Certificate Transparency: Per-profile CT verification

net/cert/multi_log_ct_verifier.h

Index: net/cert/multi_log_ct_verifier.h
diff --git a/net/cert/multi_log_ct_verifier.h b/net/cert/multi_log_ct_verifier.h
index 4546606112d305044a34d71e01abb0bf92fe8685..8558c8cac86fce3dbd28eb5d5f1fd4ddc3799ef5 100644
--- a/net/cert/multi_log_ct_verifier.h
+++ b/net/cert/multi_log_ct_verifier.h
@@ -23,15 +23,16 @@ class CTLogVerifier;
 
 // A Certificate Transparency verifier that can verify Signed Certificate
 // Timestamps from multiple logs.
-// There should be a global instance of this class and for all known logs,
-// AddLog should be called with a CTLogVerifier (which is created from the
-// log's public key).
+// It must be initialized with a list of logs by calling AddLogs.
+// As the observer may store the observed SCTs and certificates, an instance
+// of this class must exist for each profile.

[mmenke, 2015/11/20 17:23:58]

See other comment about layering violation.  

[Eran Messeri, 2015/11/23 12:34:38]

Removed this text. I'm not sure how to phrase it in the documentation, but this
class is no more "profile specific" than the URLRequestContext.
Hopefully this is evident by the fact there's only one observer allowed per
CTVerifier instance.

 class NET_EXPORT MultiLogCTVerifier : public CTVerifier {
  public:
   MultiLogCTVerifier();
   ~MultiLogCTVerifier() override;
 
-  void AddLogs(const std::vector<scoped_refptr<CTLogVerifier>>& log_verifiers);
+  void AddLogs(
+      const std::vector<scoped_refptr<const CTLogVerifier>>& log_verifiers);
 
   // CTVerifier implementation:
   int Verify(X509Certificate* cert,
@@ -61,7 +62,7 @@ class NET_EXPORT MultiLogCTVerifier : public CTVerifier {
   // Mapping from a log's ID to the verifier for this log.
   // A log's ID is the SHA-256 of the log's key, as defined in section 3.2.
   // of RFC6962.
-  std::map<std::string, scoped_refptr<CTLogVerifier>> logs_;
+  std::map<std::string, scoped_refptr<const CTLogVerifier>> logs_;
 
   Observer* observer_;