1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "services/network/trial_comparison_cert_verifier_mojo.h"
6
7 #include <utility>
8
9 #include "build/build_config.h"
10 #include "net/cert/cert_verify_proc.h"
11 #include "net/cert/cert_verify_proc_builtin.h"
12 #include "net/cert/trial_comparison_cert_verifier.h"
13 #include "net/der/encode_values.h"
14 #include "net/der/parse_values.h"
15
16 #if defined(OS_MACOSX) && !defined(OS_IOS)
17 #include "net/cert/cert_verify_proc_mac.h"
18 #include "net/cert/internal/trust_store_mac.h"
19 #endif
20
21 namespace network {
22
TrialComparisonCertVerifierMojo(bool initial_allowed,mojo::PendingReceiver<mojom::TrialComparisonCertVerifierConfigClient> config_client_receiver,mojo::PendingRemote<mojom::TrialComparisonCertVerifierReportClient> report_client,scoped_refptr<net::CertVerifyProc> primary_verify_proc,scoped_refptr<net::CertVerifyProc> trial_verify_proc)23 TrialComparisonCertVerifierMojo::TrialComparisonCertVerifierMojo(
24 bool initial_allowed,
25 mojo::PendingReceiver<mojom::TrialComparisonCertVerifierConfigClient>
26 config_client_receiver,
27 mojo::PendingRemote<mojom::TrialComparisonCertVerifierReportClient>
28 report_client,
29 scoped_refptr<net::CertVerifyProc> primary_verify_proc,
30 scoped_refptr<net::CertVerifyProc> trial_verify_proc)
31 : receiver_(this, std::move(config_client_receiver)),
32 report_client_(std::move(report_client)) {
33 trial_comparison_cert_verifier_ =
34 std::make_unique<net::TrialComparisonCertVerifier>(
35 primary_verify_proc, trial_verify_proc,
36 base::BindRepeating(
37 &TrialComparisonCertVerifierMojo::OnSendTrialReport,
38 // Unretained safe because the report_callback will not be called
39 // after trial_comparison_cert_verifier_ is destroyed.
40 base::Unretained(this)));
41 trial_comparison_cert_verifier_->set_trial_allowed(initial_allowed);
42 }
43
44 TrialComparisonCertVerifierMojo::~TrialComparisonCertVerifierMojo() = default;
45
Verify(const RequestParams & params,net::CertVerifyResult * verify_result,net::CompletionOnceCallback callback,std::unique_ptr<Request> * out_req,const net::NetLogWithSource & net_log)46 int TrialComparisonCertVerifierMojo::Verify(
47 const RequestParams& params,
48 net::CertVerifyResult* verify_result,
49 net::CompletionOnceCallback callback,
50 std::unique_ptr<Request>* out_req,
51 const net::NetLogWithSource& net_log) {
52 return trial_comparison_cert_verifier_->Verify(
53 params, verify_result, std::move(callback), out_req, net_log);
54 }
55
SetConfig(const Config & config)56 void TrialComparisonCertVerifierMojo::SetConfig(const Config& config) {
57 trial_comparison_cert_verifier_->SetConfig(config);
58 }
59
OnTrialConfigUpdated(bool allowed)60 void TrialComparisonCertVerifierMojo::OnTrialConfigUpdated(bool allowed) {
61 trial_comparison_cert_verifier_->set_trial_allowed(allowed);
62 }
63
OnSendTrialReport(const std::string & hostname,const scoped_refptr<net::X509Certificate> & unverified_cert,bool enable_rev_checking,bool require_rev_checking_local_anchors,bool enable_sha1_local_anchors,bool disable_symantec_enforcement,const std::string & stapled_ocsp,const std::string & sct_list,const net::CertVerifyResult & primary_result,const net::CertVerifyResult & trial_result)64 void TrialComparisonCertVerifierMojo::OnSendTrialReport(
65 const std::string& hostname,
66 const scoped_refptr<net::X509Certificate>& unverified_cert,
67 bool enable_rev_checking,
68 bool require_rev_checking_local_anchors,
69 bool enable_sha1_local_anchors,
70 bool disable_symantec_enforcement,
71 const std::string& stapled_ocsp,
72 const std::string& sct_list,
73 const net::CertVerifyResult& primary_result,
74 const net::CertVerifyResult& trial_result) {
75 network::mojom::CertVerifierDebugInfoPtr debug_info =
76 network::mojom::CertVerifierDebugInfo::New();
77 #if defined(OS_MACOSX) && !defined(OS_IOS)
78 auto* mac_platform_debug_info =
79 net::CertVerifyProcMac::ResultDebugData::Get(&primary_result);
80 if (mac_platform_debug_info) {
81 debug_info->mac_platform_debug_info =
82 network::mojom::MacPlatformVerifierDebugInfo::New();
83 debug_info->mac_platform_debug_info->trust_result =
84 mac_platform_debug_info->trust_result();
85 debug_info->mac_platform_debug_info->result_code =
86 mac_platform_debug_info->result_code();
87 for (const auto& cert_info : mac_platform_debug_info->status_chain()) {
88 network::mojom::MacCertEvidenceInfoPtr info =
89 network::mojom::MacCertEvidenceInfo::New();
90 info->status_bits = cert_info.status_bits;
91 info->status_codes = cert_info.status_codes;
92 debug_info->mac_platform_debug_info->status_chain.push_back(
93 std::move(info));
94 }
95 }
96
97 auto* mac_trust_debug_info =
98 net::TrustStoreMac::ResultDebugData::Get(&trial_result);
99 if (mac_trust_debug_info) {
100 debug_info->mac_combined_trust_debug_info =
101 mac_trust_debug_info->combined_trust_debug_info();
102 }
103 #endif
104 auto* cert_verify_proc_builtin_debug_data =
105 net::CertVerifyProcBuiltinResultDebugData::Get(&trial_result);
106 if (cert_verify_proc_builtin_debug_data) {
107 debug_info->trial_verification_time =
108 cert_verify_proc_builtin_debug_data->verification_time();
109 uint8_t encoded_generalized_time[net::der::kGeneralizedTimeLength];
110 if (net::der::EncodeGeneralizedTime(
111 cert_verify_proc_builtin_debug_data->der_verification_time(),
112 encoded_generalized_time)) {
113 debug_info->trial_der_verification_time = std::string(
114 encoded_generalized_time,
115 encoded_generalized_time + net::der::kGeneralizedTimeLength);
116 }
117 }
118
119 report_client_->SendTrialReport(
120 hostname, unverified_cert, enable_rev_checking,
121 require_rev_checking_local_anchors, enable_sha1_local_anchors,
122 disable_symantec_enforcement,
123 std::vector<uint8_t>(stapled_ocsp.begin(), stapled_ocsp.end()),
124 std::vector<uint8_t>(sct_list.begin(), sct_list.end()), primary_result,
125 trial_result, std::move(debug_info));
126 }
127
128 } // namespace network
129