Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(370)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_log_verifier.h

Issue 1100003006: Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Merging with master Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/certificate_transparency/new_scts_observer.cc ('K') | « components/components.gyp ('k') | net/cert/ct_log_verifier.cc » ('j') | net/cert/ct_verifier.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_
6 #define NET_CERT_CT_LOG_VERIFIER_H_ 6 #define NET_CERT_CT_LOG_VERIFIER_H_
7 7
8 #include <string> 8 #include <string>
9 9
10 #include "base/gtest_prod_util.h" 10 #include "base/gtest_prod_util.h"
(...skipping 28 matching lines...) Expand all
39 static scoped_ptr<CTLogVerifier> Create(const base::StringPiece& public_key, 39 static scoped_ptr<CTLogVerifier> Create(const base::StringPiece& public_key,
40 const base::StringPiece& description, 40 const base::StringPiece& description,
41 const base::StringPiece& url); 41 const base::StringPiece& url);
42 42
43 ~CTLogVerifier(); 43 ~CTLogVerifier();
44 44
45 // Returns the log's key ID (RFC6962, Section 3.2) 45 // Returns the log's key ID (RFC6962, Section 3.2)
46 const std::string& key_id() const { return key_id_; } 46 const std::string& key_id() const { return key_id_; }
47 // Returns the log's human-readable description. 47 // Returns the log's human-readable description.
48 const std::string& description() const { return description_; } 48 const std::string& description() const { return description_; }
49 // Returns the log's URL
50 const GURL& url() const { return url_; }
49 51
50 // Verifies that |sct| contains a valid signature for |entry|. 52 // Verifies that |sct| contains a valid signature for |entry|.
51 bool Verify(const ct::LogEntry& entry, 53 bool Verify(const ct::LogEntry& entry,
52 const ct::SignedCertificateTimestamp& sct); 54 const ct::SignedCertificateTimestamp& sct);
53 55
54 // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is 56 // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is
55 // valid, stores it and returns true. Otherwise, discards the sth and 57 // valid, stores it and returns true. Otherwise, discards the sth and
56 // returns false. 58 // returns false.
57 bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head); 59 bool VerifySignedTreeHead(const ct::SignedTreeHead* signed_tree_head);
davidben 2015/05/07 21:59:38 I'm assume this'll go away in a rebase? I remember
Eran Messeri 2015/07/10 13:15:48 Correct.
58 60
59 private: 61 private:
60 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); 62 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
61 63
62 CTLogVerifier(const base::StringPiece& description, const GURL& url); 64 CTLogVerifier(const base::StringPiece& description, const GURL& url);
63 65
64 // Performs crypto-library specific initialization. 66 // Performs crypto-library specific initialization.
65 bool Init(const base::StringPiece& public_key); 67 bool Init(const base::StringPiece& public_key);
66 68
67 // Performs the underlying verification using the selected public key. Note 69 // Performs the underlying verification using the selected public key. Note
68 // that |signature| contains the raw signature data (eg: without any 70 // that |signature| contains the raw signature data (eg: without any
69 // DigitallySigned struct encoding). 71 // DigitallySigned struct encoding).
70 bool VerifySignature(const base::StringPiece& data_to_sign, 72 bool VerifySignature(const base::StringPiece& data_to_sign,
71 const base::StringPiece& signature); 73 const base::StringPiece& signature);
72 74
73 // Returns true if the signature and hash algorithms in |signature| 75 // Returns true if the signature and hash algorithms in |signature|
74 // match those of the log 76 // match those of the log
75 bool SignatureParametersMatch(const ct::DigitallySigned& signature); 77 bool SignatureParametersMatch(const ct::DigitallySigned& signature);
76 78
77 std::string key_id_; 79 std::string key_id_;
78 std::string description_; 80 std::string description_;
79 GURL url_; 81 GURL url_;
80 ct::DigitallySigned::HashAlgorithm hash_algorithm_; 82 ct::DigitallySigned::HashAlgorithm hash_algorithm_;
81 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; 83 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_;
82 scoped_ptr<ct::SignedTreeHead> signed_tree_head_;
83 84
84 #if defined(USE_OPENSSL) 85 #if defined(USE_OPENSSL)
85 EVP_PKEY* public_key_; 86 EVP_PKEY* public_key_;
86 #else 87 #else
87 SECKEYPublicKey* public_key_; 88 SECKEYPublicKey* public_key_;
88 #endif 89 #endif
89 }; 90 };
90 91
91 } // namespace net 92 } // namespace net
92 93
93 #endif // NET_CERT_CT_LOG_VERIFIER_H_ 94 #endif // NET_CERT_CT_LOG_VERIFIER_H_
OLDNEW
« components/certificate_transparency/new_scts_observer.cc ('K') | « components/components.gyp ('k') | net/cert/ct_log_verifier.cc » ('j') | net/cert/ct_verifier.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698