diff options
| author | estark <estark@chromium.org> | 2016-01-12 13:37:05 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-01-12 21:38:23 +0000 |
| commit | 6f9b3d801425d327dbf7def99fcfeeebe9a5c7f8 (patch) | |
| tree | 0b47c8679ecd61adb14fc3bc354233888b514e61 /net | |
| parent | d51b185ff89eb33c21167a57c2fba1cfe1332cb5 (diff) | |
| download | chromium_src-6f9b3d801425d327dbf7def99fcfeeebe9a5c7f8.zip chromium_src-6f9b3d801425d327dbf7def99fcfeeebe9a5c7f8.tar.gz chromium_src-6f9b3d801425d327dbf7def99fcfeeebe9a5c7f8.tar.bz2 | |
Rename CertPolicyEnforcer to CTPolicyEnforcer
This is a cleanup in preparation for implementing some CT changes
including Expect-CT.
BUG=568806
Review URL: https://codereview.chromium.org/1579233002
Cr-Commit-Position: refs/heads/master@{#368993}
Diffstat (limited to 'net')
24 files changed, 110 insertions, 110 deletions
diff --git a/net/cert/cert_policy_enforcer.cc b/net/cert/ct_policy_enforcer.cc index 8e4ba8d..d9c9242 100644 --- a/net/cert/cert_policy_enforcer.cc +++ b/net/cert/ct_policy_enforcer.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/cert/cert_policy_enforcer.h" +#include "net/cert/ct_policy_enforcer.h" #include <algorithm> #include <utility> @@ -296,7 +296,7 @@ void CheckCTEVPolicyCompliance(X509Certificate* cert, } // namespace -bool CertPolicyEnforcer::DoesConformToCTEVPolicy( +bool CTPolicyEnforcer::DoesConformToCTEVPolicy( X509Certificate* cert, const ct::EVCertsWhitelist* ev_whitelist, const ct::CTVerifyResult& ct_result, diff --git a/net/cert/cert_policy_enforcer.h b/net/cert/ct_policy_enforcer.h index ea24dbd..8c29da5e 100644 --- a/net/cert/cert_policy_enforcer.h +++ b/net/cert/ct_policy_enforcer.h @@ -1,8 +1,8 @@ // Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#ifndef NET_CERT_CERT_POLICY_ENFORCER_H -#define NET_CERT_CERT_POLICY_ENFORCER_H +#ifndef NET_CERT_CT_POLICY_ENFORCER_H +#define NET_CERT_CT_POLICY_ENFORCER_H #include <stddef.h> @@ -22,10 +22,10 @@ class X509Certificate; // Class for checking that a given certificate conforms to security-related // policies. -class NET_EXPORT CertPolicyEnforcer { +class NET_EXPORT CTPolicyEnforcer { public: - CertPolicyEnforcer() {} - virtual ~CertPolicyEnforcer() {} + CTPolicyEnforcer() {} + virtual ~CTPolicyEnforcer() {} // Returns true if the collection of SCTs for the given certificate // conforms with the CT/EV policy. Conformance details are logged to @@ -41,4 +41,4 @@ class NET_EXPORT CertPolicyEnforcer { } // namespace net -#endif // NET_CERT_CERT_POLICY_ENFORCER_H +#endif // NET_CERT_CT_POLICY_ENFORCER_H diff --git a/net/cert/cert_policy_enforcer_unittest.cc b/net/cert/ct_policy_enforcer_unittest.cc index 2facbc2..4355252 100644 --- a/net/cert/cert_policy_enforcer_unittest.cc +++ b/net/cert/ct_policy_enforcer_unittest.cc @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. -#include "net/cert/cert_policy_enforcer.h" +#include "net/cert/ct_policy_enforcer.h" #include <string> @@ -52,10 +52,10 @@ const char kGoogleAviatorLogID[] = static_assert(arraysize(kGoogleAviatorLogID) - 1 == crypto::kSHA256Length, "Incorrect log ID length."); -class CertPolicyEnforcerTest : public ::testing::Test { +class CTPolicyEnforcerTest : public ::testing::Test { public: void SetUp() override { - policy_enforcer_.reset(new CertPolicyEnforcer); + policy_enforcer_.reset(new CTPolicyEnforcer); std::string der_test_cert(ct::GetDerEncodedX509Cert()); chain_ = X509Certificate::CreateFromBytes(der_test_cert.data(), @@ -137,13 +137,13 @@ class CertPolicyEnforcerTest : public ::testing::Test { } protected: - scoped_ptr<CertPolicyEnforcer> policy_enforcer_; + scoped_ptr<CTPolicyEnforcer> policy_enforcer_; scoped_refptr<X509Certificate> chain_; std::string google_log_id_; std::string non_google_log_id_; }; -TEST_F(CertPolicyEnforcerTest, +TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughDiverseSCTsAllGoogle) { ct::CTVerifyResult result; FillResultWithRepeatedLogID(google_log_id_, 2, true, &result); @@ -152,7 +152,7 @@ TEST_F(CertPolicyEnforcerTest, chain_.get(), nullptr, result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, +TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughDiverseSCTsAllNonGoogle) { ct::CTVerifyResult result; FillResultWithRepeatedLogID(non_google_log_id_, 2, true, &result); @@ -161,7 +161,7 @@ TEST_F(CertPolicyEnforcerTest, chain_.get(), nullptr, result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) { +TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) { ct::CTVerifyResult result; FillResultWithRepeatedLogID(non_google_log_id_, 2, false, &result); @@ -169,7 +169,7 @@ TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyIfSCTBeforeEnforcementDate) { result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) { +TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) { ct::CTVerifyResult result; FillResultWithSCTsOfOrigin( ct::SignedCertificateTimestamp::SCT_FROM_TLS_EXTENSION, 2, &result); @@ -178,7 +178,7 @@ TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithNonEmbeddedSCTs) { result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) { +TEST_F(CTPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) { // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. ct::CTVerifyResult result; FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 5, @@ -188,7 +188,7 @@ TEST_F(CertPolicyEnforcerTest, ConformsToCTEVPolicyWithEmbeddedSCTs) { result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) { +TEST_F(CTPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) { scoped_refptr<ct::EVCertsWhitelist> non_including_whitelist( new DummyEVCertsWhitelist(true, false)); // This chain_ is valid for 10 years - over 121 months - so requires 5 SCTs. @@ -208,7 +208,7 @@ TEST_F(CertPolicyEnforcerTest, DoesNotConformToCTEVPolicyNotEnoughSCTs) { chain_.get(), whitelist.get(), result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) { +TEST_F(CTPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) { scoped_refptr<X509Certificate> no_valid_dates_cert(new X509Certificate( "subject", "issuer", base::Time(), base::Time::Now())); ct::CTVerifyResult result; @@ -223,7 +223,7 @@ TEST_F(CertPolicyEnforcerTest, DoesNotConformToPolicyInvalidDates) { chain_.get(), whitelist.get(), result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, +TEST_F(CTPolicyEnforcerTest, ConformsToPolicyExactNumberOfSCTsForValidityPeriod) { // Test multiple validity periods const struct TestData { @@ -267,7 +267,7 @@ TEST_F(CertPolicyEnforcerTest, } } -TEST_F(CertPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) { +TEST_F(CTPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) { scoped_refptr<ct::EVCertsWhitelist> whitelist( new DummyEVCertsWhitelist(true, true)); @@ -278,7 +278,7 @@ TEST_F(CertPolicyEnforcerTest, ConformsToPolicyByEVWhitelistPresence) { chain_.get(), whitelist.get(), result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, IgnoresInvalidEVWhitelist) { +TEST_F(CTPolicyEnforcerTest, IgnoresInvalidEVWhitelist) { scoped_refptr<ct::EVCertsWhitelist> whitelist( new DummyEVCertsWhitelist(false, true)); @@ -289,7 +289,7 @@ TEST_F(CertPolicyEnforcerTest, IgnoresInvalidEVWhitelist) { chain_.get(), whitelist.get(), result, BoundNetLog())); } -TEST_F(CertPolicyEnforcerTest, IgnoresNullEVWhitelist) { +TEST_F(CTPolicyEnforcerTest, IgnoresNullEVWhitelist) { ct::CTVerifyResult result; FillResultWithSCTsOfOrigin(ct::SignedCertificateTimestamp::SCT_EMBEDDED, 1, &result); diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc index cbdb781..a72b871 100644 --- a/net/http/http_network_session.cc +++ b/net/http/http_network_session.cc @@ -50,7 +50,7 @@ ClientSocketPoolManager* CreateSocketPoolManager( : ClientSocketFactory::GetDefaultFactory(), params.host_resolver, params.cert_verifier, params.channel_id_service, params.transport_security_state, params.cert_transparency_verifier, - params.cert_policy_enforcer, ssl_session_cache_shard, + params.ct_policy_enforcer, ssl_session_cache_shard, params.ssl_config_service, pool_type); } @@ -74,7 +74,7 @@ HttpNetworkSession::Params::Params() : client_socket_factory(NULL), host_resolver(NULL), cert_verifier(NULL), - cert_policy_enforcer(NULL), + ct_policy_enforcer(NULL), channel_id_service(NULL), transport_security_state(NULL), cert_transparency_verifier(NULL), @@ -149,7 +149,7 @@ HttpNetworkSession::HttpNetworkSession(const Params& params) : ClientSocketFactory::GetDefaultFactory(), params.http_server_properties, params.cert_verifier, - params.cert_policy_enforcer, + params.ct_policy_enforcer, params.channel_id_service, params.transport_security_state, params.cert_transparency_verifier, diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h index d5acd6f..5b1ecf4 100644 --- a/net/http/http_network_session.h +++ b/net/http/http_network_session.h @@ -32,7 +32,7 @@ class Value; namespace net { -class CertPolicyEnforcer; +class CTPolicyEnforcer; class CertVerifier; class ChannelIDService; class ClientSocketFactory; @@ -69,7 +69,7 @@ class NET_EXPORT HttpNetworkSession ClientSocketFactory* client_socket_factory; HostResolver* host_resolver; CertVerifier* cert_verifier; - CertPolicyEnforcer* cert_policy_enforcer; + CTPolicyEnforcer* ct_policy_enforcer; ChannelIDService* channel_id_service; TransportSecurityState* transport_security_state; CTVerifier* cert_transparency_verifier; diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc index a9efdcd..97d7270 100644 --- a/net/http/http_proxy_client_socket_pool_unittest.cc +++ b/net/http/http_proxy_client_socket_pool_unittest.cc @@ -168,7 +168,7 @@ class HttpProxyClientSocketPoolTest NULL /* channel_id_store */, NULL /* transport_security_state */, NULL /* cert_transparency_verifier */, - NULL /* cert_policy_enforcer */, + NULL /* ct_policy_enforcer */, std::string() /* ssl_session_cache_shard */, session_deps_.socket_factory.get(), &transport_socket_pool_, diff --git a/net/http/http_stream_factory_impl_unittest.cc b/net/http/http_stream_factory_impl_unittest.cc index 7960a2b..32c20e3 100644 --- a/net/http/http_stream_factory_impl_unittest.cc +++ b/net/http/http_stream_factory_impl_unittest.cc @@ -448,7 +448,7 @@ CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool( nullptr, // channel_id_store nullptr, // transport_security_state nullptr, // cert_transparency_verifier - nullptr, // cert_policy_enforcer + nullptr, // ct_policy_enforcer std::string(), // ssl_session_cache_shard nullptr, // deterministic_socket_factory nullptr, // transport_socket_pool diff --git a/net/net.gypi b/net/net.gypi index 8174f97..0480934 100644 --- a/net/net.gypi +++ b/net/net.gypi @@ -73,8 +73,6 @@ 'cert/cert_database.cc', 'cert/cert_database.h', 'cert/cert_database_openssl.cc', - 'cert/cert_policy_enforcer.cc', - 'cert/cert_policy_enforcer.h', 'cert/cert_status_flags.cc', 'cert/cert_status_flags.h', 'cert/cert_verifier.cc', @@ -86,6 +84,8 @@ 'cert/ct_known_logs.cc', 'cert/ct_known_logs.h', 'cert/ct_known_logs_static.h', + 'cert/ct_policy_enforcer.cc', + 'cert/ct_policy_enforcer.h', 'cert/ct_verifier.h', 'cert/ct_verify_result.cc', 'cert/ct_verify_result.h', @@ -1341,7 +1341,7 @@ 'base/upload_bytes_element_reader_unittest.cc', 'base/upload_file_element_reader_unittest.cc', 'base/url_util_unittest.cc', - 'cert/cert_policy_enforcer_unittest.cc', + 'cert/ct_policy_enforcer_unittest.cc', 'cert/cert_verify_proc_unittest.cc', 'cert/cert_verify_proc_whitelist_unittest.cc', 'cert/crl_set_unittest.cc', diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc index d7ee393..e9191a7 100644 --- a/net/quic/crypto/proof_verifier_chromium.cc +++ b/net/quic/crypto/proof_verifier_chromium.cc @@ -19,10 +19,10 @@ #include "net/base/host_port_pair.h" #include "net/base/net_errors.h" #include "net/cert/asn1_util.h" -#include "net/cert/cert_policy_enforcer.h" #include "net/cert/cert_status_flags.h" #include "net/cert/cert_verifier.h" #include "net/cert/cert_verify_result.h" +#include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_verifier.h" #include "net/cert/x509_certificate.h" #include "net/cert/x509_util.h" @@ -52,7 +52,7 @@ class ProofVerifierChromium::Job { public: Job(ProofVerifierChromium* proof_verifier, CertVerifier* cert_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, int cert_verify_flags, @@ -93,7 +93,7 @@ class ProofVerifierChromium::Job { CertVerifier* verifier_; scoped_ptr<CertVerifier::Request> cert_verifier_request_; - CertPolicyEnforcer* policy_enforcer_; + CTPolicyEnforcer* policy_enforcer_; TransportSecurityState* transport_security_state_; @@ -125,14 +125,14 @@ class ProofVerifierChromium::Job { ProofVerifierChromium::Job::Job( ProofVerifierChromium* proof_verifier, CertVerifier* cert_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, int cert_verify_flags, const BoundNetLog& net_log) : proof_verifier_(proof_verifier), verifier_(cert_verifier), - policy_enforcer_(cert_policy_enforcer), + policy_enforcer_(ct_policy_enforcer), transport_security_state_(transport_security_state), cert_transparency_verifier_(cert_transparency_verifier), cert_verify_flags_(cert_verify_flags), @@ -396,11 +396,11 @@ bool