| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 DLOG(DFATAL) << *error_details; | 218 DLOG(DFATAL) << *error_details; |
| 219 return QUIC_FAILURE; | 219 return QUIC_FAILURE; |
| 220 } | 220 } |
| 221 | 221 |
| 222 verify_details_.reset(new ProofVerifyDetailsChromium); | 222 verify_details_.reset(new ProofVerifyDetailsChromium); |
| 223 | 223 |
| 224 // Converts |certs| to |cert_|. | 224 // Converts |certs| to |cert_|. |
| 225 if (!GetX509Certificate(certs, error_details, verify_details)) | 225 if (!GetX509Certificate(certs, error_details, verify_details)) |
| 226 return QUIC_FAILURE; | 226 return QUIC_FAILURE; |
| 227 | 227 |
| 228 if (!cert_sct.empty()) { | 228 // Note that this is a completely synchronous operation: The CT Log Verifier |
| 229 // Note that this is a completely synchronous operation: The CT Log Verifier | 229 // gets all the data it needs for SCT verification and does not do any |
| 230 // gets all the data it needs for SCT verification and does not do any | 230 // external communication. |
| 231 // external communication. | 231 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, |
| 232 cert_transparency_verifier_->Verify(cert_.get(), std::string(), cert_sct, | 232 &verify_details_->ct_verify_result.scts, |
| 233 &verify_details_->ct_verify_result.scts, | 233 net_log_); |
| 234 net_log_); | |
| 235 } | |
| 236 | 234 |
| 237 // We call VerifySignature first to avoid copying of server_config and | 235 // We call VerifySignature first to avoid copying of server_config and |
| 238 // signature. | 236 // signature. |
| 239 if (!signature.empty() && | 237 if (!signature.empty() && |
| 240 !VerifySignature(server_config, quic_version, chlo_hash, signature, | 238 !VerifySignature(server_config, quic_version, chlo_hash, signature, |
| 241 certs[0])) { | 239 certs[0])) { |
| 242 *error_details = "Failed to verify signature of server config"; | 240 *error_details = "Failed to verify signature of server config"; |
| 243 DLOG(WARNING) << *error_details; | 241 DLOG(WARNING) << *error_details; |
| 244 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 242 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 245 *verify_details = std::move(verify_details_); | 243 *verify_details = std::move(verify_details_); |
| (...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 610 active_jobs_[job_ptr] = std::move(job); | 608 active_jobs_[job_ptr] = std::move(job); |
| 611 } | 609 } |
| 612 return status; | 610 return status; |
| 613 } | 611 } |
| 614 | 612 |
| 615 void ProofVerifierChromium::OnJobComplete(Job* job) { | 613 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 616 active_jobs_.erase(job); | 614 active_jobs_.erase(job); |
| 617 } | 615 } |
| 618 | 616 |
| 619 } // namespace net | 617 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2669403004:
Allow QUIC to honor SCTs delivered in X509 certificates. (Closed)
