| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/callback_helpers.h" | 11 #include "base/callback_helpers.h" |
| 12 #include "base/logging.h" | 12 #include "base/logging.h" |
| 13 #include "base/memory/ptr_util.h" | 13 #include "base/memory/ptr_util.h" |
| 14 #include "base/metrics/histogram_macros.h" | 14 #include "base/metrics/histogram_macros.h" |
| 15 #include "base/strings/stringprintf.h" | 15 #include "base/strings/stringprintf.h" |
| 16 #include "crypto/signature_verifier.h" | 16 #include "crypto/signature_verifier.h" |
| 17 #include "net/base/host_port_pair.h" | 17 #include "net/base/host_port_pair.h" |
| 18 #include "net/base/net_errors.h" | 18 #include "net/base/net_errors.h" |
| 19 #include "net/cert/asn1_util.h" | 19 #include "net/cert/asn1_util.h" |
| 20 #include "net/cert/cert_status_flags.h" | 20 #include "net/cert/cert_status_flags.h" |
| 21 #include "net/cert/cert_verifier.h" | 21 #include "net/cert/cert_verifier.h" |
| 22 #include "net/cert/ct_policy_enforcer.h" | 22 #include "net/cert/ct_policy_enforcer.h" |
| 23 #include "net/cert/ct_policy_status.h" | 23 #include "net/cert/ct_policy_status.h" |
| 24 #include "net/cert/ct_verifier.h" | 24 #include "net/cert/ct_verifier.h" |
| 25 #include "net/cert/x509_util.h" | 25 #include "net/cert/x509_util.h" |
| 26 #include "net/http/transport_security_state.h" | 26 #include "net/http/transport_security_state.h" |
| 27 #include "net/quic/core/crypto/crypto_protocol.h" | 27 #include "net/quic/core/crypto/crypto_protocol.h" |
| 28 #include "net/ssl/ssl_config_service.h" | 28 #include "net/ssl/ssl_config_service.h" |
| 29 | 29 |
| 30 using base::StringPiece; | |
| 31 using base::StringPrintf; | 30 using base::StringPrintf; |
| 32 using std::string; | 31 using std::string; |
| 33 | 32 |
| 34 namespace net { | 33 namespace net { |
| 35 | 34 |
| 36 ProofVerifyDetailsChromium::ProofVerifyDetailsChromium() | 35 ProofVerifyDetailsChromium::ProofVerifyDetailsChromium() |
| 37 : pkp_bypassed(false) {} | 36 : pkp_bypassed(false) {} |
| 38 | 37 |
| 39 ProofVerifyDetailsChromium::~ProofVerifyDetailsChromium() {} | 38 ProofVerifyDetailsChromium::~ProofVerifyDetailsChromium() {} |
| 40 | 39 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 62 const NetLogWithSource& net_log); | 61 const NetLogWithSource& net_log); |
| 63 ~Job(); | 62 ~Job(); |
| 64 | 63 |
| 65 // Starts the proof verification. If |QUIC_PENDING| is returned, then | 64 // Starts the proof verification. If |QUIC_PENDING| is returned, then |
| 66 // |callback| will be invoked asynchronously when the verification completes. | 65 // |callback| will be invoked asynchronously when the verification completes. |
| 67 QuicAsyncStatus VerifyProof( | 66 QuicAsyncStatus VerifyProof( |
| 68 const std::string& hostname, | 67 const std::string& hostname, |
| 69 const uint16_t port, | 68 const uint16_t port, |
| 70 const std::string& server_config, | 69 const std::string& server_config, |
| 71 QuicVersion quic_version, | 70 QuicVersion quic_version, |
| 72 base::StringPiece chlo_hash, | 71 QuicStringPiece chlo_hash, |
| 73 const std::vector<std::string>& certs, | 72 const std::vector<std::string>& certs, |
| 74 const std::string& cert_sct, | 73 const std::string& cert_sct, |
| 75 const std::string& signature, | 74 const std::string& signature, |
| 76 std::string* error_details, | 75 std::string* error_details, |
| 77 std::unique_ptr<ProofVerifyDetails>* verify_details, | 76 std::unique_ptr<ProofVerifyDetails>* verify_details, |
| 78 std::unique_ptr<ProofVerifierCallback> callback); | 77 std::unique_ptr<ProofVerifierCallback> callback); |
| 79 | 78 |
| 80 // Starts the certificate chain verification of |certs|. If |QUIC_PENDING| is | 79 // Starts the certificate chain verification of |certs|. If |QUIC_PENDING| is |
| 81 // returned, then |callback| will be invoked asynchronously when the | 80 // returned, then |callback| will be invoked asynchronously when the |
| 82 // verification completes. | 81 // verification completes. |
| (...skipping 24 matching lines...) Expand all Loading... |
| 107 std::unique_ptr<ProofVerifyDetails>* verify_details, | 106 std::unique_ptr<ProofVerifyDetails>* verify_details, |
| 108 std::unique_ptr<ProofVerifierCallback> callback); | 107 std::unique_ptr<ProofVerifierCallback> callback); |
