Certificate Transparency: Fetching of Signed Tree Heads (DRAFT)

components/certificate_transparency/new_scts_observer.cc

Index: components/certificate_transparency/new_scts_observer.cc
diff --git a/components/certificate_transparency/new_scts_observer.cc b/components/certificate_transparency/new_scts_observer.cc
new file mode 100644
index 0000000000000000000000000000000000000000..97415c9c909ddeaa52fd5807135c7fdd9436c6fd
--- /dev/null
+++ b/components/certificate_transparency/new_scts_observer.cc
@@ -0,0 +1,30 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/certificate_transparency/new_scts_observer.h"
+
+#include "components/certificate_transparency/log_proofs_fetcher.h"
+#include "net/cert/ct_log_verifier.h"
+#include "net/cert/signed_certificate_timestamp.h"
+#include "net/cert/signed_tree_head.h"
+
+namespace certificate_transparency {
+
+NewSCTsObserver::NewSCTsObserver(LogProofsFetcher* fetcher)
+    : fetcher_(fetcher) {
+}
+
+NewSCTsObserver::~NewSCTsObserver() {
+}
+
+void NewSCTsObserver::OnSCTVerified(
+    const net::ct::SignedCertificateTimestamp* sct,
+    net::CTLogVerifier* verifier) {
+  VLOG(0) << "Verified SCT observed.";
+  // 1st step: Check if an sth for the log with this ID exists. If not, fetch.
+  // 2nd step: Check if timestamp in sct > timestamp in sth. If yes, fetch
+  // fresher STH.

[davidben, 2015/05/07 21:59:38]

(I'm assuming this is to be filled in later.)

[Eran Messeri, 2015/07/10 13:15:48]

Correct, for now there's no point in even storing them as we don't have the code
to check for inclusion of the relevant certificates in CT logs.

+}
+
+}  // namespace certificate_transparency