| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_host_info.h" | 5 #include "net/socket/ssl_host_info.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
| 8 #include "base/string_piece.h" | 8 #include "base/string_piece.h" |
| 9 #include "net/base/cert_verifier.h" | |
| 10 #include "net/base/ssl_config_service.h" | 9 #include "net/base/ssl_config_service.h" |
| 11 #include "net/base/x509_certificate.h" | 10 #include "net/base/x509_certificate.h" |
| 12 #include "net/socket/ssl_client_socket.h" | 11 #include "net/socket/ssl_client_socket.h" |
| 13 #include "net/socket/ssl_host_info.pb.h" | 12 #include "net/socket/ssl_host_info.pb.h" |
| 14 | 13 |
| 15 namespace net { | 14 namespace net { |
| 16 | 15 |
| 17 SSLHostInfo::State::State() | 16 SSLHostInfo::State::State() |
| 18 : npn_valid(false), | 17 : npn_valid(false), |
| 19 npn_status(SSLClientSocket::kNextProtoUnsupported) { | 18 npn_status(SSLClientSocket::kNextProtoUnsupported) { |
| 20 } | 19 } |
| 21 | 20 |
| 22 SSLHostInfo::State::~State() {} | 21 SSLHostInfo::State::~State() {} |
| 23 | 22 |
| 24 SSLHostInfo::SSLHostInfo( | 23 SSLHostInfo::SSLHostInfo( |
| 25 const std::string& hostname, | 24 const std::string& hostname, |
| 26 const SSLConfig& ssl_config) | 25 const SSLConfig& ssl_config, |
| 26 CertVerifier* cert_verifier) |
| 27 : cert_verification_complete_(false), | 27 : cert_verification_complete_(false), |
| 28 cert_verification_error_(ERR_CERT_INVALID), | 28 cert_verification_error_(ERR_CERT_INVALID), |
| 29 hostname_(hostname), | 29 hostname_(hostname), |
| 30 cert_parsing_failed_(false), | 30 cert_parsing_failed_(false), |
| 31 cert_verification_callback_(NULL), | 31 cert_verification_callback_(NULL), |
| 32 rev_checking_enabled_(ssl_config.rev_checking_enabled), | 32 rev_checking_enabled_(ssl_config.rev_checking_enabled), |
| 33 verify_ev_cert_(ssl_config.verify_ev_cert), | 33 verify_ev_cert_(ssl_config.verify_ev_cert), |
| 34 verifier_(cert_verifier), |
| 34 callback_(new CancelableCompletionCallback<SSLHostInfo>( | 35 callback_(new CancelableCompletionCallback<SSLHostInfo>( |
| 35 ALLOW_THIS_IN_INITIALIZER_LIST(this), | 36 ALLOW_THIS_IN_INITIALIZER_LIST(this), |
| 36 &SSLHostInfo::VerifyCallback)) { | 37 &SSLHostInfo::VerifyCallback)) { |
| 37 state_.npn_valid = false; | 38 state_.npn_valid = false; |
| 38 } | 39 } |
| 39 | 40 |
| 40 SSLHostInfo::~SSLHostInfo() {} | 41 SSLHostInfo::~SSLHostInfo() {} |
| 41 | 42 |
| 42 // This array and the next two functions serve to map between the internal NPN | 43 // This array and the next two functions serve to map between the internal NPN |
| 43 // status enum (which might change across versions) and the protocol buffer | 44 // status enum (which might change across versions) and the protocol buffer |
| (...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 std::vector<base::StringPiece> der_certs(state->certs.size()); | 104 std::vector<base::StringPiece> der_certs(state->certs.size()); |
| 104 for (size_t i = 0; i < state->certs.size(); i++) | 105 for (size_t i = 0; i < state->certs.size(); i++) |
| 105 der_certs[i] = state->certs[i]; | 106 der_certs[i] = state->certs[i]; |
| 106 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); | 107 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); |
| 107 if (cert_.get()) { | 108 if (cert_.get()) { |
| 108 int flags = 0; | 109 int flags = 0; |
| 109 if (verify_ev_cert_) | 110 if (verify_ev_cert_) |
| 110 flags |= X509Certificate::VERIFY_EV_CERT; | 111 flags |= X509Certificate::VERIFY_EV_CERT; |
| 111 if (rev_checking_enabled_) | 112 if (rev_checking_enabled_) |
| 112 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 113 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 113 verifier_.reset(new CertVerifier); | |
| 114 VLOG(1) << "Kicking off verification for " << hostname_; | 114 VLOG(1) << "Kicking off verification for " << hostname_; |
| 115 verification_start_time_ = base::TimeTicks::Now(); | 115 verification_start_time_ = base::TimeTicks::Now(); |
| 116 if (verifier_->Verify(cert_.get(), hostname_, flags, | 116 if (verifier_.Verify(cert_.get(), hostname_, flags, |
| 117 &cert_verify_result_, callback_) == OK) { | 117 &cert_verify_result_, callback_) == OK) { |
| 118 VerifyCallback(OK); | 118 VerifyCallback(OK); |
| 119 } | 119 } |
| 120 } else { | 120 } else { |
| 121 cert_parsing_failed_ = true; | 121 cert_parsing_failed_ = true; |
| 122 DCHECK(!cert_verification_callback_); | 122 DCHECK(!cert_verification_callback_); |
| 123 } | 123 } |
| 124 } | 124 } |
| 125 | 125 |
| 126 return true; | 126 return true; |
| 127 } | 127 } |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 169 if (cert_verification_callback_) { | 169 if (cert_verification_callback_) { |
| 170 CompletionCallback* callback = cert_verification_callback_; | 170 CompletionCallback* callback = cert_verification_callback_; |
| 171 cert_verification_callback_ = NULL; | 171 cert_verification_callback_ = NULL; |
| 172 callback->Run(rv); | 172 callback->Run(rv); |
| 173 } | 173 } |
| 174 } | 174 } |
| 175 | 175 |
| 176 SSLHostInfoFactory::~SSLHostInfoFactory() {} | 176 SSLHostInfoFactory::~SSLHostInfoFactory() {} |
| 177 | 177 |
| 178 } // namespace net | 178 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5386001:
Cache certificate verification results in memory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/