OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ | 5 #ifndef NET_CERT_CT_LOG_VERIFIER_H_ |
6 #define NET_CERT_CT_LOG_VERIFIER_H_ | 6 #define NET_CERT_CT_LOG_VERIFIER_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/gtest_prod_util.h" | 10 #include "base/gtest_prod_util.h" |
(...skipping 28 matching lines...) Expand all Loading... | |
39 static scoped_ptr<CTLogVerifier> Create(const base::StringPiece& public_key, | 39 static scoped_ptr<CTLogVerifier> Create(const base::StringPiece& public_key, |
40 const base::StringPiece& description, | 40 const base::StringPiece& description, |
41 const base::StringPiece& url); | 41 const base::StringPiece& url); |
42 | 42 |
43 ~CTLogVerifier(); | 43 ~CTLogVerifier(); |
44 | 44 |
45 // Returns the log's key ID (RFC6962, Section 3.2) | 45 // Returns the log's key ID (RFC6962, Section 3.2) |
46 const std::string& key_id() const { return key_id_; } | 46 const std::string& key_id() const { return key_id_; } |
47 // Returns the log's human-readable description. | 47 // Returns the log's human-readable description. |
48 const std::string& description() const { return description_; } | 48 const std::string& description() const { return description_; } |
49 // Returns the log's URL | |
50 const GURL& url() const { return url_; } | |
49 | 51 |
50 // Verifies that |sct| contains a valid signature for |entry|. | 52 // Verifies that |sct| contains a valid signature for |entry|. |
51 bool Verify(const ct::LogEntry& entry, | 53 bool Verify(const ct::LogEntry& entry, |
52 const ct::SignedCertificateTimestamp& sct); | 54 const ct::SignedCertificateTimestamp& sct); |
53 | 55 |
54 // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is | 56 // Verifies and sets |signed_tree_head|. If |signed_tree_head|'s signature is |
55 // valid, stores it and returns true. Otherwise, discards the sth and | 57 // valid, stores it and returns true. Otherwise, discards the sth and |
56 // returns false. | 58 // returns false. |
57 bool SetSignedTreeHead(scoped_ptr<ct::SignedTreeHead> signed_tree_head); | 59 bool VerifySignedTreeHead(const ct::SignedTreeHead* signed_tree_head); |
davidben
2015/05/07 21:59:38
I'm assume this'll go away in a rebase? I remember
Eran Messeri
2015/07/10 13:15:48
Correct.
| |
58 | 60 |
59 private: | 61 private: |
60 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); | 62 FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
61 | 63 |
62 CTLogVerifier(const base::StringPiece& description, const GURL& url); | 64 CTLogVerifier(const base::StringPiece& description, const GURL& url); |
63 | 65 |
64 // Performs crypto-library specific initialization. | 66 // Performs crypto-library specific initialization. |
65 bool Init(const base::StringPiece& public_key); | 67 bool Init(const base::StringPiece& public_key); |
66 | 68 |
67 // Performs the underlying verification using the selected public key. Note | 69 // Performs the underlying verification using the selected public key. Note |
68 // that |signature| contains the raw signature data (eg: without any | 70 // that |signature| contains the raw signature data (eg: without any |
69 // DigitallySigned struct encoding). | 71 // DigitallySigned struct encoding). |
70 bool VerifySignature(const base::StringPiece& data_to_sign, | 72 bool VerifySignature(const base::StringPiece& data_to_sign, |
71 const base::StringPiece& signature); | 73 const base::StringPiece& signature); |
72 | 74 |
73 // Returns true if the signature and hash algorithms in |signature| | 75 // Returns true if the signature and hash algorithms in |signature| |
74 // match those of the log | 76 // match those of the log |
75 bool SignatureParametersMatch(const ct::DigitallySigned& signature); | 77 bool SignatureParametersMatch(const ct::DigitallySigned& signature); |
76 | 78 |
77 std::string key_id_; | 79 std::string key_id_; |
78 std::string description_; | 80 std::string description_; |
79 GURL url_; | 81 GURL url_; |
80 ct::DigitallySigned::HashAlgorithm hash_algorithm_; | 82 ct::DigitallySigned::HashAlgorithm hash_algorithm_; |
81 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; | 83 ct::DigitallySigned::SignatureAlgorithm signature_algorithm_; |
82 scoped_ptr<ct::SignedTreeHead> signed_tree_head_; | |
83 | 84 |
84 #if defined(USE_OPENSSL) | 85 #if defined(USE_OPENSSL) |
85 EVP_PKEY* public_key_; | 86 EVP_PKEY* public_key_; |
86 #else | 87 #else |
87 SECKEYPublicKey* public_key_; | 88 SECKEYPublicKey* public_key_; |
88 #endif | 89 #endif |
89 }; | 90 }; |
90 | 91 |
91 } // namespace net | 92 } // namespace net |
92 | 93 |
93 #endif // NET_CERT_CT_LOG_VERIFIER_H_ | 94 #endif // NET_CERT_CT_LOG_VERIFIER_H_ |
OLD | NEW |