OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 DLOG(DFATAL) << *error_details; | 117 DLOG(DFATAL) << *error_details; |
118 return QUIC_FAILURE; | 118 return QUIC_FAILURE; |
119 } | 119 } |
120 | 120 |
121 verify_details_.reset(new ProofVerifyDetailsChromium); | 121 verify_details_.reset(new ProofVerifyDetailsChromium); |
122 | 122 |
123 if (certs.empty()) { | 123 if (certs.empty()) { |
124 *error_details = "Failed to create certificate chain. Certs are empty."; | 124 *error_details = "Failed to create certificate chain. Certs are empty."; |
125 DLOG(WARNING) << *error_details; | 125 DLOG(WARNING) << *error_details; |
126 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 126 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
127 verify_details->reset(verify_details_.release()); | 127 *verify_details = verify_details_.Pass(); |
128 return QUIC_FAILURE; | 128 return QUIC_FAILURE; |
129 } | 129 } |
130 | 130 |
131 // Convert certs to X509Certificate. | 131 // Convert certs to X509Certificate. |
132 vector<StringPiece> cert_pieces(certs.size()); | 132 vector<StringPiece> cert_pieces(certs.size()); |
133 for (unsigned i = 0; i < certs.size(); i++) { | 133 for (unsigned i = 0; i < certs.size(); i++) { |
134 cert_pieces[i] = base::StringPiece(certs[i]); | 134 cert_pieces[i] = base::StringPiece(certs[i]); |
135 } | 135 } |
136 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); | 136 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); |
137 if (!cert_.get()) { | 137 if (!cert_.get()) { |
138 *error_details = "Failed to create certificate chain"; | 138 *error_details = "Failed to create certificate chain"; |
139 DLOG(WARNING) << *error_details; | 139 DLOG(WARNING) << *error_details; |
140 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 140 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
141 verify_details->reset(verify_details_.release()); | 141 *verify_details = verify_details_.Pass(); |
142 return QUIC_FAILURE; | 142 return QUIC_FAILURE; |
143 } | 143 } |
144 | 144 |
145 // We call VerifySignature first to avoid copying of server_config and | 145 // We call VerifySignature first to avoid copying of server_config and |
146 // signature. | 146 // signature. |
147 if (!VerifySignature(server_config, signature, certs[0])) { | 147 if (!VerifySignature(server_config, signature, certs[0])) { |
148 *error_details = "Failed to verify signature of server config"; | 148 *error_details = "Failed to verify signature of server config"; |
149 DLOG(WARNING) << *error_details; | 149 DLOG(WARNING) << *error_details; |
150 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 150 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
151 verify_details->reset(verify_details_.release()); | 151 *verify_details = verify_details_.Pass(); |
152 return QUIC_FAILURE; | 152 return QUIC_FAILURE; |
153 } | 153 } |
154 | 154 |
155 hostname_ = hostname; | 155 hostname_ = hostname; |
156 | 156 |
157 next_state_ = STATE_VERIFY_CERT; | 157 next_state_ = STATE_VERIFY_CERT; |
158 switch (DoLoop(OK)) { | 158 switch (DoLoop(OK)) { |
159 case OK: | 159 case OK: |
160 verify_details->reset(verify_details_.release()); | 160 *verify_details = verify_details_.Pass(); |
161 return QUIC_SUCCESS; | 161 return QUIC_SUCCESS; |
162 case ERR_IO_PENDING: | 162 case ERR_IO_PENDING: |
163 callback_.reset(callback); | 163 callback_.reset(callback); |
164 return QUIC_PENDING; | 164 return QUIC_PENDING; |
165 default: | 165 default: |
166 *error_details = error_details_; | 166 *error_details = error_details_; |
167 verify_details->reset(verify_details_.release()); | 167 *verify_details = verify_details_.Pass(); |
168 return QUIC_FAILURE; | 168 return QUIC_FAILURE; |
169 } | 169 } |
170 } | 170 } |
171 | 171 |
172 int ProofVerifierChromium::Job::DoLoop(int last_result) { | 172 int ProofVerifierChromium::Job::DoLoop(int last_result) { |
173 int rv = last_result; | 173 int rv = last_result; |
174 do { | 174 do { |
175 State state = next_state_; | 175 State state = next_state_; |
176 next_state_ = STATE_NONE; | 176 next_state_ = STATE_NONE; |
177 switch (state) { | 177 switch (state) { |
(...skipping 10 matching lines...) Expand all Loading... |
188 LOG(DFATAL) << "unexpected state " << state; | 188 LOG(DFATAL) << "unexpected state " << state; |
189 break; | 189 break; |
190 } | 190 } |
191 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); | 191 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); |
192 return rv; | 192 return rv; |
193 } | 193 } |
194 | 194 |
195 void ProofVerifierChromium::Job::OnIOComplete(int result) { | 195 void ProofVerifierChromium::Job::OnIOComplete(int result) { |
196 int rv = DoLoop(result); | 196 int rv = DoLoop(result); |
197 if (rv != ERR_IO_PENDING) { | 197 if (rv != ERR_IO_PENDING) { |
198 scoped_ptr<ProofVerifierCallback> callback(callback_.release()); | 198 scoped_ptr<ProofVerifierCallback> callback(callback_.Pass()); |
199 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium. | 199 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium. |
200 scoped_ptr<ProofVerifyDetails> verify_details(verify_details_.release()); | 200 scoped_ptr<ProofVerifyDetails> verify_details(verify_details_.Pass()); |
201 callback->Run(rv == OK, error_details_, &verify_details); | 201 callback->Run(rv == OK, error_details_, &verify_details); |
202 // Will delete |this|. | 202 // Will delete |this|. |
203 proof_verifier_->OnJobComplete(this); | 203 proof_verifier_->OnJobComplete(this); |
204 } | 204 } |
205 } | 205 } |
206 | 206 |
207 int ProofVerifierChromium::Job::DoVerifyCert(int result) { | 207 int ProofVerifierChromium::Job::DoVerifyCert(int result) { |
208 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 208 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
209 | 209 |
210 int flags = 0; | 210 int flags = 0; |
211 return verifier_->Verify( | 211 return verifier_->Verify( |
212 cert_.get(), | 212 cert_.get(), |
213 hostname_, | 213 hostname_, |
214 flags, | 214 flags, |
215 SSLConfigService::GetCRLSet().get(), | 215 SSLConfigService::GetCRLSet().get(), |
216 &verify_details_->cert_verify_result, | 216 &verify_details_->cert_verify_result, |
217 base::Bind(&ProofVerifierChromium::Job::OnIOComplete, | 217 base::Bind(&ProofVerifierChromium::Job::OnIOComplete, |
218 base::Unretained(this)), | 218 base::Unretained(this)), |
219 net_log_); | 219 net_log_); |
220 } | 220 } |
221 | 221 |
222 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 222 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
223 verifier_.reset(); | 223 verifier_.reset(); |
224 | 224 |
225 if (result <= ERR_FAILED) { | 225 if (result != OK) { |
226 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 226 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
227 ErrorToString(result)); | 227 ErrorToString(result)); |
228 DLOG(WARNING) << error_details_; | 228 DLOG(WARNING) << error_details_; |
229 result = ERR_FAILED; | |
230 } | 229 } |
231 | 230 |
232 // Exit DoLoop and return the result to the caller to VerifyProof. | 231 // Exit DoLoop and return the result to the caller to VerifyProof. |
233 DCHECK_EQ(STATE_NONE, next_state_); | 232 DCHECK_EQ(STATE_NONE, next_state_); |
234 return result; | 233 return result; |
235 } | 234 } |
236 | 235 |
237 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, | 236 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, |
238 const string& signature, | 237 const string& signature, |
239 const string& cert) { | 238 const string& cert) { |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
341 } | 340 } |
342 return status; | 341 return status; |
343 } | 342 } |
344 | 343 |
345 void ProofVerifierChromium::OnJobComplete(Job* job) { | 344 void ProofVerifierChromium::OnJobComplete(Job* job) { |
346 active_jobs_.erase(job); | 345 active_jobs_.erase(job); |
347 delete job; | 346 delete job; |
348 } | 347 } |
349 | 348 |
350 } // namespace net | 349 } // namespace net |
OLD | NEW |