| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 243 (result == OK || | 243 (result == OK || |
| 244 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 244 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 245 !transport_security_state_->CheckPublicKeyPins( | 245 !transport_security_state_->CheckPublicKeyPins( |
| 246 hostname_, | 246 hostname_, |
| 247 cert_verify_result.is_issued_by_known_root, | 247 cert_verify_result.is_issued_by_known_root, |
| 248 cert_verify_result.public_key_hashes, | 248 cert_verify_result.public_key_hashes, |
| 249 &verify_details_->pinning_failure_log)) { | 249 &verify_details_->pinning_failure_log)) { |
| 250 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 250 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 251 } | 251 } |
| 252 | 252 |
| 253 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| 254 SSLConfigService::GetEVCertsWhitelist(); |
| 255 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && |
| 256 ev_whitelist->IsValid()) { |
| 257 const SHA256HashValue fingerprint( |
| 258 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); |
| 259 |
| 260 UMA_HISTOGRAM_BOOLEAN( |
| 261 "Net.SSL_EVCertificateInWhitelist", |
| 262 ev_whitelist->ContainsCertificateHash( |
| 263 std::string(reinterpret_cast<const char*>(fingerprint.data), 8))); |
| 264 } |
| 265 |
| 253 if (result != OK) { | 266 if (result != OK) { |
| 254 std::string error_string = ErrorToString(result); | 267 std::string error_string = ErrorToString(result); |
| 255 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 268 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
| 256 error_string.c_str()); | 269 error_string.c_str()); |
| 257 DLOG(WARNING) << error_details_; | 270 DLOG(WARNING) << error_details_; |
| 258 } | 271 } |
| 259 | 272 |
| 260 // Exit DoLoop and return the result to the caller to VerifyProof. | 273 // Exit DoLoop and return the result to the caller to VerifyProof. |
| 261 DCHECK_EQ(STATE_NONE, next_state_); | 274 DCHECK_EQ(STATE_NONE, next_state_); |
| 262 return result; | 275 return result; |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 376 } | 389 } |
| 377 return status; | 390 return status; |
| 378 } | 391 } |
| 379 | 392 |
| 380 void ProofVerifierChromium::OnJobComplete(Job* job) { | 393 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 381 active_jobs_.erase(job); | 394 active_jobs_.erase(job); |
| 382 delete job; | 395 delete job; |
| 383 } | 396 } |
| 384 | 397 |
| 385 } // namespace net | 398 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 547603002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master