Index: net/cert/ct_log_verifier.h |
diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h |
index 0a9b3eff03d8aa9af62ea68f5085bcc1259a4ead..5f2b090b3190935dd5ef91230cd45693a50ec125 100644 |
--- a/net/cert/ct_log_verifier.h |
+++ b/net/cert/ct_log_verifier.h |
@@ -28,8 +28,12 @@ namespace ct { |
struct SignedTreeHead; |
} // namespace ct |
-// Class for verifying Signed Certificate Timestamps (SCTs) provided by a |
-// specific log (whose identity is provided during construction). |
+// Class for verifying signatures of a single Certificate Transparency |
+// log, whose identity is provided during construction. |
+// Currently can verify Signed Certificate Timestamp (SCT) and Signed |
+// Tree Head (STH) signatures. |
+// Immutable: Does not hold any state beyond the log information it was |
+// initialized with. |
class NET_EXPORT CTLogVerifier |
: public base::RefCountedThreadSafe<CTLogVerifier> { |
public: |
@@ -37,7 +41,7 @@ class NET_EXPORT CTLogVerifier |
// using |public_key|, which is a DER-encoded SubjectPublicKeyInfo. |
// If |public_key| refers to an unsupported public key, returns NULL. |
// |description| is a textual description of the log. |
- static scoped_refptr<CTLogVerifier> Create( |
+ static scoped_refptr<const CTLogVerifier> Create( |
const base::StringPiece& public_key, |
const base::StringPiece& description, |
const base::StringPiece& url); |
@@ -51,10 +55,10 @@ class NET_EXPORT CTLogVerifier |
// Verifies that |sct| contains a valid signature for |entry|. |
bool Verify(const ct::LogEntry& entry, |
- const ct::SignedCertificateTimestamp& sct); |
+ const ct::SignedCertificateTimestamp& sct) const; |
// Returns true if the signature in |signed_tree_head| verifies. |
- bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head); |
+ bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const; |
private: |
FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature); |
@@ -70,11 +74,11 @@ class NET_EXPORT CTLogVerifier |
// that |signature| contains the raw signature data (eg: without any |
// DigitallySigned struct encoding). |
bool VerifySignature(const base::StringPiece& data_to_sign, |
- const base::StringPiece& signature); |
+ const base::StringPiece& signature) const; |
// Returns true if the signature and hash algorithms in |signature| |
// match those of the log |
- bool SignatureParametersMatch(const ct::DigitallySigned& signature); |
+ bool SignatureParametersMatch(const ct::DigitallySigned& signature) const; |
std::string key_id_; |
std::string description_; |