Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(19)

Side by Side Diff: net/quic/chromium/crypto/proof_verifier_chromium.cc

Issue 2669403004: Allow QUIC to honor SCTs delivered in X509 certificates. (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/tools/quic/quic_client_bin.cc » ('j') | net/tools/quic/quic_client_bin.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/bind.h" 9 #include "base/bind.h"
10 #include "base/bind_helpers.h" 10 #include "base/bind_helpers.h"
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
218 DLOG(DFATAL) << *error_details; 218 DLOG(DFATAL) << *error_details;
219 return QUIC_FAILURE; 219 return QUIC_FAILURE;
220 } 220 }
221 221
222 verify_details_.reset(new ProofVerifyDetailsChromium); 222 verify_details_.reset(new ProofVerifyDetailsChromium);
223 223
224 // Converts |certs| to |cert_|. 224 // Converts |certs| to |cert_|.
225 if (!GetX509Certificate(certs, error_details, verify_details)) 225 if (!GetX509Certificate(certs, error_details, verify_details))
226 return QUIC_FAILURE; 226 return QUIC_FAILURE;
227 227
228 if (!cert_sct.empty()) { 228 // Note that this is a completely synchronous operation: The CT Log Verifier
229 // Note that this is a completely synchronous operation: The CT Log Verifier 229 // gets all the data it needs for SCT verification and does not do any
230 // gets all the data it needs for SCT verification and does not do any 230 // external communication.
231 // external communication. 231 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct,
232 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, 232 &verify_details_->ct_verify_result.scts,
233 &verify_details_->ct_verify_result.scts, 233 net_log_);
234 net_log_);
235 }
236 234
237 // We call VerifySignature first to avoid copying of server_config and 235 // We call VerifySignature first to avoid copying of server_config and
238 // signature. 236 // signature.
239 if (!signature.empty() && 237 if (!signature.empty() &&
240 !VerifySignature(server_config, quic_version, chlo_hash, signature, 238 !VerifySignature(server_config, quic_version, chlo_hash, signature,
241 certs[0])) { 239 certs[0])) {
242 *error_details = "Failed to verify signature of server config"; 240 *error_details = "Failed to verify signature of server config";
243 DLOG(WARNING) << *error_details; 241 DLOG(WARNING) << *error_details;
244 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; 242 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID;
245 *verify_details = std::move(verify_details_); 243 *verify_details = std::move(verify_details_);
(...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after
610 active_jobs_[job_ptr] = std::move(job); 608 active_jobs_[job_ptr] = std::move(job);
611 } 609 }
612 return status; 610 return status;
613 } 611 }
614 612
615 void ProofVerifierChromium::OnJobComplete(Job* job) { 613 void ProofVerifierChromium::OnJobComplete(Job* job) {
616 active_jobs_.erase(job); 614 active_jobs_.erase(job);
617 } 615 }
618 616
619 } // namespace net 617 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/tools/quic/quic_client_bin.cc » ('j') | net/tools/quic/quic_client_bin.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698