Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(186)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/multi_log_ct_verifier.cc

Issue 2400183002: Cleanup: More accurate output parameter type for CTVerifier (Closed)
Patch Set: IWYU, review comments Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/multi_log_ct_verifier.h ('k') | net/cert/multi_log_ct_verifier_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/multi_log_ct_verifier.cc
diff --git a/net/cert/multi_log_ct_verifier.cc b/net/cert/multi_log_ct_verifier.cc
index 8dc172677a502e92fff9c11eb118b754dbf30d16..61c07b6d4e560cb06eaa65e95cce5d25f7a37cd8 100644
--- a/net/cert/multi_log_ct_verifier.cc
+++ b/net/cert/multi_log_ct_verifier.cc
@@ -15,8 +15,8 @@
#include "net/cert/ct_objects_extractor.h"
#include "net/cert/ct_serialization.h"
#include "net/cert/ct_signed_certificate_timestamp_log_param.h"
-#include "net/cert/ct_verify_result.h"
#include "net/cert/sct_status_flags.h"
+#include "net/cert/signed_certificate_timestamp_and_status.h"
#include "net/cert/x509_certificate.h"
#include "net/log/net_log_event_type.h"
#include "net/log/net_log_parameters_callback.h"
@@ -50,9 +50,9 @@ void LogSCTOriginToUMA(ct::SignedCertificateTimestamp::Origin origin) {
// This metric would allow measuring:
// * Of all SSL connections, how many had SCTs available for validation.
// * When SCTs are available, how many are available per connection.
-void LogNumSCTsToUMA(const ct::CTVerifyResult& result) {
+void LogNumSCTsToUMA(const SignedCertificateTimestampAndStatusList& scts) {
UMA_HISTOGRAM_CUSTOM_COUNTS("Net.CertificateTransparency.SCTsPerConnection",
- result.scts.size(), 1, 10, 11);
+ scts.size(), 1, 10, 11);
}
void AddSCTAndLogStatus(scoped_refptr<ct::SignedCertificateTimestamp> sct,
@@ -81,15 +81,16 @@ void MultiLogCTVerifier::SetObserver(Observer* observer) {
observer_ = observer;
}
-int MultiLogCTVerifier::Verify(X509Certificate* cert,
- const std::string& stapled_ocsp_response,
- const std::string& sct_list_from_tls_extension,
- ct::CTVerifyResult* result,
- const NetLogWithSource& net_log) {
+int MultiLogCTVerifier::Verify(
+ X509Certificate* cert,
+ const std::string& stapled_ocsp_response,
+ const std::string& sct_list_from_tls_extension,
+ SignedCertificateTimestampAndStatusList* output_scts,
+ const NetLogWithSource& net_log) {
DCHECK(cert);
- DCHECK(result);
+ DCHECK(output_scts);
- result->scts.clear();
+ output_scts->clear();
bool has_verified_scts = false;
@@ -105,7 +106,8 @@ int MultiLogCTVerifier::Verify(X509Certificate* cert,
cert->GetIntermediateCertificates().front(),
&precert_entry) &&
VerifySCTs(embedded_scts, precert_entry,
- ct::SignedCertificateTimestamp::SCT_EMBEDDED, cert, result);
+ ct::SignedCertificateTimestamp::SCT_EMBEDDED, cert,
+ output_scts);
}
std::string sct_list_from_ocsp;
@@ -127,22 +129,24 @@ int MultiLogCTVerifier::Verify(X509Certificate* cert,
ct::LogEntry x509_entry;
if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) {
- has_verified_scts |= VerifySCTs(
- sct_list_from_ocsp, x509_entry,
- ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert, result);
-
- has_verified_scts |= VerifySCTs(
- sct_list_from_tls_extension, x509_entry,
- ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert, result);
+ has_verified_scts |=
+ VerifySCTs(sct_list_from_ocsp, x509_entry,
+ ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert,
+ output_scts);
+
+ has_verified_scts |=
+ VerifySCTs(sct_list_from_tls_extension, x509_entry,
+ ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert,
+ output_scts);
}
NetLogParametersCallback net_log_checked_callback =
- base::Bind(&NetLogSignedCertificateTimestampCallback, result);
+ base::Bind(&NetLogSignedCertificateTimestampCallback, output_scts);
net_log.AddEvent(NetLogEventType::SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED,
net_log_checked_callback);
- LogNumSCTsToUMA(*result);
+ LogNumSCTsToUMA(*output_scts);
if (has_verified_scts)
return OK;
@@ -155,7 +159,7 @@ bool MultiLogCTVerifier::VerifySCTs(
const ct::LogEntry& expected_entry,
ct::SignedCertificateTimestamp::Origin origin,
X509Certificate* cert,
- ct::CTVerifyResult* result) {
+ SignedCertificateTimestampAndStatusList* output_scts) {
if (logs_.empty())
return false;
@@ -179,7 +183,7 @@ bool MultiLogCTVerifier::VerifySCTs(
}
decoded_sct->origin = origin;
- verified |= VerifySingleSCT(decoded_sct, expected_entry, cert, result);
+ verified |= VerifySingleSCT(decoded_sct, expected_entry, cert, output_scts);
}
return verified;
@@ -189,12 +193,12 @@ bool MultiLogCTVerifier::VerifySingleSCT(
scoped_refptr<ct::SignedCertificateTimestamp> sct,
const ct::LogEntry& expected_entry,
X509Certificate* cert,
- ct::CTVerifyResult* result) {
+ SignedCertificateTimestampAndStatusList* output_scts) {
// Assume this SCT is untrusted until proven otherwise.
const auto& it = logs_.find(sct->log_id);
if (it == logs_.end()) {
DVLOG(1) << "SCT does not match any known log.";
- AddSCTAndLogStatus(sct, ct::SCT_STATUS_LOG_UNKNOWN, &(result->scts));
+ AddSCTAndLogStatus(sct, ct::SCT_STATUS_LOG_UNKNOWN, output_scts);
return false;
}
@@ -202,18 +206,18 @@ bool MultiLogCTVerifier::VerifySingleSCT(
if (!it->second->Verify(expected_entry, *sct.get())) {
DVLOG(1) << "Unable to verify SCT signature.";
- AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID_SIGNATURE, &(result->scts));
+ AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID_SIGNATURE, output_scts);
return false;
}
// SCT verified ok, just make sure the timestamp is legitimate.
if (sct->timestamp > base::Time::Now()) {
DVLOG(1) << "SCT is from the future!";
- AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID_TIMESTAMP, &(result->scts));
+ AddSCTAndLogStatus(sct, ct::SCT_STATUS_INVALID_TIMESTAMP, output_scts);
return false;
}
- AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, &(result->scts));
+ AddSCTAndLogStatus(sct, ct::SCT_STATUS_OK, output_scts);
if (observer_)
observer_->OnSCTVerified(cert, sct.get());
return true;
« no previous file with comments | « net/cert/multi_log_ct_verifier.h ('k') | net/cert/multi_log_ct_verifier_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698