OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_host_info.h" | 5 #include "net/socket/ssl_host_info.h" |
6 | 6 |
7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
8 #include "base/string_piece.h" | 8 #include "base/string_piece.h" |
9 #include "net/base/cert_verifier.h" | |
10 #include "net/base/ssl_config_service.h" | 9 #include "net/base/ssl_config_service.h" |
11 #include "net/base/x509_certificate.h" | 10 #include "net/base/x509_certificate.h" |
12 #include "net/socket/ssl_client_socket.h" | 11 #include "net/socket/ssl_client_socket.h" |
13 #include "net/socket/ssl_host_info.pb.h" | 12 #include "net/socket/ssl_host_info.pb.h" |
14 | 13 |
15 namespace net { | 14 namespace net { |
16 | 15 |
17 SSLHostInfo::State::State() | 16 SSLHostInfo::State::State() |
18 : npn_valid(false), | 17 : npn_valid(false), |
19 npn_status(SSLClientSocket::kNextProtoUnsupported) { | 18 npn_status(SSLClientSocket::kNextProtoUnsupported) { |
20 } | 19 } |
21 | 20 |
22 SSLHostInfo::State::~State() {} | 21 SSLHostInfo::State::~State() {} |
23 | 22 |
24 SSLHostInfo::SSLHostInfo( | 23 SSLHostInfo::SSLHostInfo( |
25 const std::string& hostname, | 24 const std::string& hostname, |
26 const SSLConfig& ssl_config) | 25 const SSLConfig& ssl_config, |
| 26 CertVerifier* cert_verifier) |
27 : cert_verification_complete_(false), | 27 : cert_verification_complete_(false), |
28 cert_verification_error_(ERR_CERT_INVALID), | 28 cert_verification_error_(ERR_CERT_INVALID), |
29 hostname_(hostname), | 29 hostname_(hostname), |
30 cert_parsing_failed_(false), | 30 cert_parsing_failed_(false), |
31 cert_verification_callback_(NULL), | 31 cert_verification_callback_(NULL), |
32 rev_checking_enabled_(ssl_config.rev_checking_enabled), | 32 rev_checking_enabled_(ssl_config.rev_checking_enabled), |
33 verify_ev_cert_(ssl_config.verify_ev_cert), | 33 verify_ev_cert_(ssl_config.verify_ev_cert), |
| 34 verifier_(cert_verifier), |
34 callback_(new CancelableCompletionCallback<SSLHostInfo>( | 35 callback_(new CancelableCompletionCallback<SSLHostInfo>( |
35 ALLOW_THIS_IN_INITIALIZER_LIST(this), | 36 ALLOW_THIS_IN_INITIALIZER_LIST(this), |
36 &SSLHostInfo::VerifyCallback)) { | 37 &SSLHostInfo::VerifyCallback)) { |
37 state_.npn_valid = false; | 38 state_.npn_valid = false; |
38 } | 39 } |
39 | 40 |
40 SSLHostInfo::~SSLHostInfo() {} | 41 SSLHostInfo::~SSLHostInfo() {} |
41 | 42 |
42 // This array and the next two functions serve to map between the internal NPN | 43 // This array and the next two functions serve to map between the internal NPN |
43 // status enum (which might change across versions) and the protocol buffer | 44 // status enum (which might change across versions) and the protocol buffer |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
103 std::vector<base::StringPiece> der_certs(state->certs.size()); | 104 std::vector<base::StringPiece> der_certs(state->certs.size()); |
104 for (size_t i = 0; i < state->certs.size(); i++) | 105 for (size_t i = 0; i < state->certs.size(); i++) |
105 der_certs[i] = state->certs[i]; | 106 der_certs[i] = state->certs[i]; |
106 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); | 107 cert_ = X509Certificate::CreateFromDERCertChain(der_certs); |
107 if (cert_.get()) { | 108 if (cert_.get()) { |
108 int flags = 0; | 109 int flags = 0; |
109 if (verify_ev_cert_) | 110 if (verify_ev_cert_) |
110 flags |= X509Certificate::VERIFY_EV_CERT; | 111 flags |= X509Certificate::VERIFY_EV_CERT; |
111 if (rev_checking_enabled_) | 112 if (rev_checking_enabled_) |
112 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 113 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
113 verifier_.reset(new CertVerifier); | |
114 VLOG(1) << "Kicking off verification for " << hostname_; | 114 VLOG(1) << "Kicking off verification for " << hostname_; |
115 verification_start_time_ = base::TimeTicks::Now(); | 115 verification_start_time_ = base::TimeTicks::Now(); |
116 if (verifier_->Verify(cert_.get(), hostname_, flags, | 116 if (verifier_.Verify(cert_.get(), hostname_, flags, |
117 &cert_verify_result_, callback_) == OK) { | 117 &cert_verify_result_, callback_) == OK) { |
118 VerifyCallback(OK); | 118 VerifyCallback(OK); |
119 } | 119 } |
120 } else { | 120 } else { |
121 cert_parsing_failed_ = true; | 121 cert_parsing_failed_ = true; |
122 DCHECK(!cert_verification_callback_); | 122 DCHECK(!cert_verification_callback_); |
123 } | 123 } |
124 } | 124 } |
125 | 125 |
126 return true; | 126 return true; |
127 } | 127 } |
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
169 if (cert_verification_callback_) { | 169 if (cert_verification_callback_) { |
170 CompletionCallback* callback = cert_verification_callback_; | 170 CompletionCallback* callback = cert_verification_callback_; |
171 cert_verification_callback_ = NULL; | 171 cert_verification_callback_ = NULL; |
172 callback->Run(rv); | 172 callback->Run(rv); |
173 } | 173 } |
174 } | 174 } |
175 | 175 |
176 SSLHostInfoFactory::~SSLHostInfoFactory() {} | 176 SSLHostInfoFactory::~SSLHostInfoFactory() {} |
177 | 177 |
178 } // namespace net | 178 } // namespace net |
OLD | NEW |