Chromium Code Reviews Chromium Code Reviews
Issue 2017563002:
Add Certificate Transparency logs auditing (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/certificate_transparency/single_tree_tracker.h" | 5 #include "components/certificate_transparency/single_tree_tracker.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/strings/string_piece.h" | 10 #include "base/strings/string_piece.h" |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 56 | 56 |
| 57 ASSERT_TRUE(log_); | 57 ASSERT_TRUE(log_); |
| 58 ASSERT_EQ(log_->key_id(), net::ct::GetTestPublicKeyId()); | 58 ASSERT_EQ(log_->key_id(), net::ct::GetTestPublicKeyId()); |
| 59 | 59 |
| 60 tree_tracker_.reset(new SingleTreeTracker(log_)); | 60 tree_tracker_.reset(new SingleTreeTracker(log_)); |
| 61 const std::string der_test_cert(net::ct::GetDerEncodedX509Cert()); | 61 const std::string der_test_cert(net::ct::GetDerEncodedX509Cert()); |
| 62 chain_ = net::X509Certificate::CreateFromBytes(der_test_cert.data(), | 62 chain_ = net::X509Certificate::CreateFromBytes(der_test_cert.data(), |
| 63 der_test_cert.length()); | 63 der_test_cert.length()); |
| 64 ASSERT_TRUE(chain_.get()); | 64 ASSERT_TRUE(chain_.get()); |
| 65 net::ct::GetX509CertSCT(&cert_sct_); | 65 net::ct::GetX509CertSCT(&cert_sct_); |
| 66 // Because the code will ultimately try to build a MerkleTreeLeaf from | |
| 67 // the |chain_| and |cert_sct_|, if the default type, which is an embedded | |
| 68 // SCT, is used, leaf construction will fail because GetMerkleTreeLeaf will | |
| 69 // expect an intermediate. So change SCT origin to something that relies | |
| 70 // solely on |chain_|. | |
|
Ryan Sleevi
2016/06/30 22:48:19
LAYERING: This comment strikes me as over-explaini
Eran Messeri
2016/07/01 13:24:01
I've simply removed the comment. Regardless of the
| |
| 71 cert_sct_->origin = | |
| 72 net::ct::SignedCertificateTimestamp::SCT_FROM_OCSP_RESPONSE; | |
| 66 } | 73 } |
| 67 | 74 |
| 68 protected: | 75 protected: |
| 69 scoped_refptr<const net::CTLogVerifier> log_; | 76 scoped_refptr<const net::CTLogVerifier> log_; |
| 70 std::unique_ptr<SingleTreeTracker> tree_tracker_; | 77 std::unique_ptr<SingleTreeTracker> tree_tracker_; |
| 71 scoped_refptr<net::X509Certificate> chain_; | 78 scoped_refptr<net::X509Certificate> chain_; |
| 72 scoped_refptr<net::ct::SignedCertificateTimestamp> cert_sct_; | 79 scoped_refptr<net::ct::SignedCertificateTimestamp> cert_sct_; |
| 73 }; | 80 }; |
| 74 | 81 |
| 75 // Test that an SCT is classified as pending for a newer STH if the | 82 // Test that an SCT is classified as pending for a newer STH if the |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 149 GetOldSignedTreeHead(&sth); | 156 GetOldSignedTreeHead(&sth); |
| 150 tree_tracker_->NewSTHObserved(sth); | 157 tree_tracker_->NewSTHObserved(sth); |
| 151 | 158 |
| 152 // Make sure the SCT's state hasn't changed. | 159 // Make sure the SCT's state hasn't changed. |
| 153 EXPECT_EQ( | 160 EXPECT_EQ( |
| 154 SingleTreeTracker::SCT_PENDING_NEWER_STH, | 161 SingleTreeTracker::SCT_PENDING_NEWER_STH, |
| 155 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); | 162 tree_tracker_->GetLogEntryInclusionStatus(chain_.get(), cert_sct_.get())); |
| 156 } | 163 } |
| 157 | 164 |
| 158 } // namespace certificate_transparency | 165 } // namespace certificate_transparency |
| OLD | NEW |
