components/certificate_transparency/single_tree_tracker.h - Issue 1845113003: Certificate Transparency: Start tracking logs' state

Side by Side Diff: components/certificate_transparency/single_tree_tracker.h

Issue 1845113003: Certificate Transparency: Start tracking logs' state (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixed passing of scoped_refptr Created 4 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « components/certificate_transparency/BUILD.gn ('k') | components/certificate_transparency/single_tree_tracker.cc » ('j') | components/certificate_transparency/tree_state_tracker.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
(Empty)
	1 // Copyright 2016 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_

	6 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_

	7

	8 #include <map>

	9 #include <string>

	10

	11 #include "base/memory/ref_counted.h"

	12 #include "base/time/time.h"

	13 #include "net/cert/ct_verifier.h"

	14 #include "net/cert/signed_tree_head.h"

	15 #include "net/cert/sth_observer.h"

	16

	17 namespace net {

	18 class CTLogVerifier;

	19 class X509Certificate;

	20

	21 namespace ct {

	22 struct SignedCertificateTimestamp;

	23 } // namespace ct

	24

	25 } // namespace net

	26

	27 namespace certificate_transparency {

	28

	29 // Tracks the state of an individual Certificate Transparency Log's Merkle Tree.

	30 // A CT Log constantly issues Signed Tree Heads, for which every older STH must

	31 // be incorporated into the current/newer STH. As new certificates are logged,

	32 // new SCTs are produced, and eventually, those SCTs are incorporated into the

	33 // log and a new STH is produced, with there being an inclusion proof between

	34 // the SCTs and the new STH, and a consistency proof between the old STH and the

	35 // new STH.

	36 // This class periodically receives STHs provided via Chrome's component
	Ryan Sleevi 2016/05/16 19:29:56 Layering: Seems inappropriate to talk about how th Layering: Seems inappropriate to talk about how this is used (by //chrome) in //components, especially talking about Chrome (the product) Eran Messeri 2016/05/17 12:42:56 Done - removed. Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > Layering: Seems inappropriate to talk about how this is used (by //chrome) in > //components, especially talking about Chrome (the product) Done - removed.
	37 // updater (assuming that STHs are checked for consistency before being pushed

	38 // via the component updater). As SCTs are observed, their status is checked
	Ryan Sleevi 2016/05/16 19:29:56 e.g. This class receives STHs provided by/observed e.g. This class receives STHs provided by/observed by the embedder, with the assumption that STHs have been checked for consistency already. As SCTs are observed, their status is checked against the latest STH to ensure they were properly logged. ... Eran Messeri 2016/05/17 12:42:57 Done, used your suggested text. Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > e.g. > This class receives STHs provided by/observed by the embedder, with the > assumption that STHs have been checked for consistency already. As SCTs are > observed, their status is checked against the latest STH to ensure they were > properly logged. ... Done, used your suggested text.
	39 // against the STH to ensure that they were properly logged. If an SCT is newer

	40 // than the latest STH, then this class verifies that when an STH is observed

	41 // that should have incorporated those SCTs, the SCTs are present.

	42 //

	43 // To accomplish this, this class needs to be notified of when new SCTs are

	44 // observed (which it does by implementing net::CTVerifier::Observer) and when

	45 // new STHs are observed (which it does by implementing net::ct::STHObserver).

	46 // Once connected to sources providing that data, the status for a given SCT

	47 // can be queried by calling GetLogEntryInclusionCheck.

	48
	Ryan Sleevi 2016/05/16 19:29:55 No newline No newline Eran Messeri 2016/05/17 12:42:57 Done. Show quoted text On 2016/05/16 19:29:55, Ryan Sleevi wrote: > No newline Done.
	49 class SingleTreeTracker : public net::CTVerifier::Observer,

	50 public net::ct::STHObserver {

	51 public:

	52 // TODO(eranm): This enum will expand to include check success/failure,

	53 // see crbug.com/506227

	54 enum SCTInclusionStatus {

	55 // SCT was not observed by this class.
	Ryan Sleevi 2016/05/16 19:29:56 Do we start inclusion checking if this is the case Do we start inclusion checking if this is the case? Why or why not? Document more :) Eran Messeri 2016/05/17 12:42:56 Done - I've documented that this status is for unk Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > Do we start inclusion checking if this is the case? Why or why not? Document > more :) Done - I've documented that this status is for unknown SCTs where we don't do anything since there's no evidence they were verified (i.e. never observed via OnSCTVerified).
	56 SCT_NOT_OBSERVED,

	57

	58 // SCT was observed but the STH known to this class is not old

	59 // enough to check for inclusion.

	60 SCT_PENDING_NEWER_STH,

	61

	62 // SCT is known and there's a new-enough STH to check inclusion against.

