OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <unordered_set> | 8 #include <unordered_set> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 441 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
452 // Exhausted all paths. | 452 // Exhausted all paths. |
453 next_state_ = STATE_NONE; | 453 next_state_ = STATE_NONE; |
454 } else { | 454 } else { |
455 // Continue exploring issuers of the previous path. | 455 // Continue exploring issuers of the previous path. |
456 next_state_ = STATE_GET_NEXT_ISSUER; | 456 next_state_ = STATE_GET_NEXT_ISSUER; |
457 } | 457 } |
458 } | 458 } |
459 | 459 |
460 CertPathBuilder::ResultPath::ResultPath() = default; | 460 CertPathBuilder::ResultPath::ResultPath() = default; |
461 CertPathBuilder::ResultPath::~ResultPath() = default; | 461 CertPathBuilder::ResultPath::~ResultPath() = default; |
| 462 |
| 463 bool CertPathBuilder::ResultPath::IsValid() const { |
| 464 return !path.certs.empty() && path.trust_anchor && |
| 465 !errors.ContainsHighSeverityErrors(); |
| 466 } |
| 467 |
462 CertPathBuilder::Result::Result() = default; | 468 CertPathBuilder::Result::Result() = default; |
463 CertPathBuilder::Result::~Result() = default; | 469 CertPathBuilder::Result::~Result() = default; |
464 | 470 |
465 const CertPathBuilder::ResultPath* CertPathBuilder::Result::GetBestValidPath() | 471 const CertPathBuilder::ResultPath* CertPathBuilder::Result::GetBestValidPath() |
466 const { | 472 const { |
467 DCHECK((paths.empty() && best_result_index == 0) || | 473 DCHECK((paths.empty() && best_result_index == 0) || |
468 best_result_index < paths.size()); | 474 best_result_index < paths.size()); |
469 | 475 |
470 if (best_result_index >= paths.size()) | 476 if (best_result_index >= paths.size()) |
471 return nullptr; | 477 return nullptr; |
472 | 478 |
473 const ResultPath* result_path = paths[best_result_index].get(); | 479 const ResultPath* result_path = paths[best_result_index].get(); |
474 if (result_path->valid) | 480 if (result_path->IsValid()) |
475 return result_path; | 481 return result_path; |
476 | 482 |
477 return nullptr; | 483 return nullptr; |
478 } | 484 } |
479 | 485 |
480 bool CertPathBuilder::Result::HasValidPath() const { | 486 bool CertPathBuilder::Result::HasValidPath() const { |
481 return GetBestValidPath() != nullptr; | 487 return GetBestValidPath() != nullptr; |
482 } | 488 } |
483 | 489 |
484 CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert, | 490 CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert, |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
532 next_state_ = STATE_NONE; | 538 next_state_ = STATE_NONE; |
533 return; | 539 return; |
534 } | 540 } |
535 | 541 |
536 // Verify the entire certificate chain. | 542 // Verify the entire certificate chain. |
537 auto result_path = base::MakeUnique<ResultPath>(); | 543 auto result_path = base::MakeUnique<ResultPath>(); |
538 bool verify_result = | 544 bool verify_result = |
539 VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(), | 545 VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(), |
540 signature_policy_, time_, &result_path->errors); | 546 signature_policy_, time_, &result_path->errors); |
541 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " | 547 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " |
542 << result_path->valid; | 548 << verify_result; |
543 result_path->path = next_path_; | 549 result_path->path = next_path_; |
544 result_path->valid = verify_result; | 550 DCHECK_EQ(verify_result, !result_path->errors.ContainsHighSeverityErrors()); |
545 AddResultPath(std::move(result_path)); | 551 AddResultPath(std::move(result_path)); |
546 | 552 |
547 if (verify_result) { | 553 if (verify_result) { |
548 // Found a valid path, return immediately. | 554 // Found a valid path, return immediately. |
549 // TODO(mattm): add debug/test mode that tries all possible paths. | 555 // TODO(mattm): add debug/test mode that tries all possible paths. |
550 next_state_ = STATE_NONE; | 556 next_state_ = STATE_NONE; |
551 return; | 557 return; |
552 } | 558 } |
553 | 559 |
554 // Path did not verify. Try more paths. If there are no more paths, the result | 560 // Path did not verify. Try more paths. If there are no more paths, the result |
555 // will be returned next time DoGetNextPathComplete is called with next_path_ | 561 // will be returned next time DoGetNextPathComplete is called with next_path_ |
556 // empty. | 562 // empty. |
557 next_state_ = STATE_GET_NEXT_PATH; | 563 next_state_ = STATE_GET_NEXT_PATH; |
558 } | 564 } |
559 | 565 |
560 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { | 566 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { |
561 // TODO(mattm): set best_result_index based on number or severity of errors. | 567 // TODO(mattm): set best_result_index based on number or severity of errors. |
562 if (result_path->valid) | 568 if (result_path->IsValid()) |
563 out_result_->best_result_index = out_result_->paths.size(); | 569 out_result_->best_result_index = out_result_->paths.size(); |
564 // TODO(mattm): add flag to only return a single path or all attempted paths? | 570 // TODO(mattm): add flag to only return a single path or all attempted paths? |
565 out_result_->paths.push_back(std::move(result_path)); | 571 out_result_->paths.push_back(std::move(result_path)); |
566 } | 572 } |
567 | 573 |
568 } // namespace net | 574 } // namespace net |
OLD | NEW |