OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/ct_known_logs.h" | 5 #include "net/cert/ct_known_logs.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
11 #include <iterator> | 11 #include <iterator> |
12 | 12 |
13 #include "base/logging.h" | 13 #include "base/logging.h" |
14 #include "base/macros.h" | 14 #include "base/macros.h" |
| 15 #include "base/time/time.h" |
15 #include "crypto/sha2.h" | 16 #include "crypto/sha2.h" |
16 | 17 |
17 #if !defined(OS_NACL) | 18 #if !defined(OS_NACL) |
18 #include "net/cert/ct_log_verifier.h" | 19 #include "net/cert/ct_log_verifier.h" |
19 #endif | 20 #endif |
20 | 21 |
21 namespace net { | 22 namespace net { |
22 | 23 |
23 namespace ct { | 24 namespace ct { |
24 | 25 |
25 namespace { | 26 namespace { |
26 | 27 |
27 #include "net/cert/ct_known_logs_static-inc.h" | 28 #include "net/cert/ct_known_logs_static-inc.h" |
28 | 29 |
29 } // namespace | 30 } // namespace |
30 | 31 |
31 #if !defined(OS_NACL) | 32 #if !defined(OS_NACL) |
32 std::vector<scoped_refptr<const CTLogVerifier>> | 33 std::vector<scoped_refptr<const CTLogVerifier>> |
33 CreateLogVerifiersForKnownLogs() { | 34 CreateLogVerifiersForKnownLogs() { |
34 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; | 35 std::vector<scoped_refptr<const CTLogVerifier>> verifiers; |
| 36 |
| 37 // Add all qualified logs. |
35 for (const auto& log : kCTLogList) { | 38 for (const auto& log : kCTLogList) { |
36 base::StringPiece key(log.log_key, log.log_key_length); | 39 base::StringPiece key(log.log_key, log.log_key_length); |
37 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); | 40 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); |
38 // Make sure no null logs enter verifiers. Parsing of all known logs should | 41 // Make sure no null logs enter verifiers. Parsing of all known logs should |
| 42 // succeed. |
| 43 CHECK(verifiers.back().get()); |
| 44 } |
| 45 |
| 46 // Add all disqualified logs. Callers are expected to filter verified SCTs |
| 47 // via IsLogQualified(). |
| 48 for (const auto& disqualified_log : kDisqualifiedCTLogList) { |
| 49 const CTLogInfo& log = disqualified_log.log_info; |
| 50 base::StringPiece key(log.log_key, log.log_key_length); |
| 51 verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); |
| 52 // Make sure no null logs enter verifiers. Parsing of all known logs should |
39 // succeed. | 53 // succeed. |
40 CHECK(verifiers.back().get()); | 54 CHECK(verifiers.back().get()); |
41 } | 55 } |
42 | 56 |
43 return verifiers; | 57 return verifiers; |
44 } | 58 } |
45 #endif | 59 #endif |
46 | 60 |
47 bool IsLogOperatedByGoogle(base::StringPiece log_id) { | 61 bool IsLogOperatedByGoogle(base::StringPiece log_id) { |
48 CHECK_EQ(log_id.size(), crypto::kSHA256Length); | 62 CHECK_EQ(log_id.size(), crypto::kSHA256Length); |
49 | 63 |
50 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), | 64 return std::binary_search(std::begin(kGoogleLogIDs), std::end(kGoogleLogIDs), |
51 log_id.data(), [](const char* a, const char* b) { | 65 log_id.data(), [](const char* a, const char* b) { |
52 return memcmp(a, b, crypto::kSHA256Length) < 0; | 66 return memcmp(a, b, crypto::kSHA256Length) < 0; |
53 }); | 67 }); |
54 } | 68 } |
55 | 69 |
| 70 bool IsLogDisqualified(base::StringPiece log_id, |
| 71 base::Time* disqualification_date) { |
| 72 CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1); |
| 73 |
| 74 auto p = std::lower_bound( |
| 75 std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList), |
| 76 log_id.data(), |
| 77 [](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) { |
| 78 return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) < |
| 79 0; |
| 80 }); |
| 81 if (p == std::end(kDisqualifiedCTLogList) || |
| 82 memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) { |
| 83 return false; |
| 84 } |
| 85 |
| 86 *disqualification_date = |
| 87 base::Time::FromInternalValue(p->disqualification_date); |
| 88 return true; |
| 89 } |
| 90 |
56 } // namespace ct | 91 } // namespace ct |
57 | 92 |
58 } // namespace net | 93 } // namespace net |
59 | 94 |
OLD | NEW |