Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(590)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_known_logs.cc

Issue 1956273003: Revert of Mark the Certly.io log as disqualified, as of April 15 2016 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@log_diversity
Patch Set: rebase Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static-inc.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_known_logs.h" 5 #include "net/cert/ct_known_logs.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
11 #include <iterator> 11 #include <iterator>
12 12
13 #include "base/logging.h" 13 #include "base/logging.h"
14 #include "base/macros.h" 14 #include "base/macros.h"
15 #include "base/time/time.h"
16 #include "crypto/sha2.h" 15 #include "crypto/sha2.h"
17 16
18 #if !defined(OS_NACL) 17 #if !defined(OS_NACL)
19 #include "net/cert/ct_log_verifier.h" 18 #include "net/cert/ct_log_verifier.h"
20 #endif 19 #endif
21 20
22 namespace net { 21 namespace net {
23 22
24 namespace ct { 23 namespace ct {
25 24
26 namespace { 25 namespace {
27 26
28 #include "net/cert/ct_known_logs_static-inc.h" 27 #include "net/cert/ct_known_logs_static-inc.h"
29 28
30 } // namespace 29 } // namespace
31 30
32 #if !defined(OS_NACL) 31 #if !defined(OS_NACL)
33 std::vector<scoped_refptr<const CTLogVerifier>> 32 std::vector<scoped_refptr<const CTLogVerifier>>
34 CreateLogVerifiersForKnownLogs() { 33 CreateLogVerifiersForKnownLogs() {
35 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; 34 std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
36
37 // Add all qualified logs.
38 for (const auto& log : kCTLogList) { 35 for (const auto& log : kCTLogList) {
39 base::StringPiece key(log.log_key, log.log_key_length); 36 base::StringPiece key(log.log_key, log.log_key_length);
40 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); 37 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
41 // Make sure no null logs enter verifiers. Parsing of all known logs should 38 // Make sure no null logs enter verifiers. Parsing of all known logs should
42 // succeed. 39 // succeed.
43 CHECK(verifiers.back().get()); 40 CHECK(verifiers.back().get());
44 } 41 }
45 42
46 // Add all disqualified logs. Callers are expected to filter verified SCTs
47 // via IsLogQualified().
48 for (const auto& disqualified_log : kDisqualifiedCTLogList) {
49 const CTLogInfo& log = disqualified_log.log_info;
50 base::StringPiece key(log.log_key, log.log_key_length);
51 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
52 // Make sure no null logs enter verifiers. Parsing of all known logs should
53 // succeed.
54 CHECK(verifiers.back().get());
55 }
56
57 return verifiers; 43 return verifiers;
58 } 44 }
59 #endif 45 #endif
60 46
61 bool IsLogOperatedByGoogle(base::StringPiece log_id) { 47 bool IsLogOperatedByGoogle(base::StringPiece log_id) {
62 CHECK_EQ(log_id.size(), crypto::kSHA256Length); 48 CHECK_EQ(log_id.size(), crypto::kSHA256Length);
63 49
64 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), 50 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
65 log_id.data(), [](const char* a, const char* b) { 51 log_id.data(), [](const char* a, const char* b) {
66 return memcmp(a, b, crypto::kSHA256Length) < 0; 52 return memcmp(a, b, crypto::kSHA256Length) < 0;
67 }); 53 });
68 } 54 }
69 55
70 bool IsLogDisqualified(base::StringPiece log_id,
71 base::Time* disqualification_date) {
72 CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1);
73
74 auto p = std::lower_bound(
75 std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList),
76 log_id.data(),
77 [](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) {
78 return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) <
79 0;
80 });
81 if (p == std::end(kDisqualifiedCTLogList) ||
82 memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) {
83 return false;
84 }
85
86 *disqualification_date =
87 base::Time::FromInternalValue(p->disqualification_date);
88 return true;
89 }
90
91 } // namespace ct 56 } // namespace ct
92 57
93 } // namespace net 58 } // namespace net
94 59
OLDNEW
« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static-inc.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698