diff options
Diffstat (limited to 'net/socket/ssl_host_info.cc')
| -rw-r--r-- | net/socket/ssl_host_info.cc | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/net/socket/ssl_host_info.cc b/net/socket/ssl_host_info.cc index 9056fef..ec97b66 100644 --- a/net/socket/ssl_host_info.cc +++ b/net/socket/ssl_host_info.cc @@ -4,6 +4,10 @@ #include "net/socket/ssl_host_info.h" +#include "base/string_piece.h" +#include "net/base/cert_verifier.h" +#include "net/base/ssl_config_service.h" +#include "net/base/x509_certificate.h" #include "net/socket/ssl_client_socket.h" #include "net/socket/ssl_host_info.pb.h" @@ -16,7 +20,16 @@ SSLHostInfo::State::State() SSLHostInfo::State::~State() {} -SSLHostInfo::SSLHostInfo() { +SSLHostInfo::SSLHostInfo( + const std::string& hostname, + const SSLConfig& ssl_config) + : hostname_(hostname), + cert_valid_(false), + rev_checking_enabled_(ssl_config.rev_checking_enabled), + verify_ev_cert_(ssl_config.verify_ev_cert), + callback_(new CancelableCompletionCallback<SSLHostInfo>( + ALLOW_THIS_IN_INITIALIZER_LIST(this), + &SSLHostInfo::VerifyCallback)) { state_.npn_valid = false; } @@ -67,6 +80,7 @@ bool SSLHostInfo::Parse(const std::string& data) { state->certs.clear(); state->server_hello.clear(); state->npn_valid = false; + cert_valid_ = false; if (!proto.ParseFromString(data)) return false; @@ -81,6 +95,26 @@ bool SSLHostInfo::Parse(const std::string& data) { state->npn_protocol = proto.npn_protocol(); } + if (state->certs.size() > 0) { + std::vector<base::StringPiece> der_certs(state->certs.size()); + for (size_t i = 0; i < state->certs.size(); i++) + der_certs[i] = state->certs[i]; + cert_ = X509Certificate::CreateFromDERCertChain(der_certs); + if (cert_.get()) { + int flags = 0; + if (verify_ev_cert_) + flags |= X509Certificate::VERIFY_EV_CERT; + if (rev_checking_enabled_) + flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; + verifier_.reset(new CertVerifier); + VLOG(1) << "Kicking off validation for " << hostname_; + if (verifier_->Verify(cert_.get(), hostname_, flags, + &cert_verify_result_, callback_) == OK) { + cert_valid_ = true; + } + } + } + return true; } @@ -102,6 +136,18 @@ std::string SSLHostInfo::Serialize() const { return proto.SerializeAsString(); } +bool SSLHostInfo::cert_valid() const { + return cert_valid_; +} + +const CertVerifyResult& SSLHostInfo::cert_verify_result() const { + return cert_verify_result_; +} + +void SSLHostInfo::VerifyCallback(int rv) { + cert_valid_ = rv == OK; +} + SSLHostInfoFactory::~SSLHostInfoFactory() {} } // namespace net |