Chromium Code Reviews Chromium Code Reviews
Issue 92443002:
Extract Certificate Transparency SCTs from stapled OCSP responses (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@extract_scts| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/test/spawned_test_server/base_test_server.h" | 5 #include "net/test/spawned_test_server/base_test_server.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/base64.h" | 10 #include "base/base64.h" |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 54 } // namespace | 54 } // namespace |
| 55 | 55 |
| 56 BaseTestServer::SSLOptions::SSLOptions() | 56 BaseTestServer::SSLOptions::SSLOptions() |
| 57 : server_certificate(CERT_OK), | 57 : server_certificate(CERT_OK), |
| 58 ocsp_status(OCSP_OK), | 58 ocsp_status(OCSP_OK), |
| 59 cert_serial(0), | 59 cert_serial(0), |
| 60 request_client_certificate(false), | 60 request_client_certificate(false), |
| 61 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), | 61 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), |
| 62 record_resume(false), | 62 record_resume(false), |
| 63 tls_intolerant(TLS_INTOLERANT_NONE), | 63 tls_intolerant(TLS_INTOLERANT_NONE), |
| 64 fallback_scsv_enabled(false) {} | 64 fallback_scsv_enabled(false), |
| 65 signed_cert_timestamps_tls_ext(std::string()), | |
| 66 staple_ocsp_response(false) {} | |
| 65 | 67 |
| 66 BaseTestServer::SSLOptions::SSLOptions( | 68 BaseTestServer::SSLOptions::SSLOptions( |
| 67 BaseTestServer::SSLOptions::ServerCertificate cert) | 69 BaseTestServer::SSLOptions::ServerCertificate cert) |
| 68 : server_certificate(cert), | 70 : server_certificate(cert), |
| 69 ocsp_status(OCSP_OK), | 71 ocsp_status(OCSP_OK), |
| 70 cert_serial(0), | 72 cert_serial(0), |
| 71 request_client_certificate(false), | 73 request_client_certificate(false), |
| 72 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), | 74 bulk_ciphers(SSLOptions::BULK_CIPHER_ANY), |
| 73 record_resume(false), | 75 record_resume(false), |
| 74 tls_intolerant(TLS_INTOLERANT_NONE), | 76 tls_intolerant(TLS_INTOLERANT_NONE), |
| 75 fallback_scsv_enabled(false) {} | 77 fallback_scsv_enabled(false), |
| 78 signed_cert_timestamps_tls_ext(std::string()), | |
|
wtc
2013/12/13 16:15:50
Delete the signed_cert_timestamps_tls_ext initiali
ekasper
2013/12/13 17:26:10
Done.
| |
| 79 staple_ocsp_response(false) {} | |
| 76 | 80 |
| 77 BaseTestServer::SSLOptions::~SSLOptions() {} | 81 BaseTestServer::SSLOptions::~SSLOptions() {} |
| 78 | 82 |
| 79 base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const { | 83 base::FilePath BaseTestServer::SSLOptions::GetCertificateFile() const { |
| 80 switch (server_certificate) { | 84 switch (server_certificate) { |
| 81 case CERT_OK: | 85 case CERT_OK: |
| 82 case CERT_MISMATCHED_NAME: | 86 case CERT_MISMATCHED_NAME: |
| 83 return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem")); | 87 return base::FilePath(FILE_PATH_LITERAL("ok_cert.pem")); |
| 84 case CERT_EXPIRED: | 88 case CERT_EXPIRED: |
| 85 return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem")); | 89 return base::FilePath(FILE_PATH_LITERAL("expired_cert.pem")); |
| (...skipping 307 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 393 if (bulk_cipher_values->GetSize()) | 397 if (bulk_cipher_values->GetSize()) |
| 394 arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release()); | 398 arguments->Set("ssl-bulk-cipher", bulk_cipher_values.release()); |
| 395 if (ssl_options_.record_resume) | 399 if (ssl_options_.record_resume) |
| 396 arguments->Set("https-record-resume", base::Value::CreateNullValue()); | 400 arguments->Set("https-record-resume", base::Value::CreateNullValue()); |
| 397 if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) { | 401 if (ssl_options_.tls_intolerant != SSLOptions::TLS_INTOLERANT_NONE) { |
| 398 arguments->Set("tls-intolerant", | 402 arguments->Set("tls-intolerant", |
| 399 new base::FundamentalValue(ssl_options_.tls_intolerant)); | 403 new base::FundamentalValue(ssl_options_.tls_intolerant)); |
| 400 } | 404 } |
| 401 if (ssl_options_.fallback_scsv_enabled) | 405 if (ssl_options_.fallback_scsv_enabled) |
| 402 arguments->Set("fallback-scsv", base::Value::CreateNullValue()); | 406 arguments->Set("fallback-scsv", base::Value::CreateNullValue()); |
| 403 if (!ssl_options_.signed_cert_timestamps.empty()) { | 407 if (!ssl_options_.signed_cert_timestamps_tls_ext.empty()) { |
| 404 std::string b64_scts; | 408 std::string b64_scts_tls_ext; |
| 405 base::Base64Encode(ssl_options_.signed_cert_timestamps, &b64_scts); | 409 base::Base64Encode(ssl_options_.signed_cert_timestamps_tls_ext, |
| 406 arguments->SetString("signed-cert-timestamps", b64_scts); | 410 &b64_scts_tls_ext); |
| 411 arguments->SetString("signed-cert-timestamps-tls-ext", b64_scts_tls_ext); | |
| 407 } | 412 } |
| 413 if (ssl_options_.staple_ocsp_response) | |
| 414 arguments->Set("staple-ocsp-response", base::Value::CreateNullValue()); | |
| 408 } | 415 } |
| 409 | 416 |
| 410 return GenerateAdditionalArguments(arguments); | 417 return GenerateAdditionalArguments(arguments); |
| 411 } | 418 } |
| 412 | 419 |
| 413 bool BaseTestServer::GenerateAdditionalArguments( | 420 bool BaseTestServer::GenerateAdditionalArguments( |
| 414 base::DictionaryValue* arguments) const { | 421 base::DictionaryValue* arguments) const { |
| 415 return true; | 422 return true; |
| 416 } | 423 } |
| 417 | 424 |
| 418 } // namespace net | 425 } // namespace net |
| OLD | NEW |
