| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 117 DLOG(DFATAL) << *error_details; | 117 DLOG(DFATAL) << *error_details; |
| 118 return QUIC_FAILURE; | 118 return QUIC_FAILURE; |
| 119 } | 119 } |
| 120 | 120 |
| 121 verify_details_.reset(new ProofVerifyDetailsChromium); | 121 verify_details_.reset(new ProofVerifyDetailsChromium); |
| 122 | 122 |
| 123 if (certs.empty()) { | 123 if (certs.empty()) { |
| 124 *error_details = "Failed to create certificate chain. Certs are empty."; | 124 *error_details = "Failed to create certificate chain. Certs are empty."; |
| 125 DLOG(WARNING) << *error_details; | 125 DLOG(WARNING) << *error_details; |
| 126 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 126 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 127 verify_details->reset(verify_details_.release()); | 127 *verify_details = verify_details_.Pass(); |
| 128 return QUIC_FAILURE; | 128 return QUIC_FAILURE; |
| 129 } | 129 } |
| 130 | 130 |
| 131 // Convert certs to X509Certificate. | 131 // Convert certs to X509Certificate. |
| 132 vector<StringPiece> cert_pieces(certs.size()); | 132 vector<StringPiece> cert_pieces(certs.size()); |
| 133 for (unsigned i = 0; i < certs.size(); i++) { | 133 for (unsigned i = 0; i < certs.size(); i++) { |
| 134 cert_pieces[i] = base::StringPiece(certs[i]); | 134 cert_pieces[i] = base::StringPiece(certs[i]); |
| 135 } | 135 } |
| 136 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); | 136 cert_ = X509Certificate::CreateFromDERCertChain(cert_pieces); |
| 137 if (!cert_.get()) { | 137 if (!cert_.get()) { |
| 138 *error_details = "Failed to create certificate chain"; | 138 *error_details = "Failed to create certificate chain"; |
| 139 DLOG(WARNING) << *error_details; | 139 DLOG(WARNING) << *error_details; |
| 140 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 140 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 141 verify_details->reset(verify_details_.release()); | 141 *verify_details = verify_details_.Pass(); |
| 142 return QUIC_FAILURE; | 142 return QUIC_FAILURE; |
| 143 } | 143 } |
| 144 | 144 |
| 145 // We call VerifySignature first to avoid copying of server_config and | 145 // We call VerifySignature first to avoid copying of server_config and |
| 146 // signature. | 146 // signature. |
| 147 if (!VerifySignature(server_config, signature, certs[0])) { | 147 if (!VerifySignature(server_config, signature, certs[0])) { |
| 148 *error_details = "Failed to verify signature of server config"; | 148 *error_details = "Failed to verify signature of server config"; |
| 149 DLOG(WARNING) << *error_details; | 149 DLOG(WARNING) << *error_details; |
| 150 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; | 150 verify_details_->cert_verify_result.cert_status = CERT_STATUS_INVALID; |
| 151 verify_details->reset(verify_details_.release()); | 151 *verify_details = verify_details_.Pass(); |
| 152 return QUIC_FAILURE; | 152 return QUIC_FAILURE; |
| 153 } | 153 } |
| 154 | 154 |
| 155 hostname_ = hostname; | 155 hostname_ = hostname; |
| 156 | 156 |
| 157 next_state_ = STATE_VERIFY_CERT; | 157 next_state_ = STATE_VERIFY_CERT; |
| 158 switch (DoLoop(OK)) { | 158 switch (DoLoop(OK)) { |
| 159 case OK: | 159 case OK: |
| 160 verify_details->reset(verify_details_.release()); | 160 *verify_details = verify_details_.Pass(); |
| 161 return QUIC_SUCCESS; | 161 return QUIC_SUCCESS; |
| 162 case ERR_IO_PENDING: | 162 case ERR_IO_PENDING: |
| 163 callback_.reset(callback); | 163 callback_.reset(callback); |
| 164 return QUIC_PENDING; | 164 return QUIC_PENDING; |
| 165 default: | 165 default: |
| 166 *error_details = error_details_; | 166 *error_details = error_details_; |
| 167 verify_details->reset(verify_details_.release()); | 167 *verify_details = verify_details_.Pass(); |
| 168 return QUIC_FAILURE; | 168 return QUIC_FAILURE; |
| 169 } | 169 } |
| 170 } | 170 } |
| 171 | 171 |
| 172 int ProofVerifierChromium::Job::DoLoop(int last_result) { | 172 int ProofVerifierChromium::Job::DoLoop(int last_result) { |
| 173 int rv = last_result; | 173 int rv = last_result; |
| 174 do { | 174 do { |
| 175 State state = next_state_; | 175 State state = next_state_; |
