OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ct_known_logs.h" | 5 #include "net/cert/ct_known_logs.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
11 #include <iterator> | 11 #include <iterator> |
12 | 12 |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/macros.h" | 14 #include "base/macros.h" |
15 #include "base/time/time.h" | |
16 #include "crypto/sha2.h" | 15 #include "crypto/sha2.h" |
17 | 16 |
18 #if !defined(OS_NACL) | 17 #if !defined(OS_NACL) |
19 #include "net/cert/ct_log_verifier.h" | 18 #include "net/cert/ct_log_verifier.h" |
20 #endif | 19 #endif |
21 | 20 |
22 namespace net { | 21 namespace net { |
23 | 22 |
24 namespace ct { | 23 namespace ct { |
25 | 24 |
26 namespace { | 25 namespace { |
27 | 26 |
28 #include "net/cert/ct_known_logs_static-inc.h" | 27 #include "net/cert/ct_known_logs_static-inc.h" |
29 | 28 |
30 } // namespace | 29 } // namespace |
31 | 30 |
32 #if !defined(OS_NACL) | 31 #if !defined(OS_NACL) |
33 std::vector<scoped_refptr<const CTLogVerifier>> | 32 std::vector<scoped_refptr<const CTLogVerifier>> |
34 CreateLogVerifiersForKnownLogs() { | 33 CreateLogVerifiersForKnownLogs() { |
35 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; | 34 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; |
36 | |
37 // Add all qualified logs. | |
38 for (const auto& log : kCTLogList) { | 35 for (const auto& log : kCTLogList) { |
39 base::StringPiece key(log.log_key, log.log_key_length); | 36 base::StringPiece key(log.log_key, log.log_key_length); |
40 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); | 37 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); |
41 // Make sure no null logs enter verifiers. Parsing of all known logs should | 38 // Make sure no null logs enter verifiers. Parsing of all known logs should |
42 // succeed. | 39 // succeed. |
43 CHECK(verifiers.back().get()); | 40 CHECK(verifiers.back().get()); |
44 } | 41 } |
45 | 42 |
46 // Add all disqualified logs. Callers are expected to filter verified SCTs | |
47 // via IsLogQualified(). | |
48 for (const auto& disqualified_log : kDisqualifiedCTLogList) { | |
49 const CTLogInfo& log = disqualified_log.log_info; | |
50 base::StringPiece key(log.log_key, log.log_key_length); | |
51 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); | |
52 // Make sure no null logs enter verifiers. Parsing of all known logs should | |
53 // succeed. | |
54 CHECK(verifiers.back().get()); | |
55 } | |
56 | |
57 return verifiers; | 43 return verifiers; |
58 } | 44 } |
59 #endif | 45 #endif |
60 | 46 |
61 bool IsLogOperatedByGoogle(base::StringPiece log_id) { | 47 bool IsLogOperatedByGoogle(base::StringPiece log_id) { |
62 CHECK_EQ(log_id.size(), crypto::kSHA256Length); | 48 CHECK_EQ(log_id.size(), crypto::kSHA256Length); |
63 | 49 |
64 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), | 50 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), |
65 log_id.data(), [](const char* a, const char* b) { | 51 log_id.data(), [](const char* a, const char* b) { |
66 return memcmp(a, b, crypto::kSHA256Length) < 0; | 52 return memcmp(a, b, crypto::kSHA256Length) < 0; |
67 }); | 53 }); |
68 } | 54 } |
69 | 55 |
70 bool IsLogDisqualified(base::StringPiece log_id, | |
71 base::Time* disqualification_date) { | |
72 CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1); | |
73 | |
74 auto p = std::lower_bound( | |
75 std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList), | |
76 log_id.data(), | |
77 [](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) { | |
78 return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) < | |
79 0; | |
80 }); | |
81 if (p == std::end(kDisqualifiedCTLogList) || | |
82 memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) { | |
83 return false; | |
84 } | |
85 | |
86 *disqualification_date = | |
87 base::Time::FromInternalValue(p->disqualification_date); | |
88 return true; | |
89 } | |
90 | |
91 } // namespace ct | 56 } // namespace ct |
92 | 57 |
93 } // namespace net | 58 } // namespace net |
94 | 59 |
OLD | NEW |