Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(295)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/path_builder.cc

Issue 2898303005: Wire up certificate policies support in PathBuilder. (Closed)
Patch Set: remove extra space Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/internal/path_builder.h ('k') | net/cert/internal/path_builder_pkits_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 The Chromium Authors. All rights reserved. 1 // Copyright 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/path_builder.h" 5 #include "net/cert/internal/path_builder.h"
6 6
7 #include <set> 7 #include <set>
8 #include <unordered_set> 8 #include <unordered_set>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/memory/ptr_util.h" 11 #include "base/memory/ptr_util.h"
12 #include "net/base/net_errors.h" 12 #include "net/base/net_errors.h"
13 #include "net/cert/internal/cert_issuer_source.h" 13 #include "net/cert/internal/cert_issuer_source.h"
14 #include "net/cert/internal/certificate_policies.h"
14 #include "net/cert/internal/parse_certificate.h" 15 #include "net/cert/internal/parse_certificate.h"
15 #include "net/cert/internal/parse_name.h" // For CertDebugString. 16 #include "net/cert/internal/parse_name.h" // For CertDebugString.
16 #include "net/cert/internal/signature_policy.h" 17 #include "net/cert/internal/signature_policy.h"
17 #include "net/cert/internal/trust_store.h" 18 #include "net/cert/internal/trust_store.h"
18 #include "net/cert/internal/verify_certificate_chain.h" 19 #include "net/cert/internal/verify_certificate_chain.h"
19 #include "net/cert/internal/verify_name_match.h" 20 #include "net/cert/internal/verify_name_match.h"
20 #include "net/der/parser.h" 21 #include "net/der/parser.h"
21 #include "net/der/tag.h" 22 #include "net/der/tag.h"
22 23
23 namespace net { 24 namespace net {
(...skipping 513 matching lines...) Expand 10 before | Expand all | Expand 10 after
537 return result_path; 538 return result_path;
538 539
539 return nullptr; 540 return nullptr;
540 } 541 }
541 542
542 void CertPathBuilder::Result::Clear() { 543 void CertPathBuilder::Result::Clear() {
543 paths.clear(); 544 paths.clear();
544 best_result_index = 0; 545 best_result_index = 0;
545 } 546 }
546 547
547 CertPathBuilder::CertPathBuilder(scoped_refptr<ParsedCertificate> cert, 548 CertPathBuilder::CertPathBuilder(
548 TrustStore* trust_store, 549 scoped_refptr<ParsedCertificate> cert,
549 const SignaturePolicy* signature_policy, 550 TrustStore* trust_store,
550 const der::GeneralizedTime& time, 551 const SignaturePolicy* signature_policy,
551 KeyPurpose key_purpose, 552 const der::GeneralizedTime& time,
552 Result* result) 553 KeyPurpose key_purpose,
554 InitialExplicitPolicy initial_explicit_policy,
555 const std::set<der::Input>& user_initial_policy_set,
556 InitialPolicyMappingInhibit initial_policy_mapping_inhibit,
557 InitialAnyPolicyInhibit initial_any_policy_inhibit,
558 Result* result)
553 : cert_path_iter_(new CertPathIter(std::move(cert), trust_store)), 559 : cert_path_iter_(new CertPathIter(std::move(cert), trust_store)),
554 signature_policy_(signature_policy), 560 signature_policy_(signature_policy),
555 time_(time), 561 time_(time),
556 key_purpose_(key_purpose), 562 key_purpose_(key_purpose),
563 initial_explicit_policy_(initial_explicit_policy),
564 user_initial_policy_set_(user_initial_policy_set),
565 initial_policy_mapping_inhibit_(initial_policy_mapping_inhibit),
566 initial_any_policy_inhibit_(initial_any_policy_inhibit),
557 next_state_(STATE_NONE), 567 next_state_(STATE_NONE),
558 out_result_(result) { 568 out_result_(result) {
559 result->Clear(); 569 result->Clear();
560 // The TrustStore also implements the CertIssuerSource interface. 570 // The TrustStore also implements the CertIssuerSource interface.
561 AddCertIssuerSource(trust_store); 571 AddCertIssuerSource(trust_store);
562 } 572 }
563 573
564 CertPathBuilder::~CertPathBuilder() {} 574 CertPathBuilder::~CertPathBuilder() {}
565 575
566 void CertPathBuilder::AddCertIssuerSource( 576 void CertPathBuilder::AddCertIssuerSource(
(...skipping 30 matching lines...) Expand all
597 607
598 void CertPathBuilder::DoGetNextPathComplete() { 608 void CertPathBuilder::DoGetNextPathComplete() {
599 if (next_path_.IsEmpty()) { 609 if (next_path_.IsEmpty()) {
600 // No more paths to check, signal completion. 610 // No more paths to check, signal completion.
601 next_state_ = STATE_NONE; 611 next_state_ = STATE_NONE;
602 return; 612 return;
603 } 613 }
604 614
605 // Verify the entire certificate chain. 615 // Verify the entire certificate chain.
606 auto result_path = base::MakeUnique<ResultPath>(); 616 auto result_path = base::MakeUnique<ResultPath>();
607 // TODO(eroman): don't pass placeholder for policy.
608 VerifyCertificateChain( 617 VerifyCertificateChain(
609 next_path_.certs, next_path_.last_cert_trust, signature_policy_, time_, 618 next_path_.certs, next_path_.last_cert_trust, signature_policy_, time_,
610 key_purpose_, InitialExplicitPolicy::kFalse, {AnyPolicy()}, 619 key_purpose_, initial_explicit_policy_, user_initial_policy_set_,
611 InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse, 620 initial_policy_mapping_inhibit_, initial_any_policy_inhibit_,
612 nullptr /*user_constrained_policy_set*/, &result_path->errors); 621 &result_path->user_constrained_policy_set, &result_path->errors);
613 bool verify_result = !result_path->errors.ContainsHighSeverityErrors(); 622 bool verify_result = !result_path->errors.ContainsHighSeverityErrors();
614 623
615 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " 624 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = "
616 << verify_result << "\n" 625 << verify_result << "\n"
617 << result_path->errors.ToDebugString(next_path_.certs); 626 << result_path->errors.ToDebugString(next_path_.certs);
618 result_path->path = next_path_; 627 result_path->path = next_path_;
619 AddResultPath(std::move(result_path)); 628 AddResultPath(std::move(result_path));
620 629
621 if (verify_result) { 630 if (verify_result) {
622 // Found a valid path, return immediately. 631 // Found a valid path, return immediately.
(...skipping 10 matching lines...) Expand all
633 642
634 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { 643 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) {
635 // TODO(mattm): set best_result_index based on number or severity of errors. 644 // TODO(mattm): set best_result_index based on number or severity of errors.
636 if (result_path->IsValid()) 645 if (result_path->IsValid())
637 out_result_->best_result_index = out_result_->paths.size(); 646 out_result_->best_result_index = out_result_->paths.size();
638 // TODO(mattm): add flag to only return a single path or all attempted paths? 647 // TODO(mattm): add flag to only return a single path or all attempted paths?
639 out_result_->paths.push_back(std::move(result_path)); 648 out_result_->paths.push_back(std::move(result_path));
640 } 649 }
641 650
642 } // namespace net 651 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/internal/path_builder.h ('k') | net/cert/internal/path_builder_pkits_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698