	63 // Actual inclusion check has to be performed.

	64 SCT_PENDING_INCLUSION_CHECK

	65 };

	66

	67 explicit SingleTreeTracker(scoped_refptr<const net::CTLogVerifier> ct_log);

	68 ~SingleTreeTracker() override;

	69

	70 // net::ct::CTVerifier::Observer implementation.

	71

	72 // TODO(eranm): Extract CTVerifier::Observer to SCTObserver

	73 // Performs an inclusion check for the given certificate if the latest

	74 // STH known for this log is older than sct.timestamp + MMD, enqueues
	Ryan Sleevi 2016/05/16 19:29:56 s/MMD/Maximum Merge Delay/ s/MMD/Maximum Merge Delay/ Eran Messeri 2016/05/17 12:42:56 Done. Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > s/MMD/Maximum Merge Delay/ Done.
	75 // the SCT for future checking later on.

	76 // TODO(eranm): Make sure not to perform any synchronous, blocking operation

	77 // here as this callback is invoked during certificate validation.

	78 // Should only be called with SCTs issued by the log this instance tracks.

	79 void OnSCTVerified(net::X509Certificate* cert,

	80 const net::ct::SignedCertificateTimestamp* sct) override;

	81

	82 // net::ct::STHObserver implementation.

	83 // After verification of the signature over the \|sth\|, uses this

	84 // STH for future inclusion checks.

	85 // Should only be called for STHs issued by the log this instance tracks.
	Ryan Sleevi 2016/05/16 19:29:56 "Should" is weak. This is a must, correct? "Should" is weak. This is a must, correct? Eran Messeri 2016/05/17 12:42:57 Yes, done. Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > "Should" is weak. This is a must, correct? Yes, done.
	86 void NewSTHObserved(const net::ct::SignedTreeHead& sth) override;

	87

	88 // Returns the status of a given log entry (that is assembled from
	Ryan Sleevi 2016/05/16 19:29:56 s/(that is/that is/ (e.g. drop the parens) s/(that is/that is/ (e.g. drop the parens) Eran Messeri 2016/05/17 12:42:57 Done. Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > s/(that is/that is/ > > (e.g. drop the parens) Done.
	89 // \|cert\| and \|sct\|). If \|cert\| and \|sct\| were not previously observed,

	90 // \|sct\| is not an SCT for \|cert\| or \|sct\| is not for this log,

	91 // SCT_NOT_OBSERVED will be returned.

	92 SCTInclusionStatus GetLogEntryInclusionStatus(

	93 net::X509Certificate* cert,

	94 const net::ct::SignedCertificateTimestamp* sct);

	95

	96 private:

	97 // Holds the latest STH fetched and verified for each log.
	Ryan Sleevi 2016/05/16 19:29:56 "for each log" - this is a single log. "for each log" - this is a single log. Eran Messeri 2016/05/17 12:42:57 Done. Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > "for each log" - this is a single log. Done.
	98 net::ct::SignedTreeHead verified_sth_;

	99

	100 // The log tracked.
	Ryan Sleevi 2016/05/16 19:29:55 The log being tracked The log being tracked Eran Messeri 2016/05/17 12:42:56 Done. Show quoted text On 2016/05/16 19:29:55, Ryan Sleevi wrote: > The log being tracked Done.
	101 scoped_refptr<const net::CTLogVerifier> ct_log_;

	102

	103 // List of log entries pending inclusion check.

	104 // TODO(eranm): Rather than rely on the timestamp, extend to to use the

	105 // whole MerkleTreeLeaf (RFC6962, section 3.4.) as a key. See crbug.com/506227
	Ryan Sleevi 2016/05/16 19:29:56 s/crbug.com/https://crbug.com/ However, this bug s/crbug.com/https://crbug.com/ However, this bug doesn't provide any explanation when I first load it. It's not until #c22 that I even begin to see the plan, but you don't explain why, just what. Document better in that bug :) Eran Messeri 2016/05/17 12:42:57 https reference done. As bugs.chromium.org seems d Show quoted text On 2016/05/16 19:29:56, Ryan Sleevi wrote: > s/crbug.com/https://crbug.com/ > > However, this bug doesn't provide any explanation when I first load it. It's not > until #c22 that I even begin to see the plan, but you don't explain why, just > what. Document better in that bug :) https reference done. As bugs.chromium.org seems down at the moment, I'll document when it's up.
	106 std::map<base::Time, SCTInclusionStatus> entries_status_;

	107

	108 DISALLOW_COPY_AND_ASSIGN(SingleTreeTracker);

	109 };

	110

	111 } // namespace certificate_transparency

	112

	113 #endif // COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_

OLD	NEW