| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/cert/multi_log_ct_verifier.h" | 5 #include "net/cert/multi_log_ct_verifier.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/callback_helpers.h" | 8 #include "base/callback_helpers.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/net_log.h" | 10 #include "net/base/net_log.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 DCHECK(log_verifier); | 25 DCHECK(log_verifier); |
| 26 if (!log_verifier) | 26 if (!log_verifier) |
| 27 return; | 27 return; |
| 28 | 28 |
| 29 linked_ptr<CTLogVerifier> log(log_verifier.release()); | 29 linked_ptr<CTLogVerifier> log(log_verifier.release()); |
| 30 logs_[log->key_id()] = log; | 30 logs_[log->key_id()] = log; |
| 31 } | 31 } |
| 32 | 32 |
| 33 int MultiLogCTVerifier::Verify( | 33 int MultiLogCTVerifier::Verify( |
| 34 X509Certificate* cert, | 34 X509Certificate* cert, |
| 35 const std::string& sct_list_from_ocsp, | 35 const std::string& stapled_ocsp_response, |
| 36 const std::string& sct_list_from_tls_extension, | 36 const std::string& sct_list_from_tls_extension, |
| 37 ct::CTVerifyResult* result, | 37 ct::CTVerifyResult* result, |
| 38 const BoundNetLog& net_log) { | 38 const BoundNetLog& net_log) { |
| 39 DCHECK(cert); | 39 DCHECK(cert); |
| 40 DCHECK(result); | 40 DCHECK(result); |
| 41 | 41 |
| 42 result->verified_scts.clear(); | 42 result->verified_scts.clear(); |
| 43 result->invalid_scts.clear(); | 43 result->invalid_scts.clear(); |
| 44 result->unknown_logs_scts.clear(); | 44 result->unknown_logs_scts.clear(); |
| 45 | 45 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 57 cert->os_cert_handle(), | 57 cert->os_cert_handle(), |
| 58 cert->GetIntermediateCertificates().front(), | 58 cert->GetIntermediateCertificates().front(), |
| 59 &precert_entry) && | 59 &precert_entry) && |
| 60 VerifySCTs( | 60 VerifySCTs( |
| 61 embedded_scts, | 61 embedded_scts, |
| 62 precert_entry, | 62 precert_entry, |
| 63 ct::SignedCertificateTimestamp::SCT_EMBEDDED, | 63 ct::SignedCertificateTimestamp::SCT_EMBEDDED, |
| 64 result); | 64 result); |
| 65 } | 65 } |
| 66 | 66 |
| 67 // Log to Net Log, after extracting embedded SCTs but before | 67 std::string sct_list_from_ocsp; |
| 68 // possibly failing on X.509 entry creation. | 68 if (!stapled_ocsp_response.empty() && |
| 69 !cert->GetIntermediateCertificates().empty()) { |
| 70 ct::ExtractSCTListFromOCSPResponse( |
| 71 cert->GetIntermediateCertificates().front(), cert->serial_number(), |
| 72 stapled_ocsp_response, &sct_list_from_ocsp); |
| 73 } |
| 74 |
| 75 // Log to Net Log, after extracting SCTs but before possibly failing on |
| 76 // X.509 entry creation. |
| 69 NetLog::ParametersCallback net_log_callback = | 77 NetLog::ParametersCallback net_log_callback = |
| 70 base::Bind(&NetLogRawSignedCertificateTimestampCallback, | 78 base::Bind(&NetLogRawSignedCertificateTimestampCallback, |
| 71 &embedded_scts, &sct_list_from_ocsp, &sct_list_from_tls_extension); | 79 &embedded_scts, &sct_list_from_ocsp, &sct_list_from_tls_extension); |
| 72 | 80 |
| 73 net_log.AddEvent( | 81 net_log.AddEvent( |
| 74 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, | 82 NetLog::TYPE_SIGNED_CERTIFICATE_TIMESTAMPS_RECEIVED, |
| 75 net_log_callback); | 83 net_log_callback); |
| 76 | 84 |
| 77 ct::LogEntry x509_entry; | 85 ct::LogEntry x509_entry; |
| 78 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { | 86 if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 160 DVLOG(1) << "SCT is from the future!"; | 168 DVLOG(1) << "SCT is from the future!"; |
| 161 result->invalid_scts.push_back(sct); | 169 result->invalid_scts.push_back(sct); |
| 162 return false; | 170 return false; |
| 163 } | 171 } |
| 164 | 172 |
| 165 result->verified_scts.push_back(sct); | 173 result->verified_scts.push_back(sct); |
| 166 return true; | 174 return true; |
| 167 } | 175 } |
| 168 | 176 |
| 169 } // namespace net | 177 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 92443002:
Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts