DIVERSE_SCTS;
375 case ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY: 375 case ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY:
376 return ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY; 376 return ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY;
377 } 377 }
378 return ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY; 378 return ct::EVPolicyCompliance::EV_POLICY_DOES_NOT_APPLY;
379 } 379 }
380 380
381 void CheckCTEVPolicyCompliance(X509Certificate* cert, 381 void CheckCTEVPolicyCompliance(X509Certificate* cert,
382 const ct::EVCertsWhitelist* ev_whitelist, 382 const ct::EVCertsWhitelist* ev_whitelist,
383 const ct::SCTList& verified_scts, 383 const ct::SCTList& verified_scts,
384 const BoundNetLog& net_log, 384 const NetLogWithSource& net_log,
385 EVComplianceDetails* result) { 385 EVComplianceDetails* result) {
386 result->status = CertPolicyComplianceToEVPolicyCompliance( 386 result->status = CertPolicyComplianceToEVPolicyCompliance(
387 CheckCertPolicyCompliance(*cert, verified_scts)); 387 CheckCertPolicyCompliance(*cert, verified_scts));
388 if (ev_whitelist && ev_whitelist->IsValid()) 388 if (ev_whitelist && ev_whitelist->IsValid())
389 result->whitelist_version = ev_whitelist->Version(); 389 result->whitelist_version = ev_whitelist->Version();
390 390
391 if (result->status != ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS && 391 if (result->status != ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_SCTS &&
392 IsCertificateInWhitelist(*cert, ev_whitelist)) { 392 IsCertificateInWhitelist(*cert, ev_whitelist)) {
393 result->status = ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST; 393 result->status = ct::EVPolicyCompliance::EV_POLICY_COMPLIES_VIA_WHITELIST;
394 } 394 }
395 } 395 }
396 396
397 } // namespace 397 } // namespace
398 398
399 ct::CertPolicyCompliance CTPolicyEnforcer::DoesConformToCertPolicy( 399 ct::CertPolicyCompliance CTPolicyEnforcer::DoesConformToCertPolicy(
400 X509Certificate* cert, 400 X509Certificate* cert,
401 const ct::SCTList& verified_scts, 401 const ct::SCTList& verified_scts,
402 const BoundNetLog& net_log) { 402 const NetLogWithSource& net_log) {
403 // If the build is not timely, no certificate is considered compliant 403 // If the build is not timely, no certificate is considered compliant
404 // with CT policy. The reasoning is that, for example, a log might 404 // with CT policy. The reasoning is that, for example, a log might
405 // have been pulled and is no longer considered valid; thus, a client 405 // have been pulled and is no longer considered valid; thus, a client
406 // needs up-to-date information about logs to consider certificates to 406 // needs up-to-date information about logs to consider certificates to
407 // be compliant with policy. 407 // be compliant with policy.
408 bool build_timely = IsBuildTimely(); 408 bool build_timely = IsBuildTimely();
409 ct::CertPolicyCompliance compliance; 409 ct::CertPolicyCompliance compliance;
410 if (!build_timely) { 410 if (!build_timely) {
411 compliance = ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY; 411 compliance = ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY;
412 } else { 412 } else {
413 compliance = CheckCertPolicyCompliance(*cert, verified_scts); 413 compliance = CheckCertPolicyCompliance(*cert, verified_scts);
414 } 414 }
415 415
416 NetLog::ParametersCallback net_log_callback = 416 NetLog::ParametersCallback net_log_callback =
417 base::Bind(&NetLogCertComplianceCheckResultCallback, 417 base::Bind(&NetLogCertComplianceCheckResultCallback,
418 base::Unretained(cert), build_timely, compliance); 418 base::Unretained(cert), build_timely, compliance);
419 419
420 net_log.AddEvent(NetLogEventType::CERT_CT_COMPLIANCE_CHECKED, 420 net_log.AddEvent(NetLogEventType::CERT_CT_COMPLIANCE_CHECKED,
421 net_log_callback); 421 net_log_callback);
422 422
423 return compliance; 423 return compliance;
424 } 424 }
425 425
426 ct::EVPolicyCompliance CTPolicyEnforcer::DoesConformToCTEVPolicy( 426 ct::EVPolicyCompliance CTPolicyEnforcer::DoesConformToCTEVPolicy(
427 X509Certificate* cert, 427 X509Certificate* cert,
428 const ct::EVCertsWhitelist* ev_whitelist, 428 const ct::EVCertsWhitelist* ev_whitelist,
429 const ct::SCTList& verified_scts, 429 const ct::SCTList& verified_scts,
430 const BoundNetLog& net_log) { 430 const NetLogWithSource& net_log) {
431 EVComplianceDetails details; 431 EVComplianceDetails details;
432 // If the build is not timely, no certificate is considered compliant 432 // If the build is not timely, no certificate is considered compliant
433 // with EV policy. The reasoning is that, for example, a log might 433 // with EV policy. The reasoning is that, for example, a log might
434 // have been pulled and is no longer considered valid; thus, a client 434 // have been pulled and is no longer considered valid; thus, a client
435 // needs up-to-date information about logs to consider certificates to 435 // needs up-to-date information about logs to consider certificates to
436 // be compliant with policy. 436 // be compliant with policy.
437 details.build_timely = IsBuildTimely(); 437 details.build_timely = IsBuildTimely();
438 if (!details.build_timely) { 438 if (!details.build_timely) {
439 details.status = ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY; 439 details.status = ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY;
440 } else { 440 } else {
(...skipping 10 matching lines...) Expand all
451 451
452 if (!details.build_timely) 452 if (!details.build_timely)
453 return ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY; 453 return ct::EVPolicyCompliance::EV_POLICY_BUILD_NOT_TIMELY;
454 454
455 LogEVPolicyComplianceToUMA(details.status, ev_whitelist); 455 LogEVPolicyComplianceToUMA(details.status, ev_whitelist);
456 456
457 return details.status; 457 return details.status;
458 } 458 }
459 459
460 } // namespace net 460 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698