| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ |
| 6 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ |
| 7 |
| 8 #include <map> |
| 9 #include <string> |
| 10 |
| 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/time/time.h" |
| 13 #include "net/cert/ct_verifier.h" |
| 14 #include "net/cert/signed_tree_head.h" |
| 15 #include "net/cert/sth_observer.h" |
| 16 |
| 17 namespace net { |
| 18 class CTLogVerifier; |
| 19 class X509Certificate; |
| 20 |
| 21 namespace ct { |
| 22 struct SignedCertificateTimestamp; |
| 23 } // namespace ct |
| 24 |
| 25 } // namespace net |
| 26 |
| 27 namespace certificate_transparency { |
| 28 |
| 29 // Tracks the state of an individual Certificate Transparency Log's Merkle Tree. |
| 30 // A CT Log constantly issues Signed Tree Heads, for which every older STH must |
| 31 // be incorporated into the current/newer STH. As new certificates are logged, |
| 32 // new SCTs are produced, and eventually, those SCTs are incorporated into the |
| 33 // log and a new STH is produced, with there being an inclusion proof between |
| 34 // the SCTs and the new STH, and a consistency proof between the old STH and the |
| 35 // new STH. |
| 36 // This class periodically receives STHs provided via Chrome's component |
| 37 // updater (assuming that STHs are checked for consistency before being pushed |
| 38 // via the component updater). As SCTs are observed, their status is checked |
| 39 // against the STH to ensure that they were properly logged. If an SCT is newer |
| 40 // than the latest STH, then this class verifies that when an STH is observed |
| 41 // that should have incorporated those SCTs, the SCTs are present. |
| 42 // |
| 43 // To accomplish this, this class needs to be notified of when new SCTs are |
| 44 // observed (which it does by implementing net::CTVerifier::Observer) and when |
| 45 // new STHs are observed (which it does by implementing net::ct::STHObserver). |
| 46 // Once connected to sources providing that data, the status for a given SCT |
| 47 // can be queried by calling GetLogEntryInclusionCheck. |
| 48 |
| 49 class SingleTreeTracker : public net::CTVerifier::Observer, |
| 50 public net::ct::STHObserver { |
| 51 public: |
| 52 // TODO(eranm): This enum will expand to include check success/failure, |
| 53 // see crbug.com/506227 |
| 54 enum SCTInclusionStatus { |
| 55 // SCT was not observed by this class. |
| 56 SCT_NOT_OBSERVED, |
| 57 |
| 58 // SCT was observed but the STH known to this class is not old |
| 59 // enough to check for inclusion. |
| 60 SCT_PENDING_NEWER_STH, |
| 61 |
| 62 // SCT is known and there's a new-enough STH to check inclusion against. |
| 63 // Actual inclusion check has to be performed. |
| 64 SCT_PENDING_INCLUSION_CHECK |
| 65 }; |
| 66 |
| 67 explicit SingleTreeTracker(scoped_refptr<const net::CTLogVerifier>& ct_log); |
| 68 ~SingleTreeTracker() override; |
| 69 |
| 70 // net::ct::CTVerifier::Observer implementation. |
| 71 |
| 72 // TODO(eranm): Extract CTVerifier::Observer to SCTObserver |
| 73 // Performs an inclusion check for the given certificate if the latest |
| 74 // STH known for this log is older than sct.timestamp + MMD, enqueues |
| 75 // the SCT for future checking later on. |
| 76 // TODO(eranm): Make sure not to perform any synchronous, blocking operation |
| 77 // here as this callback is invoked during certificate validation. |
| 78 // Should only be called with SCTs issued by the log this instance tracks. |
| 79 void OnSCTVerified(net::X509Certificate* cert, |
| 80 const net::ct::SignedCertificateTimestamp* sct) override; |
| 81 |
| 82 // net::ct::STHObserver implementation. |
| 83 // After verification of the signature over the |sth|, uses this |
| 84 // STH for future inclusion checks. |
| 85 // Should only be called for STHs issued by the log this instance tracks. |
| 86 void NewSTHObserved(const net::ct::SignedTreeHead& sth) override; |
| 87 |
| 88 // Returns the status of a given log entry (that is assembled from |
| 89 // |cert| and |sct|). If |cert| and |sct| were not previously observed, |
| 90 // |sct| is not an SCT for |cert| or |sct| is not for this log, |
| 91 // SCT_NOT_OBSERVED will be returned. |
| 92 SCTInclusionStatus GetLogEntryInclusionStatus( |
| 93 net::X509Certificate* cert, |
| 94 const net::ct::SignedCertificateTimestamp* sct); |
| 95 |
| 96 private: |
| 97 // Holds the latest STH fetched and verified for each log. |
| 98 net::ct::SignedTreeHead verified_sth_; |
| 99 |
| 100 // The log tracked. |
| 101 scoped_refptr<const net::CTLogVerifier> ct_log_; |
| 102 |
| 103 // List of log entries pending inclusion check. |
| 104 // TODO(eranm): Rather than rely on the timestamp, extend to to use the |
| 105 // whole MerkleTreeLeaf (RFC6962, section 3.4.) as a key. See crbug.com/506227 |
| 106 std::map<base::Time, SCTInclusionStatus> entries_status_; |
| 107 |
| 108 DISALLOW_COPY_AND_ASSIGN(SingleTreeTracker); |
| 109 }; |
| 110 |
| 111 } // namespace certificate_transparency |
| 112 |
| 113 #endif // COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master