OLD | NEW |
(Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "components/certificate_transparency/tree_state_tracker.h" |
| 6 |
| 7 #include "base/thread_task_runner_handle.h" |
| 8 #include "components/certificate_transparency/log_proof_fetcher.h" |
| 9 #include "content/public/browser/browser_thread.h" |
| 10 #include "net/cert/ct_log_verifier.h" |
| 11 #include "net/cert/signed_certificate_timestamp.h" |
| 12 #include "net/cert/signed_tree_head.h" |
| 13 |
| 14 namespace certificate_transparency { |
| 15 |
| 16 TreeStateTracker::TreeStateTracker( |
| 17 scoped_ptr<LogProofFetcher> fetcher, |
| 18 const std::vector<linked_ptr<net::CTLogVerifier>>& ct_logs) |
| 19 : fetcher_(fetcher.Pass()) { |
| 20 for (auto it = ct_logs.begin(); it != ct_logs.end(); ++it) { |
| 21 linked_ptr<net::CTLogVerifier> log(*it); |
| 22 ct_logs_[log->key_id()] = log; |
| 23 } |
| 24 content::BrowserThread::PostAfterStartupTask( |
| 25 FROM_HERE, base::ThreadTaskRunnerHandle::Get(), |
| 26 base::Bind(&TreeStateTracker::RefreshSTHs, base::Unretained(this))); |
| 27 } |
| 28 |
| 29 TreeStateTracker::~TreeStateTracker() { |
| 30 } |
| 31 |
| 32 void TreeStateTracker::OnSCTVerified( |
| 33 const net::ct::SignedCertificateTimestamp* sct, |
| 34 net::CTLogVerifier* verifier) { |
| 35 VLOG(0) << "Verified SCT observed."; |
| 36 // 1st step: Check if an sth for the log with this ID exists. If not, fetch. |
| 37 // 2nd step: Check if timestamp in sct > timestamp in sth. If yes, fetch |
| 38 // fresher STH. |
| 39 } |
| 40 |
| 41 void TreeStateTracker::RefreshSTHs() { |
| 42 // TODO(eranm): Verify that base::Unretained usage here is fine since |
| 43 // this class owns the fetcher and the fetcher, when deleted, will delete |
| 44 // all pending requests, so this class always outlives the fetcher. |
| 45 LogProofFetcher::FetchSTHCallback cb = |
| 46 base::Bind(&TreeStateTracker::OnSTHFetched, base::Unretained(this)); |
| 47 for (auto it = ct_logs_.begin(); it != ct_logs_.end(); ++it) { |
| 48 VLOG(0) << "Fetching STH for log " << it->second.get()->description(); |
| 49 net::CTLogVerifier* log(it->second.get()); |
| 50 fetcher_->FetchSTH(log->url(), log->key_id(), cb); |
| 51 } |
| 52 } |
| 53 |
| 54 void TreeStateTracker::OnSTHFetched( |
| 55 const std::string& log_id, |
| 56 const net::ct::SignedTreeHead& unverified_sth) { |
| 57 VLOG(0) << "Received unverified sth."; |
| 58 auto it = ct_logs_.find(log_id); |
| 59 if (it == ct_logs_.end()) { |
| 60 VLOG(0) << "STH is for unknown log!."; |
| 61 return; |
| 62 } |
| 63 |
| 64 net::CTLogVerifier* log(it->second.get()); |
| 65 if (!log->VerifySignedTreeHead(unverified_sth)) { |
| 66 VLOG(0) << "STH is for " << log->url() << " could not be verified."; |
| 67 return; |
| 68 } |
| 69 VLOG(0) << "Signature for STH from " << log->url() << " for tree size " |
| 70 << unverified_sth.tree_size << " verified."; |
| 71 |
| 72 // TODO(eranm): Request a consistency proof. |
| 73 sths_[log_id] = unverified_sth; |
| 74 } |
| 75 |
| 76 } // namespace certificate_transparency |
OLD | NEW |