| Index: components/certificate_transparency/tree_state_tracker.cc
|
| diff --git a/components/certificate_transparency/tree_state_tracker.cc b/components/certificate_transparency/tree_state_tracker.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..87531e10e0cebdb999886abaf109c0527258bdfb
|
| --- /dev/null
|
| +++ b/components/certificate_transparency/tree_state_tracker.cc
|
| @@ -0,0 +1,76 @@
|
| +// Copyright 2015 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "components/certificate_transparency/tree_state_tracker.h"
|
| +
|
| +#include "base/thread_task_runner_handle.h"
|
| +#include "components/certificate_transparency/log_proof_fetcher.h"
|
| +#include "content/public/browser/browser_thread.h"
|
| +#include "net/cert/ct_log_verifier.h"
|
| +#include "net/cert/signed_certificate_timestamp.h"
|
| +#include "net/cert/signed_tree_head.h"
|
| +
|
| +namespace certificate_transparency {
|
| +
|
| +TreeStateTracker::TreeStateTracker(
|
| + scoped_ptr<LogProofFetcher> fetcher,
|
| + const std::vector<linked_ptr<net::CTLogVerifier>>& ct_logs)
|
| + : fetcher_(fetcher.Pass()) {
|
| + for (auto it = ct_logs.begin(); it != ct_logs.end(); ++it) {
|
| + linked_ptr<net::CTLogVerifier> log(*it);
|
| + ct_logs_[log->key_id()] = log;
|
| + }
|
| + content::BrowserThread::PostAfterStartupTask(
|
| + FROM_HERE, base::ThreadTaskRunnerHandle::Get(),
|
| + base::Bind(&TreeStateTracker::RefreshSTHs, base::Unretained(this)));
|
| +}
|
| +
|
| +TreeStateTracker::~TreeStateTracker() {
|
| +}
|
| +
|
| +void TreeStateTracker::OnSCTVerified(
|
| + const net::ct::SignedCertificateTimestamp* sct,
|
| + net::CTLogVerifier* verifier) {
|
| + VLOG(0) << "Verified SCT observed.";
|
| + // 1st step: Check if an sth for the log with this ID exists. If not, fetch.
|
| + // 2nd step: Check if timestamp in sct > timestamp in sth. If yes, fetch
|
| + // fresher STH.
|
| +}
|
| +
|
| +void TreeStateTracker::RefreshSTHs() {
|
| + // TODO(eranm): Verify that base::Unretained usage here is fine since
|
| + // this class owns the fetcher and the fetcher, when deleted, will delete
|
| + // all pending requests, so this class always outlives the fetcher.
|
| + LogProofFetcher::FetchSTHCallback cb =
|
| + base::Bind(&TreeStateTracker::OnSTHFetched, base::Unretained(this));
|
| + for (auto it = ct_logs_.begin(); it != ct_logs_.end(); ++it) {
|
| + VLOG(0) << "Fetching STH for log " << it->second.get()->description();
|
| + net::CTLogVerifier* log(it->second.get());
|
| + fetcher_->FetchSTH(log->url(), log->key_id(), cb);
|
| + }
|
| +}
|
| +
|
| +void TreeStateTracker::OnSTHFetched(
|
| + const std::string& log_id,
|
| + const net::ct::SignedTreeHead& unverified_sth) {
|
| + VLOG(0) << "Received unverified sth.";
|
| + auto it = ct_logs_.find(log_id);
|
| + if (it == ct_logs_.end()) {
|
| + VLOG(0) << "STH is for unknown log!.";
|
| + return;
|
| + }
|
| +
|
| + net::CTLogVerifier* log(it->second.get());
|
| + if (!log->VerifySignedTreeHead(unverified_sth)) {
|
| + VLOG(0) << "STH is for " << log->url() << " could not be verified.";
|
| + return;
|
| + }
|
| + VLOG(0) << "Signature for STH from " << log->url() << " for tree size "
|
| + << unverified_sth.tree_size << " verified.";
|
| +
|
| + // TODO(eranm): Request a consistency proof.
|
| + sths_[log_id] = unverified_sth;
|
| +}
|
| +
|
| +} // namespace certificate_transparency
|
|
|
Chromium Code Reviews
Issue 1100003006:
Certificate Transparency: Fetching of Signed Tree Heads (DRAFT) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master