Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(930)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_known_logs.cc

Issue 1888463003: DO NOT REVIEW: CT policy enforcement WIP (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static.h » ('j') | net/cert/ct_known_logs_static.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_known_logs.h" 5 #include "net/cert/ct_known_logs.h"
6 6
7 #include <string.h> 7 #include <string.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <iterator> 10 #include <iterator>
11 11
12 #include "base/logging.h" 12 #include "base/logging.h"
13 #include "base/macros.h" 13 #include "base/macros.h"
14 #include "base/time/time.h"
14 #include "crypto/sha2.h" 15 #include "crypto/sha2.h"
15 16
16 #if !defined(OS_NACL) 17 #if !defined(OS_NACL)
17 #include "net/cert/ct_log_verifier.h" 18 #include "net/cert/ct_log_verifier.h"
18 #endif 19 #endif
19 20
20 namespace net { 21 namespace net {
21 22
22 namespace ct { 23 namespace ct {
23 24
24 namespace { 25 namespace {
25 26
26 #include "net/cert/ct_known_logs_static.h" 27 #include "net/cert/ct_known_logs_static.h"
27 28
28 bool CompareLogIDs(const char* log_id, const char* lookup_id) { 29 bool CompareLogIDs(const char* log_id, const char* lookup_id) {
29 return memcmp(log_id, lookup_id, crypto::kSHA256Length) < 0; 30 return memcmp(log_id, lookup_id, crypto::kSHA256Length) < 0;
30 } 31 }
31 32
33 bool CompareDisqualifiedLogID(const DisqualifiedCTLogInfo& disqualified_log,
34 const char* log_id) {
35 return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) < 0;
36 }
37
32 } // namespace 38 } // namespace
33 39
34 #if !defined(OS_NACL) 40 #if !defined(OS_NACL)
35 std::vector<scoped_refptr<const CTLogVerifier>> 41 std::vector<scoped_refptr<const CTLogVerifier>>
36 CreateLogVerifiersForKnownLogs() { 42 CreateLogVerifiersForKnownLogs() {
37 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; 43 std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
44 // Add all qualified logs.
38 for (const auto& log : kCTLogList) { 45 for (const auto& log : kCTLogList) {
39 base::StringPiece key(log.log_key, log.log_key_length); 46 base::StringPiece key(log.log_key, log.log_key_length);
40 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); 47 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
41 // Make sure no null logs enter verifiers. Parsing of all known logs should 48 // Make sure no null logs enter verifiers. Parsing of all known logs should
42 // succeed. 49 // succeed.
43 CHECK(verifiers.back().get()); 50 CHECK(verifiers.back().get());
44 } 51 }
45 52
53 // Add all disqualified logs. Callers are expected to filter via
54 // IsLogQualified().
55 for (const auto& disqualified_log : kDisqualifiedCTLogList) {
56 const CTLogInfo& log = disqualified_log.log_info;
57 base::StringPiece key(log.log_key, log.log_key_length);
58 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
59 // Make sure no null logs enter verifiers. Parsing of all known logs should
60 // succeed.
61 CHECK(verifiers.back().get());
62 }
63
46 return verifiers; 64 return verifiers;
47 } 65 }
48 #endif 66 #endif
49 67
50 bool IsLogOperatedByGoogle(base::StringPiece log_id) { 68 bool IsLogOperatedByGoogle(base::StringPiece log_id) {
51 CHECK_EQ(log_id.size(), crypto::kSHA256Length); 69 CHECK_EQ(log_id.size(), crypto::kSHA256Length);
52 70
53 auto p = std::lower_bound(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), 71 auto p = std::lower_bound(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
54 log_id.data(), &CompareLogIDs); 72 log_id.data(), &CompareLogIDs);
55 if (p == std::end(kGoogleLogIDs) || 73 if (p == std::end(kGoogleLogIDs) ||
56 memcmp(log_id.data(), *p, crypto::kSHA256Length) != 0) { 74 memcmp(log_id.data(), *p, crypto::kSHA256Length) != 0) {
57 return false; 75 return false;
58 } 76 }
59 77
60 return true; 78 return true;
61 } 79 }
62 80
81 bool IsLogDisqualified(base::StringPiece log_id,
82 base::Time* disqualification_date) {
83 DCHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1);
84
85 auto p = std::lower_bound(std::begin(kDisqualifiedCTLogList),
86 std::end(kDisqualifiedCTLogList), log_id.data(),
87 &CompareDisqualifiedLogID);
88 if (p == std::end(kDisqualifiedCTLogList) ||
89 log_id != base::StringPiece(p->log_id, crypto::kSHA256Length)) {
90 return false;
91 }
92
93 *disqualification_date =
94 base::Time::FromInternalValue(p->disqualification_date);
95 return true;
96 }
97
63 } // namespace ct 98 } // namespace ct
64 99
65 } // namespace net 100 } // namespace net
66 101
OLDNEW
« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static.h » ('j') | net/cert/ct_known_logs_static.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698