Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(838)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain.cc

Issue 2755483008: Add initial CertVerifyProcBuiltin. (Closed)
Patch Set: type notimplemented properly Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/verify_certificate_chain.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
11 #include "net/cert/internal/cert_error_params.h" 11 #include "net/cert/internal/cert_error_params.h"
12 #include "net/cert/internal/cert_error_scoper.h" 12 #include "net/cert/internal/cert_error_scoper.h"
13 #include "net/cert/internal/cert_errors.h" 13 #include "net/cert/internal/cert_errors.h"
14 #include "net/cert/internal/name_constraints.h" 14 #include "net/cert/internal/name_constraints.h"
15 #include "net/cert/internal/parse_certificate.h" 15 #include "net/cert/internal/parse_certificate.h"
16 #include "net/cert/internal/signature_algorithm.h" 16 #include "net/cert/internal/signature_algorithm.h"
17 #include "net/cert/internal/signature_policy.h" 17 #include "net/cert/internal/signature_policy.h"
18 #include "net/cert/internal/trust_store.h" 18 #include "net/cert/internal/trust_store.h"
19 #include "net/cert/internal/verify_signed_data.h" 19 #include "net/cert/internal/verify_signed_data.h"
20 #include "net/der/input.h" 20 #include "net/der/input.h"
21 #include "net/der/parser.h" 21 #include "net/der/parser.h"
22 22
23 namespace net { 23 namespace net {
24 24
25 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
26 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
27
25 namespace { 28 namespace {
26 29
27 // ----------------------------------------------- 30 // -----------------------------------------------
28 // Errors/Warnings set by VerifyCertificateChain 31 // Errors/Warnings set by VerifyCertificateChain
29 // ----------------------------------------------- 32 // -----------------------------------------------
30 33
31 DEFINE_CERT_ERROR_ID( 34 DEFINE_CERT_ERROR_ID(
32 kSignatureAlgorithmMismatch, 35 kSignatureAlgorithmMismatch,
33 "Certificate.signatureAlgorithm != TBSCertificate.signature"); 36 "Certificate.signatureAlgorithm != TBSCertificate.signature");
34 DEFINE_CERT_ERROR_ID(kInvalidOrUnsupportedSignatureAlgorithm, 37 DEFINE_CERT_ERROR_ID(kInvalidOrUnsupportedSignatureAlgorithm,
35 "Invalid or unsupported signature algorithm"); 38 "Invalid or unsupported signature algorithm");
36 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty"); 39 DEFINE_CERT_ERROR_ID(kChainIsEmpty, "Chain is empty");
37 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension, 40 DEFINE_CERT_ERROR_ID(kUnconsumedCriticalExtension,
38 "Unconsumed critical extension"); 41 "Unconsumed critical extension");
39 DEFINE_CERT_ERROR_ID( 42 DEFINE_CERT_ERROR_ID(
40 kTargetCertInconsistentCaBits, 43 kTargetCertInconsistentCaBits,
41 "Target certificate looks like a CA but does not set all CA properties"); 44 "Target certificate looks like a CA but does not set all CA properties");
42 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set"); 45 DEFINE_CERT_ERROR_ID(kKeyCertSignBitNotSet, "keyCertSign bit is not set");
43 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached"); 46 DEFINE_CERT_ERROR_ID(kMaxPathLengthViolated, "max_path_length reached");
44 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa, 47 DEFINE_CERT_ERROR_ID(kBasicConstraintsIndicatesNotCa,
45 "Basic Constraints indicates not a CA"); 48 "Basic Constraints indicates not a CA");
46 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints, 49 DEFINE_CERT_ERROR_ID(kMissingBasicConstraints,
47 "Does not have Basic Constraints"); 50 "Does not have Basic Constraints");
48 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints, 51 DEFINE_CERT_ERROR_ID(kNotPermittedByNameConstraints,
49 "Not permitted by name constraints"); 52 "Not permitted by name constraints");
50 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer, 53 DEFINE_CERT_ERROR_ID(kSubjectDoesNotMatchIssuer,
51 "subject does not match issuer"); 54 "subject does not match issuer");
52 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed"); 55 DEFINE_CERT_ERROR_ID(kVerifySignedDataFailed, "VerifySignedData failed");
53 DEFINE_CERT_ERROR_ID(kValidityFailedNotAfter, "Time is after notAfter");
54 DEFINE_CERT_ERROR_ID(kValidityFailedNotBefore, "Time is before notBefore");
55 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding, 56 DEFINE_CERT_ERROR_ID(kSignatureAlgorithmsDifferentEncoding,
56 "Certificate.signatureAlgorithm is encoded differently " 57 "Certificate.signatureAlgorithm is encoded differently "
57 "than TBSCertificate.signature"); 58 "than TBSCertificate.signature");
58 59
59 DEFINE_CERT_ERROR_ID(kContextTrustAnchor, "Processing Trust Anchor"); 60 DEFINE_CERT_ERROR_ID(kContextTrustAnchor, "Processing Trust Anchor");
60 DEFINE_CERT_ERROR_ID(kContextCertificate, "Processing Certificate"); 61 DEFINE_CERT_ERROR_ID(kContextCertificate, "Processing Certificate");
61 62
62 // This class changes the error scope to indicate which certificate in the 63 // This class changes the error scope to indicate which certificate in the
63 // chain is currently being processed. 64 // chain is currently being processed.
64 class CertErrorScoperForCert : public CertErrorScoper { 65 class CertErrorScoperForCert : public CertErrorScoper {
(...skipping 541 matching lines...) Expand 10 before | Expand all | Expand 10 after
606 607
607 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: 608 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1:
608 // 609 //
609 // A certificate MUST NOT appear more than once in a prospective 610 // A certificate MUST NOT appear more than once in a prospective
610 // certification path. 611 // certification path.
611 612
612 return true; 613 return true;
613 } 614 }
614 615
615 } // namespace net 616 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/verify_certificate_chain.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698