chrome/browser/chromeos/policy/policy_cert_verifier.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
   6
   7 #include "base/logging.h"
   8 #include "chrome/browser/browser_process.h"
   9 #include "content/public/browser/browser_thread.h"
  10 #include "net/base/net_errors.h"
  11 #include "net/cert/cert_verify_proc.h"
  12 #include "net/cert/multi_threaded_cert_verifier.h"
  13
  14 namespace policy {
  15
  16 namespace {
  17
  18 void MaybeSignalAnchorUse(int error,
  19                           const base::Closure& anchor_used_callback,
  20                           const net::CertVerifyResult& verify_result) {
  21   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  22   if (error != net::OK || !verify_result.is_issued_by_additional_trust_anchor ||
  23       anchor_used_callback.is_null()) {
  24     return;
  25   }
  26   anchor_used_callback.Run();
  27 }
  28
  29 void CompleteAndSignalAnchorUse(
  30     const base::Closure& anchor_used_callback,
  31     const net::CompletionCallback& completion_callback,
  32     const net::CertVerifyResult* verify_result,
  33     int error) {
  34   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  35   MaybeSignalAnchorUse(error, anchor_used_callback, *verify_result);
  36   if (!completion_callback.is_null())
  37     completion_callback.Run(error);
  38 }
  39
  40 }  // namespace
  41
  42 PolicyCertVerifier::PolicyCertVerifier(
  43     const base::Closure& anchor_used_callback)
  44     : anchor_used_callback_(anchor_used_callback) {
  45   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
  46 }
  47
  48 PolicyCertVerifier::~PolicyCertVerifier() {
  49   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  50 }
  51
  52 void PolicyCertVerifier::InitializeOnIOThread(
  53     const scoped_refptr<net::CertVerifyProc>& verify_proc) {
  54   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  55   if (!verify_proc->SupportsAdditionalTrustAnchors()) {
  56     LOG(WARNING)
  57         << "Additional trust anchors not supported on the current platform!";
  58   }
  59   net::MultiThreadedCertVerifier* verifier =
  60       new net::MultiThreadedCertVerifier(verify_proc.get());
  61   verifier->SetCertTrustAnchorProvider(this);
  62   delegate_.reset(verifier);
  63 }
  64
  65 void PolicyCertVerifier::SetTrustAnchors(
  66     const net::CertificateList& trust_anchors) {
  67   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  68   trust_anchors_ = trust_anchors;
  69 }
  70
  71 int PolicyCertVerifier::Verify(
  72     net::X509Certificate* cert,
  73     const std::string& hostname,
  74     const std::string& ocsp_response,
  75     int flags,
  76     net::CRLSet* crl_set,
  77     net::CertVerifyResult* verify_result,
  78     const net::CompletionCallback& completion_callback,
  79     scoped_ptr<Request>* out_req,
  80     const net::BoundNetLog& net_log) {
  81   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  82   DCHECK(delegate_);
  83   net::CompletionCallback wrapped_callback =
  84       base::Bind(&CompleteAndSignalAnchorUse,
  85                  anchor_used_callback_,
  86                  completion_callback,
  87                  verify_result);
  88   int error =
  89       delegate_->Verify(cert, hostname, ocsp_response, flags, crl_set,
  90                         verify_result, wrapped_callback, out_req, net_log);
  91   MaybeSignalAnchorUse(error, anchor_used_callback_, *verify_result);
  92   return error;
  93 }
  94
  95 bool PolicyCertVerifier::SupportsOCSPStapling() {
  96   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  97   return delegate_->SupportsOCSPStapling();
  98 }
  99
 100 const net::CertificateList& PolicyCertVerifier::GetAdditionalTrustAnchors() {
 101   DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
 102   return trust_anchors_;
 103 }
 104
 105 }  // namespace policy