1 // Copyright 2020 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/cert/cert_and_ct_verifier.h"
6
7 #include "base/functional/callback.h"
8 #include "net/cert/ct_verifier.h"
9
10 namespace net {
11
CertAndCTVerifier(std::unique_ptr<CertVerifier> cert_verifier,std::unique_ptr<CTVerifier> ct_verifier)12 CertAndCTVerifier::CertAndCTVerifier(
13 std::unique_ptr<CertVerifier> cert_verifier,
14 std::unique_ptr<CTVerifier> ct_verifier)
15 : cert_verifier_(std::move(cert_verifier)),
16 ct_verifier_(std::move(ct_verifier)) {}
17
18 CertAndCTVerifier::~CertAndCTVerifier() = default;
19
Verify(const RequestParams & params,CertVerifyResult * verify_result,CompletionOnceCallback callback,std::unique_ptr<Request> * out_req,const NetLogWithSource & net_log)20 int CertAndCTVerifier::Verify(const RequestParams& params,
21 CertVerifyResult* verify_result,
22 CompletionOnceCallback callback,
23 std::unique_ptr<Request>* out_req,
24 const NetLogWithSource& net_log) {
25 // It's safe to use |base::Unretained| here, because if this object is
26 // deleted, |cert_verifier_| will be deleted and this callback will not
27 // be invoked.
28 // It's not necessary to wrap |out_req|, because if |out_req| is deleted,
29 // this callback will be Reset(), which will also Reset |callback|, because it
30 // is moved and bound to |ct_callback|.
31 CompletionOnceCallback ct_callback = base::BindOnce(
32 &CertAndCTVerifier::OnCertVerifyComplete, base::Unretained(this), params,
33 std::move(callback), verify_result, net_log);
34
35 int result = cert_verifier_->Verify(params, verify_result,
36 std::move(ct_callback), out_req, net_log);
37
38 // If the certificate verification completed synchronously and successfully,
39 // then directly perform CT verification (which is always synchronous as it
40 // has all the data it needs for SCT verification and does not do any external
41 // communication).
42 if (result != ERR_IO_PENDING &&
43 (result == OK || IsCertificateError(result))) {
44 DCHECK(verify_result->verified_cert);
45 ct_verifier_->Verify(params.hostname(), verify_result->verified_cert.get(),
46 params.ocsp_response(), params.sct_list(),
47 &verify_result->scts, net_log);
48 }
49
50 return result;
51 }
52
SetConfig(const Config & config)53 void CertAndCTVerifier::SetConfig(const Config& config) {
54 cert_verifier_->SetConfig(config);
55 }
56
AddObserver(Observer * observer)57 void CertAndCTVerifier::AddObserver(Observer* observer) {
58 cert_verifier_->AddObserver(observer);
59 }
60
RemoveObserver(Observer * observer)61 void CertAndCTVerifier::RemoveObserver(Observer* observer) {
62 cert_verifier_->RemoveObserver(observer);
63 }
64
OnCertVerifyComplete(const RequestParams & params,CompletionOnceCallback callback,CertVerifyResult * verify_result,const NetLogWithSource & net_log,int result)65 void CertAndCTVerifier::OnCertVerifyComplete(const RequestParams& params,
66 CompletionOnceCallback callback,
67 CertVerifyResult* verify_result,
68 const NetLogWithSource& net_log,
69 int result) {
70 // Only perform CT verification if the certificate verification completed
71 // successfully.
72 if (result == OK || IsCertificateError(result)) {
73 DCHECK(verify_result->verified_cert);
74 ct_verifier_->Verify(params.hostname(), verify_result->verified_cert.get(),
75 params.ocsp_response(), params.sct_list(),
76 &verify_result->scts, net_log);
77 }
78
79 // Now chain to the user's callback, which may delete |this|.
80 std::move(callback).Run(result);
81 }
82
83 } // namespace net
84