| 109 | 108 |
| 110 int DoLoop(int last_io_result); | 109 int DoLoop(int last_io_result); |
| 111 void OnIOComplete(int result); | 110 void OnIOComplete(int result); |
| 112 int DoVerifyCert(int result); | 111 int DoVerifyCert(int result); |
| 113 int DoVerifyCertComplete(int result); | 112 int DoVerifyCertComplete(int result); |
| 114 | 113 |
| 115 bool VerifySignature(const std::string& signed_data, | 114 bool VerifySignature(const std::string& signed_data, |
| 116 QuicVersion quic_version, | 115 QuicVersion quic_version, |
| 117 StringPiece chlo_hash, | 116 QuicStringPiece chlo_hash, |
| 118 const std::string& signature, | 117 const std::string& signature, |
| 119 const std::string& cert); | 118 const std::string& cert); |
| 120 | 119 |
| 121 // Proof verifier to notify when this jobs completes. | 120 // Proof verifier to notify when this jobs completes. |
| 122 ProofVerifierChromium* proof_verifier_; | 121 ProofVerifierChromium* proof_verifier_; |
| 123 | 122 |
| 124 // The underlying verifier used for verifying certificates. | 123 // The underlying verifier used for verifying certificates. |
| 125 CertVerifier* verifier_; | 124 CertVerifier* verifier_; |
| 126 std::unique_ptr<CertVerifier::Request> cert_verifier_request_; | 125 std::unique_ptr<CertVerifier::Request> cert_verifier_request_; |
| 127 | 126 |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 193 UMA_HISTOGRAM_TIMES("Net.QuicSession.VerifyProofTime.google", | 192 UMA_HISTOGRAM_TIMES("Net.QuicSession.VerifyProofTime.google", |
| 194 end_time - start_time_); | 193 end_time - start_time_); |
| 195 } | 194 } |
| 196 } | 195 } |
| 197 | 196 |
| 198 QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof( | 197 QuicAsyncStatus ProofVerifierChromium::Job::VerifyProof( |
| 199 const string& hostname, | 198 const string& hostname, |
| 200 const uint16_t port, | 199 const uint16_t port, |
| 201 const string& server_config, | 200 const string& server_config, |
| 202 QuicVersion quic_version, | 201 QuicVersion quic_version, |
| 203 StringPiece chlo_hash, | 202 QuicStringPiece chlo_hash, |
| 204 const std::vector<string>& certs, | 203 const std::vector<string>& certs, |
| 205 const std::string& cert_sct, | 204 const std::string& cert_sct, |
| 206 const string& signature, | 205 const string& signature, |
| 207 std::string* error_details, | 206 std::string* error_details, |
| 208 std::unique_ptr<ProofVerifyDetails>* verify_details, | 207 std::unique_ptr<ProofVerifyDetails>* verify_details, |
| 209 std::unique_ptr<ProofVerifierCallback> callback) { | 208 std::unique_ptr<ProofVerifierCallback> callback) { |
| 210 DCHECK(error_details); | 209 DCHECK(error_details); |
| 211 DCHECK(verify_details); | 210 DCHECK(verify_details); |
| 212 DCHECK(callback); | 211 DCHECK(callback); |
| 213 | 212 |
| (...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 285 std::unique_ptr<ProofVerifyDetails>* verify_details) { | 284 std::unique_ptr<ProofVerifyDetails>* verify_details) { |
| 286 if (certs.empty()) { | 285 if (certs.empty()) { |
| 287 *error_details = "Failed to create certificate chain. Certs are empty."; | 286 *error_details = "Failed to create certificate chain. Certs are empty."; |
| 288 DLOG(WARNING) << *error_details; | 287 DLOG(WARNING) << *error_details; |
| 289 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 288 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 290 *verify_details = std::move(verify_details_); | 289 *verify_details = std::move(verify_details_); |
| 291 return false; | 290 return false; |
| 292 } | 291 } |
| 293 | 292 |
| 294 // Convert certs to X509Certificate. | 293 // Convert certs to X509Certificate. |
| 295 std::vector<StringPiece> cert_pieces(certs.size()); | 294 std::vector<QuicStringPiece> cert_pieces(certs.size()); |
| 296 for (unsigned i = 0; i < certs.size(); i++) { | 295 for (unsigned i = 0; i < certs.size(); i++) { |
| 297 cert_pieces[i] = base::StringPiece(certs[i]); | 296 cert_pieces[i] = QuicStringPiece(certs[i]); |
| 298 } | 297 } |
| 299 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); | 298 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); |
| 300 if (!cert_.get()) { | 299 if (!cert_.get()) { |
