Index: net/cert/ct_known_logs.cc |
diff --git a/net/cert/ct_known_logs.cc b/net/cert/ct_known_logs.cc |
index 03c51c9349a0aaaf4be3dfd37b9d34352cc5c684..2ab07ce936d533eebbecc83aa86ded76bae71b3e 100644 |
--- a/net/cert/ct_known_logs.cc |
+++ b/net/cert/ct_known_logs.cc |
@@ -12,6 +12,7 @@ |
#include "base/logging.h" |
#include "base/macros.h" |
+#include "base/time/time.h" |
#include "crypto/sha2.h" |
#if !defined(OS_NACL) |
@@ -32,7 +33,20 @@ |
std::vector<scoped_refptr<const CTLogVerifier>> |
CreateLogVerifiersForKnownLogs() { |
std::vector<scoped_refptr<const CTLogVerifier>> verifiers; |
+ |
+ // Add all qualified logs. |
for (const auto& log : kCTLogList) { |
+ base::StringPiece key(log.log_key, log.log_key_length); |
+ verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); |
+ // Make sure no null logs enter verifiers. Parsing of all known logs should |
+ // succeed. |
+ CHECK(verifiers.back().get()); |
+ } |
+ |
+ // Add all disqualified logs. Callers are expected to filter verified SCTs |
+ // via IsLogQualified(). |
+ for (const auto& disqualified_log : kDisqualifiedCTLogList) { |
+ const CTLogInfo& log = disqualified_log.log_info; |
base::StringPiece key(log.log_key, log.log_key_length); |
verifiers.push_back(CTLogVerifier::Create(key, log.log_name, log.log_url)); |
// Make sure no null logs enter verifiers. Parsing of all known logs should |
@@ -53,6 +67,27 @@ |
}); |
} |
+bool IsLogDisqualified(base::StringPiece log_id, |
+ base::Time* disqualification_date) { |
+ CHECK_EQ(log_id.size(), arraysize(kDisqualifiedCTLogList[0].log_id) - 1); |
+ |
+ auto p = std::lower_bound( |
+ std::begin(kDisqualifiedCTLogList), std::end(kDisqualifiedCTLogList), |
+ log_id.data(), |
+ [](const DisqualifiedCTLogInfo& disqualified_log, const char* log_id) { |
+ return memcmp(disqualified_log.log_id, log_id, crypto::kSHA256Length) < |
+ 0; |
+ }); |
+ if (p == std::end(kDisqualifiedCTLogList) || |
+ memcmp(p->log_id, log_id.data(), crypto::kSHA256Length) != 0) { |
+ return false; |
+ } |
+ |
+ *disqualification_date = |
+ base::Time::FromInternalValue(p->disqualification_date); |
+ return true; |
+} |
+ |
} // namespace ct |
} // namespace net |