Index: components/certificate_transparency/tree_state_tracker.cc |
diff --git a/components/certificate_transparency/tree_state_tracker.cc b/components/certificate_transparency/tree_state_tracker.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..87531e10e0cebdb999886abaf109c0527258bdfb |
--- /dev/null |
+++ b/components/certificate_transparency/tree_state_tracker.cc |
@@ -0,0 +1,76 @@ |
+// Copyright 2015 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "components/certificate_transparency/tree_state_tracker.h" |
+ |
+#include "base/thread_task_runner_handle.h" |
+#include "components/certificate_transparency/log_proof_fetcher.h" |
+#include "content/public/browser/browser_thread.h" |
+#include "net/cert/ct_log_verifier.h" |
+#include "net/cert/signed_certificate_timestamp.h" |
+#include "net/cert/signed_tree_head.h" |
+ |
+namespace certificate_transparency { |
+ |
+TreeStateTracker::TreeStateTracker( |
+ scoped_ptr<LogProofFetcher> fetcher, |
+ const std::vector<linked_ptr<net::CTLogVerifier>>& ct_logs) |
+ : fetcher_(fetcher.Pass()) { |
+ for (auto it = ct_logs.begin(); it != ct_logs.end(); ++it) { |
+ linked_ptr<net::CTLogVerifier> log(*it); |
+ ct_logs_[log->key_id()] = log; |
+ } |
+ content::BrowserThread::PostAfterStartupTask( |
+ FROM_HERE, base::ThreadTaskRunnerHandle::Get(), |
+ base::Bind(&TreeStateTracker::RefreshSTHs, base::Unretained(this))); |
+} |
+ |
+TreeStateTracker::~TreeStateTracker() { |
+} |
+ |
+void TreeStateTracker::OnSCTVerified( |
+ const net::ct::SignedCertificateTimestamp* sct, |
+ net::CTLogVerifier* verifier) { |
+ VLOG(0) << "Verified SCT observed."; |
+ // 1st step: Check if an sth for the log with this ID exists. If not, fetch. |
+ // 2nd step: Check if timestamp in sct > timestamp in sth. If yes, fetch |
+ // fresher STH. |
+} |
+ |
+void TreeStateTracker::RefreshSTHs() { |
+ // TODO(eranm): Verify that base::Unretained usage here is fine since |
+ // this class owns the fetcher and the fetcher, when deleted, will delete |
+ // all pending requests, so this class always outlives the fetcher. |
+ LogProofFetcher::FetchSTHCallback cb = |
+ base::Bind(&TreeStateTracker::OnSTHFetched, base::Unretained(this)); |
+ for (auto it = ct_logs_.begin(); it != ct_logs_.end(); ++it) { |
+ VLOG(0) << "Fetching STH for log " << it->second.get()->description(); |
+ net::CTLogVerifier* log(it->second.get()); |
+ fetcher_->FetchSTH(log->url(), log->key_id(), cb); |
+ } |
+} |
+ |
+void TreeStateTracker::OnSTHFetched( |
+ const std::string& log_id, |
+ const net::ct::SignedTreeHead& unverified_sth) { |
+ VLOG(0) << "Received unverified sth."; |
+ auto it = ct_logs_.find(log_id); |
+ if (it == ct_logs_.end()) { |
+ VLOG(0) << "STH is for unknown log!."; |
+ return; |
+ } |
+ |
+ net::CTLogVerifier* log(it->second.get()); |
+ if (!log->VerifySignedTreeHead(unverified_sth)) { |
+ VLOG(0) << "STH is for " << log->url() << " could not be verified."; |
+ return; |
+ } |
+ VLOG(0) << "Signature for STH from " << log->url() << " for tree size " |
+ << unverified_sth.tree_size << " verified."; |
+ |
+ // TODO(eranm): Request a consistency proof. |
+ sths_[log_id] = unverified_sth; |
+} |
+ |
+} // namespace certificate_transparency |