Chromium Code Reviews Chromium Code Reviews
Issue 88643002:
SignedCertificateTimestamp storing & serialization code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@erans_patches| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 87 #include "net/base/address_list.h" | 87 #include "net/base/address_list.h" |
| 88 #include "net/base/connection_type_histograms.h" | 88 #include "net/base/connection_type_histograms.h" |
| 89 #include "net/base/dns_util.h" | 89 #include "net/base/dns_util.h" |
| 90 #include "net/base/io_buffer.h" | 90 #include "net/base/io_buffer.h" |
| 91 #include "net/base/net_errors.h" | 91 #include "net/base/net_errors.h" |
| 92 #include "net/base/net_log.h" | 92 #include "net/base/net_log.h" |
| 93 #include "net/cert/asn1_util.h" | 93 #include "net/cert/asn1_util.h" |
| 94 #include "net/cert/cert_status_flags.h" | 94 #include "net/cert/cert_status_flags.h" |
| 95 #include "net/cert/cert_verifier.h" | 95 #include "net/cert/cert_verifier.h" |
| 96 #include "net/cert/ct_verifier.h" | 96 #include "net/cert/ct_verifier.h" |
| 97 #include "net/cert/ct_verify_result.h" | |
| 97 #include "net/cert/scoped_nss_types.h" | 98 #include "net/cert/scoped_nss_types.h" |
| 99 #include "net/cert/sct_status_flags.h" | |
| 98 #include "net/cert/single_request_cert_verifier.h" | 100 #include "net/cert/single_request_cert_verifier.h" |
| 99 #include "net/cert/x509_certificate_net_log_param.h" | 101 #include "net/cert/x509_certificate_net_log_param.h" |
| 100 #include "net/cert/x509_util.h" | 102 #include "net/cert/x509_util.h" |
| 101 #include "net/http/transport_security_state.h" | 103 #include "net/http/transport_security_state.h" |
| 102 #include "net/ocsp/nss_ocsp.h" | 104 #include "net/ocsp/nss_ocsp.h" |
| 103 #include "net/socket/client_socket_handle.h" | 105 #include "net/socket/client_socket_handle.h" |
| 104 #include "net/socket/nss_ssl_util.h" | 106 #include "net/socket/nss_ssl_util.h" |
| 105 #include "net/socket/ssl_error_params.h" | 107 #include "net/socket/ssl_error_params.h" |
| 106 #include "net/ssl/ssl_cert_request_info.h" | 108 #include "net/ssl/ssl_cert_request_info.h" |
| 107 #include "net/ssl/ssl_connection_status_flags.h" | 109 #include "net/ssl/ssl_connection_status_flags.h" |
| (...skipping 2678 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2786 // static | 2788 // static |
| 2787 void SSLClientSocket::ClearSessionCache() { | 2789 void SSLClientSocket::ClearSessionCache() { |
| 2788 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't | 2790 // SSL_ClearSessionCache can't be called before NSS is initialized. Don't |
| 2789 // bother initializing NSS just to clear an empty SSL session cache. | 2791 // bother initializing NSS just to clear an empty SSL session cache. |
| 2790 if (!NSS_IsInitialized()) | 2792 if (!NSS_IsInitialized()) |
| 2791 return; | 2793 return; |
| 2792 | 2794 |
| 2793 SSL_ClearSessionCache(); | 2795 SSL_ClearSessionCache(); |
| 2794 } | 2796 } |
| 2795 | 2797 |
| 2798 void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const { | |
|
wtc
2013/11/27 16:32:41
The Style Guide recommends that functions be defin
alcutter
2013/11/27 18:05:55
Sorry, done.
| |
| 2799 for (ct::SCTList::const_iterator iter = | |
| 2800 ct_verify_result_.verified_scts.begin(); | |
| 2801 iter != ct_verify_result_.verified_scts.end(); ++iter) { | |
| 2802 ssl_info->signed_certificate_timestamps.push_back( | |
| 2803 SignedCertificateTimestampAndStatus(*iter, SCT_STATUS_OK)); | |
| 2804 } | |
| 2805 for (ct::SCTList::const_iterator iter = | |
| 2806 ct_verify_result_.unverified_scts.begin(); | |
| 2807 iter != ct_verify_result_.unverified_scts.end(); ++iter) { | |
| 2808 ssl_info->signed_certificate_timestamps.push_back( | |
| 2809 SignedCertificateTimestampAndStatus(*iter, SCT_STATUS_INVALID)); | |
|
wtc
2013/11/27 16:32:41
Nit: we should use the same term to describe this
alcutter
2013/11/27 18:05:55
I've changed "unverified_scts" to "invalid_scts" i
| |
| 2810 } | |
| 2811 for (ct::SCTList::const_iterator iter = | |
| 2812 ct_verify_result_.unknown_logs_scts.begin(); | |
| 2813 iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) { | |
| 2814 ssl_info->signed_certificate_timestamps.push_back( | |
| 2815 SignedCertificateTimestampAndStatus(*iter, SCT_STATUS_LOG_UNKNOWN)); | |
| 2816 } | |
| 2817 } | |
| 2818 | |
| 2796 bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { | 2819 bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { |
| 2797 EnterFunction(""); | 2820 EnterFunction(""); |
| 2798 ssl_info->Reset(); | 2821 ssl_info->Reset(); |
| 2799 if (core_->state().server_cert_chain.empty() || | 2822 if (core_->state().server_cert_chain.empty() || |
| 2800 !core_->state().server_cert_chain[0]) { | 2823 !core_->state().server_cert_chain[0]) { |
| 2801 return false; | 2824 return false; |
| 2802 } | 2825 } |
| 2803 | 2826 |
| 2804 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 2827 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 2805 ssl_info->cert = server_cert_verify_result_.verified_cert; | 2828 ssl_info->cert = server_cert_verify_result_.verified_cert; |
| 2829 | |
| 2830 AddSCTInfoToSSLInfo(ssl_info); | |
| 2831 | |
| 2806 ssl_info->connection_status = | 2832 ssl_info->connection_status = |
| 2807 core_->state().ssl_connection_status; | 2833 core_->state().ssl_connection_status; |
| 2808 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 2834 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
| 2809 for (HashValueVector::const_iterator i = side_pinned_public_keys_.begin(); | 2835 for (HashValueVector::const_iterator i = side_pinned_public_keys_.begin(); |
| 2810 i != side_pinned_public_keys_.end(); ++i) { | 2836 i != side_pinned_public_keys_.end(); ++i) { |
| 2811 ssl_info->public_key_hashes.push_back(*i); | 2837 ssl_info->public_key_hashes.push_back(*i); |
| 2812 } | 2838 } |
| 2813 ssl_info->is_issued_by_known_root = | 2839 ssl_info->is_issued_by_known_root = |
| 2814 server_cert_verify_result_.is_issued_by_known_root; | 2840 server_cert_verify_result_.is_issued_by_known_root; |
| 2815 ssl_info->client_cert_sent = | 2841 ssl_info->client_cert_sent = |
| (...skipping 751 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3567 EnsureThreadIdAssigned(); | 3593 EnsureThreadIdAssigned(); |
| 3568 base::AutoLock auto_lock(lock_); | 3594 base::AutoLock auto_lock(lock_); |
| 3569 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3595 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3570 } | 3596 } |
| 3571 | 3597 |
| 3572 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3598 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3573 return server_bound_cert_service_; | 3599 return server_bound_cert_service_; |
| 3574 } | 3600 } |
| 3575 | 3601 |
| 3576 } // namespace net | 3602 } // namespace net |
| OLD | NEW |
