| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ |
| 6 #define COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ |
| 7 |
| 8 #include <map> |
| 9 #include <string> |
| 10 |
| 11 #include "base/memory/ref_counted.h" |
| 12 #include "base/time/time.h" |
| 13 #include "net/cert/ct_verifier.h" |
| 14 #include "net/cert/signed_tree_head.h" |
| 15 #include "net/cert/sth_observer.h" |
| 16 |
| 17 namespace net { |
| 18 class CTLogVerifier; |
| 19 class X509Certificate; |
| 20 |
| 21 namespace ct { |
| 22 struct SignedCertificateTimestamp; |
| 23 } // namespace ct |
| 24 |
| 25 } // namespace net |
| 26 |
| 27 namespace certificate_transparency { |
| 28 |
| 29 // Tracks the state of an individual Certificate Transparency Log's Merkle Tree. |
| 30 // A CT Log constantly issues Signed Tree Heads, for which every older STH must |
| 31 // be incorporated into the current/newer STH. As new certificates are logged, |
| 32 // new SCTs are produced, and eventually, those SCTs are incorporated into the |
| 33 // log and a new STH is produced, with there being an inclusion proof between |
| 34 // the SCTs and the new STH, and a consistency proof between the old STH and the |
| 35 // new STH. |
| 36 // This class receives STHs provided by/observed by the embedder, with the |
| 37 // assumption that STHs have been checked for consistency already. As SCTs are |
| 38 // observed, their status is checked against the latest STH to ensure they were |
| 39 // properly logged. If an SCT is newer than the latest STH, then this class |
| 40 // verifies that when an STH is observed that should have incorporated those |
| 41 // SCTs, the SCTs (and their corresponding entries) are present in the log. |
| 42 // |
| 43 // To accomplish this, this class needs to be notified of when new SCTs are |
| 44 // observed (which it does by implementing net::CTVerifier::Observer) and when |
| 45 // new STHs are observed (which it does by implementing net::ct::STHObserver). |
| 46 // Once connected to sources providing that data, the status for a given SCT |
| 47 // can be queried by calling GetLogEntryInclusionCheck. |
| 48 class SingleTreeTracker : public net::CTVerifier::Observer, |
| 49 public net::ct::STHObserver { |
| 50 public: |
| 51 // TODO(eranm): This enum will expand to include check success/failure, |
| 52 // see crbug.com/506227 |
| 53 enum SCTInclusionStatus { |
| 54 // SCT was not observed by this class and is not currently pending |
| 55 // inclusion check. As there's no evidence the SCT this status relates |
| 56 // to is verified (it was never observed via OnSCTVerified), nothing |
| 57 // is done with it. |
| 58 SCT_NOT_OBSERVED, |
| 59 |
| 60 // SCT was observed but the STH known to this class is not old |
| 61 // enough to check for inclusion, so a newer STH is needed first. |
| 62 SCT_PENDING_NEWER_STH, |
| 63 |
| 64 // SCT is known and there's a new-enough STH to check inclusion against. |
| 65 // Actual inclusion check has to be performed. |
| 66 SCT_PENDING_INCLUSION_CHECK |
| 67 }; |
| 68 |
| 69 explicit SingleTreeTracker(scoped_refptr<const net::CTLogVerifier> ct_log); |
| 70 ~SingleTreeTracker() override; |
| 71 |
| 72 // net::ct::CTVerifier::Observer implementation. |
| 73 |
| 74 // TODO(eranm): Extract CTVerifier::Observer to SCTObserver |
| 75 // Performs an inclusion check for the given certificate if the latest |
| 76 // STH known for this log is older than sct.timestamp + Maximum Merge Delay, |
| 77 // enqueues the SCT for future checking later on. |
| 78 // Should only be called with SCTs issued by the log this instance tracks. |
| 79 // TODO(eranm): Make sure not to perform any synchronous, blocking operation |
| 80 // here as this callback is invoked during certificate validation. |
| 81 void OnSCTVerified(net::X509Certificate* cert, |
| 82 const net::ct::SignedCertificateTimestamp* sct) override; |
| 83 |
| 84 // net::ct::STHObserver implementation. |
| 85 // After verification of the signature over the |sth|, uses this |
| 86 // STH for future inclusion checks. |
| 87 // Must only be called for STHs issued by the log this instance tracks. |
| 88 void NewSTHObserved(const net::ct::SignedTreeHead& sth) override; |
| 89 |
| 90 // Returns the status of a given log entry that is assembled from |
| 91 // |cert| and |sct|. If |cert| and |sct| were not previously observed, |
| 92 // |sct| is not an SCT for |cert| or |sct| is not for this log, |
| 93 // SCT_NOT_OBSERVED will be returned. |
| 94 SCTInclusionStatus GetLogEntryInclusionStatus( |
| 95 net::X509Certificate* cert, |
| 96 const net::ct::SignedCertificateTimestamp* sct); |
| 97 |
| 98 private: |
| 99 // Holds the latest STH fetched and verified for this log. |
| 100 net::ct::SignedTreeHead verified_sth_; |
| 101 |
| 102 // The log being tracked. |
| 103 scoped_refptr<const net::CTLogVerifier> ct_log_; |
| 104 |
| 105 // List of log entries pending inclusion check. |
| 106 // TODO(eranm): Rather than rely on the timestamp, extend to to use the |
| 107 // whole MerkleTreeLeaf (RFC6962, section 3.4.) as a key. See |
| 108 // https://crbug.com/506227#c22 and https://crbug.com/613495 |
| 109 std::map<base::Time, SCTInclusionStatus> entries_status_; |
| 110 |
| 111 DISALLOW_COPY_AND_ASSIGN(SingleTreeTracker); |
| 112 }; |
| 113 |
| 114 } // namespace certificate_transparency |
| 115 |
| 116 #endif // COMPONENTS_CERTIFICATE_TRANSPARENCY_SINGLE_TREE_TRACKER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1845113003:
Certificate Transparency: Start tracking logs' state (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master