| 176 next_state_ = STATE_NONE; | 176 next_state_ = STATE_NONE; |
| 177 switch (state) { | 177 switch (state) { |
| (...skipping 10 matching lines...) Expand all Loading... |
| 188 LOG(DFATAL) << "unexpected state " << state; | 188 LOG(DFATAL) << "unexpected state " << state; |
| 189 break; | 189 break; |
| 190 } | 190 } |
| 191 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); | 191 } while (rv != ERR_IO_PENDING && next_state_ != STATE_NONE); |
| 192 return rv; | 192 return rv; |
| 193 } | 193 } |
| 194 | 194 |
| 195 void ProofVerifierChromium::Job::OnIOComplete(int result) { | 195 void ProofVerifierChromium::Job::OnIOComplete(int result) { |
| 196 int rv = DoLoop(result); | 196 int rv = DoLoop(result); |
| 197 if (rv != ERR_IO_PENDING) { | 197 if (rv != ERR_IO_PENDING) { |
| 198 scoped_ptr<ProofVerifierCallback> callback(callback_.release()); | 198 scoped_ptr<ProofVerifierCallback> callback(callback_.Pass()); |
| 199 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium. | 199 // Callback expects ProofVerifyDetails not ProofVerifyDetailsChromium. |
| 200 scoped_ptr<ProofVerifyDetails> verify_details(verify_details_.release()); | 200 scoped_ptr<ProofVerifyDetails> verify_details(verify_details_.Pass()); |
| 201 callback->Run(rv == OK, error_details_, &verify_details); | 201 callback->Run(rv == OK, error_details_, &verify_details); |
| 202 // Will delete |this|. | 202 // Will delete |this|. |
| 203 proof_verifier_->OnJobComplete(this); | 203 proof_verifier_->OnJobComplete(this); |
| 204 } | 204 } |
| 205 } | 205 } |
| 206 | 206 |
| 207 int ProofVerifierChromium::Job::DoVerifyCert(int result) { | 207 int ProofVerifierChromium::Job::DoVerifyCert(int result) { |
| 208 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 208 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
| 209 | 209 |
| 210 int flags = 0; | 210 int flags = 0; |
| 211 return verifier_->Verify( | 211 return verifier_->Verify( |
| 212 cert_.get(), | 212 cert_.get(), |
| 213 hostname_, | 213 hostname_, |
| 214 flags, | 214 flags, |
| 215 SSLConfigService::GetCRLSet().get(), | 215 SSLConfigService::GetCRLSet().get(), |
| 216 &verify_details_->cert_verify_result, | 216 &verify_details_->cert_verify_result, |
| 217 base::Bind(&ProofVerifierChromium::Job::OnIOComplete, | 217 base::Bind(&ProofVerifierChromium::Job::OnIOComplete, |
| 218 base::Unretained(this)), | 218 base::Unretained(this)), |
| 219 net_log_); | 219 net_log_); |
| 220 } | 220 } |
| 221 | 221 |
| 222 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 222 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
| 223 verifier_.reset(); | 223 verifier_.reset(); |
| 224 | 224 |
| 225 if (result <= ERR_FAILED) { | 225 if (result != OK) { |
| 226 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 226 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
| 227 ErrorToString(result)); | 227 ErrorToString(result)); |
| 228 DLOG(WARNING) << error_details_; | 228 DLOG(WARNING) << error_details_; |
| 229 result = ERR_FAILED; | |
| 230 } | 229 } |
| 231 | 230 |
| 232 // Exit DoLoop and return the result to the caller to VerifyProof. | 231 // Exit DoLoop and return the result to the caller to VerifyProof. |
| 233 DCHECK_EQ(STATE_NONE, next_state_); | 232 DCHECK_EQ(STATE_NONE, next_state_); |
| 234 return result; | 233 return result; |
| 235 } | 234 } |
| 236 | 235 |
| 237 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, | 236 bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, |
| 238 const string& signature, | 237 const string& signature, |
| 239 const string& cert) { | 238 const string& cert) { |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 } | 340 } |
| 342 return status; | 341 return status; |
| 343 } | 342 } |
| 344 | 343 |
| 345 void ProofVerifierChromium::OnJobComplete(Job* job) { | 344 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 346 active_jobs_.erase(job); | 345 active_jobs_.erase(job); |
| 347 delete job; | 346 delete job; |
| 348 } | 347 } |
| 349 | 348 |
| 350 } // namespace net | 349 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 346323002:
net: Implement ChannelIDSourceChromium, which is based on Chromium's (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/