OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_host_info.h" | 5 #include "net/socket/ssl_host_info.h" |
6 | 6 |
7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
8 #include "base/pickle.h" | 8 #include "base/pickle.h" |
9 #include "base/string_piece.h" | 9 #include "base/string_piece.h" |
10 #include "net/base/cert_verifier.h" | |
11 #include "net/base/ssl_config_service.h" | 10 #include "net/base/ssl_config_service.h" |
12 #include "net/base/x509_certificate.h" | 11 #include "net/base/x509_certificate.h" |
13 #include "net/socket/ssl_client_socket.h" | 12 #include "net/socket/ssl_client_socket.h" |
14 | 13 |
15 namespace net { | 14 namespace net { |
16 | 15 |
17 SSLHostInfo::State::State() | 16 SSLHostInfo::State::State() |
18 : npn_valid(false), | 17 : npn_valid(false), |
19 npn_status(SSLClientSocket::kNextProtoUnsupported) { | 18 npn_status(SSLClientSocket::kNextProtoUnsupported) { |
20 } | 19 } |
21 | 20 |
22 SSLHostInfo::State::~State() {} | 21 SSLHostInfo::State::~State() {} |
23 | 22 |
24 void SSLHostInfo::State::Clear() { | 23 void SSLHostInfo::State::Clear() { |
25 certs.clear(); | 24 certs.clear(); |
26 server_hello.clear(); | 25 server_hello.clear(); |
27 npn_valid = false; | 26 npn_valid = false; |
28 } | 27 } |
29 | 28 |
30 SSLHostInfo::SSLHostInfo( | 29 SSLHostInfo::SSLHostInfo( |
31 const std::string& hostname, | 30 const std::string& hostname, |
32 const SSLConfig& ssl_config) | 31 const SSLConfig& ssl_config, |
| 32 CertVerifier* cert_verifier) |
33 : cert_verification_complete_(false), | 33 : cert_verification_complete_(false), |
34 cert_verification_error_(ERR_CERT_INVALID), | 34 cert_verification_error_(ERR_CERT_INVALID), |
35 hostname_(hostname), | 35 hostname_(hostname), |
36 cert_parsing_failed_(false), | 36 cert_parsing_failed_(false), |
37 cert_verification_callback_(NULL), | 37 cert_verification_callback_(NULL), |
38 rev_checking_enabled_(ssl_config.rev_checking_enabled), | 38 rev_checking_enabled_(ssl_config.rev_checking_enabled), |
39 verify_ev_cert_(ssl_config.verify_ev_cert), | 39 verify_ev_cert_(ssl_config.verify_ev_cert), |
| 40 verifier_(cert_verifier), |
40 callback_(new CancelableCompletionCallback<SSLHostInfo>( | 41 callback_(new CancelableCompletionCallback<SSLHostInfo>( |
41 ALLOW_THIS_IN_INITIALIZER_LIST(this), | 42 ALLOW_THIS_IN_INITIALIZER_LIST(this), |
42 &SSLHostInfo::VerifyCallback)) { | 43 &SSLHostInfo::VerifyCallback)) { |
43 state_.npn_valid = false; | 44 state_.npn_valid = false; |
44 } | 45 } |
45 | 46 |
46 SSLHostInfo::~SSLHostInfo() {} | 47 SSLHostInfo::~SSLHostInfo() {} |
47 | 48 |
48 const SSLHostInfo::State& SSLHostInfo::state() const { | 49 const SSLHostInfo::State& SSLHostInfo::state() const { |
49 return state_; | 50 return state_; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 std::vector<base::StringPiece> der_certs(state->certs.size()); | 104 std::vector<base::StringPiece> der_certs(state->certs.size()); |
104 for (size_t i = 0; i < state->certs.size(); i++) | 105 for (size_t i = 0; i < state->certs.size(); i++) |
105 der_certs[i] = state->certs[i]; | 106 der_certs[i] = state->certs[i]; |
106 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); | 107 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); |
107 if (cert_.get()) { | 108 if (cert_.get()) { |
108 int flags = 0; | 109 int flags = 0; |
109 if (verify_ev_cert_) | 110 if (verify_ev_cert_) |
110 flags |= X509Certificate::VERIFY_EV_CERT; | 111 flags |= X509Certificate::VERIFY_EV_CERT; |
111 if (rev_checking_enabled_) | 112 if (rev_checking_enabled_) |
112 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 113 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
113 verifier_.reset(new CertVerifier); | |
114 VLOG(1) << "Kicking off verification for " << hostname_; | 114 VLOG(1) << "Kicking off verification for " << hostname_; |
115 verification_start_time_ = base::TimeTicks::Now(); | 115 verification_start_time_ = base::TimeTicks::Now(); |
116 verification_end_time_ = base::TimeTicks(); | 116 verification_end_time_ = base::TimeTicks(); |
117 if (verifier_->Verify(cert_.get(), hostname_, flags, | 117 if (verifier_.Verify(cert_.get(), hostname_, flags, |
118 &cert_verify_result_, callback_) == OK) { | 118 &cert_verify_result_, callback_) == OK) { |
119 VerifyCallback(OK); | 119 VerifyCallback(OK); |
120 } | 120 } |
121 } else { | 121 } else { |
122 cert_parsing_failed_ = true; | 122 cert_parsing_failed_ = true; |
123 DCHECK(!cert_verification_callback_); | 123 DCHECK(!cert_verification_callback_); |
124 } | 124 } |
125 } | 125 } |
126 | 126 |
127 return true; | 127 return true; |
128 } | 128 } |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
192 if (cert_verification_callback_) { | 192 if (cert_verification_callback_) { |
193 CompletionCallback* callback = cert_verification_callback_; | 193 CompletionCallback* callback = cert_verification_callback_; |
194 cert_verification_callback_ = NULL; | 194 cert_verification_callback_ = NULL; |
195 callback->Run(rv); | 195 callback->Run(rv); |
196 } | 196 } |
197 } | 197 } |
198 | 198 |
199 SSLHostInfoFactory::~SSLHostInfoFactory() {} | 199 SSLHostInfoFactory::~SSLHostInfoFactory() {} |
200 | 200 |
201 } // namespace net | 201 } // namespace net |
OLD | NEW |