QUIC - Code to verify SCT tag with certificate transparency verifier

net/tools/quic/quic_client_bin.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // A binary wrapper for QuicClient.
 // Connects to a host using QUIC, sends a request to the provided URL, and
 // displays the response.
 //
 // Some usage examples:
 //
@@ skipping 33 matching lines @@
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/message_loop/message_loop.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "net/base/ip_endpoint.h"
 #include "net/base/net_errors.h"
 #include "net/base/privacy_mode.h"
 #include "net/cert/cert_verifier.h"
+#include "net/cert/multi_log_ct_verifier.h"
 #include "net/http/transport_security_state.h"
 #include "net/log/net_log.h"
 #include "net/quic/crypto/proof_verifier_chromium.h"
 #include "net/quic/quic_protocol.h"
 #include "net/quic/quic_server_id.h"
 #include "net/quic/quic_utils.h"
 #include "net/spdy/spdy_header_block.h"
 #include "net/tools/epoll_server/epoll_server.h"
 #include "net/tools/quic/quic_client.h"
 #include "net/tools/quic/spdy_balsa_utils.h"
 #include "net/tools/quic/synchronous_host_resolver.h"
 #include "url/gurl.h"
 
 using base::StringPiece;
 using net::CertVerifier;
+using net::CTVerifier;
+using net::MultiLogCTVerifier;
 using net::ProofVerifierChromium;
 using net::TransportSecurityState;
 using std::cout;
 using std::cerr;
 using std::string;
 using std::vector;
 using std::endl;
 
 // The IP or hostname the quic client will connect to.
 string FLAGS_host = "";
@@ skipping 155 matching lines @@
     versions.push_back(static_cast<net::QuicVersion>(FLAGS_quic_version));
   }
   // For secure QUIC we need to verify the cert chain.
   scoped_ptr<CertVerifier> cert_verifier(CertVerifier::CreateDefault());
   if (line->HasSwitch("disable-certificate-verification")) {
     cert_verifier.reset(new FakeCertVerifier());
   }
   scoped_ptr<TransportSecurityState> transport_security_state(
       new TransportSecurityState);
   transport_security_state.reset(new TransportSecurityState);
+  scoped_ptr<CTVerifier> ct_verifier(new MultiLogCTVerifier());
   ProofVerifierChromium* proof_verifier = new ProofVerifierChromium(
-      cert_verifier.get(), nullptr, transport_security_state.get());
+      cert_verifier.get(), nullptr, transport_security_state.get(),
+      ct_verifier.get());
   net::tools::QuicClient client(net::IPEndPoint(ip_addr, FLAGS_port), server_id,
                                 versions, &epoll_server, proof_verifier);
   client.set_initial_max_packet_length(
       FLAGS_initial_mtu != 0 ? FLAGS_initial_mtu : net::kDefaultMaxPacketSize);
   if (!client.Initialize()) {
     cerr << "Failed to initialize client." << endl;
     return 1;
   }
   if (!client.Connect()) {
     net::QuicErrorCode error = client.session()->error();
@@ skipping 65 matching lines @@
       return 0;
     } else {
       cout << "Request failed (redirect " << response_code << ")." << endl;
       return 1;
     }
   } else {
     cerr << "Request failed (" << response_code << ")." << endl;
     return 1;
   }
 }