// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ #define NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_ #include #include #include #include #include "base/compiler_specific.h" #include "base/macros.h" #include "net/base/net_export.h" #include "net/cert/cert_verify_result.h" #include "net/cert/ct_verify_result.h" #include "net/cert/x509_certificate.h" #include "net/log/net_log_with_source.h" #include "net/third_party/quic/core/crypto/proof_verifier.h" namespace net { class CTPolicyEnforcer; class CertVerifier; class CTVerifier; class TransportSecurityState; // ProofVerifyDetailsChromium is the implementation-specific information that a // ProofVerifierChromium returns about a certificate verification. class NET_EXPORT_PRIVATE ProofVerifyDetailsChromium : public quic::ProofVerifyDetails { public: ProofVerifyDetailsChromium(); ProofVerifyDetailsChromium(const ProofVerifyDetailsChromium&); ~ProofVerifyDetailsChromium() override; // quic::ProofVerifyDetails implementation quic::ProofVerifyDetails* Clone() const override; CertVerifyResult cert_verify_result; ct::CTVerifyResult ct_verify_result; // pinning_failure_log contains a message produced by // TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a // pinning failure. It is a (somewhat) human-readable string. std::string pinning_failure_log; // True if PKP was bypassed due to a local trust anchor. bool pkp_bypassed; // True if there was a certificate error which should be treated as fatal, // and false otherwise. bool is_fatal_cert_error; }; // ProofVerifyContextChromium is the implementation-specific information that a // ProofVerifierChromium needs in order to log correctly. struct ProofVerifyContextChromium : public quic::ProofVerifyContext { public: ProofVerifyContextChromium(int cert_verify_flags, const NetLogWithSource& net_log) : cert_verify_flags(cert_verify_flags), net_log(net_log) {} int cert_verify_flags; NetLogWithSource net_log; }; // ProofVerifierChromium implements the QUIC quic::ProofVerifier interface. It // is capable of handling multiple simultaneous requests. class NET_EXPORT_PRIVATE ProofVerifierChromium : public quic::ProofVerifier { public: ProofVerifierChromium(CertVerifier* cert_verifier, CTPolicyEnforcer* ct_policy_enforcer, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier); ~ProofVerifierChromium() override; // quic::ProofVerifier interface quic::QuicAsyncStatus VerifyProof( const std::string& hostname, const uint16_t port, const std::string& server_config, quic::QuicTransportVersion quic_version, quic::QuicStringPiece chlo_hash, const std::vector& certs, const std::string& cert_sct, const std::string& signature, const quic::ProofVerifyContext* verify_context, std::string* error_details, std::unique_ptr* verify_details, std::unique_ptr callback) override; quic::QuicAsyncStatus VerifyCertChain( const std::string& hostname, const std::vector& certs, const quic::ProofVerifyContext* verify_context, std::string* error_details, std::unique_ptr* verify_details, std::unique_ptr callback) override; std::unique_ptr CreateDefaultContext() override; private: class Job; void OnJobComplete(Job* job); // Set owning pointers to active jobs. std::map> active_jobs_; // Underlying verifier used to verify certificates. CertVerifier* const cert_verifier_; CTPolicyEnforcer* const ct_policy_enforcer_; TransportSecurityState* const transport_security_state_; CTVerifier* const cert_transparency_verifier_; DISALLOW_COPY_AND_ASSIGN(ProofVerifierChromium); }; } // namespace net #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_CHROMIUM_H_