OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/internal/path_builder.h" | 5 #include "net/cert/internal/path_builder.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <unordered_set> | 8 #include <unordered_set> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 586 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
597 | 597 |
598 void CertPathBuilder::DoGetNextPathComplete() { | 598 void CertPathBuilder::DoGetNextPathComplete() { |
599 if (next_path_.IsEmpty()) { | 599 if (next_path_.IsEmpty()) { |
600 // No more paths to check, signal completion. | 600 // No more paths to check, signal completion. |
601 next_state_ = STATE_NONE; | 601 next_state_ = STATE_NONE; |
602 return; | 602 return; |
603 } | 603 } |
604 | 604 |
605 // Verify the entire certificate chain. | 605 // Verify the entire certificate chain. |
606 auto result_path = base::MakeUnique<ResultPath>(); | 606 auto result_path = base::MakeUnique<ResultPath>(); |
607 VerifyCertificateChain(next_path_.certs, next_path_.last_cert_trust, | 607 // TODO(eroman): don't pass placeholder for policy. |
608 signature_policy_, time_, key_purpose_, | 608 VerifyCertificateChain( |
609 &result_path->errors); | 609 next_path_.certs, next_path_.last_cert_trust, signature_policy_, time_, |
| 610 key_purpose_, InitialExplicitPolicy::kFalse, {AnyPolicy()}, |
| 611 InitialPolicyMappingInhibit::kFalse, InitialAnyPolicyInhibit::kFalse, |
| 612 nullptr /*user_constrained_policy_set*/, &result_path->errors); |
610 bool verify_result = !result_path->errors.ContainsHighSeverityErrors(); | 613 bool verify_result = !result_path->errors.ContainsHighSeverityErrors(); |
611 | 614 |
612 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " | 615 DVLOG(1) << "CertPathBuilder VerifyCertificateChain result = " |
613 << verify_result << "\n" | 616 << verify_result << "\n" |
614 << result_path->errors.ToDebugString(next_path_.certs); | 617 << result_path->errors.ToDebugString(next_path_.certs); |
615 result_path->path = next_path_; | 618 result_path->path = next_path_; |
616 AddResultPath(std::move(result_path)); | 619 AddResultPath(std::move(result_path)); |
617 | 620 |
618 if (verify_result) { | 621 if (verify_result) { |
619 // Found a valid path, return immediately. | 622 // Found a valid path, return immediately. |
(...skipping 10 matching lines...) Expand all Loading... |
630 | 633 |
631 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { | 634 void CertPathBuilder::AddResultPath(std::unique_ptr<ResultPath> result_path) { |
632 // TODO(mattm): set best_result_index based on number or severity of errors. | 635 // TODO(mattm): set best_result_index based on number or severity of errors. |
633 if (result_path->IsValid()) | 636 if (result_path->IsValid()) |
634 out_result_->best_result_index = out_result_->paths.size(); | 637 out_result_->best_result_index = out_result_->paths.size(); |
635 // TODO(mattm): add flag to only return a single path or all attempted paths? | 638 // TODO(mattm): add flag to only return a single path or all attempted paths? |
636 out_result_->paths.push_back(std::move(result_path)); | 639 out_result_->paths.push_back(std::move(result_path)); |
637 } | 640 } |
638 | 641 |
639 } // namespace net | 642 } // namespace net |
OLD | NEW |