| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <unordered_set> | 8 #include <unordered_set> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 484 } | 484 } |
| 485 | 485 |
| 486 bool CertPathBuilder::Result::HasValidPath() const { | 486 bool CertPathBuilder::Result::HasValidPath() const { |
| 487 return GetBestValidPath() != nullptr; | 487 return GetBestValidPath() != nullptr; |
| 488 } | 488 } |
| 489 | 489 |
| 490 CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert, | 490 CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert, |
| 491 const TrustStore* trust_store, | 491 const TrustStore* trust_store, |
| 492 const SignaturePolicy* signature_policy, | 492 const SignaturePolicy* signature_policy, |
| 493 const der::GeneralizedTime& time, | 493 const der::GeneralizedTime& time, |
| 494 KeyPurpose key_purpose, |
| 494 Result* result) | 495 Result* result) |
| 495 : cert_path_iter_(new CertPathIter(std::move(cert), trust_store)), | 496 : cert_path_iter_(new CertPathIter(std::move(cert), trust_store)), |
| 496 signature_policy_(signature_policy), | 497 signature_policy_(signature_policy), |
| 497 time_(time), | 498 time_(time), |
| 499 key_purpose_(key_purpose), |
| 498 next_state_(STATE_NONE), | 500 next_state_(STATE_NONE), |
| 499 out_result_(result) {} | 501 out_result_(result) {} |
| 500 | 502 |
| 501 CertPathBuilder::~CertPathBuilder() {} | 503 CertPathBuilder::~CertPathBuilder() {} |
| 502 | 504 |
| 503 void CertPathBuilder::AddCertIssuerSource( | 505 void CertPathBuilder::AddCertIssuerSource( |
| 504 CertIssuerSource* cert_issuer_source) { | 506 CertIssuerSource* cert_issuer_source) { |
| 505 cert_path_iter_->AddCertIssuerSource(cert_issuer_source); | 507 cert_path_iter_->AddCertIssuerSource(cert_issuer_source); |
| 506 } | 508 } |
| 507 | 509 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 534 | 536 |
| 535 void CertPathBuilder::DoGetNextPathComplete() { | 537 void CertPathBuilder::DoGetNextPathComplete() { |
| 536 if (next_path_.IsEmpty()) { | 538 if (next_path_.IsEmpty()) { |
| 537 // No more paths to check, signal completion. | 539 // No more paths to check, signal completion. |
| 538 next_state_ = STATE_NONE; | 540 next_state_ = STATE_NONE; |
| 539 return; | 541 return; |
| 540 } | 542 } |
| 541 | 543 |
| 542 // Verify the entire certificate chain. | 544 // Verify the entire certificate chain. |
| 543 auto result_path = base::MakeUnique<ResultPath>(); | 545 auto result_path = base::MakeUnique<ResultPath>(); |
| 544 bool verify_result = | 546 bool verify_result = VerifyCertificateChain( |
| 545 VerifyCertificateChain(next_path_.certs, next_path_.trust_anchor.get(), | 547 next_path_.certs, next_path_.trust_anchor.get(), signature_policy_, time_, |
| 546 signature_policy_, time_, &result_path->errors); | 548 key_purpose_, &result_path->errors); |
| 547 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " | 549 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " |
| 548 << verify_result; | 550 << verify_result; |
| 549 result_path->path = next_path_; | 551 result_path->path = next_path_; |
| 550 DCHECK_EQ(verify_result, !result_path->errors.ContainsHighSeverityErrors()); | 552 DCHECK_EQ(verify_result, !result_path->errors.ContainsHighSeverityErrors()); |
| 551 AddResultPath(std::move(result_path)); | 553 AddResultPath(std::move(result_path)); |
| 552 | 554 |
| 553 if (verify_result) { | 555 if (verify_result) { |
| 554 // Found a valid path, return immediately. | 556 // Found a valid path, return immediately. |
| 555 // TODO(mattm): add debug/test mode that tries all possible paths. | 557 // TODO(mattm): add debug/test mode that tries all possible paths. |
| 556 next_state_ = STATE_NONE; | 558 next_state_ = STATE_NONE; |
| 557 return; | 559 return; |
| 558 } | 560 } |
| 559 | 561 |
| 560 // Path did not verify. Try more paths. If there are no more paths, the result | 562 // Path did not verify. Try more paths. If there are no more paths, the result |
| 561 // will be returned next time DoGetNextPathComplete is called with next_path_ | 563 // will be returned next time DoGetNextPathComplete is called with next_path_ |
| 562 // empty. | 564 // empty. |
| 563 next_state_ = STATE_GET_NEXT_PATH; | 565 next_state_ = STATE_GET_NEXT_PATH; |
| 564 } | 566 } |
| 565 | 567 |
| 566 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { | 568 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { |
| 567 // TODO(mattm): set best_result_index based on number or severity of errors. | 569 // TODO(mattm): set best_result_index based on number or severity of errors. |
| 568 if (result_path->IsValid()) | 570 if (result_path->IsValid()) |
| 569 out_result_->best_result_index = out_result_->paths.size(); | 571 out_result_->best_result_index = out_result_->paths.size(); |
| 570 // TODO(mattm): add flag to only return a single path or all attempted paths? | 572 // TODO(mattm): add flag to only return a single path or all attempted paths? |
| 571 out_result_->paths.push_back(std::move(result_path)); | 573 out_result_->paths.push_back(std::move(result_path)); |
| 572 } | 574 } |
| 573 | 575 |
| 574 } // namespace net | 576 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2800993002:
Add a key purpose parameter to Certificate PathBuilder. (Closed)
