Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(154)

Unified Diff: net/cert/ct_log_verifier.h

Issue 1440643002: Certificate Transparency: Per-profile CT verification (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fixing iOS compilation Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/ct_known_logs.cc ('k') | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_log_verifier.h
diff --git a/net/cert/ct_log_verifier.h b/net/cert/ct_log_verifier.h
index 0a9b3eff03d8aa9af62ea68f5085bcc1259a4ead..5f2b090b3190935dd5ef91230cd45693a50ec125 100644
--- a/net/cert/ct_log_verifier.h
+++ b/net/cert/ct_log_verifier.h
@@ -28,8 +28,12 @@ namespace ct {
struct SignedTreeHead;
} // namespace ct
-// Class for verifying Signed Certificate Timestamps (SCTs) provided by a
-// specific log (whose identity is provided during construction).
+// Class for verifying signatures of a single Certificate Transparency
+// log, whose identity is provided during construction.
+// Currently can verify Signed Certificate Timestamp (SCT) and Signed
+// Tree Head (STH) signatures.
+// Immutable: Does not hold any state beyond the log information it was
+// initialized with.
class NET_EXPORT CTLogVerifier
: public base::RefCountedThreadSafe<CTLogVerifier> {
public:
@@ -37,7 +41,7 @@ class NET_EXPORT CTLogVerifier
// using |public_key|, which is a DER-encoded SubjectPublicKeyInfo.
// If |public_key| refers to an unsupported public key, returns NULL.
// |description| is a textual description of the log.
- static scoped_refptr<CTLogVerifier> Create(
+ static scoped_refptr<const CTLogVerifier> Create(
const base::StringPiece& public_key,
const base::StringPiece& description,
const base::StringPiece& url);
@@ -51,10 +55,10 @@ class NET_EXPORT CTLogVerifier
// Verifies that |sct| contains a valid signature for |entry|.
bool Verify(const ct::LogEntry& entry,
- const ct::SignedCertificateTimestamp& sct);
+ const ct::SignedCertificateTimestamp& sct) const;
// Returns true if the signature in |signed_tree_head| verifies.
- bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head);
+ bool VerifySignedTreeHead(const ct::SignedTreeHead& signed_tree_head) const;
private:
FRIEND_TEST_ALL_PREFIXES(CTLogVerifierTest, VerifySignature);
@@ -70,11 +74,11 @@ class NET_EXPORT CTLogVerifier
// that |signature| contains the raw signature data (eg: without any
// DigitallySigned struct encoding).
bool VerifySignature(const base::StringPiece& data_to_sign,
- const base::StringPiece& signature);
+ const base::StringPiece& signature) const;
// Returns true if the signature and hash algorithms in |signature|
// match those of the log
- bool SignatureParametersMatch(const ct::DigitallySigned& signature);
+ bool SignatureParametersMatch(const ct::DigitallySigned& signature) const;
std::string key_id_;
std::string description_;
« no previous file with comments | « net/cert/ct_known_logs.cc ('k') | net/cert/ct_log_verifier.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698