diff options
Diffstat (limited to 'chromium/net/cert/multi_log_ct_verifier.cc')
-rw-r--r-- | chromium/net/cert/multi_log_ct_verifier.cc | 65 |
1 files changed, 26 insertions, 39 deletions
diff --git a/chromium/net/cert/multi_log_ct_verifier.cc b/chromium/net/cert/multi_log_ct_verifier.cc index 5eab772aa5e..7e421b2980b 100644 --- a/chromium/net/cert/multi_log_ct_verifier.cc +++ b/chromium/net/cert/multi_log_ct_verifier.cc @@ -8,7 +8,8 @@ #include "base/bind.h" #include "base/callback_helpers.h" -#include "base/metrics/histogram.h" +#include "base/metrics/histogram_macros.h" +#include "base/values.h" #include "net/base/net_errors.h" #include "net/cert/ct_log_verifier.h" #include "net/cert/ct_objects_extractor.h" @@ -55,30 +56,21 @@ void LogNumSCTsToUMA(const ct::CTVerifyResult& result) { } // namespace -MultiLogCTVerifier::MultiLogCTVerifier() { } +MultiLogCTVerifier::MultiLogCTVerifier() : observer_(nullptr) { +} MultiLogCTVerifier::~MultiLogCTVerifier() { } -void MultiLogCTVerifier::AddLog(scoped_ptr<CTLogVerifier> log_verifier) { - DCHECK(log_verifier); - if (!log_verifier) - return; - - linked_ptr<CTLogVerifier> log(log_verifier.release()); - logs_[log->key_id()] = log; -} - void MultiLogCTVerifier::AddLogs( - ScopedVector<CTLogVerifier> log_verifiers) { - for (ScopedVector<CTLogVerifier>::iterator it = - log_verifiers.begin(); it != log_verifiers.end(); ++it) { - linked_ptr<CTLogVerifier> log(*it); - VLOG(1) << "Adding CT log: " << log->description(); - logs_[log->key_id()] = log; + const std::vector<scoped_refptr<CTLogVerifier>>& log_verifiers) { + for (const auto& log_verifier : log_verifiers) { + VLOG(1) << "Adding CT log: " << log_verifier->description(); + logs_[log_verifier->key_id()] = log_verifier; } +} - // Ownership of the pointers in |log_verifiers| is transferred to |logs_| - log_verifiers.weak_clear(); +void MultiLogCTVerifier::SetObserver(Observer* observer) { + observer_ = observer; } int MultiLogCTVerifier::Verify( @@ -104,15 +96,11 @@ int MultiLogCTVerifier::Verify( ct::LogEntry precert_entry; has_verified_scts = - ct::GetPrecertLogEntry( - cert->os_cert_handle(), - cert->GetIntermediateCertificates().front(), - &precert_entry) && - VerifySCTs( - embedded_scts, - precert_entry, - ct::SignedCertificateTimestamp::SCT_EMBEDDED, - result); + ct::GetPrecertLogEntry(cert->os_cert_handle(), + cert->GetIntermediateCertificates().front(), + &precert_entry) && + VerifySCTs(embedded_scts, precert_entry, + ct::SignedCertificateTimestamp::SCT_EMBEDDED, cert, result); } std::string sct_list_from_ocsp; @@ -136,16 +124,12 @@ int MultiLogCTVerifier::Verify( ct::LogEntry x509_entry; if (ct::GetX509LogEntry(cert->os_cert_handle(), &x509_entry)) { has_verified_scts |= VerifySCTs( - sct_list_from_ocsp, - x509_entry, - ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, - result); + sct_list_from_ocsp, x509_entry, + ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE, cert, result); has_verified_scts |= VerifySCTs( - sct_list_from_tls_extension, - x509_entry, - ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, - result); + sct_list_from_tls_extension, x509_entry, + ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, cert, result); } NetLog::ParametersCallback net_log_checked_callback = @@ -167,6 +151,7 @@ bool MultiLogCTVerifier::VerifySCTs( const std::string& encoded_sct_list, const ct::LogEntry& expected_entry, ct::SignedCertificateTimestamp::Origin origin, + X509Certificate* cert, ct::CTVerifyResult* result) { if (logs_.empty()) return false; @@ -191,7 +176,7 @@ bool MultiLogCTVerifier::VerifySCTs( } decoded_sct->origin = origin; - verified |= VerifySingleSCT(decoded_sct, expected_entry, result); + verified |= VerifySingleSCT(decoded_sct, expected_entry, cert, result); } return verified; @@ -200,10 +185,10 @@ bool MultiLogCTVerifier::VerifySCTs( bool MultiLogCTVerifier::VerifySingleSCT( scoped_refptr<ct::SignedCertificateTimestamp> sct, const ct::LogEntry& expected_entry, + X509Certificate* cert, ct::CTVerifyResult* result) { - // Assume this SCT is untrusted until proven otherwise. - IDToLogMap::iterator it = logs_.find(sct->log_id); + const auto& it = logs_.find(sct->log_id); if (it == logs_.end()) { DVLOG(1) << "SCT does not match any known log."; result->unknown_logs_scts.push_back(sct); @@ -230,6 +215,8 @@ bool MultiLogCTVerifier::VerifySingleSCT( LogSCTStatusToUMA(ct::SCT_STATUS_OK); result->verified_scts.push_back(sct); + if (observer_) + observer_->OnSCTVerified(cert, sct.get()); return true; } |