1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
7 #include "base/logging.h"
8 #include "chrome/browser/browser_process.h"
9 #include "content/public/browser/browser_thread.h"
10 #include "net/base/net_errors.h"
11 #include "net/cert/cert_verify_proc.h"
12 #include "net/cert/multi_threaded_cert_verifier.h"
18 void MaybeSignalAnchorUse(int error
,
19 const base::Closure
& anchor_used_callback
,
20 const net::CertVerifyResult
& verify_result
) {
21 DCHECK_CURRENTLY_ON(content::BrowserThread::IO
);
22 if (error
!= net::OK
|| !verify_result
.is_issued_by_additional_trust_anchor
||
23 anchor_used_callback
.is_null()) {
26 anchor_used_callback
.Run();
29 void CompleteAndSignalAnchorUse(
30 const base::Closure
& anchor_used_callback
,
31 const net::CompletionCallback
& completion_callback
,
32 const net::CertVerifyResult
* verify_result
,
34 DCHECK_CURRENTLY_ON(content::BrowserThread::IO
);
35 MaybeSignalAnchorUse(error
, anchor_used_callback
, *verify_result
);
36 if (!completion_callback
.is_null())
37 completion_callback
.Run(error
);
42 PolicyCertVerifier::PolicyCertVerifier(
43 const base::Closure
& anchor_used_callback
)
44 : anchor_used_callback_(anchor_used_callback
) {
45 DCHECK_CURRENTLY_ON(content::BrowserThread::UI
);
48 PolicyCertVerifier::~PolicyCertVerifier() {
49 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
52 void PolicyCertVerifier::InitializeOnIOThread(
53 const scoped_refptr
<net::CertVerifyProc
>& verify_proc
) {
54 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
55 if (!verify_proc
->SupportsAdditionalTrustAnchors()) {
57 << "Additional trust anchors not supported on the current platform!";
59 net::MultiThreadedCertVerifier
* verifier
=
60 new net::MultiThreadedCertVerifier(verify_proc
.get());
61 verifier
->SetCertTrustAnchorProvider(this);
62 delegate_
.reset(verifier
);
65 void PolicyCertVerifier::SetTrustAnchors(
66 const net::CertificateList
& trust_anchors
) {
67 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
68 trust_anchors_
= trust_anchors
;
71 int PolicyCertVerifier::Verify(
72 net::X509Certificate
* cert
,
73 const std::string
& hostname
,
74 const std::string
& ocsp_response
,
77 net::CertVerifyResult
* verify_result
,
78 const net::CompletionCallback
& completion_callback
,
79 scoped_ptr
<Request
>* out_req
,
80 const net::BoundNetLog
& net_log
) {
81 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
83 net::CompletionCallback wrapped_callback
=
84 base::Bind(&CompleteAndSignalAnchorUse
,
85 anchor_used_callback_
,
89 delegate_
->Verify(cert
, hostname
, ocsp_response
, flags
, crl_set
,
90 verify_result
, wrapped_callback
, out_req
, net_log
);
91 MaybeSignalAnchorUse(error
, anchor_used_callback_
, *verify_result
);
95 bool PolicyCertVerifier::SupportsOCSPStapling() {
96 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
97 return delegate_
->SupportsOCSPStapling();
100 const net::CertificateList
& PolicyCertVerifier::GetAdditionalTrustAnchors() {
101 DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::IO
));
102 return trust_anchors_
;
105 } // namespace policy