| 301 *error_details = "Failed to create certificate chain"; | 300 *error_details = "Failed to create certificate chain"; |
| 302 DLOG(WARNING) << *error_details; | 301 DLOG(WARNING) << *error_details; |
| 303 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 302 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 304 *verify_details = std::move(verify_details_); | 303 *verify_details = std::move(verify_details_); |
| 305 return false; | 304 return false; |
| 306 } | 305 } |
| 307 return true; | 306 return true; |
| (...skipping 157 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 465 DLOG(WARNING) << error_details_; | 464 DLOG(WARNING) << error_details_; |
| 466 } | 465 } |
| 467 | 466 |
| 468 // Exit DoLoop and return the result to the caller to VerifyProof. | 467 // Exit DoLoop and return the result to the caller to VerifyProof. |
| 469 DCHECK_EQ(STATE_NONE, next_state_); | 468 DCHECK_EQ(STATE_NONE, next_state_); |
| 470 return result; | 469 return result; |
| 471 } | 470 } |
| 472 | 471 |
| 473 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, | 472 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, |
| 474 QuicVersion quic_version, | 473 QuicVersion quic_version, |
| 475 StringPiece chlo_hash, | 474 QuicStringPiece chlo_hash, |
| 476 const string& signature, | 475 const string& signature, |
| 477 const string& cert) { | 476 const string& cert) { |
| 478 StringPiece spki; | 477 QuicStringPiece spki; |
| 479 if (!asn1::ExtractSPKIFromDERCert(cert, &spki)) { | 478 if (!asn1::ExtractSPKIFromDERCert(cert, &spki)) { |
| 480 DLOG(WARNING) << "ExtractSPKIFromDERCert failed"; | 479 DLOG(WARNING) << "ExtractSPKIFromDERCert failed"; |
| 481 return false; | 480 return false; |
| 482 } | 481 } |
| 483 | 482 |
| 484 crypto::SignatureVerifier verifier; | 483 crypto::SignatureVerifier verifier; |
| 485 | 484 |
| 486 size_t size_bits; | 485 size_t size_bits; |
| 487 X509Certificate::PublicKeyType type; | 486 X509Certificate::PublicKeyType type; |
| 488 X509Certificate::GetPublicKeyInfo(cert_->os_cert_handle(), &size_bits, &type); | 487 X509Certificate::GetPublicKeyInfo(cert_->os_cert_handle(), &size_bits, &type); |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 549 } | 548 } |
| 550 | 549 |
| 551 ProofVerifierChromium::~ProofVerifierChromium() { | 550 ProofVerifierChromium::~ProofVerifierChromium() { |
| 552 } | 551 } |
| 553 | 552 |
| 554 QuicAsyncStatus ProofVerifierChromium::VerifyProof( | 553 QuicAsyncStatus ProofVerifierChromium::VerifyProof( |
| 555 const std::string& hostname, | 554 const std::string& hostname, |
| 556 const uint16_t port, | 555 const uint16_t port, |
| 557 const std::string& server_config, | 556 const std::string& server_config, |
| 558 QuicVersion quic_version, | 557 QuicVersion quic_version, |
| 559 base::StringPiece chlo_hash, | 558 QuicStringPiece chlo_hash, |
| 560 const std::vector<std::string>& certs, | 559 const std::vector<std::string>& certs, |
| 561 const std::string& cert_sct, | 560 const std::string& cert_sct, |
| 562 const std::string& signature, | 561 const std::string& signature, |
| 563 const ProofVerifyContext* verify_context, | 562 const ProofVerifyContext* verify_context, |
| 564 std::string* error_details, | 563 std::string* error_details, |
| 565 std::unique_ptr<ProofVerifyDetails>* verify_details, | 564 std::unique_ptr<ProofVerifyDetails>* verify_details, |
| 566 std::unique_ptr<ProofVerifierCallback> callback) { | 565 std::unique_ptr<ProofVerifierCallback> callback) { |
| 567 if (!verify_context) { | 566 if (!verify_context) { |
| 568 *error_details = "Missing context"; | 567 *error_details = "Missing context"; |
| 569 return QUIC_FAILURE; | 568 return QUIC_FAILURE; |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 608 active_jobs_[job_ptr] = std::move(job); | 607 active_jobs_[job_ptr] = std::move(job); |
| 609 } | 608 } |
| 610 return status; | 609 return status; |
| 611 } | 610 } |
| 612 | 611 |
| 613 void ProofVerifierChromium::OnJobComplete(Job* job) { | 612 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 614 active_jobs_.erase(job); | 613 active_jobs_.erase(job); |
| 615 } | 614 } |
| 616 | 615 |
| 617 } // namespace net | 616 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2740453006:
Add QuicStringPiece which is actually StringPiece. (Closed)