ProofVerifierChromium::Job::VerifySignature(const string& signed_data, ProofVerifierChromium::ProofVerifierChromium( CertVerifier* cert_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier) : cert_verifier_(cert_verifier), - cert_policy_enforcer_(cert_policy_enforcer), + ct_policy_enforcer_(ct_policy_enforcer), transport_security_state_(transport_security_state), cert_transparency_verifier_(cert_transparency_verifier) {} @@ -425,7 +425,7 @@ QuicAsyncStatus ProofVerifierChromium::VerifyProof( const ProofVerifyContextChromium* chromium_context = reinterpret_cast<const ProofVerifyContextChromium*>(verify_context); scoped_ptr<Job> job( - new Job(this, cert_verifier_, cert_policy_enforcer_, + new Job(this, cert_verifier_, ct_policy_enforcer_, transport_security_state_, cert_transparency_verifier_, chromium_context->cert_verify_flags, chromium_context->net_log)); QuicAsyncStatus status = diff --git a/net/quic/crypto/proof_verifier_chromium.h b/net/quic/crypto/proof_verifier_chromium.h index 7b642e7..fd7f345 100644 --- a/net/quic/crypto/proof_verifier_chromium.h +++ b/net/quic/crypto/proof_verifier_chromium.h @@ -21,7 +21,7 @@ namespace net { -class CertPolicyEnforcer; +class CTPolicyEnforcer; class CertVerifier; class CTVerifier; class TransportSecurityState; @@ -59,7 +59,7 @@ struct ProofVerifyContextChromium : public ProofVerifyContext { class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier { public: ProofVerifierChromium(CertVerifier* cert_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier); ~ProofVerifierChromium() override; @@ -86,7 +86,7 @@ class NET_EXPORT_PRIVATE ProofVerifierChromium : public ProofVerifier { // Underlying verifier used to verify certificates. CertVerifier* const cert_verifier_; - CertPolicyEnforcer* const cert_policy_enforcer_; + CTPolicyEnforcer* const ct_policy_enforcer_; TransportSecurityState* const transport_security_state_; CTVerifier* const cert_transparency_verifier_; diff --git a/net/quic/crypto/proof_verifier_chromium_test.cc b/net/quic/crypto/proof_verifier_chromium_test.cc index 76b56b1..96c4013 100644 --- a/net/quic/crypto/proof_verifier_chromium_test.cc +++ b/net/quic/crypto/proof_verifier_chromium_test.cc @@ -8,10 +8,10 @@ #include "base/memory/scoped_ptr.h" #include "net/base/net_errors.h" #include "net/base/test_data_directory.h" -#include "net/cert/cert_policy_enforcer.h" #include "net/cert/cert_status_flags.h" #include "net/cert/cert_verifier.h" #include "net/cert/ct_log_verifier.h" +#include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_serialization.h" #include "net/cert/ct_verify_result.h" #include "net/cert/mock_cert_verifier.h" @@ -50,28 +50,28 @@ class FailsTestCertVerifier : public CertVerifier { } }; -// CertPolicyEnforcer that will fail the test if it is ever called. -class FailsTestCertPolicyEnforcer : public CertPolicyEnforcer { +// CTPolicyEnforcer that will fail the test if it is ever called. +class FailsTestCTPolicyEnforcer : public CTPolicyEnforcer { public: - FailsTestCertPolicyEnforcer() {} - ~FailsTestCertPolicyEnforcer() override {} + FailsTestCTPolicyEnforcer() {} + ~FailsTestCTPolicyEnforcer() override {} bool DoesConformToCTEVPolicy(X509Certificate* cert, const ct::EVCertsWhitelist* ev_whitelist, const ct::CTVerifyResult& ct_result, const BoundNetLog& net_log) override { - ADD_FAILURE() << "CertPolicyEnforcer::DoesConformToCTEVPolicy() should " + ADD_FAILURE() << "CTPolicyEnforcer::DoesConformToCTEVPolicy() should " << "not be called"; return false; } }; -// CertPolicyEnforcer that can simulate whether or not a given certificate +// CTPolicyEnforcer that can simulate whether or not a given certificate // conforms to the CT/EV policy. -class MockCertPolicyEnforcer : public CertPolicyEnforcer { +class MockCTPolicyEnforcer : public CTPolicyEnforcer { public: - MockCertPolicyEnforcer(bool is_ev) : is_ev_(is_ev) {} - ~MockCertPolicyEnforcer() override {} + MockCTPolicyEnforcer(bool is_ev) : is_ev_(is_ev) {} + ~MockCTPolicyEnforcer() override {} bool DoesConformToCTEVPolicy(X509Certificate* cert, const ct::EVCertsWhitelist* ev_whitelist, @@ -343,7 +343,7 @@ TEST_F(ProofVerifierChromiumTest, PreservesEVIfAllowed) { MockCertVerifier dummy_verifier; dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); - MockCertPolicyEnforcer policy_enforcer(true /*is_ev*/); + MockCTPolicyEnforcer policy_enforcer(true /*is_ev*/); ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, nullptr, ct_verifier_.get()); @@ -375,7 +375,7 @@ TEST_F(ProofVerifierChromiumTest, StripsEVIfNotAllowed) { MockCertVerifier dummy_verifier; dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); - MockCertPolicyEnforcer policy_enforcer(false /*is_ev*/); + MockCTPolicyEnforcer policy_enforcer(false /*is_ev*/); ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, nullptr, ct_verifier_.get()); @@ -408,7 +408,7 @@ TEST_F(ProofVerifierChromiumTest, IgnoresPolicyEnforcerIfNotEV) { MockCertVerifier dummy_verifier; dummy_verifier.AddResultForCert(test_cert.get(), dummy_result, OK); - FailsTestCertPolicyEnforcer policy_enforcer; + FailsTestCTPolicyEnforcer policy_enforcer; ProofVerifierChromium proof_verifier(&dummy_verifier, &policy_enforcer, nullptr, ct_verifier_.get()); diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc index 2986c59..18061d5 100644 --- a/net/quic/quic_stream_factory.cc +++ b/net/quic/quic_stream_factory.cc @@ -546,7 +546,7 @@ QuicStreamFactory::QuicStreamFactory( ClientSocketFactory* client_socket_factory, base::WeakPtr<HttpServerProperties> http_server_properties, CertVerifier* cert_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, ChannelIDService* channel_id_service, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, @@ -590,7 +590,7 @@ QuicStreamFactory::QuicStreamFactory( config_(InitializeQuicConfig(connection_options, idle_connection_timeout_seconds)), crypto_config_(new ProofVerifierChromium(cert_verifier, - cert_policy_enforcer, + ct_policy_enforcer, transport_security_state, cert_transparency_verifier)), supported_versions_(supported_versions), diff --git a/net/quic/quic_stream_factory.h b/net/quic/quic_stream_factory.h index 8ce70a9..fa7d47a 100644 --- a/net/quic/quic_stream_factory.h +++ b/net/quic/quic_stream_factory.h @@ -36,7 +36,7 @@ namespace net { -class CertPolicyEnforcer; +class CTPolicyEnforcer; class CertVerifier; class ChannelIDService; class ClientSocketFactory; @@ -120,7 +120,7 @@ class NET_EXPORT_PRIVATE QuicStreamFactory ClientSocketFactory* client_socket_factory, base::WeakPtr<HttpServerProperties> http_server_properties, CertVerifier* cert_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, ChannelIDService* channel_id_service, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, diff --git a/net/socket/client_socket_pool_manager_impl.cc b/net/socket/client_socket_pool_manager_impl.cc index 6917036..f2d512c 100644 --- a/net/socket/client_socket_pool_manager_impl.cc +++ b/net/socket/client_socket_pool_manager_impl.cc @@ -45,7 +45,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( ChannelIDService* channel_id_service, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, const std::string& ssl_session_cache_shard, SSLConfigService* ssl_config_service, HttpNetworkSession::SocketPoolType pool_type) @@ -56,7 +56,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( channel_id_service_(channel_id_service), transport_security_state_(transport_security_state), cert_transparency_verifier_(cert_transparency_verifier), - cert_policy_enforcer_(cert_policy_enforcer), + ct_policy_enforcer_(ct_policy_enforcer), ssl_session_cache_shard_(ssl_session_cache_shard), ssl_config_service_(ssl_config_service), pool_type_(pool_type), @@ -79,7 +79,7 @@ ClientSocketPoolManagerImpl::ClientSocketPoolManagerImpl( channel_id_service, transport_security_state, cert_transparency_verifier, - cert_policy_enforcer, + ct_policy_enforcer, ssl_session_cache_shard, socket_factory, transport_socket_pool_.get(), @@ -285,15 +285,15 @@ ClientSocketPoolManagerImpl::GetSocketPoolForHTTPProxy( std::pair<SSLSocketPoolMap::iterator, bool> ssl_https_ret = ssl_socket_pools_for_https_proxies_.insert(std::make_pair( - http_proxy, new SSLClientSocketPool( - sockets_per_proxy_server, - sockets_per_group, cert_verifier_, - channel_id_service_, transport_security_state_, - cert_transparency_verifier_, cert_policy_enforcer_, - ssl_session_cache_shard_, socket_factory_, - tcp_https_ret.first->second /* https proxy */, - NULL /* no socks proxy */, NULL /* no http proxy */, - ssl_config_service_.get(), net_log_))); + http_proxy, + new SSLClientSocketPool( + sockets_per_proxy_server, sockets_per_group, cert_verifier_, + channel_id_service_, transport_security_state_, + cert_transparency_verifier_, ct_policy_enforcer_, + ssl_session_cache_shard_, socket_factory_, + tcp_https_ret.first->second /* https proxy */, + NULL /* no socks proxy */, NULL /* no http proxy */, + ssl_config_service_.get(), net_log_))); DCHECK(tcp_https_ret.second); std::pair<HTTPProxySocketPoolMap::iterator, bool> ret = @@ -322,10 +322,10 @@ SSLClientSocketPool* ClientSocketPoolManagerImpl::GetSocketPoolForSSLWithProxy( max_sockets_per_group(pool_type_)); SSLClientSocketPool* new_pool = new SSLClientSocketPool( - sockets_per_proxy_server, - sockets_per_group, cert_verifier_, channel_id_service_, - transport_security_state_, cert_transparency_verifier_, - cert_policy_enforcer_, ssl_session_cache_shard_, socket_factory_, + sockets_per_proxy_server, sockets_per_group, cert_verifier_, + channel_id_service_, transport_security_state_, + cert_transparency_verifier_, ct_policy_enforcer_, + ssl_session_cache_shard_, socket_factory_, NULL, /* no tcp pool, we always go through a proxy */ GetSocketPoolForSOCKSProxy(proxy_server), GetSocketPoolForHTTPProxy(proxy_server), ssl_config_service_.get(), diff --git a/net/socket/client_socket_pool_manager_impl.h b/net/socket/client_socket_pool_manager_impl.h index da6bfdb..538e507 100644 --- a/net/socket/client_socket_pool_manager_impl.h +++ b/net/socket/client_socket_pool_manager_impl.h @@ -60,7 +60,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, ChannelIDService* channel_id_service, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, const std::string& ssl_session_cache_shard, SSLConfigService* ssl_config_service, HttpNetworkSession::SocketPoolType pool_type); @@ -106,7 +106,7 @@ class ClientSocketPoolManagerImpl : public base::NonThreadSafe, ChannelIDService* const channel_id_service_; TransportSecurityState* const transport_security_state_; CTVerifier* const cert_transparency_verifier_; - CertPolicyEnforcer* const cert_policy_enforcer_; + CTPolicyEnforcer* const ct_policy_enforcer_; const std::string ssl_session_cache_shard_; const scoped_refptr<SSLConfigService> ssl_config_service_; const HttpNetworkSession::SocketPoolType pool_type_; diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h index 138ede8..3a6aa94 100644 --- a/net/socket/ssl_client_socket.h +++ b/net/socket/ssl_client_socket.h @@ -24,7 +24,7 @@ class SequencedTaskRunner; namespace net { -class CertPolicyEnforcer; +class CTPolicyEnforcer; class CertVerifier; class ChannelIDService; class CTVerifier; @@ -42,26 +42,26 @@ struct SSLClientSocketContext { channel_id_service(NULL), transport_security_state(NULL), cert_transparency_verifier(NULL), - cert_policy_enforcer(NULL) {} + ct_policy_enforcer(NULL) {} SSLClientSocketContext(CertVerifier* cert_verifier_arg, ChannelIDService* channel_id_service_arg, TransportSecurityState* transport_security_state_arg, CTVerifier* cert_transparency_verifier_arg, - CertPolicyEnforcer* cert_policy_enforcer_arg, + CTPolicyEnforcer* ct_policy_enforcer_arg, const std::string& ssl_session_cache_shard_arg) : cert_verifier(cert_verifier_arg), channel_id_service(channel_id_service_arg), transport_security_state(transport_security_state_arg), cert_transparency_verifier(cert_transparency_verifier_arg), - cert_policy_enforcer(cert_policy_enforcer_arg), + ct_policy_enforcer(ct_policy_enforcer_arg), ssl_session_cache_shard(ssl_session_cache_shard_arg) {} CertVerifier* cert_verifier; ChannelIDService* channel_id_service; TransportSecurityState* transport_security_state; CTVerifier* cert_transparency_verifier; - CertPolicyEnforcer* cert_policy_enforcer; + CTPolicyEnforcer* ct_policy_enforcer; // ssl_session_cache_shard is an opaque string that identifies a shard of the // SSL session cache. SSL sockets with the same ssl_session_cache_shard may // resume each other's SSL sessions but we'll never sessions between shards. diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 2830fd1..e1a8335 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -90,10 +90,10 @@ #include "net/base/net_errors.h" #include "net/base/net_util.h" #include "net/cert/asn1_util.h" -#include "net/cert/cert_policy_enforcer.h" #include "net/cert/cert_status_flags.h" #include "net/cert/cert_verifier.h" #include "net/cert/ct_ev_whitelist.h" +#include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_verifier.h" #include "net/cert/ct_verify_result.h" #include "net/cert/scoped_nss_types.h" @@ -2372,7 +2372,7 @@ SSLClientSocketNSS::SSLClientSocketNSS( nss_fd_(NULL), net_log_(transport_->socket()->NetLog()), transport_security_state_(context.transport_security_state), - policy_enforcer_(context.cert_policy_enforcer), + policy_enforcer_(context.ct_policy_enforcer), valid_thread_id_(base::kInvalidThreadId) { DCHECK(cert_verifier_); diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 307dc77..366df1c 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -34,7 +34,7 @@ namespace net { class BoundNetLog; -class CertPolicyEnforcer; +class CTPolicyEnforcer; class CertVerifier; class ChannelIDService; class CTVerifier; @@ -196,7 +196,7 @@ class SSLClientSocketNSS : public SSLClientSocket { TransportSecurityState* transport_security_state_; - CertPolicyEnforcer* const policy_enforcer_; + CTPolicyEnforcer* const policy_enforcer_; // pinning_failure_log contains a message produced by // TransportSecurityState::CheckPublicKeyPins in the event of a diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 9941436..1f193b7 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -35,9 +35,9 @@ #include "crypto/scoped_openssl_types.h" #include "net/base/ip_address_number.h" #include "net/base/net_errors.h" -#include "net/cert/cert_policy_enforcer.h" #include "net/cert/cert_verifier.h" #include "net/cert/ct_ev_whitelist.h" +#include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_verifier.h" #include "net/cert/x509_certificate_net_log_param.h" #include "net/cert/x509_util_openssl.h" @@ -541,7 +541,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( ssl_failure_state_(SSL_FAILURE_NONE), signature_result_(kNoPendingResult), transport_security_state_(context.transport_security_state), - policy_enforcer_(context.cert_policy_enforcer), + policy_enforcer_(context.ct_policy_enforcer), net_log_(transport_->socket()->NetLog()), weak_factory_(this) { DCHECK(cert_verifier_); diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h index 6dabb6a..178daeb 100644 --- a/net/socket/ssl_client_socket_openssl.h +++ b/net/socket/ssl_client_socket_openssl.h @@ -349,7 +349,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { TransportSecurityState* transport_security_state_; - CertPolicyEnforcer* const policy_enforcer_; + CTPolicyEnforcer* const policy_enforcer_; // pinning_failure_log contains a message produced by // TransportSecurityState::CheckPublicKeyPins in the event of a diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc index 303bb86..f9a4058 100644 --- a/net/socket/ssl_client_socket_pool.cc +++ b/net/socket/ssl_client_socket_pool.cc @@ -124,7 +124,7 @@ SSLConnectJob::SSLConnectJob(const std::string& group_name, context.channel_id_service, context.transport_security_state, context.cert_transparency_verifier, - context.cert_policy_enforcer, + context.ct_policy_enforcer, (params->privacy_mode() == PRIVACY_MODE_ENABLED ? "pm/" + context.ssl_session_cache_shard : context.ssl_session_cache_shard)), @@ -510,7 +510,7 @@ SSLClientSocketPool::SSLClientSocketPool( ChannelIDService* channel_id_service, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, const std::string& ssl_session_cache_shard, ClientSocketFactory* client_socket_factory, TransportClientSocketPool* transport_pool, @@ -535,7 +535,7 @@ SSLClientSocketPool::SSLClientSocketPool( channel_id_service, transport_security_state, cert_transparency_verifier, - cert_policy_enforcer, + ct_policy_enforcer, ssl_session_cache_shard), net_log)), ssl_config_service_(ssl_config_service) { diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h index 5b259eb..b015bae 100644 --- a/net/socket/ssl_client_socket_pool.h +++ b/net/socket/ssl_client_socket_pool.h @@ -21,7 +21,7 @@ namespace net { -class CertPolicyEnforcer; +class CTPolicyEnforcer; class CertVerifier; class ClientSocketFactory; class ConnectJobFactory; @@ -190,7 +190,7 @@ class NET_EXPORT_PRIVATE SSLClientSocketPool ChannelIDService* channel_id_service, TransportSecurityState* transport_security_state, CTVerifier* cert_transparency_verifier, - CertPolicyEnforcer* cert_policy_enforcer, + CTPolicyEnforcer* ct_policy_enforcer, const std::string& ssl_session_cache_shard, ClientSocketFactory* client_socket_factory, TransportClientSocketPool* transport_pool, diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc index 9bbe659..2baae89 100644 --- a/net/socket/ssl_client_socket_pool_unittest.cc +++ b/net/socket/ssl_client_socket_pool_unittest.cc @@ -130,7 +130,7 @@ class SSLClientSocketPoolTest pool_.reset(new SSLClientSocketPool( kMaxSockets, kMaxSocketsPerGroup, NULL /* cert_verifier */, NULL /* channel_id_service */, NULL /* transport_security_state */, - NULL /* cert_transparency_verifier */, NULL /* cert_policy_enforcer */, + NULL /* cert_transparency_verifier */, NULL /* ct_policy_enforcer */, std::string() /* ssl_session_cache_shard */, &socket_factory_, transport_pool ? &transport_socket_pool_ : NULL, socks_pool ? &socks_socket_pool_ : NULL, diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc index bf1cc37..9899819 100644 --- a/net/socket/ssl_client_socket_unittest.cc +++ b/net/socket/ssl_client_socket_unittest.cc @@ -20,7 +20,7 @@ #include "net/base/test_completion_callback.h" #include "net/base/test_data_directory.h" #include "net/cert/asn1_util.h" -#include "net/cert/cert_policy_enforcer.h" +#include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_verifier.h" #include "net/cert/mock_cert_verifier.h" #include "net/cert/test_root_certs.h" @@ -681,8 +681,8 @@ class MockCTVerifier : public CTVerifier { MOCK_METHOD1(SetObserver, void(CTVerifier::Observer*)); }; -// A mock CertPolicyEnforcer that returns a custom verification result. -class MockCertPolicyEnforcer : public CertPolicyEnforcer { +// A mock CTPolicyEnforcer that returns a custom verification result. +class MockCTPolicyEnforcer : public CTPolicyEnforcer { public: MOCK_METHOD4(DoesConformToCTEVPolicy, bool(X509Certificate* cert, @@ -715,8 +715,8 @@ class SSLClientSocketTest : public PlatformTest { context_.cert_transparency_verifier = ct_verifier; } - void SetCertPolicyEnforcer(CertPolicyEnforcer* policy_enforcer) { - context_.cert_policy_enforcer = policy_enforcer; + void SetCTPolicyEnforcer(CTPolicyEnforcer* policy_enforcer) { + context_.ct_policy_enforcer = policy_enforcer; } // Starts the test server with SSL configuration |ssl_options|. Returns true @@ -2315,7 +2315,7 @@ TEST_F(SSLClientSocketTest, EVCertStatusMaintainedNoCTVerifier) { EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); } -// Test that when a CT verifier and a CertPolicyEnforcer are defined, and +// Test that when a CT verifier and a CTPolicyEnforcer are defined, and // the EV certificate used conforms to the CT/EV policy, its EV status // is maintained. TEST_F(SSLClientSocketTest, EVCertStatusMaintainedForCompliantCert) { @@ -2326,14 +2326,14 @@ TEST_F(SSLClientSocketTest, EVCertStatusMaintainedForCompliantCert) { AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); // To activate the CT/EV policy enforcement non-null CTVerifier and - // CertPolicyEnforcer are needed. + // CTPolicyEnforcer are needed. MockCTVerifier ct_verifier; SetCTVerifier(&ct_verifier); EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); // Emulate compliance of the certificate to the policy. - MockCertPolicyEnforcer policy_enforcer; - SetCertPolicyEnforcer(&policy_enforcer); + MockCTPolicyEnforcer policy_enforcer; + SetCTPolicyEnforcer(&policy_enforcer); EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) .WillRepeatedly(Return(true)); @@ -2347,7 +2347,7 @@ TEST_F(SSLClientSocketTest, EVCertStatusMaintainedForCompliantCert) { EXPECT_TRUE(result.cert_status & CERT_STATUS_IS_EV); } -// Test that when a CT verifier and a CertPolicyEnforcer are defined, but +// Test that when a CT verifier and a CTPolicyEnforcer are defined, but // the EV certificate used does not conform to the CT/EV policy, its EV status // is removed. TEST_F(SSLClientSocketTest, EVCertStatusRemovedForNonCompliantCert) { @@ -2358,14 +2358,14 @@ TEST_F(SSLClientSocketTest, EVCertStatusRemovedForNonCompliantCert) { AddServerCertStatusToSSLConfig(CERT_STATUS_IS_EV, &ssl_config); // To activate the CT/EV policy enforcement non-null CTVerifier and - // CertPolicyEnforcer are needed. + // CTPolicyEnforcer are needed. MockCTVerifier ct_verifier; SetCTVerifier(&ct_verifier); EXPECT_CALL(ct_verifier, Verify(_, "", "", _, _)).WillRepeatedly(Return(OK)); // Emulate non-compliance of the certificate to the policy. - MockCertPolicyEnforcer policy_enforcer; - SetCertPolicyEnforcer(&policy_enforcer); + MockCTPolicyEnforcer policy_enforcer; + SetCTPolicyEnforcer(&policy_enforcer); EXPECT_CALL(policy_enforcer, DoesConformToCTEVPolicy(_, _, _, _)) .WillRepeatedly(Return(false)); |