OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/bind.h" | 9 #include "base/bind.h" |
10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
(...skipping 402 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
413 CERT_STATUS_CT_COMPLIANCE_FAILED; | 413 CERT_STATUS_CT_COMPLIANCE_FAILED; |
414 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; | 414 verify_details_->cert_verify_result.cert_status &= ~CERT_STATUS_IS_EV; |
415 } | 415 } |
416 } | 416 } |
417 | 417 |
418 verify_details_->ct_verify_result.cert_policy_compliance = | 418 verify_details_->ct_verify_result.cert_policy_compliance = |
419 policy_enforcer_->DoesConformToCertPolicy( | 419 policy_enforcer_->DoesConformToCertPolicy( |
420 cert_verify_result.verified_cert.get(), verified_scts, net_log_); | 420 cert_verify_result.verified_cert.get(), verified_scts, net_log_); |
421 | 421 |
422 int ct_result = OK; | 422 int ct_result = OK; |
423 if (verify_details_->ct_verify_result.cert_policy_compliance != | 423 if (!transport_security_state_->CheckCTRequirements( |
424 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && | 424 HostPortPair(hostname_, port_), |
425 verify_details_->ct_verify_result.cert_policy_compliance != | 425 cert_verify_result.is_issued_by_known_root, |
426 ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY && | 426 cert_verify_result.public_key_hashes, |
427 transport_security_state_->ShouldRequireCT( | 427 cert_verify_result.verified_cert.get(), cert_.get(), |
428 hostname_, cert_verify_result.verified_cert.get(), | 428 verify_details_->ct_verify_result.scts, |
429 cert_verify_result.public_key_hashes)) { | 429 TransportSecurityState::ENABLE_EXPECT_CT_REPORTS, |
| 430 verify_details_->ct_verify_result.cert_policy_compliance)) { |
430 verify_details_->cert_verify_result.cert_status |= | 431 verify_details_->cert_verify_result.cert_status |= |
431 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; | 432 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
432 ct_result = ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; | 433 ct_result = ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |
433 } | 434 } |
434 | 435 |
435 TransportSecurityState::PKPStatus pin_validity = | 436 TransportSecurityState::PKPStatus pin_validity = |
436 transport_security_state_->CheckPublicKeyPins( | 437 transport_security_state_->CheckPublicKeyPins( |
437 HostPortPair(hostname_, port_), | 438 HostPortPair(hostname_, port_), |
438 cert_verify_result.is_issued_by_known_root, | 439 cert_verify_result.is_issued_by_known_root, |
439 cert_verify_result.public_key_hashes, cert_.get(), | 440 cert_verify_result.public_key_hashes, cert_.get(), |
(...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
607 active_jobs_[job_ptr] = std::move(job); | 608 active_jobs_[job_ptr] = std::move(job); |
608 } | 609 } |
609 return status; | 610 return status; |
610 } | 611 } |
611 | 612 |
612 void ProofVerifierChromium::OnJobComplete(Job* job) { | 613 void ProofVerifierChromium::OnJobComplete(Job* job) { |
613 active_jobs_.erase(job); | 614 active_jobs_.erase(job); |
614 } | 615 } |
615 | 616 |
616 } // namespace net | 617 } // namespace net |
OLD | NEW |