Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(548)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/ct_known_logs.cc

Issue 1960423002: Reland of Mark the Certly.io log as disqualified, as of April 15 2016 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@log_diversity
Patch Set: Created 4 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static-inc.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/ct_known_logs.h" 5 #include "net/cert/ct_known_logs.h"
6 6
7 #include <stddef.h> 7 #include <stddef.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
11 #include <iterator> 11 #include <iterator>
12 12
13 #include "base/logging.h" 13 #include "base/logging.h"
14 #include "base/macros.h" 14 #include "base/macros.h"
15 #include "base/time/time.h"
15 #include "crypto/sha2.h" 16 #include "crypto/sha2.h"
16 17
17 #if !defined(OS_NACL) 18 #if !defined(OS_NACL)
18 #include "net/cert/ct_log_verifier.h" 19 #include "net/cert/ct_log_verifier.h"
19 #endif 20 #endif
20 21
21 namespace net { 22 namespace net {
22 23
23 namespace ct { 24 namespace ct {
24 25
25 namespace { 26 namespace {
26 27
27 #include "net/cert/ct_known_logs_static-inc.h" 28 #include "net/cert/ct_known_logs_static-inc.h"
28 29
29 } // namespace 30 } // namespace
30 31
31 #if !defined(OS_NACL) 32 #if !defined(OS_NACL)
32 std::vector<scoped_refptr<const CTLogVerifier>> 33 std::vector<scoped_refptr<const CTLogVerifier>>
33 CreateLogVerifiersForKnownLogs() { 34 CreateLogVerifiersForKnownLogs() {
34 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; 35 std::vector<scoped_refptr<const CTLogVerifier>> verifiers;
36
37 // Add all qualified logs.
35 for (const auto& log : kCTLogList) { 38 for (const auto& log : kCTLogList) {
36 base::StringPiece key(log.log_key, log.log_key_length); 39 base::StringPiece key(log.log_key, log.log_key_length);
37 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); 40 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
38 // Make sure no null logs enter verifiers. Parsing of all known logs should 41 // Make sure no null logs enter verifiers. Parsing of all known logs should
42 // succeed.
43 CHECK(verifiers.back().get());
44 }
45
46 // Add all disqualified logs. Callers are expected to filter verified SCTs
47 // via IsLogQualified().
48 for (const auto& disqualified_log : kDisqualifiedCTLogList) {
49 const CTLogInfo& log = disqualified_log.log_info;
50 base::StringPiece key(log.log_key, log.log_key_length);
51 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url));
52 // Make sure no null logs enter verifiers. Parsing of all known logs should
39 // succeed. 53 // succeed.
40 CHECK(verifiers.back().get()); 54 CHECK(verifiers.back().get());
41 } 55 }
42 56
43 return verifiers; 57 return verifiers;
44 } 58 }
45 #endif 59 #endif
46 60
47 bool IsLogOperatedByGoogle(base::StringPiece log_id) { 61 bool IsLogOperatedByGoogle(base::StringPiece log_id) {
48 CHECK_EQ(log_id.size(), crypto::kSHA256Length); 62 CHECK_EQ(log_id.size(), crypto::kSHA256Length);
49 63
50 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), 64 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs),
51 log_id.data(), [](const char* a, const char* b) { 65 log_id.data(), [](const char* a, const char* b) {
52 return memcmp(a, b, crypto::kSHA256Length) < 0; 66 return memcmp(a, b, crypto::kSHA256Length) < 0;
53 }); 67 });
54 } 68 }
55 69
70 bool IsLogDisqualified(base::StringPiece log_id,
71 base::Time* disqualification_date) {
72 CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1);
73
74 auto p = std::lower_bound(
75 std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList),
76 log_id.data(),
77 [](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) {
78 return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) <
79 0;
80 });
81 if (p == std::end(kDisqualifiedCTLogList) ||
82 memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) {
83 return false;
84 }
85
86 *disqualification_date =
87 base::Time::FromInternalValue(p->disqualification_date);
88 return true;
89 }
90
56 } // namespace ct 91 } // namespace ct
57 92
58 } // namespace net 93 } // namespace net
59 94
OLDNEW
« no previous file with comments | « net/cert/ct_known_logs.h ('k') | net/cert/ct_known_logs_static-inc.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698