// Copyright 2020 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/cert_verifier/cert_verifier_creation.h" #include "base/memory/scoped_refptr.h" #include "base/types/optional_util.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "components/certificate_transparency/chrome_ct_policy_enforcer.h" #include "components/network_time/time_tracker/time_tracker.h" #include "crypto/sha2.h" #include "net/base/features.h" #include "net/cert/cert_verify_proc.h" #include "net/cert/crl_set.h" #include "net/cert/ct_policy_enforcer.h" #include "net/cert/ct_verifier.h" #include "net/cert/do_nothing_ct_verifier.h" #include "net/cert/multi_threaded_cert_verifier.h" #include "net/cert/x509_util.h" #include "net/net_buildflags.h" #include "services/network/public/cpp/network_service_buildflags.h" #include "services/network/public/mojom/cert_verifier_service_updater.mojom.h" #if BUILDFLAG(IS_CT_SUPPORTED) #include "net/cert/multi_log_ct_verifier.h" #endif #if BUILDFLAG(IS_FUCHSIA) #include "net/cert/cert_verify_proc_builtin.h" #include "net/cert/internal/system_trust_store.h" #endif #if BUILDFLAG(IS_CHROMEOS) #include "crypto/nss_util_internal.h" #include "net/cert/internal/system_trust_store_nss.h" #endif #if BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED) #include "net/cert/cert_verify_proc_builtin.h" #include "net/cert/internal/system_trust_store.h" #include "net/cert/internal/trust_store_chrome.h" #endif namespace cert_verifier { namespace { #if BUILDFLAG(IS_CHROMEOS) crypto::ScopedPK11Slot GetUserSlotRestrictionForChromeOSParams( mojom::CertVerifierCreationParams* creation_params) { crypto::ScopedPK11Slot public_slot; #if BUILDFLAG(IS_CHROMEOS_LACROS) if (creation_params && creation_params->nss_full_path.has_value()) { public_slot = crypto::OpenSoftwareNSSDB(creation_params->nss_full_path.value(), /*description=*/"cert_db"); // `public_slot` can contain important security related settings. Crash if // failed to load it. CHECK(public_slot); } #elif BUILDFLAG(IS_CHROMEOS_ASH) if (creation_params && !creation_params->username_hash.empty()) { // Make sure NSS is initialized for the user. crypto::InitializeNSSForChromeOSUser(creation_params->username_hash, creation_params->nss_path.value()); public_slot = crypto::GetPublicSlotForChromeOSUser(creation_params->username_hash); } #else #error IS_CHROMEOS set without IS_CHROMEOS_LACROS or IS_CHROMEOS_ASH #endif return public_slot; } #endif // BUILDFLAG(IS_CHROMEOS) class CertVerifyProcFactoryImpl : public net::CertVerifyProcFactory { … }; } // namespace bool IsUsingCertNetFetcher() { … } std::unique_ptr<net::CertVerifierWithUpdatableProc> CreateCertVerifier( mojom::CertVerifierCreationParams* creation_params, scoped_refptr<net::CertNetFetcher> cert_net_fetcher, const net::CertVerifyProc::ImplParams& impl_params, const net::CertVerifyProc::InstanceParams& instance_params) { … } void UpdateCertVerifierInstanceParams( const mojom::AdditionalCertificatesPtr& additional_certificates, net::CertVerifyProc::InstanceParams* instance_params) { … } } // namespace cert_verifier
Codebase Browser
chromium