summaryrefslogtreecommitdiff
path: root/chromium/services/network/cert_verifier_with_trust_anchors.cc
blob: 32b648d602827622fe1da6e947fd38933b5b193f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116

// Copyright (c) 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "services/network/cert_verifier_with_trust_anchors.h"

#include <utility>

#include "base/bind.h"
#include "base/check_op.h"
#include "net/base/net_errors.h"
#include "net/cert/caching_cert_verifier.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/cert_verify_proc.h"
#include "net/cert/coalescing_cert_verifier.h"
#include "net/cert/multi_threaded_cert_verifier.h"

namespace network {

namespace {

void MaybeSignalAnchorUse(int error,
                          const base::RepeatingClosure& anchor_used_callback,
                          const net::CertVerifyResult& verify_result) {
  if (error != net::OK || !verify_result.is_issued_by_additional_trust_anchor ||
      anchor_used_callback.is_null()) {
    return;
  }
  anchor_used_callback.Run();
}

void CompleteAndSignalAnchorUse(
    const base::RepeatingClosure& anchor_used_callback,
    net::CompletionOnceCallback completion_callback,
    const net::CertVerifyResult* verify_result,
    int error) {
  MaybeSignalAnchorUse(error, anchor_used_callback, *verify_result);
  std::move(completion_callback).Run(error);
}

net::CertVerifier::Config ExtendTrustAnchorsAndTempCerts(
    const net::CertVerifier::Config& config,
    const net::CertificateList& trust_anchors,
    const net::CertificateList& untrusted_authorities) {
  net::CertVerifier::Config new_config = config;
  new_config.additional_trust_anchors.insert(
      new_config.additional_trust_anchors.begin(), trust_anchors.begin(),
      trust_anchors.end());
  new_config.additional_untrusted_authorities.insert(
      new_config.additional_untrusted_authorities.begin(),
      untrusted_authorities.begin(), untrusted_authorities.end());
  return new_config;
}

}  // namespace

CertVerifierWithTrustAnchors::CertVerifierWithTrustAnchors(
    const base::RepeatingClosure& anchor_used_callback)
    : anchor_used_callback_(anchor_used_callback) {
  DETACH_FROM_THREAD(thread_checker_);
}

CertVerifierWithTrustAnchors::~CertVerifierWithTrustAnchors() {
  DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
}

void CertVerifierWithTrustAnchors::InitializeOnIOThread(
    std::unique_ptr<net::CertVerifier> delegate) {
  DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
  delegate_ = std::move(delegate);
  delegate_->SetConfig(ExtendTrustAnchorsAndTempCerts(
      orig_config_, trust_anchors_, untrusted_authorities_));
}

void CertVerifierWithTrustAnchors::SetAdditionalCerts(
    const net::CertificateList& trust_anchors,
    const net::CertificateList& untrusted_authorities) {
  DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
  if (std::tie(trust_anchors, untrusted_authorities) ==
      std::tie(trust_anchors_, untrusted_authorities_))
    return;
  trust_anchors_ = trust_anchors;
  untrusted_authorities_ = untrusted_authorities;
  if (!delegate_)
    return;
  delegate_->SetConfig(ExtendTrustAnchorsAndTempCerts(
      orig_config_, trust_anchors_, untrusted_authorities_));
}

int CertVerifierWithTrustAnchors::Verify(
    const RequestParams& params,
    net::CertVerifyResult* verify_result,
    net::CompletionOnceCallback completion_callback,
    std::unique_ptr<Request>* out_req,
    const net::NetLogWithSource& net_log) {
  DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
  DCHECK(delegate_);
  DCHECK(completion_callback);
  net::CompletionOnceCallback wrapped_callback =
      base::BindOnce(&CompleteAndSignalAnchorUse, anchor_used_callback_,
                     std::move(completion_callback), verify_result);

  int error = delegate_->Verify(params, verify_result,
                                std::move(wrapped_callback), out_req, net_log);
  MaybeSignalAnchorUse(error, anchor_used_callback_, *verify_result);
  return error;
}

void CertVerifierWithTrustAnchors::SetConfig(const Config& config) {
  DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
  orig_config_ = config;
  delegate_->SetConfig(ExtendTrustAnchorsAndTempCerts(
      orig_config_, trust_anchors_, untrusted_authorities_));
}

}  // namespace network
View Lorry Controller Status