| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_host_info.h" | 5 #include "net/socket/ssl_host_info.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
| 8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
| 9 #include "base/string_piece.h" | 9 #include "base/string_piece.h" |
| 10 #include "net/base/cert_verifier.h" | |
| 11 #include "net/base/ssl_config_service.h" | 10 #include "net/base/ssl_config_service.h" |
| 12 #include "net/base/x509_certificate.h" | 11 #include "net/base/x509_certificate.h" |
| 13 #include "net/socket/ssl_client_socket.h" | 12 #include "net/socket/ssl_client_socket.h" |
| 14 | 13 |
| 15 namespace net { | 14 namespace net { |
| 16 | 15 |
| 17 SSLHostInfo::State::State() | 16 SSLHostInfo::State::State() |
| 18 : npn_valid(false), | 17 : npn_valid(false), |
| 19 npn_status(SSLClientSocket::kNextProtoUnsupported) { | 18 npn_status(SSLClientSocket::kNextProtoUnsupported) { |
| 20 } | 19 } |
| 21 | 20 |
| 22 SSLHostInfo::State::~State() {} | 21 SSLHostInfo::State::~State() {} |
| 23 | 22 |
| 24 void SSLHostInfo::State::Clear() { | 23 void SSLHostInfo::State::Clear() { |
| 25 certs.clear(); | 24 certs.clear(); |
| 26 server_hello.clear(); | 25 server_hello.clear(); |
| 27 npn_valid = false; | 26 npn_valid = false; |
| 28 } | 27 } |
| 29 | 28 |
| 30 SSLHostInfo::SSLHostInfo( | 29 SSLHostInfo::SSLHostInfo( |
| 31 const std::string& hostname, | 30 const std::string& hostname, |
| 32 const SSLConfig& ssl_config) | 31 const SSLConfig& ssl_config, |
| 32 CertVerifier* cert_verifier) |
| 33 : cert_verification_complete_(false), | 33 : cert_verification_complete_(false), |
| 34 cert_verification_error_(ERR_CERT_INVALID), | 34 cert_verification_error_(ERR_CERT_INVALID), |
| 35 hostname_(hostname), | 35 hostname_(hostname), |
| 36 cert_parsing_failed_(false), | 36 cert_parsing_failed_(false), |
| 37 cert_verification_callback_(NULL), | 37 cert_verification_callback_(NULL), |
| 38 rev_checking_enabled_(ssl_config.rev_checking_enabled), | 38 rev_checking_enabled_(ssl_config.rev_checking_enabled), |
| 39 verify_ev_cert_(ssl_config.verify_ev_cert), | 39 verify_ev_cert_(ssl_config.verify_ev_cert), |
| 40 verifier_(cert_verifier), |
| 40 callback_(new CancelableCompletionCallback<SSLHostInfo>( | 41 callback_(new CancelableCompletionCallback<SSLHostInfo>( |
| 41 ALLOW_THIS_IN_INITIALIZER_LIST(this), | 42 ALLOW_THIS_IN_INITIALIZER_LIST(this), |
| 42 &SSLHostInfo::VerifyCallback)) { | 43 &SSLHostInfo::VerifyCallback)) { |
| 43 state_.npn_valid = false; | 44 state_.npn_valid = false; |
| 44 } | 45 } |
| 45 | 46 |
| 46 SSLHostInfo::~SSLHostInfo() {} | 47 SSLHostInfo::~SSLHostInfo() {} |
| 47 | 48 |
| 48 const SSLHostInfo::State& SSLHostInfo::state() const { | 49 const SSLHostInfo::State& SSLHostInfo::state() const { |
| 49 return state_; | 50 return state_; |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 std::vector<base::StringPiece> der_certs(state->certs.size()); | 104 std::vector<base::StringPiece> der_certs(state->certs.size()); |
| 104 for (size_t i = 0; i < state->certs.size(); i++) | 105 for (size_t i = 0; i < state->certs.size(); i++) |
| 105 der_certs[i] = state->certs[i]; | 106 der_certs[i] = state->certs[i]; |
| 106 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); | 107 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); |
| 107 if (cert_.get()) { | 108 if (cert_.get()) { |
| 108 int flags = 0; | 109 int flags = 0; |
| 109 if (verify_ev_cert_) | 110 if (verify_ev_cert_) |
| 110 flags |= X509Certificate::VERIFY_EV_CERT; | 111 flags |= X509Certificate::VERIFY_EV_CERT; |
| 111 if (rev_checking_enabled_) | 112 if (rev_checking_enabled_) |
| 112 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 113 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 113 verifier_.reset(new CertVerifier); | |
| 114 VLOG(1) << "Kicking off verification for " << hostname_; | 114 VLOG(1) << "Kicking off verification for " << hostname_; |
| 115 verification_start_time_ = base::TimeTicks::Now(); | 115 verification_start_time_ = base::TimeTicks::Now(); |
| 116 verification_end_time_ = base::TimeTicks(); | 116 verification_end_time_ = base::TimeTicks(); |
| 117 if (verifier_->Verify(cert_.get(), hostname_, flags, | 117 if (verifier_.Verify(cert_.get(), hostname_, flags, |
| 118 &cert_verify_result_, callback_) == OK) { | 118 &cert_verify_result_, callback_) == OK) { |
| 119 VerifyCallback(OK); | 119 VerifyCallback(OK); |
| 120 } | 120 } |
| 121 } else { | 121 } else { |
| 122 cert_parsing_failed_ = true; | 122 cert_parsing_failed_ = true; |
| 123 DCHECK(!cert_verification_callback_); | 123 DCHECK(!cert_verification_callback_); |
| 124 } | 124 } |
| 125 } | 125 } |
| 126 | 126 |
| 127 return true; | 127 return true; |
| 128 } | 128 } |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 192 if (cert_verification_callback_) { | 192 if (cert_verification_callback_) { |
| 193 CompletionCallback* callback = cert_verification_callback_; | 193 CompletionCallback* callback = cert_verification_callback_; |
| 194 cert_verification_callback_ = NULL; | 194 cert_verification_callback_ = NULL; |
| 195 callback->Run(rv); | 195 callback->Run(rv); |
| 196 } | 196 } |
| 197 } | 197 } |
| 198 | 198 |
| 199 SSLHostInfoFactory::~SSLHostInfoFactory() {} | 199 SSLHostInfoFactory::~SSLHostInfoFactory() {} |
| 200 | 200 |
| 201 } // namespace net | 201 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5386001:
Cache certificate verification results in memory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/