Google Git
Sign in
chromium / chromium / src / 8f89466532aebd328b3bbff4db8a9dd3bfc3d631^! / . / net / quic / crypto / proof_verifier_chromium.cc
commit8f89466532aebd328b3bbff4db8a9dd3bfc3d631[log] [tgz]
authordadrian <[email protected]>Tue Jun 21 23:48:31 2016
committerCommit bot <[email protected]>Tue Jun 21 23:51:15 2016
tree89d5e73cc2c1be1c3df346314efcfd9fad9b9195
parent718578a6b75cbdb427579bc552c07e369557cb4f [diff] [blame]
Return enum from TransportSecurityState::CheckPublicKeyPins

BUG=618775

Review-Url: https://codereview.chromium.org/2066603004
Cr-Commit-Position: refs/heads/master@{#401140}

diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc
index dde1503..4598150 100644
--- a/net/quic/crypto/proof_verifier_chromium.cc
+++ b/net/quic/crypto/proof_verifier_chromium.cc

@@ -339,21 +339,29 @@
             verify_details_->ct_verify_result.verified_scts, net_log_);
   }
 
-  if ((result == OK ||
-       (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
-      !transport_security_state_->CheckPublicKeyPins(
-          HostPortPair(hostname_, port_),
-          cert_verify_result.is_issued_by_known_root,
-          cert_verify_result.public_key_hashes, cert_.get(),
-          cert_verify_result.verified_cert.get(),
-          TransportSecurityState::ENABLE_PIN_REPORTS,
-          &verify_details_->pinning_failure_log)) {
-    if (cert_verify_result.is_issued_by_known_root) {
-      verify_details_->cert_verify_result.cert_status |=
-          CERT_STATUS_PINNED_KEY_MISSING;
-      result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
-    } else {
-      verify_details_->pkp_bypassed = true;
+  if (transport_security_state_ &&
+      (result == OK ||
+       (IsCertificateError(result) && IsCertStatusMinorError(cert_status)))) {
+    TransportSecurityState::PKPStatus pin_validity =
+        transport_security_state_->CheckPublicKeyPins(
+            HostPortPair(hostname_, port_),
+            cert_verify_result.is_issued_by_known_root,
+            cert_verify_result.public_key_hashes, cert_.get(),
+            cert_verify_result.verified_cert.get(),
+            TransportSecurityState::ENABLE_PIN_REPORTS,
+            &verify_details_->pinning_failure_log);
+    switch (pin_validity) {
+      case TransportSecurityState::PKPStatus::VIOLATED:
+        result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+        verify_details_->cert_verify_result.cert_status |=
+            CERT_STATUS_PINNED_KEY_MISSING;
+        break;
+      case TransportSecurityState::PKPStatus::BYPASSED:
+        verify_details_->pkp_bypassed = true;
+      // Fall through.
+      case TransportSecurityState::PKPStatus::OK:
+        // Do nothing.
+        break;
     }
   }